Microsoft Copilot (Microsoft 365): Declarative agents with Actions available in GCC High and DoD

🚨 The Signal: Microsoft 365 Copilot in GCC High/DoD can now execute real-world actions via APIs and plugins. This expands Copilot from Q&A to full task automation, enabling it to interact with external systems and workflows directly from chat.

The Impact

Security teams and administrators are affected by new risks of data exposure and unauthorised actions through Copilot's expanded capabilities.

• Security teams face increased risk of data exfiltration and unauthorised system access.
• Administrators must manage and secure new API connections and plugin configurations.
• Compliance officers need to reassess data governance and audit trails for automated actions.
• End-users could inadvertently trigger sensitive actions if controls are not properly configured.

The Action

1. Review and implement Microsoft Purview Data Loss Prevention (DLP) policies for Copilot interactions.
2. Establish granular access controls and permissions for all Copilot plugins and API connections in Entra ID.
3. Audit existing API plugins and connectors for least privilege and necessity within the M365 admin center.
4. Develop and enforce a Copilot 'Actions' governance policy, including acceptable use and data handling guidelines.
5. Monitor Copilot audit logs in Microsoft Purview for unusual activity or unauthorised actions.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Restrict Administrative Privileges, Multi-Factor Authentication · ISM: ISM-0109, ISM-0123, ISM-0140, ISM-0445, ISM-0974, ISM-1173, ISM-1175, ISM-1228, ISM-1380, ISM-1401, ISM-1504, ISM-1505, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1679, ISM-1680, ISM-1681, ISM-1682, ISM-1683, ISM-1686, ISM-1688, ISM-1689, ISM-1815, ISM-1819, ISM-1872, ISM-1873, ISM-1874, ISM-1883, ISM-1892, ISM-1893, ISM-1894, ISM-1897, ISM-1898, ISM-1906, ISM-1907