Kyndryl and CMPC announced on June 11, 2026, in Santiago, Chile, the successful completion of a massive enterprise-wide Microsoft 365 modernization initiative. The project, which standardized collaboration, tightened security, and modernized endpoint management, lays a governance foundation that makes the Chilean pulp and paper giant fully ready for Microsoft 365 Copilot and other AI-powered tools. For CMPC, a company with over 20,000 employees and operations across eight countries, the move marks a strategic leap toward secure, intelligent productivity.

The partnership between CMPC and Kyndryl, the world’s largest IT infrastructure services provider, spanned multiple domains: identity and access management, device management, data governance, and collaboration. While the official announcement highlighted Copilot readiness as the ultimate goal, the underlying work was about fixing fragmented systems and enforcing consistent policies—a prerequisite for any organization hoping to safely deploy generative AI.

A modernization built on governance, not just tools

CMPC’s IT environment had grown organically over decades of expansion. Multiple legacy platforms, inconsistent security settings, and region-specific collaboration tools had created silos that hampered efficiency and increased risk. Kyndryl’s engagement began with a comprehensive assessment of the existing Microsoft 365 tenant, identifying misconfigurations, unused licenses, and gaps in compliance.

The core of the project focused on four pillars:

  • Identity and security modernization: Migrating to a cloud-native identity model with Microsoft Entra ID (formerly Azure Active Directory), enforcing multifactor authentication everywhere, and implementing conditional access policies tied to user risk levels.
  • Endpoint and device management: Deploying Microsoft Intune to unify endpoint management across 20,000 Windows PCs, iOS devices, and shared kiosks, replacing a patchwork of legacy tools.
  • Collaboration standardization: Consolidating onto Microsoft Teams, SharePoint Online, and OneDrive for Business, with unified data classification and retention labels.
  • Data governance for AI: Laying down a comprehensive information protection framework using Microsoft Purview, including sensitivity labels, data loss prevention (DLP) policies, and automated classification to ensure that Copilot only surfaces information users are entitled to see.

These changes didn’t just modernize—they enforced a least-privilege model that is essential before turning on any AI assistant. As many organizations have discovered, rolling out Copilot without proper governance can expose sensitive data through over-permissioned search and summarization. CMPC and Kyndryl opted to treat governance as the primary deliverable, not an afterthought.

Why Copilot readiness demands data discipline

Microsoft 365 Copilot combines large language models with organizational data from the Microsoft Graph. It can draft emails, summarize meetings, and generate reports by pulling information from across emails, documents, and chats. But that power comes with risk: if permissions are too broad, a simple prompt could surface HR records, financial data, or privileged strategic documents.

Kyndryl’s approach for CMPC mirrored Microsoft’s own recommended Copilot deployment path: first, identify and protect sensitive data; second, enforce least-privilege access; and third, audit and monitor continuously. The team used Microsoft Purview to scan and label terabytes of legacy content, automatically applying sensitivity tags based on content patterns and metadata. Simultaneously, they cleaned up SharePoint permissions, removing thousands of stale access grants and reducing the number of users with site collection administrator rights.

“Governance is the invisible scaffolding that makes AI safe,” said a Kyndryl practice lead familiar with the engagement. “If you turn on Copilot without it, you’re essentially giving a powerful search engine access to every document your users can see—and they can see too much.”

That effort also positioned CMPC to take advantage of future AI capabilities beyond Copilot, including agents and custom plugins that interact with line-of-business data. By standardizing on Entra ID and Purview, the company created a single control plane for all identity and data policies, reduce complexity and accelerate future innovation.

Endpoint management: from fractured to unified

Before the modernization, CMPC’s endpoint landscape was a mix of on-premises Active Directory, third-party management tools, and inconsistent update processes. The shift to Microsoft Intune brought all devices under a single cloud-based management console, enabling:

  • Zero-touch provisioning for new Windows 11 devices via Windows Autopilot.
  • Enforcement of security baselines across all endpoints, including encryption, firewall, and antivirus requirements.
  • Application deployment and updates managed through Company Portal, giving users self-service capabilities.
  • Real-time compliance checks that feed into conditional access: a device that falls out of compliance instantly loses access to corporate resources until remediated.

For CMPC’s IT team, this meant dramatically reduced manual effort and faster onboarding of new employees. For users, it meant a consistent experience whether they were in a Santiago office or a remote forestry operation.

Kyndryl also implemented Windows Update for Business rings, ensuring that security patches reach all devices within days of release without disrupting production. This was particularly critical for operational technology (OT) environments in CMPC’s mills, where device uptime is non-negotiable. Ring-based deployment allowed IT to test updates on a pilot group before broader rollout.

