The Cyber Essentials criteria are reviewed every year. IASME and the NCSC take on board feedback from assessors, learnings from breach investigations and findings from their own audit programme, and update the requirements accordingly. Most years the changes are relatively minor. The 2026 update is different.

The five core controls haven’t changed. But the marking criteria, scope rules, assessment process and several supporting requirements all have.

Some of the changes carry real consequences if you’re not prepared. They apply to all assessment accounts created after 27th April 2026.

Here’s what you need to know.

MFA on cloud services is now an auto-fail requirement

Multi-factor authentication for cloud service accounts has moved from a recommendation to a hard requirement. From April 2026, if MFA is available on any cloud service in scope and you haven’t enabled it, your assessment fails automatically.

This applies to all users and all cloud services, regardless of whether MFA is a free feature or requires a paid add-on. If it’s available, it’s required. No exceptions.

Two patch management questions are now auto-fail

Patch management has always been at the heart of Cyber Essentials. But two specific questions are now set to auto-fail status:

• Are all high-risk or critical security updates and vulnerability fixes for operating systems, router and firewall firmware installed within 14 days of release?
• Are all high-risk or critical security updates and vulnerability fixes for applications (including associated files and extensions) installed within 14 days of release?

Previously, failing these questions meant a failed assessment that could be remediated and resubmitted. As of April 2026, failing either question triggers an immediate automatic failure and resets the assessment clock entirely.

This is the kind of pressure that makes the case for a managed approach to vulnerability remediation – ensuring patches are automatically applied for you within CE+ timelines as a matter of course, rather than scrambling to meet them.

“Point in time” now means the date your certificate is issued

Cyber Essentials has always been described as a point-in-time assessment, but what that point means in practice has been open to interpretation. The point in time is now formally defined as the date the certificate is issued, not the date you complete or submit your questionnaire.

This means every device and system in scope must be fully supported and compliant on the day your certificate comes through. If something becomes unsupported between submission and issue, your certification may not hold. An important change for anyone whose assessment process spans several weeks.

Closing the selective patching loophole

Recent audits uncovered a pattern of organisations applying updates only to the specific devices included in the CE+ test sample, rather than rolling them out across their entire in-scope environment. Technically they passed the assessment. In practice, vulnerabilities remained.

The assessment process for update management has been tightened as a result. If an organisation fails the initial test of a random device sample, they can remediate and request a retest – but the retest will pull a new random sample from the wider environment.

A second failure results in revocation of the verified self-assessment certificate.

You can no longer adjust your self-assessment once the audit begins

From April 2026, organisations will not be permitted to go back and amend their verified self-assessment responses based on what the CE+ audit reveals. The self-assessment must be completed, finalised and locked before testing commences.

Previously there was some flexibility here. Now your self-assessment needs to accurately reflect your actual environment before the audit starts, not be adjusted afterwards to align with the results.

It’s a change that rewards organisations who approach Cyber Essentials as an ongoing standard rather than something to be tidied up when an audit is imminent.

The director’s declaration now covers ongoing compliance

The declaration signed by a director or board member as part of the verified self-assessment has been updated. It now includes an explicit acknowledgment that the organisation is responsible for maintaining Cyber Essentials compliance throughout the certification period, not just on the day of assessment.

In one sense this formalises what has always been best practice. Cyber Essentials certification shouldn’t be a once-a-year exercise that gets forgotten about the moment the certificate lands. It should reflect a continuous, maintained security posture. The updated declaration makes that expectation official.

What this means for your organisation

If you’re already Cyber Essentials certified, these changes apply to your next renewal if your assessment account is created after 27th April 2026. If you’re working towards certification for the first time, they apply now.

The direction of travel is clear: Cyber Essentials is moving towards a model where continuous compliance matters as much as the annual assessment. Organisations that treat it as a point-in-time, tick-box exercise are going to find the requirements increasingly difficult to meet.

Need support with Cyber Essentials compliance?

