Microsoft Copilot | Microsoft 365 Copilot | Development
Building and customizing solutions using Microsoft 365 Copilot APIs and tools
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(176, 78%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPM%3C/text%3E%3C/svg%3E)
You should not use a service account for Copilot agents that will be used by employees individually. Instead, use user-delegated authentication (normal user accounts) so that each employee’s actions and data access are performed in their own security context.
Why?
- Security & Compliance: Service accounts can bypass individual user permissions, making it difficult to audit actions and increasing the risk of unauthorized data access.
- Auditability: Using user accounts ensures all actions are traceable to the actual user, supporting compliance and audit requirements.
- Least Privilege: Each user only gets access to what they are permitted, reducing risk.
Risks of service accounts:
- Shared credentials can be misused.
- Difficult to enforce least-privilege access.
- May violate organizational compliance or Microsoft licensing terms.
Thanks,
Prasad Das
*************************************************************************
If the response is helpful, please click on "upvote" button. Your feedback is important to us. Please rate us: 🤩 Excellent 🙂 Good 😐 Average 🙁 Needs Improvement 😠 Poor