SKILL.md— paste into Microsoft 365 Copilot or ClaudeDownload▸ View skill file▾ Hide skill file
---
name: Copilot Studio DLP Gap Check
description: Audits Copilot Studio agents against the tenant DLP policy to flag missing, weak or bypassed Data Loss Prevention, aligned to Essential Eight application control.
---
# Copilot Studio DLP Gap Check
> **TL;DR:** This skill audits every Copilot Studio agent, maps its connectors and knowledge sources to the tenant Data Loss Prevention policy, and reports each agent where DLP is missing, weak or bypassed.
## What does the Copilot Studio DLP gap check audit?
The skill inspects every Copilot Studio agent in an environment and compares its data sources, connectors and prompt handling against the tenant's Microsoft Purview Data Loss Prevention policy. Low-code Agentic AI makes it easy to stand up an agent that quietly reaches sensitive data, so this check surfaces agents that mix Business and Non-Business connectors, agents reading from Microsoft Purview sensitivity-labelled sources without inline DLP enforcement, and agents exposing anonymous public surfaces. The output is a prioritised gap table that lets a security team close prompt-leakage paths before they become incidents.
## When should you run this skill?
- "Check DLP coverage on Copilot Studio agents"
- "Audit Copilot Studio for prompt leakage"
- "Which agents bypass our DLP policy?"
- "Validate connector classification across our copilots"
## How this skill works, step by step
1. Enumerate Copilot Studio agents per environment.
2. For each agent list: data sources (SharePoint, Dataverse, web, custom), connectors used, authentication mode.
3. Cross-reference connectors against the Business / Non-Business / Blocked classification in the tenant DLP policy.
4. Identify connectors classified as Business that sit alongside Non-Business connectors in the same agent (DLP violation).
5. Flag agents reading from sensitivity-labelled sources without inline DLP enforcement.
6. Flag agents with anonymous or unauthenticated public surfaces.
7. Produce the gap table below.
## Output format
| Agent | Environment | Connectors | Sensitive Sources | DLP Posture | Public Surface | Gap |
Followed by a summary:
- Total agents reviewed: N
- DLP violations: N
- Public surfaces with sensitive sources: N (critical)
- Recommended actions ranked by exposure
## Scope and safety
Read-only by default; the skill never alters policy or agent configuration. This skill does NOT:
- Modify DLP policies or agent configurations (read-only).
- Reclassify connectors.
- Test prompt injection live against agents.
## Licensing and permissions
### Licences and add-ons
| Capability used | Minimum licence |
| --- | --- |
| Building and running Copilot Studio agents in the tenant | Microsoft Copilot Studio licence |
| Inline DLP enforcement on Copilot Studio agents (Purview) | Microsoft Purview Data Loss Prevention (E5 or DLP add-on) |
### Least-privilege roles
- Power Platform Administrator (read) to enumerate Copilot Studio agents, connectors and environments.
- Compliance Administrator or Purview DLP reader to read the tenant Data Loss Prevention policy.
### Microsoft Graph permissions (read-only)
This skill reads Power Platform and Microsoft Purview configuration rather than Microsoft Graph, so it needs only minimal read-only scopes for tenant and policy context:
- `Organization.Read.All` to read tenant context and verify licence assignment.
- `Policy.Read.All` to read tenant-level governance and compliance policy state.
- `Directory.Read.All` to resolve administrative roles when validating least-privilege access.
Agent and connector inventory is read through the Power Platform admin centre or the Power Platform CLI, and the DLP policy classifications are read through the Microsoft Purview portal or the Power Platform DLP policy commands in PowerShell.
## Sources and compliance
- Aligned to ASD Essential Eight Control 2: Application Control.
- Supports E8 ML2 evidence for Control 2 (application control extended to low-code AI).
- DLP for Copilot Studio entered public preview in May 2026.
- Reference: [https://learn.microsoft.com/en-us/purview/ai-copilot-studio](https://learn.microsoft.com/en-us/purview/ai-copilot-studio)
- Pair with Shadow AI App Discovery for unsanctioned agent detection.
- Output in Australian English.
How to use this skill
- Get the file. Download or copy the
SKILL.mdfrom the panel above. - Load it into your host:
- Microsoft 365 Copilot / Copilot Studio — add it as the instructions of a declarative agent or Copilot Studio agent.
