SKILL.md— paste into Microsoft 365 Copilot or ClaudeDownload▸ View skill file▾ Hide skill file
---
name: Copilot Studio Agent Inventory and Connector Audit
description: Inventory every Microsoft Copilot Studio agent with its connectors, knowledge sources, sharing scope and DLP coverage, then flag ungoverned agents.
---
# Copilot Studio Agent Inventory and Connector Audit
> **TL;DR:** This skill reads every Microsoft Copilot Studio agent in your tenant, lists its connectors, knowledge sources, sharing scope and DLP coverage, then risk-ranks them so you find ungoverned or over-shared agents fast.
## What is a Microsoft Copilot Studio agent and why audit it?
A Microsoft Copilot Studio agent is a custom conversational assistant that staff build on top of Microsoft 365 Copilot, wiring in connectors, knowledge sources and actions that can reach tenant data, SharePoint sites and external services. Because makers can create and share these agents with little oversight, an agent can quietly expose sensitive data or bypass your Microsoft Purview data loss prevention (DLP) controls. Auditing the full inventory tells you which agents exist, who can use them, what they connect to and whether Conditional Access and Microsoft Entra governance actually cover them.
## When should you run this skill?
- "Show me every Copilot Studio agent in our tenant and who it is shared with."
- "Which agents are shared with everyone or published to the wider organisation?"
- "Do any agents use connectors that fall outside our DLP policy?"
- "We are preparing for an Essential Eight or ISM assessment and need a Copilot agent register."
- "A maker just left the organisation, which agents do they own?"
- "Which agents pull from sensitive SharePoint sites or external knowledge sources?"
- "Give me a risk-ranked list of ungoverned Copilot Studio agents to review."
## How this skill works, step by step
1. Authenticate read-only to Microsoft Copilot Studio and the Power Platform admin endpoints using delegated permissions for the signed-in administrator.
2. Enumerate every environment in the tenant and list all Copilot Studio agents within each environment.
3. For each agent, read its owner, creation and last-modified dates, and current publish state.
4. Collect the connectors and actions each agent uses, noting which are Microsoft first-party and which are third-party or custom.
5. Read each agent's knowledge sources, including SharePoint sites, files, public websites and enterprise data sources.
6. Resolve the sharing scope for each agent: private, shared with named users or groups, or shared with the entire organisation.
7. Cross-reference each connector against the applicable Microsoft Purview DLP policies to determine whether the agent is in policy, out of policy or uncovered.
8. Derive a risk score from sharing breadth, presence of third-party or custom connectors, sensitive knowledge sources and any DLP gaps.
9. Compile the findings into a risk-ranked register with a summary of the highest-priority agents.
## Output format
The skill produces a register of agents, ranked from highest to lowest risk, followed by a short summary. Each row shows the agent, its owner, sharing scope, connector and knowledge exposure, DLP coverage and the derived risk rating.
| Agent | Owner | Sharing scope | Connectors / knowledge | DLP coverage | Risk |
| --- | --- | --- | --- | --- | --- |
| HR Policy Helper | `jane.doe@contoso.com` | Entire organisation | SharePoint (HR site), custom HTTP connector | Uncovered | High |
| Sales FAQ Bot | `sam.lee@contoso.com` | 2 named groups | Dataverse, public website | In policy | Low |
Summary highlights include:
- Total agents discovered and how many are shared with the entire organisation.
- Count of agents using third-party or custom connectors.
- Count of agents with knowledge sources flagged as sensitive.
- Number of agents with no DLP coverage and the orphaned agents whose owner has left.
## Scope and safety
This skill is read-only by default and makes no changes to any agent, environment, connector or policy. It only inspects configuration and metadata to build the inventory and risk register.
This skill does NOT:
- Modify, publish, unpublish or delete any Copilot Studio agent.
- Change sharing scope, connector configuration or knowledge sources.
- Create, edit or remove Microsoft Purview DLP policies.
- Read the contents of conversations or the underlying business data.
## Licensing and permissions
### Licences and add-ons
| Capability used | Minimum licence |
| --- | --- |
| Microsoft Copilot Studio agents in the tenant | Microsoft Copilot Studio (per-user or message-pack plan) |
| Agents built on Microsoft 365 Copilot | Microsoft 365 Copilot licence |
| Microsoft Purview DLP policy coverage for connectors | Microsoft Purview Data Loss Prevention (included in the relevant Microsoft 365 or Power Platform plan) |
### Least-privilege roles
- Power Platform administrator (read) to enumerate environments and the Copilot Studio agents within them.
- Copilot administrator or Global Reader to review tenant-wide Copilot configuration and agent sharing without making changes.
### Microsoft Graph permissions (read-only)
- This skill reads agent, environment and connector inventory through the Power Platform admin and Copilot Studio administration endpoints, not Microsoft Graph. DLP policy coverage is reviewed in the Power Platform admin centre and Microsoft Purview portal.
- `Directory.Read.All` applies only when resolving agent owners and group sharing scope to Microsoft Entra users and groups.
## Sources and compliance
- [Security and governance in Microsoft Copilot Studio](https://learn.microsoft.com/en-us/microsoft-copilot-studio/security-and-governance)
- [Share agents in Microsoft Copilot Studio](https://learn.microsoft.com/en-us/microsoft-copilot-studio/admin-share-bots)
- Supports the Essential Eight control of restricting administrative privileges and application control by surfacing which agents and connectors are in use and who can reach them.
- Aligns with ISM controls for system access, logging and data exposure governance by producing an auditable register of agents and their data reach.
- [ASD Essential Eight Maturity Model](https://www.cyber.gov.au/resources-business-and-government/essential-cyber-security/essential-eight/essential-eight-maturity-model)
- Output in Australian English.
