Microsoft Copilot (Microsoft 365): [Copilot Extensibility] Users in GCC-M will able to use custom engine agents

🚨 The Signal: GCC-M users can now deploy custom Copilot agents. This introduces new risks for data exfiltration and unauthorized access, requiring immediate governance and security policy enforcement for agent identities and data handling.

The Impact

GCC-M organizations are affected, facing a high security risk from uncontrolled custom Copilot agent deployments and potential data exposure.

• Security Teams: Risk of data exfiltration via unapproved agent actions.
• Admins: Risk of uncontrolled agent sprawl and identity management complexity.
• End Users: Risk of interacting with malicious or misconfigured agents.
• Compliance Officers: Risk of non-compliance with data handling regulations.

The Action

1. Define and implement a Copilot agent governance policy, including approval workflows and data access restrictions.
2. Configure Microsoft Entra Conditional Access policies for Copilot agent identities to restrict access to sensitive data.
3. Utilize Microsoft Purview Data Loss Prevention (DLP) policies to monitor and prevent sensitive data exfiltration by custom agents.
4. Regularly audit Copilot agent activity logs in Microsoft Purview and Microsoft Entra for anomalous behavior.
5. Educate users on the risks associated with custom agents and the importance of adhering to organizational policies.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Application Control, Restrict Administrative Privileges · ISM: ISM-0445, ISM-0843, ISM-1175, ISM-1380, ISM-1490, ISM-1507, ISM-1508, ISM-1509, ISM-1544, ISM-1582, ISM-1647, ISM-1648, ISM-1650, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1686, ISM-1688, ISM-1689, ISM-1870, ISM-1871, ISM-1883, ISM-1897, ISM-1898