July 8, 2026 Stories worth reading. Perspectives worth sharing.
Blocking Maker-Provided Credentials in Microsoft Copilot Studio: A Security Upgrade for AI Agents
Microsoft 365

Blocking Maker-Provided Credentials in Microsoft Copilot Studio: A Security Upgrade for AI Agents

Mo Wasay July 5, 2026 6 min read
Blocking Maker-Provided Credentials in Microsoft Copilot Studio: A Security Upgrade for AI Agents

REPORT: What’s New This Cycle?

Microsoft Copilot Studio introduces a crucial security feature: the ability to block AI agents from authenticating using the personal credentials of their makers (the users who create or own the agent). This feature enters preview in September 2025 and will be generally available (GA) in August 2026 (Microsoft 365 Roadmap #566997).

Admins can now enforce organizational control over AI agent authentication, preventing agents from leveraging individual identities that may have excessive or inappropriate access. The new configuration lives in the Copilot Studio admin center under Settings → Security → AI Agent Authentication. The update also exposes new Graph API endpoints and Microsoft.Graph PowerShell cmdlets for auditing and managing agent authentication policies.

Relevant Feature Names and Entry Points

  • Block Maker-Provided Credentials (Preview Sept 2025, GA Aug 2026)
  • Copilot Studio Admin Center: Settings → Security → AI Agent Authentication
  • Microsoft.Graph PowerShell: Get-MgCopilotAgentAuthenticationPolicy, Set-MgCopilotAgentAuthenticationPolicy
  • Graph API: /copilot/agentAuthenticationPolicies

IMPACT: Who and What Is Affected?

Any organization deploying Copilot AI agents (virtual assistants, chatbots, automation bots) can now enforce that agents use only sanctioned service principals or managed identities for authentication. This change affects:

  • AI Agent Makers: Cannot use their own credentials to imbue agents with access.
  • End Users: Gain increased trust that agents interact only with data they’re permitted to access.
  • IT & Security Teams: Gain direct control over agent identity lifecycle, reducing risk of privilege escalation or data mishandling.

Concrete risk: If maker credentials are reused, an agent could unintentionally gain access to sensitive systems (HR, finance, regulated data) far beyond its intended scope. This risks non-compliance with GDPR, HIPAA, and internal policy. Attackers could exploit overly-permissive maker credentials to escalate privileges via AI agents.

EDUCATE: Understanding Maker-Provided Credentials and Organizational Authentication

Maker-provided credentials are typically OAuth tokens or API keys belonging to the individual who builds or configures an agent. These credentials often carry permissions far broader than the agent’s functional requirements, and may persist even after a maker leaves the organization—creating orphaned access paths.

Organizational authentication uses service principals or managed identities governed by Entra ID, allowing admins to tightly scope access, monitor usage, rotate credentials, and apply conditional access policies. Blocking maker credentials ensures agents access only what’s authorized, and all actions are auditable by IT.

DETECT: Auditing Copilot AI Agents Using Microsoft.Graph PowerShell

The following PowerShell script audits all Copilot AI agents, reporting which are using maker-provided credentials. It handles pagination and errors, outputting a CSV for review. Requires Microsoft.Graph module (v1.20+).

# Connect to Microsoft Graph
Connect-MgGraph -Scopes 'CopilotAgent.Read.All', 'CopilotAgentAuthenticationPolicy.Read.All'

# Retrieve all Copilot AI agents with pagination
$agents = @()
$uri = 'https://graph.microsoft.com/v1.0/copilot/agents'
do {
    $response = Invoke-MgGraphRequest -Method GET -Uri $uri
    $agents += $response.value
    $uri = $response.'@odata.nextLink'
} while ($uri)

# For each agent, check authentication policy
$results = @()
foreach ($agent in $agents) {
    try {
        $policy = Get-MgCopilotAgentAuthenticationPolicy -AgentId $agent.id
        $isMakerCredential = $policy.authenticationMethod -eq 'makerCredential'
        $results += [PSCustomObject]@{
            AgentName = $agent.displayName
            AgentId = $agent.id
            UsesMakerCredential = $isMakerCredential
            AuthenticationMethod = $policy.authenticationMethod
        }
    } catch {
        Write-Warning "Failed to get auth policy for agent $($agent.displayName) ($($agent.id)). $_"
    }
}

# Output for review
$results | Export-Csv -Path './CopilotAgentAuthAudit.csv' -NoTypeInformation
Write-Host 'Audit complete. Review CopilotAgentAuthAudit.csv.'

