Blog Post

Healthcare and Life Sciences Blog
2 MIN READ

Webinar: Copilot Governance Session 1: Deployment, Copilot Control System, and Agent Management

michaelgoad's avatar
michaelgoad
Icon for Microsoft rankMicrosoft
Oct 15, 2025

In the first session of our four-part Copilot Governance series, we focused on what it takes to build a secure, scalable, and strategic foundation for Microsoft Copilot. Whether you're just getting started or already piloting agents, this session covered the key phases of deployment, the Copilot Control System, and the governance levers that matter most.

The Copilot Deployment Journey

We broke down the Copilot journey into four phases, each with clear milestones:

  • Phase 1 (0–2 months):
    • Establish AI councils and champions programs
    • Define governance and agent strategies
    • Begin change management and Purview planning
  • Phase 2 (3–6 months):
    • Deploy first-party agents (e.g., Researcher, Analyst)
    • Experiment with low-code agents using Agent Builder
    • Expand Power Platform and Purview governance
  • Phase 3–4 (6+ months):
    • Scale custom agents across departments
    • Fine-tune policies and billing
    • Drive adoption through education and reporting

Key Governance Controls in the Admin Center

We explored the Copilot Control System and how to manage access, features, and billing:

  • Agent Access:
    • Scope agent creation to security groups
    • Understand the difference between shared vs. custom agents
    • Use “pinning” to highlight key agents for users
  • Billing & Consumption:
    • Set up pay-as-you-go policies for Copilot Chat users
    • Assign billing by department or security group
    • Avoid unexpected charges by limiting third-party connectors
  • Security & Data Access:
    • Control web search and external agent access
    • Use custom dictionaries for business-specific terms
    • Monitor agent ownership and usage trends

This session also introduced new features like the ability to manage pinned agents, track ownerless agents, and leverage Graph Connectors for external data sources like ServiceNow. You can view the presentation attached to this blog.

Join us for our next sessions, register below:

Oct 21 – Copilot Studio + Power Platform Governance: Microsoft Virtual Events Powered by Teams

  • Explore governance for Copilot Studio and Power Platform, including environment routing, Managed Environments, DLP policies, and the CoE Starter Kit.

Oct 28 – Purview: Labels, Data Security, eDiscovery, and Copilot Logging: Microsoft Virtual Events Powered by Teams

  • See how Microsoft Purview enables compliance for Copilot with audit logs, Activity Explorer, sensitivity labels, and eDiscovery workflows.

Nov 4 – Content Governance with SharePoint Advanced Management: Microsoft Virtual Events Powered by Teams

  • Learn how to control content signals for Copilot using SAM features like DAG, RAC, RCD, and Restricted SharePoint Search.
Updated Oct 15, 2025
Version 3.0

2 Comments

  • KChachanidze's avatar
    KChachanidze
    Brass Contributor
    Nov 17, 2025

    Thanks for the awesome Management sessions. I was wondering - why is it that I do not see other options in Settings for Copilot in MS 365 Admin Center? I have only limited ones available with my AI Admin role. Which Toles are required to have a complete overview of the settings? michaelgoad​ 

    • michaelgoad's avatar
      michaelgoad
      Icon for Microsoft rankMicrosoft
      Nov 17, 2025

      KChachanidze​ 

      The AI Administrator role in Microsoft 365 gives access to the Copilot settings page in the admin center, but it doesn’t unlock every Copilot-related control. Some options live in other admin surfaces and require additional roles. For example:

      • Global Administrator: Needed for tenant-wide Copilot settings and app consent.
      • Office Apps Admin: Required to create and publish Cloud Policy for Copilot experiences like Pages and Notebooks.
      • Teams Admin: Handles Copilot pinning and behavior in Teams.
      • Search Admin: Manages Copilot connectors for extensibility.

      The AI Admin role is a foundational role. If you only have AI Administrator, you’ll see core Copilot toggles (like enabling Copilot and pinning in M365 apps), but advanced features tied to policy, connectors, or Teams require those other roles. Licensing and feature rollout also affect what appears. If you need access to additional items, it is common that I see orgs create custom admin roles with overlapping permissions based on need.