Copilot agent governance challenges
Table of contents
Copilot agents are all the rage, but what are some things you need to consider before you roll them out in your organization? We asked Microsoft MVPs “What are some challenges you’ve faced with Copilot agent governance?” Check out their answers in the video below and read their answers in this blog post.
Copilot agent governance is quite complex – Kas Nowicka
The main issue with Copilot agents is governance. As the saying goes, “With great power comes great responsibility.” You need proper governance in Power Platform—things like using the admin center, audit logs, sensitivity labels, and data loss prevention. Also, separate environments for testing and production help prevent issues.
It’s quite complex and it’s quite difficult. So there’s plenty of different things that has to happen to really, truly govern agents. I would say don’t let them overstep. Try smaller, let’s say tasks, automations, and then grow gradually. That’s my advice to you.

Control the creation of Copilot agents – Gokan Ozcifci
You just have to make sure that you control the creation as well, the modification as well as the deletion, because anyone with member rights in a document library can go and modify or create, or delete an agent. So that’s the first thing that you have to take care of.
Second, and which I think is the most important one, is about the behavior of how the agents would react. People often don’t understand how to configure agent behavior. They skip over key instructions about how precise or friendly the agent should be, or how it should get its information. Proper instruction is vital to get the most out of your agent.

Admins getting trained and learning how to use Copilot agents – Vlad Catrinescu
From a Copilot agent governance perspective, it has been quite challenging to figure out how many agents do we have? Are they actually used or not? Are they approved or not on my SharePoint site? So, it has been really, really important for admins to understand how agents work, especially the difference between agents in SharePoint, which are that .agent file, and then agents made using Power Platform tools such as Copilot studio that show up differently in the Microsoft 365 Admin center.
We’re just getting started with those Copilot agent governance tools that Microsoft announced at the Microsoft 365 Community Conference. So it’s been challenging, but we now have the tools. It’s just a matter of admins getting trained and learning how to use them.

People creating too many “Hello World” Copilot agents – Antonio Maio
So when you start working with agents in Microsoft 365, some of the Copilot agent governance challenges we see is people creating many agents just to try the solution, and you end up with a hundred “Hello world” agents. So getting a handle on where people are using agents throughout your environment is a challenge. One of the capabilities we’ve seen come out just recently is, DSPM for AI in Microsoft Purview or Data Security Posture Management for AI. That’s now providing you with a great console that actually shows you the Copilot agents that have been created in your environment.

Who has access and who is creating Copilot agents – Frane Borozan
The main challenge with Copilot agent governance is that we don’t know who has access and who is creating those agents. So the main thing should be, from the governance perspective, is to discover where exactly these agents are in our tenant.

Use concrete prompts for Copilot agents – Martin Rovekamp
If you’re creating your own agents, there are some restrictions regarding responsible AI. Don’t use descriptions like “You are the assistant of someone and will rephrase something.” Just make it concrete that “You will support someone to do something.” That will be more effective, and you won’t be blocked by responsible AI.

Would you like to hear more?
It was great hearing what Microsoft MVPs had to say about Copilot agent governance. You can also check out other MVP videos about:
- Whether Copilot agents will help increase the adoption of Microsoft Copilot
- What is the most underrated feature of Microsoft Copilot?
- What does Microsoft 365 Governance mean to you?
Thank you to all the Microsoft MVPs for their expert insights!