Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
When you create a new agent, the Authenticate with Microsoft authentication option is turned on by default. The agent automatically uses Microsoft Entra ID authentication without requiring any manual setup and only lets you chat with your agent on Teams. However, agent makers in your organization can select the No authentication authentication option to allow anyone with the link to chat with your agent.
You can use data policies to block your agent makers from configuring and publishing agents that aren't configured for authentication to help prevent data exfiltration.
If an enforced data policy applies to this connector, agent makers must configure user authentication with Authenticate with Microsoft or Authenticate manually in Copilot Studio.
For more information about other data policy related connectors, see Configure data policies for agents.
Configure data policy to require authentication in the Power Platform admin center
To configure the data policy to require user authentication, follow these steps:
Sign in to the Power Platform admin center.
On the side navigation, select Security, and then select Data and privacy. The Data protection and privacy page opens.
Select Data policy. The Data policies page opens.
Create a new data policy, or choose an existing data policy to edit:
- If you want to create a new data policy, select New Policy. For detailed instructions, see Create a data policy.
- If you want to choose an existing data policy to edit, select the data policy and select Edit Policy. For detailed instructions, see Edit a data policy.
Select Next. The Add an environment page opens.
- If you want to add an environment to your data policy, select the environment in the Available tab and select Add to policy.
- If you want to remove an environment from your data policy, select the environment in the Added to policy tab and select Remove from policy.
Select Next. The Assign connectors page opens.
Use the search box to find the Chat without Microsoft Entra ID authentication in Copilot Studio connector.
Select the connector's More actions icon (⋮), and then select any of the following options:
- Move to Business
- Block
- Configure connector
Select Next.
If you're a tenant admin, or an environment admin for multiple environments, the Define scope page opens. Select either of the following options:
- Add all environments: Adds all the environment in your entire tenant. This policy automatically applies to any new environment that is created.
- Add multiple environments: Choose the environments to include in this policy.
- Exclude certain environments: Choose the environments to exclude from this policy.
Note
If the policy has a tenant scope, data policy applies to all agents.
Select Next.
Review your policy, then select Create policy if you're creating a new policy or Update policy if you're editing an existing policy.
Confirm data policy enforcement in Copilot Studio
You can confirm that this connector is being used in the data policy from the Copilot Studio web app.
First, open your agent from the environment where the data policy is applied.
If the policy is enforced, you see an error banner with a Details button. To see details, on the Channels page, expand the error link and select the Download button. In the details file, a row appears to describe each violation.
An agent maker can contact their admins with the data loss prevention download spreadsheet details to make appropriate updates to the data policy. Alternatively, the agent maker can update the agent authentication to Authenticate with Microsoft or Authenticate manually (Azure Active Directory or Azure Active Directory v2) in the Authentication configuration page. See Configure user authentication in Copilot Studio.
Authentication options aren't selectable if they don't use Microsoft Entra ID authentication.
