Responsible AI and Security Governance
Plan a responsible AI strategy for Copilot Studio agents — Microsoft's six RAI principles, DLP connector classification, content moderation, and environment-level security governance.
Why responsible AI and governance are planning decisions
Think of your agent as a new hire who represents your company in every customer conversation.
You would not let a new employee talk to customers without training, guidelines, and supervision. Responsible AI is the training manual — it tells the agent what is appropriate to say and what is off-limits. Security governance is the building access policy — it controls which systems the agent can touch, which data it can move, and who can build agents in the first place.
Get this wrong and you end up in the news for the wrong reasons: an agent that gives medical advice, leaks confidential data, or generates biased responses. These are planning-phase decisions because retrofitting governance after deployment is painful and expensive.
Microsoft’s six Responsible AI principles
These six principles form the foundation of every RAI question on the exam.
| Principle | What it means | Copilot Studio feature |
|---|---|---|
| Fairness | Treats all users equitably | Test diverse inputs, monitor for bias |
| Reliability | Behaves predictably, no harm | Content moderation, guardrails, fallback topics |
| Privacy | Data protected, access scoped | Auth, DLP, environment segmentation, audit |
| Inclusiveness | Accessible to all users | Multi-language, accessible cards, plain language |
| Transparency | Users know it is AI | Disclosure messages, citations, confidence indicators |
| Accountability | Clear ownership and oversight | Admin roles, audit trails, human escalation |
Exam tip: transparency is not optional
Microsoft requires that agents identify themselves as AI. Copilot Studio includes a default system message at the start of conversations. Removing or hiding this disclosure violates Microsoft’s RAI guidelines. If the exam asks about transparency, the answer always involves making the AI nature clear to users.
Security controls in Copilot Studio
Security governance in Copilot Studio operates at multiple levels. The exam tests your understanding of each layer.
| Feature | What it controls | Configured by | Scope |
|---|---|---|---|
| DLP policies | Which connectors agents and flows can use — classified as Business, Non-Business, or Blocked | Power Platform admin (or tenant admin) | Environment or tenant level |
| Environment security roles | Who can create, edit, share, and delete agents within an environment | Environment admin | Per environment |
| Connector classification | Groups connectors into categories that cannot be mixed in the same flow/agent | DLP policy definition | Per DLP policy |
| Authentication settings | How users authenticate and what identity the agent uses for backend calls | Agent developer + admin approval | Per agent |
| Generative AI moderation | Content safety filters for generative answers — blocks harmful, violent, or inappropriate content | Agent developer (toggle in Copilot Studio) | Per agent |
| Audit logs | Track who created, modified, published, and deleted agents | Microsoft 365 compliance center | Tenant level |
DLP connector classification
DLP (Data Loss Prevention) policies are the primary governance mechanism for controlling what agents and flows can connect to. This is heavily tested on the exam.
How DLP works:
- Connectors classified into three groups: Business, Non-Business, and Blocked
- A flow or agent cannot mix Business and Non-Business connectors — prevents data flowing between trusted and untrusted systems
- Blocked connectors cannot be used at all
- DLP policies are environment-scoped — production policy does not affect dev
DLP Policy: "Production - Insurance"
├── Business: SharePoint, Dataverse, ServiceNow, Azure AI Search
├── Non-Business: Twitter, Gmail, personal OneDrive
└── Blocked: Anonymous HTTP webhook, custom SMTPExam tip: DLP is environment-scoped
A common exam trap: DLP policies apply to environments, not to individual agents. If you block a connector in the production environment’s DLP policy, ALL agents in that environment lose access — not just the one that was misbehaving. To give one agent an exception, you would need to move it to a different environment with a different DLP policy. Remember: environment-scoped, not agent-scoped.
What happens when DLP is violated?
The agent or flow is suspended — not deleted, but disabled. The maker is notified and the admin sees the violation in the Power Platform admin center. The agent cannot run until the violation is resolved (remove the offending connector or update the DLP policy).
Content moderation and generative AI safety
Copilot Studio provides built-in controls for generative answers:
- Content moderation toggle: High/medium/low filtering aggressiveness. High blocks more but may over-filter legitimate responses.
- Topic-level instructions: System prompts on generative nodes — e.g., “Never provide medical advice.”
- Blocked phrases: Words or phrases the agent must never output.
- Citation requirements: Force the agent to cite source documents (supports transparency).
- Human escalation triggers: Hand off when the user expresses frustration, asks legal questions, or AI confidence is low.
Scenario: Kai builds governance for Pacific Mutual
Kai is setting up governance for Pacific Mutual’s Copilot Studio deployment:
DLP Policy (Production): Business: SharePoint, Dataverse, ServiceNow, Claims API, Azure AI Search. Non-Business: social media, personal email. Blocked: anonymous HTTP webhooks, custom SMTP.
Environment Security: Only 12 IT staff can create production agents. Security review required before solution promotion. Human escalation mandatory for claims above $50,000.
Content Moderation: High moderation on all generative answers. System instruction: “Never provide legal advice. Never guarantee claim outcomes.” Blocked phrases: competitor brand names.
Audit: Conversations logged to Application Insights. Monthly generative answer review. Quarterly RAI assessment.
Kai's production DLP policy classifies SharePoint as Business and Twitter as Non-Business. A developer builds an agent that reads SharePoint documents and posts summaries to Twitter. What happens?
Lena's healthcare agent uses generative answers grounded in medical literature. Which combination of controls best supports responsible AI?
A Power Platform admin wants to prevent a specific agent from using the Twitter connector, but allow other agents in the same environment to use it. What should they do?
🎬 Video coming soon
Responsible AI and Security Governance for Copilot Studio