Preparing your organization's content for AI Companion indexing

Before enabling AI Companion to connect to shared repositories, such as Google Drive, OneDrive, or Zoom Docs, administrators should review how content in the repositories is shared across their organization. AI Companion can reference content that users already have permission to access; so, repositories that are broadly shared, such as documents available to the entire organization or domain, may be included in AI-generated responses once indexing is enabled.

Administrators can also control access to data sources through account settings on the Zoom web portal, including the ability to enable or block personal data sources and restrict organizational data sources to specific user groups.

Reviewing repository sharing settings helps organizations understand which content may become available through AI Companion. For example, files shared with domain-wide permissions, such as Anyone in the organization, may be surfaced by AI Companion if they are indexed and the requesting user has access.

Preparing your organization’s content and permissions before enabling indexing helps AI Companion surface accurate, appropriate, and intended information. Reviewing and managing repository permissions can also help reduce the risk of unintended exposure of draft, confidential, or personal content while maintaining existing access controls from the source system.

Learn more about third-party data sources in AI Studio, AI Companion sources on the web, and the AI Companion bluepaper.

How Zoom AI Companion uses organizational content
- Understand AI Companion data sources
- Understand how AI Companion respects permissions
How to prepare your organization’s content for AI Companion indexing
Important considerations for AI Companion data sources
Recommended internal communication template

How Zoom AI Companion uses organizational content

Understand AI Companion data sources

AI Companion can reference external content from connected data sources to generate responses and assist users with organizational knowledge. These data sources can be configured either by individual users or by administrators, depending on the scope of the content being accessed.

Personal data sources allow users to connect their own accounts, such as Google Drive, Gmail, OneDrive, or Outlook, so AI Companion can reference files they personally own or have access to. Users authenticate these connections themselves using the provider’s API. Personal data sources require an AI Companion license and are limited to the user’s own accessible content, which powers features such as the file picker when selecting documents for AI Companion interactions.
Organizational data sources are configured by administrators using a service-level account. When enabled, AI Companion can index shared repositories, such as Google Drive, OneDrive, or Zoom Docs, and retrieve relevant information from those repositories using retrieval-augmented generation (RAG).

Understand how AI Companion respects permissions

When organizational data sources are enabled, Zoom indexes the data and:

AI Companion respects existing repository permissions.
It does not override or expand access controls.
Users can only receive responses based on content they are already authorized to view.
If a document is shared with your entire organization, AI Companion may reference it when responding to users who have access.

If content is broadly shared, it may be eligible for inclusion in AI-generated responses. Due to this, Zoom recommends that before enabling, organizations review content domains and potentially restrict the scope of content that is indexed by AI Companion.

How to prepare your organization’s content for AI Companion indexing

Before enabling organizational data sources and allowing Zoom to index your data, complete the following steps to verify that your organization's content is ready.

1. Review organization-wide sharing settings

Review your organization's content and sharing settings to ensure that only appropriate information is available to AI Companion.

Review organization-wide sharing settings: Identify documents that are shared with your entire domain or organization. Consider whether files with broad permissions, such as Everyone in the organization should be accessible to all users who have permission to view them.
Limit document access where appropriate: Share documents only with the specific users or groups that require access. Avoid granting organization-wide permissions unless the content is intended to be broadly available.
Review default sharing settings: Check your repository’s default sharing configuration to confirm that new files are shared with restricted access by default whenever possible.
Understand link-sharing permissions: Review link-sharing settings, such as links that allow access to Anyone in the organization. These links may make documents broadly accessible and therefore eligible to appear in AI Companion responses.
Verify shared content: For files shared with your domain, confirm that:
- Content is finalized and approved
- Sensitive information is not unintentionally shared
- Draft or personal materials are restricted appropriately

Google Drive

Access Google Drive.
In the search bar, enter: owner:me source:domain.
Update permissions as needed.

OneDrive

Access OneDrive.
Use the search bar to find files shared broadly: sharedwith:Everyone or sharedwith:"Everyone except external users".
Review and adjust permissions where necessary.

Zoom Docs

Access Zoom Docs.
Check if the Zoom Doc is shared with Anyone in the organization [Your Organization]. If it is, proceed with the following actions:
- Confirm it is ready for broad visibility
- Confirm it does not contain confidential or draft material
- Update sharing settings if access should be limited

2. Audit sensitive or restricted content

Check for documents that may require limited access, such as:

Financial projections
HR or personnel information
Privileged legal documents
Security procedures
Early product plans
Internal brainstorming documents

If these files are shared organization-wide, consider restricting access.

3. Improve content hygiene

AI surfaces existing content. Preparing your repository can improve response quality and reduce confusion.

Consider:

Remove or restrict access to outdated documents that should no longer be referenced.
Remove duplicate drafts or redundant files that may create conflicting information.
Use consistent naming conventions so documents are easier to identify and retrieve.
Clearly label document status, such as Draft or Final, to help distinguish working documents from published content.
Remove personal notes or informal materials from shared folders that are broadly accessible.

Performing this review helps ensure that AI Companion responses reflect accurate, current, and intended information from your organization’s repositories.

Important considerations for AI Companion data sources

When enabling organizational data sources for your organization's AI Companion:

Confirm your organization understands that broadly shared content may be referenced.
Confirm that sensitive documents are not shared domain-wide unless intended.
Communicate internally about reviewing sharing settings.

Notes:

AI Companion does not create new access to content. It operates within the permissions your organization has already configured.
If a document is visible to your entire organization, it may be referenced in responses to users who also have access.

Recommended internal communication template

Consider notifying employees before enabling organizational data sources: We are enabling AI Companion to help surface organizational knowledge more efficiently. Please review documents shared with the entire organization to confirm that only intended content is broadly accessible.

Clear communication helps prevent misunderstandings and supports a smooth rollout.