Notes: This script is read-only and safe for auditing in production. Paginated API responses are handled via @odata.nextLink.

REMEDIATE SAFELY: Blocking Maker Credentials (Dry-Run)

To remediate, admins should migrate agents to use organizational identities, then block maker credentials. The following snippet shows how to simulate the change (dry-run). It operates only on manually reviewed agents flagged by the audit; never bulk modifies live queries.

# Example: Prepare to block maker credentials for specific agents
$agentsToUpdate = Import-Csv './CopilotAgentAuthAudit.csv' | Where-Object { $_.UsesMakerCredential -eq $true }

foreach ($agent in $agentsToUpdate) {
    Write-Host "Would update agent '$($agent.AgentName)' ($($agent.AgentId)) to block maker credentials."
    # Uncomment the following line after explicit review:
    # Set-MgCopilotAgentAuthenticationPolicy -AgentId $agent.AgentId -AuthenticationMethod 'servicePrincipal' -WhatIf
}

Explicitly dry-run: The -WhatIf parameter ensures no changes occur. Only after review should you remove -WhatIf and apply changes one agent at a time.

PORTAL EQUIVALENT: Where to Find This in Copilot Studio

  • Copilot Studio Admin Center: Settings → Security → AI Agent Authentication
  • For each agent: Agent Details → Authentication Method (shows current credential source)
  • Entra ID → Enterprise Applications → Service Principals (for organizational identity management)

Admins can block maker credentials via a toggle in the AI Agent Authentication section, or set agent-level policies directly.

WHAT’S COMING IN THE NEXT 90 DAYS

  • Copilot Studio: Service Principal Identity Templates — Streamlined templates to convert existing agents from maker credentials to managed identities (Preview Q4 2025).
  • Purview Integration: Enhanced auditing for AI agent access to regulated data, enabling compliance reporting (Preview Q4 2025).
  • Teams & SharePoint: AI Agent Lifecycle Controls — Expanded granularity for agent ownership and offboarding, reducing orphaned access risk (Roadmap #567123).
  • Entra ID Conditional Access for Copilot Agents — Policy targeting agents by authentication method, allowing enforcement of MFA or access restrictions (Preview Q1 2026).

THE UPGRADE: Why This Matters (Productivity, Security, Cost)

  • Productivity: Centralized management means agents are easier to deploy, monitor, and troubleshoot. No more hunting down individual makers for credential rotation.
  • Security: Eliminates privilege escalation and orphaned access risks inherent with maker credentials. Agents operate within well-defined, auditable boundaries.
  • Compliance: Facilitates GDPR, HIPAA, and internal policy adherence. Access to regulated data is strictly governed, logged, and revocable.
  • Cost: Reduces incident response overhead. Fewer security events tied to rogue maker credentials; simpler agent lifecycle management.

RELATED M365 CHANGES: Full Picture for Admin Workflow

  • Entra ID: Service principal lifecycle automation now supports Copilot Studio, enabling automated credential rotation and monitoring (GA Q3 2026).
  • Microsoft Purview: Data loss prevention policies can target Copilot agents by authentication method, extending compliance controls.
  • Intune: Device compliance can trigger conditional agent access, limiting AI agent operation to managed devices only.
  • Microsoft Defender: Threat analytics now recognize abnormal agent authentication patterns, alerting on possible credential abuse.

RECOMMENDATION: Prioritised Takeaway

  • Immediate: Audit all Copilot AI agents for maker-provided credentials. Review results with stakeholders.
  • Short-Term: Plan migration to organizational identities for all high-risk agents. Use the dry-run remediation script for validation.
  • Medium-Term: Update onboarding and governance workflows to enforce agent authentication policies. Monitor roadmap for upcoming templates and security controls.
  • Long-Term: Integrate Purview and Defender alerts to automate compliance and threat detection for Copilot agents.

Bottom line: Blocking maker-provided credentials is a must for any organization scaling AI agents. Secure, audit, and govern your Copilot Studio deployment with enterprise-grade controls—starting now.