If you’d like to talk through what these changes mean for your security approach, or if you want to understand how LIMA’s Vulnerability Detection and Remediation service can help you meet Cyber Essentials patching requirements automatically, get in touch with the team.

Learn more about VDR

Read our latest blog about vulnerability management

Contact the team at 0345 345 1110 or enquiries@lima.co.uk

According to the World Economic Forum’s 2026 Global Cybersecurity Outlook, 64% of organisations consider geopolitically motivated attacks a top consideration in their cyber risk strategy.

This volatile environment has become a breeding ground for:

• Supercharged ransomware attacks
• Sophisticated social engineering attacks executed quickly and at scale
• Disrupted supply chains
• Greater exploitation of software vulnerabilities

IBM’s 2025 Cost of a Data Breach study revealed that the average detection and containment of a data breach takes 241 days, with 50% of breaches caused by malicious activities and 23% by IT failure. Phishing and supply chain compromises are among the most vulnerable vectors, highlighting the need for organisations to tighten up both their data-sharing and vulnerability management efforts.

Between December 2024 and January 2026 alone, LIMA’s Vulnerability Detection and Remediation (VDR) revealed and remediated 11.7 million vulnerabilities in customer environments. The vast number of vulnerabilities identified emphasises both the scale of the challenge and the necessity of a strong solution to the problem.

Compromised supply chains because of worsening cyber inequity are a growing cause for concern in 2026. Interconnected organisations are exposed to an onslaught of vulnerabilities when there is a disparity between those with robust cybersecurity resources, and those without.

Cyber inequity highlights two major challenges in the 2026 cyber security landscape:

1. A need for greater collaboration across organisations, supply chains and even nations
2. The call for a level playing field for small-medium sized businesses (SMBs), whose IT teams are struggling against a swelling tide of vulnerabilities while continuing to manage day-to-day IT requirements

The pressure is on for internal IT teams to do more, with less time and fewer resources.

What are the top cyber security threats in 2026?

According to DeepStrike, by mid-2025 a jaw-dropping 21,500 vulnerabilities and exposures had been reported; an increase of 16-18% vs. 2024. But why are there so many vulnerabilities open to exploitation, now?

Let’s dive into the top three cyber security threats fueling this increasingly complex environment:

1. AI vs AI – The 2026 cyber security arms race

AI tooling has been integrated with what we might describe as reckless abandon, leaving technology and processes unchecked. Attackers are using AI to scout out and exploit the ample vulnerabilities, faster than IT teams can patch them.

2. More devices, more problems – The IoT threat to cyber security

We have more internet connected devices than ever. From phones and tablets to watches and headphones, we are all interconnected by a vast infrastructure of gadgets that lack adequate security protection and are vulnerable to attack. When compromised devices are connected to corporate networks without IT authorisation, it quickly becomes a problem for the entire business.  

3. You’re only as strong as your weakest link – Securing your supply chain

Just as the breaching of one IoT device puts all interconnected devices at risk, the same is true for the supply chain. Smaller businesses, with IT teams that are underfunded and under-resourced, become easy targets for attackers with their eyes on a bigger prize.    

Meeting Cyber Essentials Plus requirements

The challenges facing this already precarious ecosystem are compounded for organisations that lack the in-house cybersecurity expertise, or whose IT teams are already overburdened by endless patching to meet regulatory standards such as Cyber Essentials Plus.

This is an all-too-familiar tale for many IT teams whose responsibilities have evolved and expanded well beyond the team’s original remit and skill set, without the investment in both people and technology to support the changing requirements.

It’s simply not sustainable. The IT team needs investment in the right support, now.

The hidden risk inside your network: initial access and privilege escalation

Most organisations focus their security investment on keeping attackers out. Firewalls, endpoint protection, SOC services, MFA – all essential tools for defending the perimeter. But perimeter defences alone are not enough.

Once an attacker gets inside your network – whether through a compromised account, a phishing link, or a purchased credential – the question is no longer, where did they get it? But how much damage they can do once they’re there? That’s where unpatched software vulnerabilities become even more dangerous.

