Configure enterprise-level security for Copilot Studio

Enabled for Public preview General availability
Admins, makers, marketers, or analysts, automatically - May 21, 2024

Business value

Improvements in authentication, default permissions, and new governance settings and auditing logs provide makers with more visibility, more control, and less risk when creating and deploying custom copilots.

Feature details

Apply safer defaults and provide opinionated in-product communication if those defaults are changed by makers. For example, we have changed two significant security defaults; all bots now start requiring authenticated access, and makers no longer have access to transcripts by default.

Additionally, we've introduced these improvements:

  • Provide granular governance levers that give admins more control on the copilots in their tenants without affecting maker adoption.

    • This is a common request from customers, and we are investing in granular controls for many Copilot Studio features including generative AI, Knowledge sources, App Insights, and Authentication.
  • Provide audit log and inventory capabilities for admins.

    • Admins can see comprehensive audit logs, including viewing tenant-wide usage, inventory (include API support), and tenant hygiene (DLP violations and inactive copilots) reports to monitor business impact.
  • Show sensitive labels to the copilot makers and user when responses are grounded using generative answers from SharePoint files.