Data loss prevention for copilots

Building powerful copilots is fast and easy. You can connect them to various data sources, including external ones like social networks.

However, be cautious! These connections could lead to unintended data exposure. This could happen through leaks or by connecting to unauthorized services or audiences.

Thankfully, admins can control copilots within your organization. They can use Data Loss Prevention (DLP) policies with existing connectors and those found in the Copilot Studio admin center. DLP policies are created in the Power Platform admin center.

Copilot Studio connectors

In the Power Platform admin center, when reviewing data loss prevention (DLP) policies, Copilot Studio connectors can be categorized into specific data groups.”

• Business
• Non-business
• Blocked

By utilizing connectors within Data Loss Prevention (DLP) policies, you can safeguard your organization’s data against both malicious and unintentional data exfiltration by Copilot makers.”

Important

By default, DLP enforcement for copilots is disabled in all tenants.

The following Copilot Studio connectors are available in the Power Platform admin center.

1. Application Insights in Copilot Studio: Block copilot makers from connecting copilot with Application Insights.
2. Chat without Microsoft Entra ID authentication in Copilot Studio: Block copilot makers from publishing copilots that aren’t configured for authentication. Copilot users will require authentication to chat with the copilot.
3. Direct Line channels in Copilot Studio: Block copilot makers from enabling or using Direct Line channel.For example, the Demo website, Custom website, Mobile app, and other Direct Line channels would be blocked.
4. Facebook channel in Copilot Studio: Block copilot makers from enabling or using the Facebook channel.
5. Knowledge source with SharePoint and OneDrive in Copilot Studio: Block copilot makers from publishing copilots configured with SharePoint and OneDrive as a knowledge source.
6. Knowledge source with public websites and data in Copilot Studio: Block copilot makers from publishing copilots configured with public websites as a knowledge source.
7. Knowledge source with documents in Copilot Studio: Block copilot makers from publishing copilots configured with documents as a knowledge source.
8. Microsoft Teams channel in Copilot Studio: Block copilot makers from enabling or using the Teams channel.
9. Omnichannel in Copilot Studio: Block copilot makers from enabling or using the Omnichannel channel.
10. Skills with Copilot Studio: Block copilot makers from using skills in Copilot Studio copilots.

Securing Copilots: Enabling and Managing DLP with PowerShell

The PowerAppDlpErrorSettings and PowerVirtualAgentsDlpEnforcement cmdlets give you granular control over Data Loss Prevention (DLP) for your copilots. Here’s what you can do:

• Check DLP Status: Verify if DLP is currently enabled for copilots in your tenant.
• Enable DLP with Audit Mode: Turn on DLP in “soft mode” using the -Mode SoftEnabled flag. This allows copilot makers to see DLP errors without blocking their actions. It’s ideal for testing and familiarization.
• DLP Enforcement: Enable full DLP enforcement. This displays DLP errors and prevents copilot makers from publishing bots with DLP violations or configuring related settings.
• Exempt Specific Copilots: Grant exceptions to specific copilots, allowing them to bypass DLP enforcement.
• Customize DLP Messaging: Update the “learn more” and “contact email” links displayed to copilot makers encountering DLP issues within Copilot Studio (web and Teams apps).

Important

Before using the PowerShell cmdlets, or the example scripts shown here, ensure you install the following modules using PowerShell.

• Microsoft.PowerApps.Administration.PowerShell
• Microsoft.PowerApps.PowerShell -AllowClobber

Update Copilot DLP Learn More and Contact Email Links

Use Set-PowerAppDlpErrorSettings to set custom links for copilot makers to get help with DLP errors.

The first time you want to configure the email and learn-more link, use the following PowerShell script. Replace <email>, <URL>, and <tenant ID> with your specific information.

$ContactDetails = [pscustomobject] @{

Enabled=$true

Email=”<email>”

}

$ErrorMessageDetails = [pscustomobject] @{

Enabled=$true

Url=”<URL>”

}

$ErrorSettingsObj = [pscustomobject] @{

ErrorMessageDetails=$ErrorMessageDetails

ContactDetails=$ContactDetails

}

New-PowerAppDlpErrorSettings -TenantId “<tenant ID>” -ErrorSettings $ErrorSettingsObj

To update an existing configuration, use the same PowerShell script, and replace New-PowerAppDlpErrorSettings with Set-PowerAppDlpErrorSettings.

Confirm DLP enforcement for copilots

By default, DLP enforcement for copilots is disabled in all tenants.

To see if DLP is currently enabled for copilot studio in your specific tenant, you can run the following PowerShell cmdlet:

Get-PowerVirtualAgentsDlpEnforcement -TenantId <tenant ID>

Note: If you haven’t configured Copilot Studio DLP, the results from the cmdlet will be empty.

Enable DLP Auditing for Copilot Studio Web and Teams Apps

Enable DLP auditing mode with the following PowerShell command. This lets copilot makers see potential DLP errors while configuring copilots in Copilot Studio (web and Teams apps). Importantly, no actions will be blocked, and copilot makers can still publish their creations.

Set-PowerVirtualAgentsDlpEnforcement -TenantId <tenant ID> -Mode SoftEnabled

Enable DLP enforcement for copilots

You can run the following PowerShell command to enforce DLP policies in Copilot Studio. Copilot makers will be prevented from performing DLP-impacted actions, and end users will see errors if they trigger.