Known software vulnerabilities don’t just provide a route in, they provide a route through. A vulnerability in a browser, an application, or a network component can give an attacker the foothold they need to move laterally across your systems. Jumping from one asset to another, the attacker escalates their privileges, gaining access to sensitive data, financial systems or critical infrastructure that would otherwise be out of reach.

The stats back this up. 74% of data breaches involve the abuse of privileged credentials, and 46.6% of incidents now involve some form of privilege escalation.

A real-world example: a vulnerability in a widely-used browser could give an attacker an initial foothold on a standard user’s device. Low risk in isolation. But with the right unpatched vulnerabilities in place, that same attacker can move laterally across the network, reach higher-value systems and escalate their access, turning a minor breach into a major incident.

This is what LIMA’s VDR service is specifically designed to address. By continuously identifying and remediating known vulnerabilities across your entire environment, VDR takes away opportunities for attackers to move, escalate and cause maximum damage if they to get through, or bypass, your outer defences.

Do I need a strategic IT partner?

When it comes to detecting and remediating vulnerabilities, SMBs need their IT function to behave just as effectively as their enterprise counterparts if the interconnected ecosystem is to survive. We have to eliminate cyber inequity by seeking out partnerships that level the playing field, creating secure environments regardless of the size of a business’s IT team.

Steve Cook, Infrastructure and Security Manager at Broadacres said: “The current security landscape is terrifying. It’s constantly evolving and it’s getting much worse. Threat actors are using AI tools to make it even harder for us.

“There has been a rise in targeted attacks against social housing providers, and an uptick in ransomware attempts to exploit vulnerabilities in housing management systems.”

For Broadacres, handling vulnerability management alongside its ongoing digital transformation efforts had become too much and it was time to work with a dedicated, strategic IT partner.

Richard Peck, IT Manager for APEM Group said: “VDR gives awareness of the importance of security to the Executive Team, and all the way down through the business. In the first month, VDR discovered and remediated many vulnerabilities.

“We’ve grown globally, so quickly, so it was important for us to use a service that tackles these challenges and issues as they arise. We’re in a position, utilising LIMA, that we can remedy the risks before they impact the business, which helps the IT team and the board to sleep at night!”

Expect better and do more, with LIMA

Vulnerability Detection and Remediation is an end-to-end solution covering the entire IT environment across 500+ technologies. Our team of experienced security experts review every aspect, from your software and third-party applications to networks and applications, so that we can provide continuous, in-depth monitoring and reveal hidden vulnerabilities.

Between December 2024 and January 2026, LIMA’s VDR revealed and remediated 11.7 million vulnerabilities in customer environments. While many of the remediations utilise automated tooling, the most critical vulnerabilities need the hands-on, eyes-on expertise of our engineers who intervene to manually patch and resolve the issue.

VDR doesn’t just reduce the risk of an attacker getting in. It reduces the damage they can cause if they do. By closing the vulnerabilities that attackers use to move laterally and escalate privileges, VDR shrinks your attack surface from the inside, complementing your existing perimeter defences and SOC capabilities with a layer of protection that many organisations are missing.

With comprehensive coverage across your internal and external facing technologies, and SLAs aligned with Cyber Essentials Plus, you can trust LIMA to resolve the vulnerabilities and keep your business secure.

Talk to a LIMA about VDR at enquiries@lima.co.uk, or sign up for your free VDR Proof of Value today.

Contact the team at 0345 345 1110 or enquiries@lima.co.uk

The Alternative Events summits are among our favourite in the tech calendar.

The format is part conference, part group therapy, part social occasion. The calibre of the people in the room is consistently high, the conversations are honest, and the energy is infectious. AccTech2026 was no different.

LIMA was there again, this time with a rather competitive game of whack-a-vulnerability, and a simple question on the banner: does your MSP empower you to innovate, grow and stay secure? Across two days of keynotes, roundtables and corridor conversations, that question felt more relevant than ever.

1. AI is raising the stakes for data quality

The keynote talks we watched set an ambitious vision: AI that can query entire audit datasets in natural language, surface insights that would previously have taken days, and democratise access to data right across the business. It’s a compelling picture. But it only works if your data is in good shape.

