Microsoft Copilot (Microsoft 365): Permission details for agents in MAC

🚨 The Signal: New Unified Permissions Management for Microsoft Copilot agents provides a consistent view of required application and delegated permissions, including risk levels. Global Admins can now grant consent directly, enabling AI Admins to deploy agents, enhancing control over agent identities and their access.

The Impact

Global Admins and AI Admins are affected, with a reduced risk of over-privileged Copilot agents due to clearer permission visibility.

• Global Admins: Reduced risk of unintended broad permissions for Copilot agents.
• AI Admins: Streamlined process for deploying Copilot agents with appropriate permissions.
• Security Teams: Enhanced visibility into agent permissions, aiding risk assessment.
• Compliance Teams: Improved auditability of consent decisions for agent access.

The Action

1. Review existing application and delegated permissions for Copilot agents in the Unified Permissions Management interface.
2. Establish a clear internal process for Global Admins to review and grant consent for Copilot agent permissions.
3. Delegate the AI Admin Role to appropriate personnel responsible for Copilot agent deployment.
4. Regularly audit granted permissions for Copilot agents to ensure least privilege is maintained.

Domain: Agentic-AI · Impact: medium · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898