Microsoft 365 admin center: Agent Ownership Reassignment

🚨 The Signal: Admins can now reassign ownership of shared Copilot agents, transferring full edit, delete, and file access. This centralises agent lifecycle management, reducing orphaned agents and ensuring continuity, but requires careful permission management.

The Impact

Admins and Security Teams are affected by changes to agent ownership, creating a risk of unauthorised access if not managed correctly.

• Admins: Can reassign agent ownership, requiring careful permission management.
• Security Teams: Must monitor agent ownership changes to prevent privilege escalation.
• Former Owners: Lose all access, potentially disrupting workflows if not communicated.
• New Owners: Gain full access, including sensitive files, requiring trust verification.

The Action

1. Establish a formal process for agent ownership reassignment requests.
2. Implement a regular audit of agent ownership and associated permissions.
3. Review existing Copilot Studio and M365 Agents Toolkit policies for agent lifecycle.
4. Educate administrators on the implications of agent ownership transfer, especially regarding data access.
5. Utilise Microsoft Purview to monitor access to files uploaded by agents.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898