Forum Discussion
Denying Access to Copilot Studio
Is it possible to deny users access to Copilot Studio even if they have an active Copilot for M365 license?
1. License Management: Check and remove the user's Copilot Studio license in the Microsoft 365 Admin Center.
Ensure that the user is not assigned a Power Platform or Dynamics 365 license (if Copilot Studio depends on these services)
2. Azure AD Privilege Configuration: Create Security Groups: Add users who require restrictions to a dedicated security group
Configure conditional access policies in the Azure portal:
plaintext
Location: Azure Active Directory > Security > Conditional Access
Policy Configuration:
Target: Select the security group to create
Cloud Application: Select “Microsoft Copilot Studio”.
Access Control: Select “Block”
3. Power Platform controls access to the Power Platform Management Center:
plaintext
1. Navigate to Environment Settings
2. Select Target Environment > Security Groups
3. Remove the user's environment access rights
4. Disable the Copilot Studio component in the Resources settings.
4. Microsoft Teams Integration Controls: In the Teams Management Center, in the Manage Applications section:
plaintext
Search for and find the Copilot Studio application
Set it to “Block” or restrict access to specific groups of users.
5. Group Policy Supplement: Create an information barrier policy through the Microsoft 365 Compliance Center.
Configure an API restriction policy to block Copilot Studio related endpoints
