As organisations rapidly adopt AI tools, IT professionals find themselves at the epicentre of AI transformation, managing an increasingly complex landscape of AI tools and agents. The proliferation of these technologies creates a critical need for robust, coherent enterprise-grade controls. Microsoft has responded to this need with the Copilot Control System (CCS), a comprehensive framework designed to empower IT professionals to lead AI transformation with confidence and control.
What is the Copilot Control System?
The Copilot Control System is a system of integrated controls and capabilities for Copilot and agents. Introduced at Ignite 2024, CCS helps IT administrators and security professionals effectively secure, manage, and analyse the use of Microsoft 365 Copilot, Copilot Chat, Microsoft Copilot Studio, and agents across their organisations.
CCS is grounded in existing controls and commitments that Microsoft manages on behalf of customers. The models used by Microsoft 365 Copilot are hosted within Azure OpenAI infrastructure, providing an end-to-end chain of compliance for all data passed to foundation models. This ensures alignment with Microsoft 365 Compliance requirements and strict adherence to data handling standards.
The Three Pillars of CCS
The Copilot Control System spans three functional areas critical to the administration of Copilot and agents:
1. Security and Governance
Organisations deploying AI face both existing and new challenges. The security and governance pillar of CCS addresses these with foundational and optimised controls:
- Data Security: Manage data and site access, reduce potential oversharing with built-in site governance tools, and protect Copilot responses with automatic inheritance of data classification. Optimised controls in Microsoft Purview provide visibility into and control over sensitive data in Copilot interactions.
- AI Security: Built-in protection against prompt injection attacks and harmful content. Microsoft Entra provides foundational controls to restrict which AI apps users can access, while Defender for Cloud Apps helps security teams detect suspicious interactions with Copilot.
- Compliance and Privacy: Audit activity, enforce retention policies, respond to litigation holds, and support defensible eDiscovery of AI interactions. Purview also provides alerts and investigative tools for potential compliance violations.
2. Management Controls
CCS management controls enable administrators to determine how Copilot licenses and agents are deployed to meet organisational needs. These controls are found primarily in the Microsoft 365 admin centre (MAC), Power Platform admin centre (PPAC), and Copilot Studio:
- Copilot Licensing: Manage Microsoft 365 Copilot license assignment and control access to agents, ensuring compliance with policies and usage limits.
- Agent Lifecycle: Gain visibility into the status, governance, and lifecycle of agents with the ability to review agent details, approve, block, and manage usage.
- Metering Controls: Configure pay-as-you-go billing, review agent message consumption, and manage consumption costs.
3. Measurement and Reporting
CCS measurement capabilities, part of Copilot Analytics, empower IT and business leaders to understand adoption and business impact. These combine out-of-the-box experiences with advanced reporting tools:
- Readiness and Adoption: Prepare for Copilot deployment with workplace analytics and drive adoption with feature-level reports.
- Productivity Shifts: Explore how Copilot and agent-assisted actions lead to changes in time savings, collaboration patterns, and employee satisfaction.
- Business Value and ROI: Measure AI’s impact on your bottom line by evaluating Copilot usage and its relation to organisational KPIs across departments.
Future Developments
Microsoft continues to evolve the Copilot Control System to anticipate and embrace new approaches in AI. Upcoming features will focus on agent management, including:
- Agent Inventory Management: Enable administrators to review agents and agent metadata, and block or take down agents as necessary.
- Agent Usage Reporting: Provide administrators with detailed views into agent usage, adoption, and business impact trends across their tenant.
Final Thoughts: Empowering Responsible AI Adoption
As the Enterprise AI industry accelerates, organisations need robust control systems to manage increasingly complex AI ecosystems. The Copilot Control System provides Microsoft customers with industry-leading capabilities to secure, manage, and analyse their Copilot and agent deployments, helping to protect valuable data, enforce security requirements, and gain insights into usage patterns. With CCS, organisations can confidently embrace AI transformation while maintaining control over their digital environment.