Unlocking enterprise AI extensibility at Microsoft with Microsoft Copilot Studio

Microsoft 365 Copilot extensibility is a revolutionary new framework for advancing enterprise AI. By creating their own agents, individuals and teams can customize Copilot’s behavior with additional instructions, grounding, and actions, all while providing a clear and discoverable entry point in the tool’s user interface.

These agents help employees reach beyond Microsoft Graph and Microsoft 365 applications to do their work more thoroughly and efficiently. By empowering users to experiment with AI-driven assistance and capabilities internally at Microsoft, we’re unlocking efficiency, process automation, and data-driven insights tailored to specific individuals’ or teams’ needs.

One tool is making Copilot extensions accessible to more employees than ever before: Microsoft Copilot Studio.

This low-code solution makes it possible for both technical and non-technical users to create their own agents and tailor Copilot’s capabilities to their work. At Microsoft Digital, the company’s IT organization, we’re the first to implement Copilot Studio and develop a methodology for empowering our employees to create while establishing guardrails to keep our organization’s data safe.

As a result, we’ve built best practices that help us protect employees while enabling helpful agents—from individualized tools to organization-wide utilities. We’ve also learned lessons that can help customers navigate their own Copilot Studio journey.

Extending enterprise AI with Microsoft Copilot Studio

Microsoft Copilot Studio, a part of Microsoft Power Platform, empowers employees to build their own agents or use them to extend Microsoft 365 Copilot’s value. It uses the same low-code connector model as Power Platform to power actions through first-party and third-party services.

As a result, users can create their own agents tailored to specific professional needs and business functions. These agents can narrow the focus of knowledge within the Microsoft 365 Graph, reach outside of it, and even take actions.

There are several ways to create agents. They range from simple natural language queries in Copilot Studio agent builder through Copilot Chat in Microsoft Teams and SharePoint to the full-featured Copilot Studio graphical authoring environment to a combination of Copilot Studio and Azure AI.

“Copilot Studio is a way for a non-technical person to spin up an agent quickly,” says Amy Rosenkranz, principal product manager responsible for Copilot extensibility internally at Microsoft. “You can pull from a SharePoint site, from a graph connector, or from the web, and so employees are using it to tailor their experience to their business process.”

Building agents with Copilot Studio

Ultimately, the goal is to help employees work more efficiently by putting them in the driver’s seat through the power of self-directed agent creation. It also helps alleviate strain on business functions by getting people to the answers they need faster, without the need for human intervention.

“There’s an important role for Copilot Studio in helping customize the solutions our employees create, whether they want to use existing functionality, extend their knowledge, or expand their skill compatibility,” says Eileen Zhou, senior program manager in Microsoft Digital. “And it provides opportunities for both non-technical creators who want to create individualized solutions and people with advanced knowledge who are building more enterprise-focused agents.”

To empower our employees for this kind of creativity, we needed to put guardrails in place that ensure they can build agents confidently without putting themselves or the company at risk.

Managing the scale and sophistication of Copilot Studio creations

Building guardrails around agent production meant developing a system for classifying them according to their purpose, reach, and potential risk.

On one end of the spectrum, simple retrieval agents might only access content that individuals author and own. Non-technical employees typically create this kind of agent through natural language prompts in Copilot Studio agent builder.

On the other end, more elaborate tools—task or autonomous agents that combine knowledge, action, and orchestration—need to cross data boundaries to accomplish their work. More technically advanced IT employees and professional developers build these agents for larger-scale business functions using the full-featured Copilot Studio authoring environment.

Agent capabilities

This simple taxonomy doesn’t capture the whole picture though. As a result of the varying reaches and risk profiles for different agents, we tend to group them into three categories:

• Personal self-service agents created by employees to meet highly individual business needs.
• Line-of-business agents created by individual organizations within Microsoft to fulfil discipline-specific work functions.
• Agents intended for publishing across the entire organization.

“If an employee is building a service, we need to manage it like a service,” says Jake Visser, principal architect manager for Copilot and AI apps. “There’s a time and place for personal agents that integrate with business workflows, but if something is a business-critical service, we need to think security-first.”

Microsoft Digital is responsible for developing and enforcing guidelines for managing those services.

Governance, processes, and policy for enabling Microsoft Copilot Studio

Establishing guardrails around the different agents our employees can create in Microsoft Copilot Studio involved asking a lot of questions. What Power Platform features apply to Copilot Studio workflows? What additional areas of risk do agents introduce? How can we build policies and processes around low-code AI creations? How can we help employees understand the implications of the agents they create?

“Thanks to our early experiences with Copilot Studio, we’ve been able to develop gates and controls based on the type of agents that creators want to build,” says Aisha Hasan, Power Platform and Copilot Studio product manager for Microsoft Digital. “Through predetermined groups and rules, we can allow freedom and experimentation at different scales without putting our internal tenant at risk.”