That’s a real challenge for lots of practices. Many are still managing fragmented data across 60 or 70 different applications – SaaS, legacy, on-premise – with all the duplication, inconsistency and governance headaches that come with it. AI doesn’t fix that problem, it makes it worse. Garbage in, garbage out has never been truer than when a confident AI is presenting your garbage as insight.

Getting your data environment sorted is essential to make everything else possible.

2. The firms pulling ahead have their foundations in order

The conversations we had on the stand, and the ones happening across the room, kept coming back to the same theme.

The accountancy practices that are growing, innovating, and adapting fastest aren’t necessarily the ones with the biggest budgets or the most advanced tools.

They’re the ones with the right foundations: a stable, secure platform; clean, well-managed data; and people who know how to use the technology in front of them.

That’s where a good MSP is worth its weight in gold. Not simply reacting to problems, but providing the proactive support that lets a practice focus on what it’s there to do.

3. Efficiency vs effectiveness

One of the sharpest points from the keynote was the distinction between efficiency and effectiveness. AI that helps you do the same things faster is useful. The real goal is AI that changes what’s possible, freeing your best people from routine work so they can focus on driving value for clients.

The firms that are furthest along on the journey are the ones stopping to ask: how do we want to deliver services in three years’ time? What does our workforce look like? What are we building towards?

That kind of strategic thinking requires a technology partner, not just a technology supplier. Someone who helps you plan, not just someone who keeps the lights on.

4. Cyber resilience needs to keep pace

Accountancy practices handle some of the most sensitive financial data in existence. That makes them a target. And as the attack surface expands; with more applications, more integrations and more users accessing systems remotely; the challenge of keeping that data secure gets harder.

Our whack-a-vulnerability game was a light-hearted way into a serious conversation. Every mole that pops up is a known vulnerability sitting unpatched in your environment, an open door that a malicious actor could walk through. LIMA’s Vulnerability Detection and Remediation service identifies and closes those doors continuously, so your team isn’t spending evenings and weekends managing patch cycles manually.

“LIMA’s managed vulnerability remediation service is a game changer.”

Ethan Cameron, IT Operations Manager at BKL, said it better than we could.

5. Leading change in accountancy IT

Another of the key talking points from Alternative Accountancy: the IT leaders making the biggest difference at their firms are helping their organisations navigate real transformation – making the case for investment, guiding AI adoption, managing risk, and building the kind of technology culture that attracts and retains good people.

That’s a big job. And it’s one that’s a lot harder if your managed service partner is firefighting, rather than genuinely supporting your roadmap.

The question on our banner wasn’t rhetorical: does your MSP empower you to innovate and evolve, accelerate growth, maximise productivity, and strengthen cyber resilience?

Want to continue the conversation?

If you were at AccTech2026 and want to pick up where we left off – or if you missed it and want to talk about what great managed IT services looks like for your practice – we’d love to hear from you.

Find out more about how LIMA helps accountancy practices.

Contact the team at 0345 345 1110 or enquiries@lima.co.uk

Among the most significant changes is the explosion of data. Today, firms hold vast amounts of information, but without the right strategy and tools, that data remains an untapped resource.

Your data should power intelligent decision-making, driving better outcomes for clients and employees. But having lots of data is meaningless without a clear strategy to standardise, analyse and secure it.

Start with the ‘Why’

Before embarking on a data strategy, firms must ask:

• Why do we want to use data?
• What outcomes are we aiming for?

Once the purpose is clear, the next step is understanding:

• What data you have
• Where it resides
• How it’s used
• Who accesses it
• How governance and compliance are managed

Taking time to map your data landscape is critical before stitching together your technology architecture and building a strong data culture.

Unifying data for smarter decisions

Increasingly, firms are turning to platforms like Microsoft Fabric to consolidate data from multiple applications and present a unified view. This enables data-led decision-making and unlocks insights that were previously hidden in silos.

