Hello everyone,
So far no progress. I even opened a request on Microsoft to get more details.
This is not helpful, as this configuration is managed at the tenant level, our organization is cautious about enabling it without being able to control or monitor which users have publishing permissions.
The Copilot Studio product is relatively new in our organization, and our department is the first to develop a chatbot using it — with all necessary internal approvals in place. If other departments decide to build similar solutions in the future (and we know there are also tother departments that are trying to by the Copilot studio license), they must also go through the relevant security and compliance processes.
Our main goal is to understand how to ensure that only approved environments and authorized users or bots can utilize this tenant-level setting.
There is nothing at DLP level that can be done, so that even if the “Publish Copilot with AI features” is enabled at tenant level only specific environments can benefit from it?
"Enabling the tenant-level “Publish Copilot with AI features” setting will allow AI features to be used across your organization, but it does not, by itself, restrict publishing permissions only to members of the “Copilot Studio Authors” security group. The “Copilot Studio Authors” setting is designed to grant access to users in the specified security group, but it does not automatically remove access from other users who may have a Copilot Studio per-user license, a trial license, or a Microsoft 365 Copilot license.
To ensure that only the intended group can publish Copilots with AI features, you must meet all of the following conditions:
- The user is not in the security group assigned to the “Copilot Studio Authors” setting.
- The user does not have a Copilot Studio per-user license or trial license.
- The user does not have a Microsoft 365 Copilot license.
- There are no hidden role assignments granting access."
