Data loss prevention example - Block skills in Microsoft Copilot Studio copilots

Important

Power Virtual Agents capabilities and features are now part of Microsoft Copilot Studio following significant investments in generative AI and enhanced integrations across Microsoft Copilot.

Some articles and screenshots may refer to Power Virtual Agents while we update documentation and training content.

Bot makers in your organization can extend their bots with skills. Skills can be a useful way of extending the functionality of your bots, however you may want to restrict their use to help prevent data exfiltration.

You can use the Skills with Microsoft Copilot Studio connector in Power Platform data loss prevention (DLP) policies to stop bot makers from adding skills to their bot.

See the Configure data loss prevention for Microsoft Copilot Studio chatbots topic for information about other DLP-related connectors.

Configure DLP to block skills in the Power Platform admin center

Select or create a policy

1. In the Power Platform admin center, under Policies, select Data policies.

2. Create a new policy, or choose an existing policy to edit:

   1. If you want to create a new policy, select New policy.

   2. If you want to choose an existing policy to edit, select the policy and select Edit policy.

3. Enter a name for the policy then select Next. You can change the name later.

Choose an environment

1. Choose one or more environments to add to your policy.

2. Select + Add to policy.

3. Select Next.

Add the connector

1. Use the search box to find the Skills with Microsoft Copilot Studio connector.

   

2. Select the connector's More actions menu (⋮), and then select Block.

   

3. Select Next.

4. Review your policy, then select Update policy to apply the DLP changes.

   

Confirm policy enforcement in Microsoft Copilot Studio

You can confirm that this connector is being used in the DLP policy from the Microsoft Copilot Studio web app.

First, open your bot from the environment where the DLP policy is applied, and then try to add a skill to the bot.

If the policy is enforced, you'll see an error in the Add a skill pane. The error says "Skill not allowed by data loss prevention policy" and suggests you contact an admin to add the skill to the allowlist. The Skill manifest URL field will also be highlighted with the message "This skill couldn't be validated. Review details and try again".