5.2) Microsoft Copilot & AI Agents

1. Architecture & The “Oversharing” Risk link

Microsoft 365 Copilot and its associated agents rely on a “human-led, agent-operated” model grounded in your organizational data.

• Work IQ: The intelligence layer grounded in personal and work data (emails, chats, meetings) that provides the context for AI reasoning.
• The Golden Rule: Copilot and Agents never bypass existing permissions; they utilize the Microsoft Graph and Semantic Index to surface data the user already has access to.
• Oversharing Remediation: Organizations must identify and lock down sites with excessive “Everyone except external users” permissions or broad sharing links before deployment to prevent AI from surfacing sensitive data to unauthorized users.

2. Microsoft 365 Agents & Entra Agent ID link

Beyond simple chat, Microsoft 365 now supports autonomous and semi-autonomous agents that possess their own organizational identities.

• Entra Agent ID: Once approved by IT, an agent is assigned its own unique identity in Microsoft Entra.
• Resource Ownership: Agents can be provisioned with their own specific resources, including a dedicated email address, calendar, OneDrive storage, and Teams account.
• Service Interaction: These agents can use other M365 services and remain connected to Work IQ to perform complex tasks on behalf of users or departments.
• Agent Builder: Accessible via Copilot Studio, allowing users to create custom agents tailored to specific business processes.

3. Microsoft Agent 365 (The Control Plane) link

Centralized management of the AI agent ecosystem is handled through the Microsoft Agent 365 interface in the M365 Admin Center.

• Observation & Monitoring: Provides a real-time dashboard to monitor agent activity, adoption, and performance across the tenant.
• Governance: Admins can approve or block agents surfaced in the M365 Store and manage the lifecycle of custom-built agents.
• Security & Protection: Enforcement of agent-specific security policies to ensure AI operations comply with enterprise standards.

4. Licensing: From E3 to E7 link

The AI capabilities within the tenant are tiered based on the organization’s licensing commitment.

• Microsoft Copilot (Standard): Included with M365 E3/E5; provides web-grounded AI chat with commercial data protection.
• Microsoft 365 Copilot (Add-on): Grounded in the Microsoft Graph; integrates with M365 Apps (Word, Excel, PowerPoint, Teams).
• The E7 Suite (All-in on AI): The top-tier licensing bundle designed for the “Agentic” enterprise. It includes:
  • Microsoft 365 E5
  • Microsoft Entra Suite
  • Microsoft 365 Copilot
  • Microsoft Agent 365

5. Security & Purview Integration link

• Sensitivity Labels: Copilot and Agents natively respect Purview labels. If an agent summarizes a document labeled “Confidential,” the output inherits that label.
• DLP Integration: Purview Data Loss Prevention policies apply to AI interactions, preventing the exfiltration of sensitive data via AI-generated responses.
• Plugin Management: Third-party plugins must undergo a security review and be explicitly enabled in the Integrated Apps portal.

6. Adoption & Prompt Engineering link

• Managing Expectations: AI is a reasoning engine, not just a search engine. Outputs require human verification to mitigate hallucinations.
• The 4 Pillars of Prompting:
  1. Goal: Define the desired output (e.g., “Draft a project summary”).
  2. Context: Provide the “Why” (e.g., “For the executive steering committee”).
  3. Source: Specify the data (e.g., “Based on /MeetingMinutes.docx”).
  4. Expectation: Define the format/tone (e.g., “Three bullet points, professional tone”).