A Deep Dive into Managing Copilot: What IT Admins Need to Know

Let’s break down Microsoft’s approach to managing Copilot agents in a way that actually makes sense for those of us in the trenches. Having worked with these controls, I can tell you they’re pretty comprehensive, but let’s cut through the corporate speak and talk about what really matters.

The Big Picture Microsoft has split the management controls across four main areas – think of them as different control rooms, each handling its own piece of the puzzle. You’ve got:

• Power Platform Admin Center (the no/low code developer’s playground)
• SharePoint Admin Center / Advanced Management (SAM) – (includes now free Governance capabilities if you own a Copilot license)
• Microsoft 365 Admin Center (where the magic happens)
• Teams Admin Center (TAC) (keeping Teams in check)
• Microsoft Purview Portal (the Conpliance watchdog)

Let’s dive into what each of these actually does in the real world.

Power Platform Admin Center

Where the Developers Live Think of this as your development team’s home base. Here’s what you can actually do:

You can control which developers get to publish AI stuff from Copilot Studio – pretty important when you don’t want everyone playing around with AI features. You also get to decide which connectors and APIs your developers can use, kind of like being the bouncer at a very techy club.

The cool part? You can see exactly what’s happening with your APIs and connectors in real-time. No more wondering who’s doing what in your Power Platform environment.

Microsoft 365 Admin Center: The Command Center This is where the rubber meets the road. You get to:

• Review and publish agents to your tenant catalog
• Get notifications when new agents need reviewing (through Teams, which is pretty handy)
• Keep an eye on how people are using these agents

One really useful feature is being able to manage agents at the app level – meaning you can control who gets access and what needs to be pre-installed. It’s like having a master switch for each piece of the puzzle.

Teams Admin Center

Keeping it User-Friendly This is pretty straightforward – it’s all about managing who gets to use custom apps. Think of it as traffic control for your Teams environment. The nice thing is it ties in with SharePoint management, so you’re not jumping between different tools all the time.

Purview Compliance Portal

The Security Guard This is where things get serious. Purview is your security and governance powerhouse, and it’s got some pretty neat tricks up its sleeve:

• It can spot potential risks in AI applications
• Watches over prompts and responses
• Handles all your sensitive data concerns

The really cool part is how it handles information protection. It can:

• Control who gets to view or extract content
• Add sensitivity labels to Copilot’s output
• Keep track of file references
• Make sure conversations stay properly labeled

SharePoint Advanced Management

SharePoint Advanced Management enhances governance by providing IT administrators with tools to prevent content sprawl, streamline access management, and analyze usage patterns through comprehensive reporting. It offers features such as site lifecycle management to automate policies for inactive sites, reducing clutter and optimizing storage. Advanced access policies, including restricted access controls and conditional access policies, help prevent oversharing and ensure that sensitive content is accessible only to authorized users. Additionally, AI-driven insights assist in identifying patterns and potential issues, offering actionable recommendations to maintain a secure and efficient SharePoint environment.

Real Talk About Implementation

Here’s the thing – while this all sounds great on paper, you need to know that some of these features (especially in Purview) are still in preview. That means they’re working out the kinks, and things might change.

Also, these controls are specifically for:

• Agents built in Copilot Studio
• Stuff that works with Azure AD users
• Agents that aren’t using the Microsoft 365 Copilot orchestrator

Pro Tips from the Field After working with these tools, here’s what I’ve learned:

1. Start Small: Don’t try to implement everything at once. Pick the features that matter most to your organization and master those first.
2. Keep an Eye on Usage: The usage tracking features are gold – use them to see what’s actually happening in your environment.
3. Stay Flexible: These tools are evolving pretty quickly, so don’t build processes that are too rigid to adapt.

The Bottom Line Microsoft has built a pretty solid system for managing Copilot agents, but it’s not just about turning features on and off. It’s about finding the right balance between enabling innovation and maintaining control.

Remember, these tools are meant to help you, not bog you down in administration. Use them wisely, keep an eye on what matters most to your organization, and don’t be afraid to adjust as you go.

And hey, while you’re getting all this set up, remember that perfect is the enemy of good. Start with the basics, get comfortable with the tools, and build from there. Your users will thank you for it. And I am thankful that Bence Orban has shared the table above on LinkedIn.

Where can I get help with implementation?

Support is available through Microsoft Partners like HanseVision & Bechtle:
Feel free to contact me and book a meeting

Resources:

• Manage agents for Microsoft 365 Copilot in Integrated Apps
• Environment routing
• Disable or limit sharing of agents
• Environment groups
• Overview of app management and governance in Teams admin center
• Microsoft 365 reports in the admin center – Agent usage in Microsoft 365 Copilot
• My Copilot Blogposts
• My Governance Blogposts