Analytics tools within Fabric transform raw data into actionable intelligence. For small and medium-sized law firms, this means identifying what’s profitable, what’s inefficient, and how to better serve clients.

Laying the groundwork for AI

Your data strategy is the foundation for successful AI adoption. AI tools are only as effective as the quality of the data they analyse. Without clean, well-structured data, even the most advanced AI solutions will fall short.

Driving AI adoption in the legal sector

AI promises huge benefits, but there’s still a gap between expectation and reality in legal services. Tools like Microsoft Copilot can boost productivity and creativity across the Microsoft 365 suite, but effective deployment requires preparation.

To maximise ROI, firms must:

• Ensure data readiness
• Engage stakeholders early
• Roll out AI tolls with a clear adoption plan

At LIMA, we’ve developed an AI Adoption Framework based on our own journey. It includes assessments, a methodology for identifying use cases and strategies to drive engagement across your workforce.

Ready to take the next step?

Discover how LIMA can help your firm build a robust data strategy and prepare for AI adoption.

Explore our AI Adoption Framework

LIMA specialises in delivering IT services to legal organisations, helping them put technology and security at the centre of their business strategy.  

Read LIMA’s new whitepaper, outlining our full blueprint for driving greater efficiency in legal organisations: Whitepaper: The law firm of the future – LIMA – Insight-led IT services

Contact the team at0345 345 1110 or enquiries@lima.co.uk

In the last year, the number of successful cyber-attacks against UK law firms increased by 77% vs. the previous 12 months, up to 954.

This dramatic increase highlights the problem faced by firms, that are perceived as both lucrative and easy targets to attackers seeking to exploit vulnerable infrastructures.

Phishing, ransomware, DDoS, advanced persistent threats (APTs) and insider threats are amongst the common types of cyber-attacks targeting the legal industry in 2025, though the common challenge is the lack of dedicated cyber expertise within firms.

In a security landscape where threat actors are increasingly sophisticated, legal IT teams have an array of advanced protective technologies to choose from.

Adopting core tools such as endpoint detection and response (EDR), multi-factor authentication (MFA) and privileged access management (PAM) is a common approach to safeguarding legal operations. These are increasingly supported by SIEM (Security Information and Event Management) platforms and zero-trust architecture, which treat every user, device and connection as untrusted by default, reducing the risk of lateral movement within networks.

How are you managing vulnerabilities?

For firms handling vast volumes of sensitive data, visibility of vulnerabilities is critical.

That’s where LIMA’s Vulnerability Detection & Remediation (VDR) service becomes a key differentiator. VDR provides continuous, automated scanning of your environment to identify and prioritise known vulnerabilities, and our team of security experts fix them before they become active threats, in line with timelines mandated by Cyber Essentials Plus.

Coupled with cloud-native tools like Microsoft Defender for Endpoint, Purview, and automated patch management, law firms can embed a secure-by-design model that meets regulatory obligations, strengthens client trust and enables scalable, long-term protection, without compromising user experience or performance.

A question of people and culture

Away from technical solutions, the first line of defence against cyber-attacks for any business, is its team. That’s why more organisations are placing greater emphasis on training to improve overall security and compliance.

Employees must be made aware of the threats posed by cyber-attacks and the importance of their role in keeping systems and data secure. Try and build some engaging elements into your cyber awareness training, beyond e-learning.

Why not try:

• Gamifying the experience
• Using real-world scenarios
• Making it visual, interactive and personalised
• Keeping it short and regular
• Using humour and creativity

Take proactive steps to secure your law firm

Protecting your law firm against cyber-attacks needn’t become another burden for your team, but rather a task for a strategic partner to support with and ensure that your future is safeguarded.

A strategic IT partner can help you minimise risk with a proactive, secure-by-design approach that ensures your business runs smoothly and gives peace of mind.

The right partner will help you to:

• Understand who currently accesses your data and how.
• Prioritise the most valuable or vulnerable areas of your infrastructure.
• Ensure security updates and patching happen reliably and efficiently, aligned with Cyber Essentials Plus timelines.
• Manage all devices centrally – including personal mobiles – with Secure SSO access methods to provide access to systems and data.
• Keep data protected during transfer.
• Embed resilience at a technical level in business-critical areas.
• Harness the power of cloud-based backup.

