π Introduction
Hey techies! π¨π»π©π»
In this blog post, let’s deep-dive into something that’s becoming super critical in enterprise-level Power Platform implementations—Data Loss Prevention (DLP) policies for knowledge sources in Copilot Studio agents.
Whether you're building conversational agents with Microsoft Copilot Studio or managing environments via the Power Platform admin center, securing your data sources is non-negotiable. Especially with knowledge integration from SharePoint, OneDrive, or public websites, it becomes necessary to apply strict DLP controls to prevent accidental data leaks.
Let’s walk through how to configure DLP policies to govern which connectors (aka knowledge sources) can be used by Copilot Studio agents.
π What is a DLP Policy in Power Platform?
DLP (Data Loss Prevention) policies help you control the flow of organizational data. They prevent users from connecting apps and flows to unapproved services or connectors that might lead to data exfiltration.
And now with the rise of Copilot agents consuming external knowledge, DLP policies can also block or allow specific knowledge sources across environments.
π οΈ Steps to Configuring DLP Policy for Agent Knowledge Sources
π Step 1. Open Power Platform Admin Center
Navigate to Power Platform Admin Center and head to:
![Power platform Admin Center]()
On the left side of the menu, click Security and then select Data protection and privacy.
![Security]()
Data policy
![Data policy]()
Here, you can either create a new policy or edit an existing one.
- To create a new policy, click on New policy.
- To edit an existing one, select it and click Edit policy.
βοΈ Give your policy a clear name, e.g., CopilotKnowledgeDLP, so it’s easy to identify later.
![CopilotKnowledgeDLP]()
Click next, and then we will see the available connectors.
![Available connection]()
π Step 2. Add and Configure Knowledge Source Connectors
In the connectors section, use the search bar and type "Knowledge source". You’ll typically see these connectors:
- Knowledge source with SharePoint and OneDrive in Copilot Studio
- Knowledge source with public websites and data in Copilot Studio
- Knowledge source with documents in Copilot Studio
![Assign connectors]()
You have three options:
- Move to Business: Allow in approved context.
- Block: Completely restrict.
- Configure Connector: Apply endpoint-level restrictions.
![Assign connectors]()
β
Pro Tip: If you want to allow only specific SharePoint URLs, use DLP connector endpoint filtering instead of outright blocking.
Once done, click Next.
π Step 3. Choose Environment(s)
- Select the environments where this policy should apply.
- Click Add to policy and then hit Next.
β οΈ Tip: You can apply DLP to multiple environments, like Dev, UAT, and Production, in one go.
![Define scope]()
π Step 4. Review & Apply
Double-check all your changes.
Then hit Update/Create policy to save and enforce the configuration.
![]()
β
Confirming the DLP Policy Enforcement in Copilot Studio
Worried if the policy is really applied?
Here's how to verify it directly in Copilot Studio:
- Open your agent from the environment where DLP is applied.
- Navigate to the Knowledge tab.
- Try to add a restricted knowledge source (e.g., a blocked SharePoint site).
If the connector is blocked or filtered, you'll see:
- A red error banner
- A disabled Publish button
- Option to download details with full error logs
Each violation is logged with a row indicating:
- The affected knowledge page
- Any generative answers node that references the restricted knowledge source
π§ Real-World Scenario: Why This Matters
Let’s say you're working in a BFSI or healthcare domain. You don’t want your Copilot agents fetching data from unauthorized SharePoint sites or public blogs, right?
That’s exactly where DLP connector filtering plays a crucial role. It lets you empower your citizen developers without compromising compliance or security.
| Step |
Action |
| 1 |
Open Power Platform Admin Center |
| 2 |
Create or Edit DLP Policy |
| 3 |
Choose Environments |
| 4 |
Add Knowledge Source Connectors |
| 5 |
Allow, Block, or Filter |
| 6 |
Confirm from Copilot Studio |
π‘ Final Thoughts
DLP isn't just for Power Automate or Power Apps anymore—Copilot Studio needs it too! π―
As more organizations adopt AI agents to automate business interactions, governance becomes critical. So, always remember to lock down what your agents can access—before someone else does.
Have you implemented DLP policies in your Power Platform tenant yet? Drop your thoughts or queries in the comments below. π