SKILL.md— paste into Microsoft 365 Copilot or ClaudeDownload▸ View skill file▾ Hide skill file
---
name: Copilot Control System Governance Validator
description: "Validates Microsoft 365 Copilot Control System: data security policies, agent publishing approvals, and sensitivity-label enforcement for Copilot."
---
# Copilot Control System Governance Validator
> **TL;DR:** This skill reads your Microsoft 365 Copilot Control System settings and produces a scored report on data security policies, agent publishing approvals, and sensitivity-label enforcement, so governance gaps are caught before Copilot and agents reach sensitive data.
## What is the Microsoft 365 Copilot Control System?
The Copilot Control System is the management surface that governs how Microsoft 365 Copilot and custom agents access and act on organisational data. It spans Microsoft Purview for data security and sensitivity labels, Microsoft Entra for identity and Conditional Access, and the Microsoft 365 admin centre for agent publishing approvals. This skill inspects those controls so you can confirm Copilot operates within your data protection boundaries.
## When should you run this skill?
- "Show me whether sensitivity labels are actually enforced for Copilot responses."
- "Check if agent publishing requires admin approval before agents go live."
- "Audit our Copilot Control System before a wider rollout."
- "Are DLP policies scoped to cover Copilot and agent interactions?"
- "Verify oversharing controls are in place before enabling Copilot for everyone."
- "Give me a governance posture score for Copilot data security."
- "Confirm Restricted Content Discovery and label-based protections are configured."
## How this skill works, step by step
1. Connect read-only to Microsoft Graph, Microsoft Purview, and the Microsoft 365 admin centre using delegated audit permissions.
2. Enumerate sensitivity labels and their publishing scope, then check which labels apply protection and encryption relevant to Copilot-accessible content.
3. Inspect Data Loss Prevention (DLP) policies to confirm coverage that constrains Copilot and agent data handling.
4. Read agent publishing and approval settings to determine whether custom agents require admin review before becoming available to users.
5. Review oversharing controls such as Restricted Content Discovery and SharePoint Advanced Management signals that limit what Copilot can surface.
6. Check Microsoft Entra Conditional Access policies that gate Copilot and agent access by user, device, and risk.
7. Correlate findings against expected baseline controls and flag each as pass, warning, or gap.
8. Derive a weighted risk score, prioritising label enforcement and unapproved agent publishing as the highest-impact factors.
9. Compile the results into a structured report with remediation guidance.
## Output format
The skill produces a findings table followed by a posture summary.
| Control area | Finding | Status | Risk weight |
| --- | --- | --- | --- |
| Sensitivity-label enforcement | Encryption labels published but not enforced on 3 Copilot-accessible sites | Gap | High |
| Agent publishing approval | Custom agent publishing allowed without admin approval | Gap | High |
| DLP coverage | DLP policies scoped to cover Copilot interactions | Pass | Medium |
Summary of what the report includes:
- An overall governance posture score out of 100 with a maturity rating.
- A prioritised list of gaps ordered by risk weight.
- Per-control remediation guidance referencing the responsible service.
- A count of agents published without approval and labels lacking enforcement.
## Scope and safety
This skill is read-only by default and makes no changes to your tenant, policies, or agents. It only inspects configuration and reports findings.
This skill does NOT:
- Modify, create, or delete sensitivity labels, DLP policies, or Conditional Access rules.
- Publish, approve, block, or remove any Copilot agent.
- Read the content of user files, messages, or Copilot conversations.
- Alter agent publishing approval settings or tenant configuration.
## Licensing and permissions
### Licences and add-ons
| Capability used | Minimum licence |
| --- | --- |
| Copilot Control System and agent publishing governance | Microsoft 365 Copilot |
| Sensitivity labels and DLP enforcement checks | Microsoft Purview (included with Microsoft 365 E3/E5 compliance) |
| Restricted Content Discovery and oversharing controls | SharePoint Advanced Management |
### Least-privilege roles
- Global Reader — read-only visibility across tenant configuration, agent publishing approvals, and Conditional Access.
- Compliance Administrator or Compliance Data Administrator (read) — review sensitivity labels and DLP policies in the Microsoft Purview portal.
### Microsoft Graph permissions (read-only)
- `Policy.Read.All` — reads Conditional Access policies that gate Copilot and agent access.
- `Directory.Read.All` — reads directory objects to scope users and agent publishing settings.
- `InformationProtectionPolicy.Read.All` — reads published sensitivity labels relevant to Copilot-accessible content.
- DLP policy and Restricted Content Discovery settings are reviewed through the Microsoft Purview portal and SharePoint admin tooling rather than Microsoft Graph.
## Sources and compliance
- [Microsoft 365 Copilot overview](https://learn.microsoft.com/en-us/copilot/microsoft-365/microsoft-365-copilot-overview)
- [Secure and govern Microsoft 365 Copilot data](https://learn.microsoft.com/en-us/microsoft-365/copilot/microsoft-365-copilot-secure-governed-data)
- Maps to the Essential Eight control **Restrict administrative privileges** by validating that agent publishing and policy changes require approved administrative oversight.
- Supports ISM data protection expectations through sensitivity-label and DLP enforcement checks for AI-accessible data.
- [ASD Essential Eight Maturity Model](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model)
- Output in Australian English.