Since Copilot Studio exists within Power Platform, that tool’s capabilities provided a solid foundation for managing agents. We have extensive experience empowering citizen developers while maintaining good governance through Microsoft Power Platform. So it was easy for us to apply existing administration and governance best practices to this new framework.

At the outset of our journey, we already had robust systems in place for securing custom connectors, and Microsoft 365’s built-in governance capabilities ensure Microsoft 365 agents respect our labeling taxonomy and the policies it articulates. Finally, we have the power to introduce sharing limits that restrict how widely creators can distribute agents depending on their purpose and scope.

Together, these features and capabilities helped us extend existing administration and governance structures to the new world of agents. But thoughtful process and policy are equally important.

For the simpler self-service agents that individual employees create and use, we’re able to define our policies at the Copilot Studio environment level. Tenant administrators and partners on the Microsoft Security team apply data loss prevention policies to configure what individual employees can and can’t do. At this level, everyone in the company has the same configuration and tools available, and automation largely handles agent reviews and assessments based on pre-configured settings.

For more wide-reaching apps that operate at the line-of-business level or that we might publish enterprise-wide, we need to apply greater rigor. Thanks to our experience administrating and governing Power Platform, Microsoft Digital already had a robust process in place to review internally created enterprise apps. Discipline-specific professionals in security, privacy, and other spaces conduct these reviews to ensure internal teams meet our high standards.

By building onto that structure, we’ve updated our custom environment review process for agents created in Copilot Studio. We step through a review process that includes phases for security assessments, threat modeling, privacy assessments, and Responsible AI reviews.

“Our goal is to properly scope our governance controls into what people are building,” says Lianne Zelsman, senior product manager in Microsoft Digital focused on Power Platform governance. “If we can easily enable things we consider low-risk like retrieval agents, we let employees build those in their personal development environment, but more powerful or far-reaching custom agents require more thorough oversight.”

Configuration, review, and assessment are only parts of the puzzle. We also flighted user awareness efforts to help employees understand not just how to use Copilot Studio, but also its implications for security, privacy, and Responsible AI.

These campaigns included field readiness through Viva Learning, Copilot Champs sessions, newsletters, marketing campaigns through Viva Amplify, office hours, internal roadshows, and elite programs. We even launched an agent-building contest that invited employees to design whatever they liked.

Providing employees with opportunities for learning and experimentation has helped jumpstart interest in creating agents. Together with product features, process, and policy, it ensures we unlock the full value of Copilot Studio safely and effectively.

Unlocking Copilot Studio value

With the freedom to create using Microsoft Copilot Studio and the protection of robust guardrails, individuals and teams are flexing their imaginations to create highly useful agents. We’re in the early days of our own Copilot extensibility journey, but agents are already driving faster and more accurate access to information and greater productivity.

Two examples stand out:

• The IDEAS Copilot, a retrieval agent, empowers informed decision-making by democratizing access to our IDEAS knowledge base and its insights on app usage. Through natural language queries, IDEAS lets users take action on crucial usage data without the need for technical expertise.
• The Employee Self-Service Agent in Microsoft 365 Copilot, a more advanced and organization-spanning agent, provides access to HR and IT information and tools through employees’ choice of two interfaces: Copilot or our company sites. More business functions like Facilities are lighting up soon.

As the capabilities of Copilot Studio continue to grow, Microsoft Digital is actively collaborating with the product team to ensure administration and governance features keep pace with its technical elements. Our experience as the first and largest adopters of this new framework mean that every lesson we learn internally helps the product accommodate businesses’ needs more effectively.

Thanks to our experience at Microsoft, the product has incorporated several new features:

• A set of controls for Copilot Studio connectors that allow guardrails for self-service.
• The ability to specify data sources including SharePoint sites, public URLs, internal documents, or others.
• Connector endpoint filtering that lets administrators govern the SharePoint sites and other connectable endpoints when creators build apps, flows, or agents.
• Different channels for publishing agents, like Microsoft Teams, websites, or integrations into tools like Dynamics 365.
• Suggested configuration defaults, for example requiring authentication so people can’t create anonymous Copilots.

Between built-in features and emerging best practices, Copilot Studio is unlocking the freedom to create like never before while maintaining organizational safety. For our customers and Copilot users, that means multiplying AI’s impact by setting employees free to create tools that will help them do their work faster, better, more creatively, and more insightfully.

“Everyone wants to move fast, and people are enthusiastic to explore this new framework for enterprise AI,” says David Johnson, principal program manager architect for governance at Microsoft Digital. “Our guiding principle is making the product secure by default so businesses can make it happen safely.”