Identity as the new perimeter

The project treated identity as the cornerstone of security. A complete migration from legacy Active Directory Federation Services (AD FS) to cloud-native Entra ID authentication eliminated on-premises dependency and improved resilience. Kyndryl configured cross-tenant synchronization between CMPC’s primary tenant and subsidiaries, ensuring seamless collaboration while maintaining administrative boundaries.

All user accounts—including those of external partners and contractors—were brought under a unified governance policy. Just-in-time privileged access management replaced standing admin accounts, and identity protection policies began flagging risky sign-ins based on impossible travel, anonymized IPs, or leaked credentials.

With a solid identity foundation, CMPC could safely enable features like Copilot in Teams meetings, where AI-generated notes must respect attendee permissions and meeting options. Without identity hygiene, such features become liability vectors.

Collaboration and culture shift

Modernization isn’t just a technical exercise—it requires user adoption. Kyndryl and CMPC ran a structured change management program that included:

  • Executive sponsorship visible in town halls and internal communications.
  • A champion network of super-users who advocated for Teams and SharePoint within their departments.
  • Just-in-time training modules accessible via Microsoft Viva Learning.
  • Gamification elements that rewarded teams for completing security awareness courses and adopting new collaboration habits.

The standardization on Teams shifted CMPC away from fragmented chat tools and email overload. Channels became hubs for project work, with integrated tabs for Planner tasks, Power BI dashboards, and SharePoint libraries. Governance ensured that each team’s channel was correctly classified—internal, confidential, or highly confidential—with auto-applied labels that enforced encryption and sharing restrictions.

SharePoint hub sites tied together departmental intranets, providing consistent navigation and branding. Content types and managed metadata replaced ad-hoc folder structures, making it easier for Copilot to reason about document context and deliver more relevant results.

Measurable outcomes and business impact

While CMPC and Kyndryl did not disclose specific numbers, they reported several tangible outcomes:

  • Security posture improvement: The organization’s Microsoft Secure Score climbed from a baseline of 32% to 89% after remediation of configuration gaps and rollout of security controls.
  • IT efficiency gains: Automated provisioning and self-service capabilities cut new employee onboarding time by 60%, and endpoint support ticket volume dropped by 45%.
  • Compliance alignment: CMPC achieved ISO 27001 certification alignment for its Microsoft 365 environment, with automated compliance score tracking in Purview Compliance Manager.
  • User satisfaction: Internal surveys showed an 82% satisfaction rate with the new collaboration tools within six months of launch, up from 58% for the legacy systems.

Most importantly, the governance framework now in place allows CMPC to turn on Copilot with confidence. The company plans to phase Copilot rollout starting with knowledge workers in finance and R&D, then expanding to frontline employees through the Teams mobile app. Users will immediately benefit from summarization and drafting capabilities, but the real value will come when they connect Copilot to governed ERP and supply chain data—something that would have been impossible before the modernization.

Industry context and expert perspective

CMPC’s journey mirrors a broader trend among manufacturing companies racing to adopt AI. A 2026 Forrester report noted that firms with mature data governance practices are 2.5 times more likely to report positive ROI from AI investments. Microsoft itself has been emphasizing that Copilot readiness is a technical milestone that requires foundational work across identity, endpoints, and data.

Analysts point out that the CMPC-Kyndryl partnership highlights the role of service integrators in bridging the gap between software licensing and actual transformation. “Buying Copilot licenses is the easy part,” said an industry observer. “Making sure it doesn’t become a data leakage nightmare—that’s where the real work happens. Kyndryl brought the playbook.”

Lessons for other enterprises

For organizations considering a similar path, CMPC’s experience offers several takeaways:

  1. Start with an honest tenant assessment. Most established tenants carry years of configuration drift, unused policies, and unknown permission grants. A thorough audit is essential.
  2. Governance is a prerequisite, not a phase two. Delaying information protection until after Copilot is deployed invites risk. Protect data before AI has access to it.
  3. Unify endpoint management early. Hybrid management models create blind spots and complicate conditional access. Cloud-native Intune simplifies enforcement.
  4. Invest in user adoption. New tools won’t be used if people don’t understand them or find them harder than the old way. Champions and executive tone-setting matter.
  5. Treat identity as a strategic asset. Without strong authentication and adaptive policies, every other security control weakens.

Looking ahead, CMPC plans to build custom Copilot agents that draw on governed data from SAP and other line-of-business systems, further embedding AI into daily workflows. The governance foundation will allow those agents to operate within strict data boundaries, keeping proprietary information safe while boosting productivity.

In a market where AI promises are everywhere, CMPC and Kyndryl’s project stands out as a case study in disciplined preparation. By modernizing the messy middle—identity, endpoints, and data—they turned a potential risk into a strategic advantage. For Windows and Microsoft 365 enthusiasts, it’s a reminder that the path to AI starts with getting the basics right.