Data loss prevention has existed in Power Platform for a long while, and much longer than since Power Virtual Agents became Copilot Studio in the era of Generative AI. With the enhancements being so regularly made to Copilot Studio and the advancements we're seeing being made in AI, specifically with vendors releasing agentic capabilities, we see a new set of challenges to approach when it comes to governance and providing makers with a set of tools that are safe to use and don't create scope for data leakage or security vulnerabilities.
In this blog post, I'll highlight some of the things you'll need to explore when you're ready to enable your organisations makers with agentic capabilities through Copilot Studio. This article primarily assumes you are at the start of your journey rolling out Copilot Studio. You can use the modules we'll reference in this post to also identify agents that already have DLP enforced.
Enable DLP enforcement for agents
Data loss prevention isn't enforced for agents in the tenant by default, so it's key that we configure this otherwise the policies we create won't have any effect on our agents or the maker experience in Copilot Studio.
First you'll need to ensure the following PowerShell modules are installed, as we use these to enable DLP enforcement for the tenant. You'll also need to be a tenant administrator for Power Platform to use the cmdlets.
- Microsoft.PowerApps.Administration.PowerShell
- Microsoft.PowerApps.PowerShell -AllowClobber
If you don't have administrative rights on your device, you can attempt to install the modules adding -Scope CurrentUser to the command.
Authenticating
Let's get signed in so we can use the cmdlets in these modules. Run Add-PowerAppsAccount to get started.
This should open a sign in prompt for you to authenticate using. Sign in using your credentials that have the tenant admin role assigned.
Update learn more and admin contact email links
When makers try to publish an agent or if they come across another scenario in the Power Platform where an object like a flow or app breaches a DLP policy, blocking it, they are presented with an error and a short amount of information. In this text we can include an email address to an admin or support mailbox, and a learn more link which could point to our internal knowledge base for Power Platform, low-code tools or perhaps agentic tools.
I'd recommend completing this step before enforcing DLP for agents so that users aren't provided with no information or resolution when capabilities don't work as expected. In contrast, if you don't have these resources setup yet to reference a link, it is still key to place security and governance first in enabling makers with a safe platform and hence if people already have access to the tools, enforcing DLP is key.
To update the DLP error message to include custom learn more and contact links we can use this script:
$ContactDetails = [pscustomobject] @{
Enabled=$true
Email="<email>"
}
$ErrorMessageDetails = [pscustomobject] @{
Enabled=$true
Url="<URL>"
}
$ErrorSettingsObj = [pscustomobject] @{
ErrorMessageDetails=$ErrorMessageDetails
ContactDetails=$ContactDetails
}
New-PowerAppDlpErrorSettings -TenantId "<tenant ID>" -ErrorSettings $ErrorSettingsObjPowerShell script for adding learn more and contact links for DLP error message in Power Platform
Replace the email, URL and tenant id in the "" in the script above replacing the <> to execute on your tenant. Then, once you've executed the script you should get the error message and contact details returned that have been set.
Soft or 'auditing' enforcement of DLP policies for agents
Next we can start by taking a soft or auditing enforcement approach to DLP policies. This may work for your organisation but if it doesn't you can go ahead with just enforcing DLP for agents completely using the 'Enabled' mode. If you haven't given your makers capabilities with Copilot Studio to build agents yet, it may be wise just to enable DLP completely so you don't end up providing them with capabilities that you'll potentially remove at some point, preventing loss of time and investment in solution builds.
The soft or auditing approach to enforcement will present DLP errors to users when they complete actions which breach DLP policies, but it won't prevent them from publishing agents or from using them. To use auditing mode, run the following command:
Set-PowerVirtualAgentsDlpEnforcement -TenantId <tenant ID> -Mode SoftEnabledPowerShell command for enabling soft or auditing mode for DLP in Copilot Studio
Enhancing DLP policies for Copilot Studio
You may already have DLP policies configured for Power Platform in your organisation. There are a number of features in Copilot Studio which we can control using DLP in Copilot Studio that we'll focus on here. The below 'connectors' can be moved into blocked, business or non-business in DLP policies to prevent usage in various scenarios.
