Skip to main content

Notifications

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Blogs / Copilot Studio Community Blog / Managing Copilot Security f...

Managing Copilot Security for Knowledge Sources

SaiRT14 Profile Picture SaiRT14 1,961 Super User 2025 Season 1
Explore best practices to manage security for Copilot’s knowledge sources, ensuring your data remains safe while enabling seamless collaboration and efficiency.

Understanding Knowledge Source Security in Copilot
Knowledge sources in Copilot are repositories of information that the AI uses to answer questions and provide insights. These sources can include documents, databases, SharePoint sites, or even custom APIs. Ensuring secure access and use of these knowledge sources involves:
  • Implementing role-based access control (RBAC).
  • Managing sensitive data within the sources.
  • Monitoring and auditing access.
  • Applying conditional filters to restrict access to specific users or groups.
Best Practices for Securing Knowledge Sources
Leverage Role-Based Access Control (RBAC)
RBAC ensures that only authorized users or groups can access specific knowledge sources. Here’s how to implement RBAC effectively:
  • Define User Roles: Identify roles based on access needs (e.g., Admin, Editor, Viewer).
  • Group Users: Use tools like Azure Active Directory (AAD) to group users by their roles or departments.
  • Assign Permissions: Assign granular permissions to roles for specific knowledge sources.
    • Example: Allow editors to upload and modify documents but restrict viewers to read-only access.
Use Conditional Access Policies
Conditional access policies restrict access to knowledge sources based on:
  • User Identity: Block access from unauthorized users or domains.
  • Location: Restrict access to specific IP ranges or geographic locations.
  • Device Compliance: Ensure users access knowledge from managed and compliant devices.
Example: Block access to sensitive knowledge sources for users logging in from unmanaged devices.
Encrypt Knowledge Sources
Enable encryption for all knowledge sources:
  1. At Rest: Ensure that documents and databases are encrypted when stored.
  2. In Transit: Use HTTPS/TLS protocols to encrypt data being transmitted to and from Copilot.
Use Metadata for Granular Access
Add metadata to your knowledge sources to tag sensitive or restricted information. Use this metadata to:
  • Filter access based on user roles or domains.
  • Implement restrictions on sharing or exposing specific content.

Restricting Knowledge Access Based on Context
To restrict access to specific pieces of knowledge based on the user’s domain, role, or query context. Here’s how to achieve this:
Domain-Based Filtering
Restrict access to knowledge based on the user’s domain (e.g., @company.com):
  • Add a custom condition in your knowledge source logic to check the user’s domain.
  • If the domain is not allowed, return a predefined message such as:
    • “You are not authorized to access this content.”
Query-Level Restrictions
  • Set up filters to ensure only specific questions are answered based on knowledge context.
  • Example: If a query relates to sensitive HR data, block responses for unauthorized users.
Setting Up Knowledge Source Security in Copilot Studio
To secure your knowledge sources in Copilot Studio:
  • Define Knowledge Sources
    • Add only trusted and verified repositories to Copilot.
    • Regularly review and update the knowledge sources.
  • Apply Access Controls
    • Use the Security Settings in Copilot Studio to assign roles and permissions.
  • Test Security Configurations
    • Simulate access scenarios to ensure proper restrictions are applied.
  • Regularly Update Security Policies:
    • Review access policies as organizational roles and requirements evolve.
Thank you for your time. For more updates and in-depth insights, visit my YouTube and Blog, Be sure to Subscribe for regular content.

Comments