Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
When you create a new agent, the Authenticate with Microsoft authentication option is turned on by default. The agent automatically uses Microsoft Entra ID authentication without requiring any manual setup and only lets you chat with your agent on Teams. However, agent makers in your organization can select the No authentication authentication option to allow anyone with the link to chat with your agent.
You can use data policies to block your agent makers from configuring and publishing agents that aren't configured for authentication to help prevent data exfiltration.
If an enforced data policy applies to this connector, agent makers must configure user authentication with Authenticate with Microsoft or Authenticate manually in Copilot Studio.
For more information about other data policy related connectors, see Configure data policies for agents.
Configure data policy to require authentication in the Power Platform admin center
Select or create a data policy
In the Power Platform admin center, under Policies, select Data policies.
Create a new data policy, or choose an existing data policy to edit:
- If you want to create a new data policy, select New policy.
- If you want to choose an existing data policy to edit, select the data policy and select Edit policy.
Enter a name for the data policy then select Next. You can change the name later.
Choose an environment
- Choose one or more environments to add to your data policy.
- Select Add to policy.
- Select Next.
Add the connector
Use the search box to find the Chat without Microsoft Entra ID authentication in Copilot Studio connector.
Select the connector's More actions icon (⋮), and then select Block.
Select Next.
If you're a tenant admin, or an environment admin for multiple environments, you see the Scope step. Choose one or more environments that your data policy applies to.
Note
If the policy has a tenant scope, data policy applies to all agents.
Review your policy, then select Update policy to apply the data policy changes.
Confirm policy enforcement in Copilot Studio
You can confirm that this connector is being used in the data policy from the Copilot Studio web app.
First, open your agent from the environment where the data policy is applied.
If the policy is enforced, you see an error banner with a Details button. To see details, on the Channels page, expand the error link and select the Download button. In the details file, a row appears to describe each violation.
An agent maker can contact their admins with the data loss prevention download spreadsheet details to make appropriate updates to the data policy. Alternatively, the agent maker can update the agent authentication to Authenticate with Microsoft or Authenticate manually (Azure Active Directory or Azure Active Directory v2) in the Authentication configuration page. See Configure user authentication in Copilot Studio.
Authentication options aren't selectable if they don't use Microsoft Entra ID authentication.
