Microsoft Copilot Agents Bypass Access Policy Putting Data at Risk
Security researchers found Microsoft Copilot agents ignore the NoUsersCanAccessAgent policy, allowing unauthorized access to sensitive data despite admin settings.
Key Takeaways:
- The "NoUsersCanAccessAgent" policy is bypassed, leaving some Copilot Agents installable.
- Manual per-agent PowerShell revocations add overhead and risk.
- Mitigate by auditing inventories, enforcing Conditional Access, and monitoring.
Shortly after the May 2025 rollout of 107 Copilot Agents in Microsoft 365 tenants, security specialists discovered that the "Data Access" restriction meant to block agent availability is being ignored.
Despite administrators configuring the Copilot Agent Access Policy to disable user access, certain Microsoft-published and third-party agents remain readily installable, potentially exposing sensitive corporate data and workflows to unauthorized use.
Policy Bypass Details
Testing by cybersecurity researcher Steven Lim shows that agents such as "ExpenseTrackerBot" and "HRQueryAgent" continue to appear in the Copilot panel despite the global policy restriction.
Risks of Unauthorized Access
- Data exfiltration via agents like "ExportDataAgent" or "SearchFileAgent" that query SharePoint or OneDrive content beyond intended scope.
- Execution of custom RPA workflows through agents like "AutoInvoiceProcessor" without formal change control.
- Compliance violations if unapproved AI models process sensitive PII or regulated data.
Recommended Mitigations
- Run weekly discovery scripts to detect policy-bypassing agents:
- Integrate Azure AD Conditional Access to require MFA for agent installation.
- Monitor agent invocation logs via Microsoft 365 compliance tools.
As AI agents become integral to productivity, administrators must proactively audit and enforce controls to prevent inadvertent exposure of enterprise data.
Related News
Microsoft Copilot policy flaw exposes AI agents to unauthorized access
Microsoft Copilot's NoUsersCanAccessAgent policy fails to restrict AI agent access, requiring manual PowerShell fixes and raising data security risks.
Skyflow Launches MCP Data Security Platform for AI Agents
Skyflow introduces MCP Data Security Platform to mitigate risks in AI agent adoption, ensuring secure access to customer data.
About the Author
Dr. Lisa Kim
AI Ethics Researcher
Leading expert in AI ethics and responsible AI development with 13 years of research experience. Former member of Microsoft AI Ethics Committee, now provides consulting for multiple international AI governance organizations. Regularly contributes AI ethics articles to top-tier journals like Nature and Science.