8/16/25, 5:06 PM Security FAQs - Microsoft Copilot Studio | Microsoft Learn

Security FAQs for Copilot Studio

04/07/2025

These frequently asked questions (FAQs) are focused on security to help you get answers to
accelerate your adoption and use of Copilot Studio in your organization.

Copilot Studio creates a single-tenant Microsoft

Entra ID app registration on new agent creation.
Existing agents continue to have multitenant
Microsoft Entra ID app registration. Does a
multitenant Microsoft Entra ID app registration for
existing agents pose any security risk?
No, multitenant Microsoft Entra ID app registration doesn't pose any security risk.

Copilot Studio creates one app registration per custom agent to identify it and enable secure
communication with the channels and skills it might use. This app registration doesn't access or
expose any customer data, resources, or any agent information. Copilot Studio stores and
manages the app registration securely and compliantly.

The app registration is for validating and securing calls from Copilot Studio to our Azure Bot
Service resource. Copilot Studio creates and manages the registration for the customer
application. This functionality exists in Bot Framework and Azure Bot Service since 2016.

Any new agents created have single-tenant Microsoft Entra ID app registration. We're
investigating moving existing agents to a single-tenant Microsoft Entra ID app registration in
the future. If you'd like to be notified about this feature, submit your vote for this feature
here .

Microsoft Power Platform has a rich ecosystem of

connectors based on Microsoft Entra ID that allow
authorized Microsoft Entra ID users to build
compelling apps and flows establishing connections
https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-faq 1/5
8/16/25, 5:06 PM Security FAQs - Microsoft Copilot Studio | Microsoft Learn

to the business data available through these data

stores. Tenant isolation makes it easy for
administrators to ensure that these connectors can
be harnessed in a safe and secure way within the
tenant, while minimizing the risk of data exfiltration
outside the tenant. Does Copilot studio support
tenant isolation?
No, Copilot Studio doesn't support tenant isolation.

The default configuration in Power Platform with tenant isolation Off is to allow cross-tenant
connections to be established seamlessly, if the user from tenant A establishing the connection to
tenant B presents appropriate Microsoft Entra ID credentials.

If admins want to allow only a select set of tenants to establish connections to or from their
tenant, they can turn tenant isolation On.

Learn more about cross tenant restrictions

Copilot Studio creates service principal and

certificates in the customer's Microsoft Entra ID
tenant every time a custom copilot is created. What
is the purpose of the service principal and
certificates, and how are they governed?
To let custom copilots communicate with your data sources and services, Copilot Studio creates
an application in your Microsoft Entra ID tenant, along with an associated service principal.

A service principal is an identity that represents an application and allows it to access resources in
your tenant. For security and compliance reasons, Copilot Studio rotates the certificates on a
regular cadence. This rotation means that the service principal gets a new certificate, and the old
one is revoked. This process is automatic and doesn't require any action from you.

https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-faq 2/5
8/16/25, 5:06 PM Security FAQs - Microsoft Copilot Studio | Microsoft Learn

Can I disable Microsoft Copilot Studio agent

creation in my organization?
You can't disable agent creation. Our guidance is to use data loss prevention (DLP) policies to
disable anyone from chatting with that agent.

For more information, see Data loss prevention example - Block channels to disable agent
publish
If you need granular governance controls, submit your feature request here

I'm a Responsible AI Champion or Compliance Lead

in my organization. Where can I find information on
agent security and privacy related to data used by
agents, data used by underlying models in agents,
data protection practices, and moderation of
content before a response is generated from
Copilot?
Microsoft runs on trust. We're committed to security, privacy, and compliance in everything we
do, and our approach to AI is no different.

For more information about how we're protecting your data using industry-leading
compliance, security, and privacy practices, see the FAQ for Copilot data security and privacy
for Dynamics 365 and Power Platform.

What auditing capabilities does Copilot Studio offer

out of the box? How do I request other capabilities
if needed?
You're an IT administrator in a Fortune 1000 organization. You want to govern custom copilots
built by makers within your organization. To truly democratize Copilot Studio in your organization,
you need detailed auditing capabilities. For example, ask the following questions:

Who built a custom copilot?

https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-faq 3/5
8/16/25, 5:06 PM Security FAQs - Microsoft Copilot Studio | Microsoft Learn

Are there any co-owners?

Are public endpoints for generative answers available?
Who configured or changed a copilot?

As an administrator, you can use out-of-the-box auditing capabilities of Copilot Studio to secure
and govern your environments. Sign in to Microsoft Purview compliance portal and use filters
to identify specific audited events and activities.

If you're looking for more auditing events or fields, submit your product idea .

How can I control generative AI capabilities in

Copilot Studio?
You're a Power Platform admin in your organization. As part of your role, you need to selectively
allow access to generative AI capabilities in Copilot Studio to makers across environments.

Copilot Studio provides granular and tenant-level governance controls for custom agents in your
organization. Use the Power Platform admin center to:

Make publishing of custom agents available or unavailable, at the tenant level.

Control whether custom agents can use public URLs as knowledge sources, at the
environment level.
Allow data movement across geographic locations for generative AI features, at the
environment level.

If you're looking for more granular controls to govern custom agents, submit your product idea .

How do I enforce access to knowledge sources

across my environments?
As an environment administrator for Power Platform in your organization, you need to control
which knowledge sources are available to makers when they build custom agents. For example,
you want makers in your default environment to only upload files or use specific sites as
knowledge sources when building custom agents.

Copilot Studio offers granular control to enable or disable specific knowledge sources using data
policies in Power Platform admin center. You can configure data policies to control usage of

https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-faq 4/5
8/16/25, 5:06 PM Security FAQs - Microsoft Copilot Studio | Microsoft Learn

SharePoint, public websites, or documents as knowledge sources. You can then apply these
policies at the environment level or tenant level.

Does Copilot Studio offer data at rest encryption?

Your conversations might contain sensitive information and you would like to protect such
information by encrypting it using customer-managed keys (CMK).

Copilot Studio lets you turn on CMK. For more information, see Manage your customer-managed
encryption key. When CMK is turned on for the Copilot Studio environment, all Copilot Studio
data is encrypted using the customer's key. The customer can cycle keys or turn off CMK as
needed.

How does Copilot Studio ensure responses from

confidential sites aren't visible to people who aren't
allowed to see such information?
You can configure custom agents to access multiple internal sites, some of which contain
confidential information that only certain authenticated users can access.

Copilot Studio is secure by default. The system tailors its responses based on who is speaking to
it, and the permissions they have. Copilot Studio supports sensitivity labels to prevent
oversharing. It also supports data loss prevention endpoint filtering for SharePoint knowledge
sources.

https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-faq 5/5