Microsoft Delivers In-Depth View of Security, Governance Functions in Copilot Control System
As AI agents and copilots proliferate within companies, key software vendors are stepping up with tools and guidance to help those same companies secure and govern their growing AI deployments.
Last week, Microsoft outlined and demonstrated a number of controls it currently offers, or will soon offer, under the umbrella of the Copilot Control System, which incorporates several management and governance tools for Copilot Studio, during a Copilot Control System “deep dive” virtual event.
These complement Purview features Microsoft recently outlined for locking down AI apps and use cases.
Managed Security for Copilot Studio and Agents
In the category of managed security, Microsoft officials detailed six functions which are summarized then outlined in greater detail below
- Security Hub
- Advanced connector policies
- Risk management with sharing limits
- Microsoft Information Protection (MIP) for Dataverse
- MIP for Agents
- Agent Protection Status in Copilot Studio
Security Hub provides a single pane of glass for visibility into Copilot Studio, along with other key Power Platform components, while also providing access to a wide range of security capabilities to deliver enterprise security management at scale. This hub gives a comprehensive overview of a company’s security posture, along with recommendations on how to improve that posture.
Advanced Connector Policies (in public preview) are used to control the data sources that agents can access and define how those agents connect with the outside world as well as internal data sources. For instance, they can be used to define whether an individual can connect to a specific SharePoint instance or external data stores.
Advanced Connector Policies are “a critical pillar in what you want to think about as an IT admin when it comes to securing and governing your agents. It starts by deciding what is the kind of information that I want to allow my agents to be built with,” said Mik Ferland, principal product manager for Microsoft Power Platform.
Risk management with sharing limits is used to control and set sharing limits for agents, such as number of editors and number of viewers authorized for individual agents. “We can even go more granular in deciding what kind of permissions we want to grant users…Do I want to share this agent just as a viewer? So that means I would only be able to interact with the agent, or do I also want to share the agent with edit access so that the individual can contribute and edit and play around with the agents?” Ferland said.
MIP for Dataverse is designed to help users and admins discover sensitive data in Dataverse, a critical consideration since Dataverse is a widely used data source for applications and agents.
MIP for Agents (in preview) will provide protection for a range of knowledge sources and also provide visibility and compliance into agents for both those creating agents and those using them. In preview mode is the capability to label sensitive data such as highly confidential information in a medical record — MIP would label that appropriately. The sensitivity label assigned to the data or record will come through when the agent requests it.
Agent Protection Status in Copilot Studio (in preview) gives a clear indication for those creating agents about potential risks, reflects risks that have been detected (such as users interacting with agents or data in inappropriate or unauthorized ways), and provides guidance on remediation paths. It’s a comprehensive assessment of whether an agent is protected and opportunities to improve protection levels. It’s built directly into Copilot Studio.
Managed Governance
For governance, Microsoft outlined five features and their current status, summarized then detailed below:
- Personal development playgrounds
- Environment groups
- Maker (creator/user) onboarding controls
- Agent Inventory
- Copilot Hub
Personal Development Playgrounds serve as isolated environments where anyone can safely build secure, governed agents and not overlap or interfere with other agents. The level of isolation makes it easier to secure and govern agents.
Environment groups allow admins to govern in bulk, applying settings and policies at scale in all environments. With governing in bulk, they can, for example, place thousands of environments within a group for strong controls with less administrative burden.
Maker onboarding controls complement personal development environments, allowing admins or IT pros to create and display a custom welcome message to Copilot Studio users and coach individuals on how to get started while, at the same time, operating within security and compliance requirements as well as established guardrails.
Agent inventory (in limited preview) gives full visibility into the volume of agents being created and used and where, a nod to the fact that IT can’t govern what it can’t see. It provides the first view into the full breadth of agents being built and used within a company.
Copilot Hub is an AI equivalent to the Power Platform Admin Center, playing an aggregation role for viewing and accessing security capabilities. It helps admins stay up to date with the latest developments, review settings and policies, and perform fine-tuning to secure and govern agents across the company while gaining visibility into usage/adoption, cost, and ROI.
AI Agent & Copilot Summit NA is an AI-first event to define the opportunities, impact, and outcomes possible with Microsoft Copilot for mid-market & enterprise companies. Register now to attend AI Agent & Copilot Summit in San Diego, CA from March 17-19, 2026.
