Enterprise AI Digest #26 - PODCAST on Spotify and Apple
Topics:
Agent Sharing in Copilot Studio
D365 Security
Power Platform Security
Agent Sharing in Copilot Studio
In Copilot Studio, tenant administrators can now enforce more granular control over who can view, edit, or share agents, thanks to new sharing-limit settings in the Power Platform admin center.
Editor vs. Viewer
Editors can edit, configure, share, and publish agents.
Viewers can only chat with the agent.
Administrators can disable or enable the ability for owners to share with either role (for example, disallowing Editor assignments altogether).
Managed Environments & Sharing Rules
Sharing policies sit in your Managed Environment’s control panel within the Power Platform admin center.
If the Only Share with Individuals rule is active, owners and editors can’t share with security groups—only specific individuals.
You can also set a limit on the number of Viewers an agent can have.
Enforcement Timeline
Once rules are updated, it can take up to an hour for them to kick in.
Preexisting access isn’t affected at the moment you apply new rules—only future sharing attempts are blocked or allowed based on the new policy.
Dataverse for Teams Nuance
For agents built in a Teams environment, “Publish to Teams” isn’t affected by these rules.
However, any attempt to share agents outside the bound Team triggers these sharing restrictions.
Other Notes
Editor permissions can only be granted to individual users, not security groups.
If an agent no longer complies with updated rules, the only action allowed is “un-sharing” until it meets the new policy criteria.
D365 Security
Dynamics 365 run on Microsoft Azure’s secure, highly scalable, and globally managed infrastructure. These services follow an assume breach mindset, relying on proven security frameworks, continuous testing, and strict operational controls to protect data and stay compliant with global regulations. Here are some key highlights:
Core Security Principles
Security: Proactive measures against cyberthreats, including frequent scans, patch management, network segmentation, and physical/logical access restrictions.
Privacy: Customers retain control over who can access their data, with “just-in-time” permissions for support personnel.
Compliance: A rigorous approach to meeting global and industry-specific standards, driven by regular audits and adherence to the Microsoft Security Development Lifecycle.
Managed Access & Operational Safeguards
Separation of Duties & Least Privilege: Roles are narrowly defined to minimize risk; no one gets access without a clear business need.
Hardened Workstations & Jump-Boxes: Internal engineers and support staff use specialized, secured machines that enforce disk encryption and multi-factor authentication.
Continuous Logging & Auditing: System events, admin activities, and any exceptions are tracked in real time, feeding into central monitoring and incident response processes.
Ongoing Threat Detection & Response
Red Team Exercises: Security specialists act like real attackers to detect vulnerabilities and strengthen defenses.
Frequent Scans & Vulnerability Remediation: Automated scanning for new exploits, quick patching, and quarterly checkups ensure baseline configurations remain intact.
Intrusion Detection & Drift Checks: Production servers are locked down to prevent unauthorized network or hardware changes.
Trusted Cloud & Compliance
CSA Trusted Cloud Initiative: Microsoft meets Cloud Security Alliance guidelines on identity, access, legal, and compliance best practices.
Data Centers & Edge Security: Physical access is limited, all non-essential ports are disabled at the OS level, and intrusion alerts are continuously monitored.
Microsoft 365 Security Center: Administrators can monitor threats, user activities, and data loss incidents—all integrated within the broader Microsoft Entra ecosystem.
Power Platform Security
Power Platform built on Azure’s secure infrastructure and integrated with Microsoft 365’s enterprise protections, Power Platform helps organizations control how data is accessed, stored, and shared. Below are key points you should know:
Data Access & Authentication
Secure Connections Users authenticate with Microsoft Entra. Data in transit travels over TLS-encrypted channels; data at rest can be further protected with OS-level or BitLocker encryption.
Token Management Mobile devices store minimal tokens securely. Signing out, uninstalling the app, or letting credentials expire automatically clears cached data.
Granular Control IT admins can manage user privileges, restrict connector usage, and monitor application/flow activities, all within the Power Platform admin center.
Security Mindset & Governance
Defense-in-Depth Microsoft embraces an “assume breach” strategy, investing in advanced threat detection, proactive monitoring, and ongoing vulnerability assessments.
Compliance & Trust Power Platform adheres to global standards (ISO, SOC, GDPR) and follows the Microsoft Security Development Lifecycle (SDL). Relevant policies and resources are detailed in the Microsoft Trust Center.
Data Governance Services are governed by Microsoft’s Online Services Terms and the Microsoft Enterprise Privacy Statement, ensuring data handling meets enterprise-level commitments.
Keeping Your Data in Safe Hands
Continual Monitoring Power Platform is monitored for unusual activity, integrated with Microsoft 365 security and compliance dashboards for unified oversight.
No Customer Data at Rest” Exceptions Some usage metrics flow back to Microsoft for product improvement, but customer business data remains private and protected.
Location & Notifications Geolocation (if enabled) isn’t stored or shared with Microsoft, and notification services may not offer strict data residency assurances—users can opt in or out.