LIMA specialises in delivering IT services to legal organisations, helping them put technology and security at the centre of their business strategy.  

Read LIMA’s new whitepaper, outlining our full blueprint for driving greater efficiency in legal organisations: Whitepaper: The law firm of the future – LIMA – Insight-led IT services

Contact the team at 0345 345 1110 or enquiries@lima.co.uk

When it comes to end users, IT professionals have three key roles:

1. Secure the user so that they don’t endanger themselves or the firm
2. Empower the user with the tools that enable them to do their job better
3. Facilitate the user with help when they need us

In the SMB legal space, where firms often compete on service quality and agility, end user experience is a differentiator.

A good technology experience for staff boosts productivity and efficiency, reduces onboarding time and reduces attrition.

Through a combination of understanding your users and understanding which technologies best support their day-to-day working lives to reduce friction and increase efficiency, we can deliver the best possible user experience for staff in law firms and legal sector organisations.

Understanding user personas in the legal sector

Firms have distinct sets of users that have different requirements. The role of IT is to facilitate and empower each type of users with a standard, common platform.

Support staff

• Work from a fixed location
• Require local asset access, e.g. printing
• Require consistent access to firm systems
• Time pressure attached to most actions required to support fee earners.

Fee earners

• Roam between primary office and courts as required
• Require access to all information relevant to their cases
• Require easy communication methods to admin staff
• Need ability to meet clients, both virtually and in person

Partners

• Roam between all offices
• Require system access as required, usually on a time constrained basis
• Need ability to speak to all staff in easy methods, sometimes whilst roaming with no case management access

What happens when we get user experience right?

Improved productivity and focus

When technology supports rather than frustrates, staff can focus on legal work rather than navigating support processes. Reducing interaction with IT teams means more billiable hours, better client outcomes and improved morale across the firm.

Consistent workflow across devices

Whether working from chambers, home or court, a consistent experience ensures that users can pick up where they left off – supporting hybrid work without productivity loss.

Streamlined access to tools and information

Intuitive collaboration tools reduce friction between fee-earners, support staff and partners. This ensures smooth ways of working, clear communication and faster case progression.

Microsoft 365 for law firms

When it comes to delivering consistent, efficient user experience across every role in the firm, Microsoft 365 plays a central role. Its suite of tools brings together communication, collaboration and document management in a single, secure environment – supporting users wherever they work.

For support staff, applications like Teams, SharePoint and OneDrive remove barriers to sharing and version control, ensuring the right information reaches the right people quickly. Fee earners can access case materials securely from any location, meet clients virtually, and collaborate seamlessly with colleagues and admin staff. Partners benefit from a joined-up view of the firm, with the ability to connect and communicate easily while maintaining oversight of ongoing matters.

But while M365 provides the foundation for law firms, the real value comes from how it’s implemented and managed. Out of the box, these tools are powerful, but in a legal context, they need to be configured to reflect how the firm actually works. That means ensuring compliance and data security are baked in, workflows are streamlined, and integrations with practice management systems function smoothly.

This is where a specialist partner like LIMA makes the difference. With extensive experience delivering M365 solutions for law firms, LIMA understands the pressures of the legal environment – where uptime, confidentiality and user experience are non-negotiable. Our expertise ensures M365 isn’t just deployed, but optimised to support every user persona within the firm, enabling staff to work more efficiently and deliver a better service to clients.

With the right partner, M365 becomes more than a collection of productivity tools, it becomes the backbone of a modern, connected legal workforce.

LIMA specialises in delivering IT services to legal organisations, helping them put technology at the centre of their business strategy.  

Read LIMA’s new whitepaper, outlining our full blueprint for driving greater efficiency in legal organisations: Whitepaper: The law firm of the future – LIMA – Insight-led IT services

Contact the team at 0345 345 1110 or enquiries@lima.co.uk

LIMA’s recent Elevate event welcomed more than 20 IT professionals to the National Football Museum for a day of discovery and discussion on AI, Copilot and Power Platform.