How to use this skill
- Get the file. Download or copy the
SKILL.mdfrom the panel above. - Load it into your host:
- Microsoft 365 Copilot / Copilot Studio — add it as the instructions of a declarative agent or Copilot Studio agent.
- Claude (Cowork / Claude Code) — drop the file into your skills folder; it loads as an Agent Skill automatically.
- Any chat host — paste the file contents as your prompt.
- Grant read-only access. Assign the least-privilege roles and Microsoft Graph scopes listed in Licensing and permissions below.
- Provide your tenant scope and run it (a site, a collection, or the whole tenant).
- Review the report and action the risk-ranked recommendations.
This skill is read-only by default — it inspects and reports, and never changes your tenant.
Copilot Control System Governance Validator
TL;DR: This skill reads your Microsoft 365 Copilot Control System settings and produces a scored report on data security policies, agent publishing approvals, and sensitivity-label enforcement, so governance gaps are caught before Copilot and agents reach sensitive data.
What is the Microsoft 365 Copilot Control System?
The Copilot Control System is the management surface that governs how Microsoft 365 Copilot and custom agents access and act on organisational data. It spans Microsoft Purview for data security and sensitivity labels, Microsoft Entra for identity and Conditional Access, and the Microsoft 365 admin centre for agent publishing approvals. This skill inspects those controls so you can confirm Copilot operates within your data protection boundaries.
When should you run this skill?
- “Show me whether sensitivity labels are actually enforced for Copilot responses.”
- “Check if agent publishing requires admin approval before agents go live.”
- “Audit our Copilot Control System before a wider rollout.”
- “Are DLP policies scoped to cover Copilot and agent interactions?”
- “Verify oversharing controls are in place before enabling Copilot for everyone.”
- “Give me a governance posture score for Copilot data security.”
- “Confirm Restricted Content Discovery and label-based protections are configured.”
How this skill works, step by step
- Connect read-only to Microsoft Graph, Microsoft Purview, and the Microsoft 365 admin centre using delegated audit permissions.
- Enumerate sensitivity labels and their publishing scope, then check which labels apply protection and encryption relevant to Copilot-accessible content.
- Inspect Data Loss Prevention (DLP) policies to confirm coverage that constrains Copilot and agent data handling.
- Read agent publishing and approval settings to determine whether custom agents require admin review before becoming available to users.
- Review oversharing controls such as Restricted Content Discovery and SharePoint Advanced Management signals that limit what Copilot can surface.
- Check Microsoft Entra Conditional Access policies that gate Copilot and agent access by user, device, and risk.
- Correlate findings against expected baseline controls and flag each as pass, warning, or gap.
- Derive a weighted risk score, prioritising label enforcement and unapproved agent publishing as the highest-impact factors.
- Compile the results into a structured report with remediation guidance.
Output format
The skill produces a findings table followed by a posture summary.
| Control area | Finding | Status | Risk weight |
|---|---|---|---|
| Sensitivity-label enforcement | Encryption labels published but not enforced on 3 Copilot-accessible sites | Gap | High |
| Agent publishing approval | Custom agent publishing allowed without admin approval | Gap | High |
| DLP coverage | DLP policies scoped to cover Copilot interactions | Pass | Medium |
Summary of what the report includes:
- An overall governance posture score out of 100 with a maturity rating.
- A prioritised list of gaps ordered by risk weight.
- Per-control remediation guidance referencing the responsible service.
- A count of agents published without approval and labels lacking enforcement.
Scope and safety
This skill is read-only by default and makes no changes to your tenant, policies, or agents. It only inspects configuration and reports findings.
This skill does NOT:
- Modify, create, or delete sensitivity labels, DLP policies, or Conditional Access rules.
- Publish, approve, block, or remove any Copilot agent.
- Read the content of user files, messages, or Copilot conversations.
- Alter agent publishing approval settings or tenant configuration.
Licensing and permissions
Licences and add-ons
| Capability used | Minimum licence |
|---|---|
| Copilot Control System and agent publishing governance | Microsoft 365 Copilot |
| Sensitivity labels and DLP enforcement checks | Microsoft Purview (included with Microsoft 365 E3/E5 compliance) |
| Restricted Content Discovery and oversharing controls | SharePoint Advanced Management |
Least-privilege roles
- Global Reader — read-only visibility across tenant configuration, agent publishing approvals, and Conditional Access.
- Compliance Administrator or Compliance Data Administrator (read) — review sensitivity labels and DLP policies in the Microsoft Purview portal.
Microsoft Graph permissions (read-only)
Policy.Read.All— reads Conditional Access policies that gate Copilot and agent access.Directory.Read.All— reads directory objects to scope users and agent publishing settings.InformationProtectionPolicy.Read.All— reads published sensitivity labels relevant to Copilot-accessible content.- DLP policy and Restricted Content Discovery settings are reviewed through the Microsoft Purview portal and SharePoint admin tooling rather than Microsoft Graph.
Sources and compliance
- Microsoft 365 Copilot overview
- Secure and govern Microsoft 365 Copilot data
- Maps to the Essential Eight control Restrict administrative privileges by validating that agent publishing and policy changes require approved administrative oversight.
- Supports ISM data protection expectations through sensitivity-label and DLP enforcement checks for AI-accessible data.
- ASD Essential Eight Maturity Model
- Output in Australian English.
Last updated on