Chia sẻ qua

Data loss prevention example - Block SharePoint and OneDrive knowledge source in copilots

  • Bài viết

Important

Power Virtual Agents capabilities and features are now part of Microsoft Copilot Studio following significant investments in generative AI and enhanced integrations across Microsoft Copilot.

Some articles and screenshots may refer to Power Virtual Agents while we update documentation and training content.

You can use data loss prevention (DLP) policies to prevent copilot authors for connecting to data. Doing so can help prevent data exfiltration.

See Configure data loss prevention for copilots for information about other DLP policy configurations.

Configure DLP to block or configure endpoints using Knowledge source with SharePoint and OneDrive in Copilot Studio connector in Power Platform admin center

Select or create a policy

  1. In the Power Platform admin center, under Policies, select Data policies.

  2. Create a new policy, or choose an existing policy to edit:

    1. If you want to create a new policy, select New policy.

    2. If you want to choose an existing policy to edit, select the policy and select Edit policy.

  3. Enter a name for the policy then select Next. You can change the name later.

Choose an environment

  1. Choose one or more environments to add to your policy.

  2. Select + Add to policy.

  3. Select Next.

Add the connector

  1. Use the search box to find the connector you want to block. You can see connectors that are already blocked on the Blocked tab.

    Screenshot of the Assign connectors page in Power Platform admin center.

  2. Select the connector's More actions menu (), and then select Block.

  3. Select Next.

  4. Review your policy, then select Update policy to apply the DLP changes.

    Screenshot of the review screen when creating a DLP policy.

If admins wants to allow or deny SharePoint endpoints their makers can use as knowledge sources in Copilo Studio, they can use DLP connector endpoint filtering instead of blocking it.

Screenshot of configuring endpoint in DLP policy.

Confirm policy enforcement

You can confirm that this connector is being used in the DLP policy from the Microsoft Copilot Studio.

First, open your copilot from the environment where the DLP policy is applied. Go to the Knowledge tab, select Add knowledge, add a SharePoint and OneDrive knowledge source.

Screenshot to add SharePoint and OneDrive knowledge source.

If the policy is enforced, you'll see an error banner with a Details button after the knowledge is added. On the Channels page, expand error link and select the Download button to see details. Published button is disabled if there is a DLP violation.

Screenshot of the banner that indicates DLP policies are in effect and knowledge SharePoint source is blocked.

In the details file, a row will appear for each violation. If a knowledge source has a DLP violation, a row will appear for the knowledge page and for each generative answers node that uses that knowledge source.

Screenshot of a downloaded excel file showing details of DLP policy violations including HTTP connector.