Data loss prevention example - Block skills in copilots

  • Article

Copilot makers in your organization can extend their copilots with skills. Skills can be a useful way of extending the functionality of your copilots, however you may want to restrict their use to help prevent data exfiltration.

You can use the Skills with Microsoft Copilot Studio connector in Power Platform data loss prevention (DLP) policies to stop copilot makers from adding skills to their copilot.

See the Configure data loss prevention policies for copilots topic for information about other DLP-related connectors.

Configure DLP to block skills in the Power Platform admin center

Select or create a policy

  1. In the Power Platform admin center, under Policies, select Data policies.

  2. Create a new policy, or choose an existing policy to edit:

    • If you want to create a new policy, select New policy.

    • If you want to choose an existing policy to edit, select the policy and select Edit policy.

  3. Enter a name for the policy then select Next. You can change the name later.

Choose an environment

  1. Choose one or more environments to add to your policy.

  2. Select + Add to policy.

  3. Select Next.

Add the connector

  1. Use the search box to find the Skills with Microsoft Copilot Studio connector.

  2. Select the connector's More actions icon (), and then select Block.

  3. Select Next.

  4. Review your policy, then select Update policy to apply the DLP changes.

Confirm policy enforcement in Copilot Studio

You can confirm that this connector is being used in the DLP policy from Copilot Studio.

Open your copilot from the environment where the DLP policy is applied, and try to add a skill to the copilot.

If the policy is enforced, the Add a skill panel reports an error and suggests you contact an admin to add the skill to the allowlist.