Our Head of Product, Ollie Potts, unpacked lessons from our own journey to Copilot, and our partners at Westcoast Cloud demonstrated some of the latest Copilot functionality, including how Copilot now integrates with elements of Power Platform.

If you missed out on the day, or you want a recap, we’ve pulled together five big takeaways from the event.

1. AI is already here, and 75% of people are already using AI at work

Perhaps the important point to note from these stats is that 78% of people already using AI at work are bringing their own tools to the table, rather than using systems managed and secured by their IT team.

Using an unmanaged AI product like Chat GPT within a business can pose risks. Without proper oversight, these systems could expose your business to data leaks, and generate inaccurate or inappropriate content, leading to potential reputational damage or legal issues.

Unmanaged AI may also not integrate seamlessly with existing business processes and tools, resulting in inefficiency and disruption.

It’s a safe bet that your end users are already using AI, so it’s important for your organisation to make a proactive decision about how and where they want their employees to use AI. By providing the guardrails of a managed system, aligned to approved documentation and information within your business, you can deliver an AI assistant that’s reliable, secure, and integrated with the approved tools you want your end-users to work with.

2. Preparedness is critical

When beginning your Copilot (or any AI) activation, laying the groundwork in advance is critical.

There is a lot to think about, and a lot of work to be done, but the ROI is potentially huge.

Here are some of the steps you need to take ahead of activation, if you’re considering Copilot:

1. Establish use cases and goals
2. Conduct a thorough risk assessment and establish mitigation measures
3. Review existing licensing arrangements
4. Review your existing M365 configuration
5. Review your existing data and folder structure
6. Appoint a team to support the wider rollout > it’s not just an IT effort

At LIMA, we’ve been through this exact process ourselves and have developed a Copilot Activation Assessment based on our learnings with Copilot, and our vast experience at deploying new software and hardware solutions. You can benefit from our experience today, with a free Copilot Activation Assessment.

Register your interest for a free Copilot Activation Assessment from LIMA

3. The features of Copilot are astounding, and they’re only getting better

Imagine having a complex report, showing it to Copilot, and asking it to pull out the important insights into an email or one pager ready to edit and share onwards. Copilot does it.

Imagine missing a Teams call and asking Copilot to summarise the elements of the discussion that you need to know about. For example, “renewing your MSP’s contract”. Copilot does it.

Imagine telling Copilot exactly what you want to do with some data in Excel, and Copilot not only creates the formula and pulls the data into the relevant columns, but also creates pivot tables and provides visualised insights from within the data.

Imagine creating a sales proposal for a new customer based on the data and templates you already have in your organisation, bringing in all of the context and experience your business has within its document library and systems. Copilot does it.

4. Power Apps is being underused by the SMB market

At LIMA we are incredibly excited about the opportunities Copilot offers to supercharge your organisation’s efficiency, but there is groundwork and internal education required to deliver Copilot securely.

Your organisation generates huge amounts of content and data, which Copilot could make much more valuable. But with great power comes great responsibility, and without proper management in the age of AI, this data can suddenly be opened up to loss or misuse.

Incorrect setup or configuration of AI systems can lead to data being improperly stored or transmitted, increasing the risk of data loss. What’s more, AI systems that continuously learn and update their models could overwrite existing data, leading to loss of historical data if not properly backed up.

Here are some important questions to start thinking about before you hand over the Copilot keys to enthusiastic employees!

5. Feedback from early adopters has been excellent!

Of Copilot early adopters surveyed, 75% said the service made them more productive, and 68% said it improved the quality of their work. Some users are already saving more than 10 hours a month, and on average users said it made them 30% faster at writing documents and creating presentations.

Need help getting your organisation AI ready?

Sign up for Elevate 2025 here.

Microsoft Voice services: Low-cost, flexible and scalable to support hybrid working.

Read the factsheet now.