How to use this skill
- Get the file. Download or copy the
SKILL.mdfrom the panel above. - Load it into your host:
- Microsoft 365 Copilot / Copilot Studio — add it as the instructions of a declarative agent or Copilot Studio agent.
- Claude (Cowork / Claude Code) — drop the file into your skills folder; it loads as an Agent Skill automatically.
- Any chat host — paste the file contents as your prompt.
- Grant read-only access. Assign the least-privilege roles and Microsoft Graph scopes listed in Licensing and permissions below.
- Provide your tenant scope and run it (a site, a collection, or the whole tenant).
- Review the report and action the risk-ranked recommendations.
This skill is read-only by default — it inspects and reports, and never changes your tenant.
Copilot Studio Agent Inventory and Connector Audit
TL;DR: This skill reads every Microsoft Copilot Studio agent in your tenant, lists its connectors, knowledge sources, sharing scope and DLP coverage, then risk-ranks them so you find ungoverned or over-shared agents fast.
What is a Microsoft Copilot Studio agent and why audit it?
A Microsoft Copilot Studio agent is a custom conversational assistant that staff build on top of Microsoft 365 Copilot, wiring in connectors, knowledge sources and actions that can reach tenant data, SharePoint sites and external services. Because makers can create and share these agents with little oversight, an agent can quietly expose sensitive data or bypass your Microsoft Purview data loss prevention (DLP) controls. Auditing the full inventory tells you which agents exist, who can use them, what they connect to and whether Conditional Access and Microsoft Entra governance actually cover them.
When should you run this skill?
- “Show me every Copilot Studio agent in our tenant and who it is shared with.”
- “Which agents are shared with everyone or published to the wider organisation?”
- “Do any agents use connectors that fall outside our DLP policy?”
- “We are preparing for an Essential Eight or ISM assessment and need a Copilot agent register.”
- “A maker just left the organisation, which agents do they own?”
- “Which agents pull from sensitive SharePoint sites or external knowledge sources?”
- “Give me a risk-ranked list of ungoverned Copilot Studio agents to review.”
How this skill works, step by step
- Authenticate read-only to Microsoft Copilot Studio and the Power Platform admin endpoints using delegated permissions for the signed-in administrator.
- Enumerate every environment in the tenant and list all Copilot Studio agents within each environment.
- For each agent, read its owner, creation and last-modified dates, and current publish state.
- Collect the connectors and actions each agent uses, noting which are Microsoft first-party and which are third-party or custom.
- Read each agent’s knowledge sources, including SharePoint sites, files, public websites and enterprise data sources.
- Resolve the sharing scope for each agent: private, shared with named users or groups, or shared with the entire organisation.
- Cross-reference each connector against the applicable Microsoft Purview DLP policies to determine whether the agent is in policy, out of policy or uncovered.
- Derive a risk score from sharing breadth, presence of third-party or custom connectors, sensitive knowledge sources and any DLP gaps.
- Compile the findings into a risk-ranked register with a summary of the highest-priority agents.
Output format
The skill produces a register of agents, ranked from highest to lowest risk, followed by a short summary. Each row shows the agent, its owner, sharing scope, connector and knowledge exposure, DLP coverage and the derived risk rating.
| Agent | Owner | Sharing scope | Connectors / knowledge | DLP coverage | Risk |
|---|---|---|---|---|---|
| HR Policy Helper | jane.doe@contoso.com | Entire organisation | SharePoint (HR site), custom HTTP connector | Uncovered | High |
| Sales FAQ Bot | sam.lee@contoso.com | 2 named groups | Dataverse, public website | In policy | Low |
Summary highlights include:
- Total agents discovered and how many are shared with the entire organisation.
- Count of agents using third-party or custom connectors.
- Count of agents with knowledge sources flagged as sensitive.
- Number of agents with no DLP coverage and the orphaned agents whose owner has left.
Scope and safety
This skill is read-only by default and makes no changes to any agent, environment, connector or policy. It only inspects configuration and metadata to build the inventory and risk register.
This skill does NOT:
- Modify, publish, unpublish or delete any Copilot Studio agent.
- Change sharing scope, connector configuration or knowledge sources.
- Create, edit or remove Microsoft Purview DLP policies.
- Read the contents of conversations or the underlying business data.
Licensing and permissions
Licences and add-ons
| Capability used | Minimum licence |
|---|---|
| Microsoft Copilot Studio agents in the tenant | Microsoft Copilot Studio (per-user or message-pack plan) |
| Agents built on Microsoft 365 Copilot | Microsoft 365 Copilot licence |
| Microsoft Purview DLP policy coverage for connectors | Microsoft Purview Data Loss Prevention (included in the relevant Microsoft 365 or Power Platform plan) |
Least-privilege roles
- Power Platform administrator (read) to enumerate environments and the Copilot Studio agents within them.
- Copilot administrator or Global Reader to review tenant-wide Copilot configuration and agent sharing without making changes.
Microsoft Graph permissions (read-only)
- This skill reads agent, environment and connector inventory through the Power Platform admin and Copilot Studio administration endpoints, not Microsoft Graph. DLP policy coverage is reviewed in the Power Platform admin centre and Microsoft Purview portal.
Directory.Read.Allapplies only when resolving agent owners and group sharing scope to Microsoft Entra users and groups.
Sources and compliance
- Security and governance in Microsoft Copilot Studio
- Share agents in Microsoft Copilot Studio
- Supports the Essential Eight control of restricting administrative privileges and application control by surfacing which agents and connectors are in use and who can reach them.
- Aligns with ISM controls for system access, logging and data exposure governance by producing an auditable register of agents and their data reach.
- ASD Essential Eight Maturity Model
- Output in Australian English.
Last updated on