There is a question that surfaces in nearly every organisation running Microsoft 365:
Where did we put that document?
It is not a rhetorical question. It is asked daily, in Teams chats, in hallway conversations, in meetings that could have been emails — and in emails that should have been documents. The answer, more often than not, is a hesitant “I think it’s somewhere on SharePoint. Or maybe OneDrive. Let me check Teams.”
This experience is so common that it has acquired its own vocabulary. Content sprawl. Digital clutter. Information overload. And the instinctive response is equally predictable: we need to clean up SharePoint. We need governance for Teams. We need naming conventions, folder structures, retention policies.
These are not wrong impulses. But they address the symptom, not the cause. And that distinction matters more than most organisations realise.
The Familiar Pattern
Most medium and large organisations running M365 share a recognisable condition.
SharePoint has grown organically. Sites exist for projects that ended years ago. Team sites coexist with communication sites with no clear logic governing which is which. Document libraries contain folder hierarchies six levels deep, built by individuals who have since left the organisation.
Teams has proliferated. A channel exists for every project, initiative, task force, and coffee machine conversation. Files are shared in chat threads, pinned in channels, and duplicated across tabs — each copy diverging silently from the others.
OneDrive functions as a personal filing cabinet, holding documents that should be shared but are not, and shared documents that should be governed but cannot be — because no one knows they exist.
Outlook remains, for many, the actual document management system. Critical decisions, approvals, and institutional knowledge live in individual inboxes, invisible to the organisation and inaccessible to anyone else.
The result is not merely inconvenience. It is a structural inability to locate, trust, and reuse the information the organisation produces. People spend time searching, recreating, and verifying — work that produces no value and exists only because the information environment is ungoverned.
The Configuration Reflex
The standard response to this condition is what might be called the configuration reflex. It assumes the problem is technical or behavioural. The tools are fine; they are simply not set up correctly. Or people are not using them correctly.
This leads to a predictable set of interventions: an information architecture for SharePoint, governance policies for Teams creation, training sessions on “where to save what,” and perhaps a deployment of Microsoft Purview for classification and retention.
These interventions can produce real improvements. A well-designed SharePoint architecture is better than an undesigned one. Governance policies for Teams creation prevent unchecked proliferation. Retention policies reduce legal exposure and storage costs.
But they share a common limitation. They address the environment without addressing the organisation. They define where information should go without establishing who is responsible for it, how it should flow between functions, or what makes it valuable in the first place.
This is why many organisations that invest in M365 governance projects find themselves back in the same condition eighteen months later. The cleanup was real. The underlying organisational dynamics that produced the sprawl were unchanged.
Why the sprawl returns
Content sprawl is not caused by a lack of folder structures. It is caused by the absence of something more fundamental: an organisational design that accounts for information as a managed asset.
Consider what must be true for an M365 environment to remain governed over time. Someone must be accountable for each category of information — not just the IT team, but the business functions that produce and consume it. There must be shared agreements about what constitutes authoritative information versus working drafts. Processes must exist for creating, reviewing, and retiring content. Quality standards must be defined and enforceable. And people must understand their roles in this system, not as an addition to their job, but as part of it.
None of these are technology questions. They are organisational design questions. They concern roles, accountability, process, and governance — the basic infrastructure of how an organisation manages any important resource.
When that infrastructure is absent for information, no amount of SharePoint architecture will hold. Teams will continue to proliferate because no one has the authority to say no. Documents will continue to accumulate because no one is responsible for their lifecycle. Knowledge will continue to reside in inboxes because there is no process to externalise it. And the next generation of tools — whether Copilot, AI agents, or whatever follows — will simply amplify the disorder, because they depend on an information foundation that does not exist.
What an information operating model actually answers
An information operating model is not a theoretical framework. It is a concrete set of decisions that an organisation makes — and enforces — about how information is produced, governed, and used.
Applied to the M365 environment, the operating model answers six categories of questions that no platform configuration can resolve on its own.
The first is visibility: what information exists, where it lives, and how it is organised. This means maintaining an actual inventory of information assets — not just a list of SharePoint sites, but a map of what types of information the organisation produces, which are critical, where they are mastered, and where they are consumed. Without this, governance has no object.
The second is flow: how information moves through the organisation. Content sprawl often signals that information flows are undefined. Documents are duplicated across Teams, SharePoint, and email not because people are careless, but because no one has mapped the path a document should take from creation to consumption. When the flow is designed, the technology can support it. When it is not, the technology simply provides more places for information to accumulate.
The third is quality: what standards apply and how they are monitored. In an ungoverned M365 environment, there is no mechanism to distinguish authoritative content from outdated drafts. Version control exists as a feature, but quality management exists nowhere as a practice. An operating model defines what “good” looks like for each category of information and assigns responsibility for maintaining it.
The fourth is governance: who owns what, and what authority they have. This is the question most organisations skip. Governance policies for Teams creation or SharePoint site provisioning are useful, but they address the container, not the content. An information operating model assigns ownership at the information level — who is responsible for customer data, for project documentation, for policy content, for institutional knowledge. It defines decision rights, escalation paths, and accountability.
The fifth is capability: whether people have the skills to operate in a governed information environment. Many organisations find that staff can use M365 tools but cannot make sound information management decisions — where to save, how to classify, when to archive, what to share. This is not a training gap for a specific tool. It is an information literacy gap that requires a different kind of investment.
The sixth is AI readiness: whether the information foundation can support the next generation of tools. Organisations deploying Copilot or building retrieval-augmented generation systems are discovering that AI performance depends on information quality. If the environment is sprawling and ungoverned, the AI will faithfully reflect that disorder. An operating model assesses whether the information architecture, metadata, and governance structures are sufficient to make AI useful rather than dangerous.
These six dimensions form a diagnostic lens. Applied to a specific domain — say, the M365 collaboration environment — they reveal not just what is broken, but why it is broken and what kind of intervention will actually hold.
Two legitimate responses
Acknowledging that content sprawl is an organisational problem does not mean every organisation needs an enterprise-wide transformation before it can improve its SharePoint.
There are two legitimate responses, and choosing between them depends on the organisation’s situation and maturity.
The first is tactical. Scope the problem to the M365 environment. Audit the current state. Define an information architecture, governance policies, and lifecycle management processes. Implement and train. This is bounded, practical work that delivers visible improvement within weeks. It is the right starting point for organisations that need immediate relief and are not yet ready for deeper structural change.
The second is structural. Use the M365 chaos as a diagnostic signal. If content sprawl is a symptom of missing ownership, undefined information flows, and absent governance, then fixing the environment without fixing the organisation is a temporary measure. The structural response is to design the operating model that makes governance sustainable — not just for M365, but for information across the organisation.
The tactical response cleans the room. The structural response ensures it stays clean.
Most organisations benefit from starting with the first and progressing to the second. The cleanup creates immediate value and builds credibility. The operating model makes the improvement permanent and extends it beyond a single platform.
What this means for what comes next
There is a reason this matters beyond tidy file management.
The organisations that will extract genuine value from AI are not those with the most advanced technology. They are the ones whose information environments are governed, curated, and structurally sound. Content sprawl is not just an inconvenience. It is a barrier to the next generation of organisational capability.
Cleaning up M365 is a reasonable first step. But the organisations that stop there will find themselves cleaning up again — and wondering why their AI investments are underperforming.
The technology exists. The discipline to govern it is an organisational design challenge.
That is what needs to be built.