Microsoft Copilot (Microsoft 365): Frontier and Microsoft agent user request approval flow in Microsoft 365 admin center

🚨 The Signal: Admins can now approve or reject user requests for Microsoft-built Copilot agents via the M365 Admin Center. This centralises agent governance, preventing unauthorised agent use and mitigating AI-related risks.

The Impact

Admins and Security Teams are affected by new controls over AI agent access, reducing the risk of unapproved AI agent deployment.

• Security Teams: Reduced risk from unapproved AI agent use.
• Admins: New approval workflow for Copilot agents.
• End Users: Potential delays in accessing new Copilot agents.
• Organisations: Enhanced control over AI agent deployment and data access.

The Action

1. Review existing AI governance policies for agent approval workflows.
2. Communicate new agent request and approval processes to users and IT staff.
3. Monitor agent requests and approvals in Microsoft 365 Admin Center > Copilot Control System > Agents & Connectors.
4. Define organisational policies for which agents are approved or blocked by default.

Domain: Agentic-AI · Impact: medium · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898