Set-PowerVirtualAgentsDlpEnforcement -TenantId <tenant ID> -Mode Enabled -OnlyForBotsCreatedAfter <date>

Exempt a bot from DLP policies

If you’ve enabled DLP enforcement, but a specific copilot shouldn’t trigger errors for makers or end-users, use this PowerShell script. Just replace:

• <environment ID>: Your copilot’s environment ID (found in the copilot URL).
• <bot ID>: The ID of the copilot you want to exempt.
• <tenant ID>: Your tenant ID (found in the Microsoft Entra ID).
• <policy ID>: The ID of the specific DLP policy causing errors (found in the Copilot Studio download details).

$environmentId = “<environment ID>”

$botId = “<bot ID>”;

$tenantId = “<tenant ID>”

$policyName = “<policy ID>”

# Ensure the DLP commands are installed

if (-not (Get-Command “Get-PowerAppDlpPolicyExemptResources” -ErrorAction SilentlyContinue))

{

Write-Host “Please ensure the Power Apps DLP commands are available: https://docs.microsoft.com/power-platform/admin/powerapps-powershell#environments-commands” -ForegroundColor Red

return;

}

# Set up the PVA resource information

$pvaResourceId = “$environmentId+$botId”

$pvaResourceType = “Bot”

$exemptBot = [pscustomobject]@{

id = $pvaResourceId

type = $pvaResourceType

}

Write-Host “Getting exempt resources”

$resources = Get-PowerAppDlpPolicyExemptResources -TenantId $tenantId -PolicyName $policyName

if (-not $resources)

{

$resources = [pscustomobject]@{  exemptResources = @($exemptBot) }

Write-Host “No exempt resources configured yet”

}

$resources = New-PowerAppDlpPolicyExemptResources -TenantId $tenantId -PolicyName $policyName -NewDlpPolicyExemptResources $resources

Write-Host “Added bot to exempt resources”

Disable DLP enforcement for copilots

The following command will disable DLP enforcement in copilots.

Set-PowerVirtualAgentsDlpEnforcement -TenantId <tenant ID> -Mode Disabled

Data loss prevention example – Require end-user authentication in copilots

By default, new copilots come with built-in Microsoft Entra ID authentication for “Authenticate with Microsoft.” This means your copilot can automatically chat with you on Teams without any extra setup. However, copilot creators can choose No authentication , allowing anyone with the link to chat with the copilot.

You can use data loss prevention (DLP) policies to block your copilot makers from configuring and publishing copilots that aren’t configured for authentication to help prevent data exfiltration.

Enable DLP Authentication in Power Platform Admin Center

create a policy

·         In the Power Platform admin center, under Policies, select Data policies.

·         Create a new policy

Use the search box to find the Chat without Microsoft Entra ID authentication in Microsoft Copilot Studio connector

·         Select the connector’s More actions menu (⋮), and then select Block.

·         Select Next.

·         Choose one or more environments that your DLP policy will apply to.

Review your policy, then select Update policy to apply the DLP changes.

Confirming Data Loss Prevention Policy Enforcement (Copilot Studio)

To verify whether this connector is being used in the Data Loss Prevention (DLP) policy, follow these steps in the Microsoft Copilot Studio web app:

1. Open Copilot from the environment where the DLP policy is applied.
2. If the policy is enforced, you’ll see an error banner with a “Details” button.
3. On the “Channels” page, expand the error link and select the “Download” button to view the details.

In the details file, a row will appear describing the violation.

Copilot makers can reach out to their administrators with the DLP download spreadsheet details to make necessary updates to the DLP policy. Alternatively, Copilot makers can update the authentication method for Copilot to either ‘Authenticate with Microsoft’ or ‘Authenticate manually’ (using Azure Active Directory or Azure Active Directory v2) on the Authentication configuration page.

Note that authentication options not relying on Microsoft Entra ID authentication will not be available for selection.

Data loss prevention example – Block SharePoint and OneDrive knowledge source in copilots

create a policy

·         In the Power Platform admin center, under Policies, select Data policies.

Create a new policy

·         Enter a name for the policy then select Next.

·         Use the search box to find the connector Knowledge source with SharePoint and OneDrive in Copilot Studio you want to block.

·         Select the connector’s More actions menu (⋮), and then select Block.

·         Select Next.

·         Review your policy, then select Update policy to apply the DLP changes.

1.    If admins wants to allow or deny SharePoint endpoints their makers can use as knowledge sources in Copilo Studio, they can use DLP connector endpoint filtering instead of blocking it.

Confirm policy enforcement

To verify that this connector is being utilized in the DLP policy, follow these steps in Microsoft Copilot Studio:

• Open Copilot from the environment where the DLP policy is applied.
• Navigate to the Knowledge tab.

• Select Add knowledge.
• Add a SharePoint and OneDrive knowledge source.

If the policy is enforced, you’ll see an error banner with a Details button after the knowledge is added. On the Channels page, expand error link and select the Download button to see details. Published button is disabled if there is a DLP violation.

In the details file, each violation corresponds to a row. If a knowledge source triggers a DLP violation, there will be a row for the knowledge page and for each generative answers node that utilizes that knowledge source.

About the Author

Khurram Hafeez

Reference:

Hafeez, K (2025). Data loss prevention for copilots. Available at: Data loss prevention for copilots | LinkedIn [Accessed: 27th March 2025].