- Claude (Cowork / Claude Code) — drop the file into your skills folder; it loads as an Agent Skill automatically.
- Any chat host — paste the file contents as your prompt.
- Grant read-only access. Assign the least-privilege roles and Microsoft Graph scopes listed in Licensing and permissions below.
- Provide your tenant scope and run it (a site, a collection, or the whole tenant).
- Review the report and action the risk-ranked recommendations.
This skill is read-only by default — it inspects and reports, and never changes your tenant.
Copilot Studio DLP Gap Check
TL;DR: This skill audits every Copilot Studio agent, maps its connectors and knowledge sources to the tenant Data Loss Prevention policy, and reports each agent where DLP is missing, weak or bypassed.
What does the Copilot Studio DLP gap check audit?
The skill inspects every Copilot Studio agent in an environment and compares its data sources, connectors and prompt handling against the tenant’s Microsoft Purview Data Loss Prevention policy. Low-code Agentic AI makes it easy to stand up an agent that quietly reaches sensitive data, so this check surfaces agents that mix Business and Non-Business connectors, agents reading from Microsoft Purview sensitivity-labelled sources without inline DLP enforcement, and agents exposing anonymous public surfaces. The output is a prioritised gap table that lets a security team close prompt-leakage paths before they become incidents.
When should you run this skill?
- “Check DLP coverage on Copilot Studio agents”
- “Audit Copilot Studio for prompt leakage”
- “Which agents bypass our DLP policy?”
- “Validate connector classification across our copilots”
How this skill works, step by step
- Enumerate Copilot Studio agents per environment.
- For each agent list: data sources (SharePoint, Dataverse, web, custom), connectors used, authentication mode.
- Cross-reference connectors against the Business / Non-Business / Blocked classification in the tenant DLP policy.
- Identify connectors classified as Business that sit alongside Non-Business connectors in the same agent (DLP violation).
- Flag agents reading from sensitivity-labelled sources without inline DLP enforcement.
- Flag agents with anonymous or unauthenticated public surfaces.
- Produce the gap table below.
Output format
| Agent | Environment | Connectors | Sensitive Sources | DLP Posture | Public Surface | Gap |
Followed by a summary:
- Total agents reviewed: N
- DLP violations: N
- Public surfaces with sensitive sources: N (critical)
- Recommended actions ranked by exposure
Scope and safety
Read-only by default; the skill never alters policy or agent configuration. This skill does NOT:
- Modify DLP policies or agent configurations (read-only).
- Reclassify connectors.
- Test prompt injection live against agents.
Licensing and permissions
Licences and add-ons
| Capability used | Minimum licence |
|---|---|
| Building and running Copilot Studio agents in the tenant | Microsoft Copilot Studio licence |
| Inline DLP enforcement on Copilot Studio agents (Purview) | Microsoft Purview Data Loss Prevention (E5 or DLP add-on) |
Least-privilege roles
- Power Platform Administrator (read) to enumerate Copilot Studio agents, connectors and environments.
- Compliance Administrator or Purview DLP reader to read the tenant Data Loss Prevention policy.
Microsoft Graph permissions (read-only)
This skill reads Power Platform and Microsoft Purview configuration rather than Microsoft Graph, so it needs only minimal read-only scopes for tenant and policy context:
Organization.Read.Allto read tenant context and verify licence assignment.Policy.Read.Allto read tenant-level governance and compliance policy state.Directory.Read.Allto resolve administrative roles when validating least-privilege access.
Agent and connector inventory is read through the Power Platform admin centre or the Power Platform CLI, and the DLP policy classifications are read through the Microsoft Purview portal or the Power Platform DLP policy commands in PowerShell.
Sources and compliance
- Aligned to ASD Essential Eight Control 2: Application Control.
- Supports E8 ML2 evidence for Control 2 (application control extended to low-code AI).
- DLP for Copilot Studio entered public preview in May 2026.
- Reference: https://learn.microsoft.com/en-us/purview/ai-copilot-studio
- Pair with Shadow AI App Discovery for unsanctioned agent detection.
- Output in Australian English.
Licensed under CC BY 4.0 by Educ4te . Adapted from the open HybridSP skills catalogue.
Last updated on