Application Insights in Copilot Studio
This prevents makers from connecting agents with Application Insights. It is possible to create cross-tenant connections using the Application Insights integration which could result in data leakage. It is recommended to only enable this connector/feature in specific environments which perhaps have a business case for building a specific solution that is perhaps a larger t-shirt size through being more complex or larger.
Chat without Microsoft Entra ID authentication in Copilot Studio
This prevents makers from publishing agents which don't use Entra ID for authentication in Copilot Studio. I recommend blocking this in maker productivity environments. The majority of productivity use cases for agents will be published to Microsoft Teams, Power Apps or Microsoft 365 Copilot for makers attempting to streamline some of their personal or team workflows. Where there is a need for other authentication options this is perhaps a time to consider the need for a business case, and triaging of a solution with an assessment of some sort perhaps.
Direct Line Channels in Copilot Studio
This allows you to block agent makers from enabling or using direct line channels in Copilot Studio. This includes things like the demo website, custom websites, mobile apps and other direct line channels. I recommend blocking this in maker environments focused on simple productivity uses.
Facebook channel in Copilot Studio
This allows you to block makers from publishing agents to the Facebook channel. I recommend blocking this tenant wide and allowing on a specific use case basis for example perhaps in contact centre extensibility scenarios.
Knowledge source with SharePoint and OneDrive in Copilot Studio
This allows you to block makers from publishing agents that use SharePoint as a knowledge source. This 'connector' or feature blocker also supports blocking or allow listing specific SharePoint sites using endpoint filtering in DLP.
Knowledge source with documents in Copilot Studio
This allows admins to prevent makers from publishing agents with documents uploaded as a knowledge source.
Knowledge source with public websites and data in Copilot Studio
This allows admins to prevent makers from publishing agents with public websites configured as a knowledge source. Block this if you don't want public websites to be referenced in supporting agent responses in your organisation.
Microsoft Copilot Studio
This one isn't overly descriptive on the tin and is a little confusing. This is in fact a connector hence it being a bit confusing against the feature controls. This is the connector that enables us to implement autonomous capabilities in agents within Copilot Studio. Block this to prevent publishing of autonomous agents or use the business and non-business categories to separate business data or non-business data from use with autonomous capabilities.
Microsoft Teams channel in Copilot Studio
This allows admins to prevent makers from publishing agents to Microsoft Teams. There are additional policies within Microsoft Teams to control the publishing and wide sharing of Teams apps.
Omnichannel in Copilot Studio
This allows admins to prevent makers from publishing agents to the Omnichannel channel in Copilot Studio. I'd recommend blocking this in maker productivity environments. There is only a need for this in a contact centre scenario which will normally be specific to large departments IT units or organisation wide IT or Customer Service units.
Skills with Copilot Studio
Skills allow agents in Copilot Studio to be extended with bot framework. To prevent this block this feature.
So that's a lot of capability makers have in Copilot Studio, that luckily Microsoft let us control using data loss prevention policies in Power Platform.
Consider carefully how you will configure your DLP policies. Think about strategies that align with your environment strategy closely. Do you have maker productivity environments, developer environments perhaps? Do you use specific environments for phased rollouts of new functionality in your organisation which you can leverage DLP to achieve?
Enforce DLP for agents
Now let's look at the command we need to run to properly enforce DLP policies for makers building agents in Copilot Studio.
Set-PowerVirtualAgentsDlpEnforcement -TenantId <tenant ID> -Mode Enabled -OnlyForBotsCreatedAfter <date>PowerShell command for enforcing DLP for agents in Copilot Studio
You can supply the last parameter with a date if you'd like to only enforce DLP against agents created after that specific date, otherwise remove this parameter from the command.
Maker experience
Now let's observe the maker experience in Copilot Studio. I've got an agent here that breaches my DLP policy currently.
So that's all for data loss prevention in Copilot Studio for now! Stay tuned for more posts upcoming on all things Copilot, and AI!
Updates coming soon
There are soon updates coming to the way DLP is enforced for Copilot Studio agents. Microsoft are moving from organisations having to enforce DLP for agents to this being enforced automatically. This change will happen through a staged process starting January 2025, and finishing up in Feburary. Check out the message in the Microsoft 365 Admin Centre via MC973179. As part of this change, the PowerShell cmdlets in this post will be removed. I will update the post when the changes have been rolled out.