The Copilot Control System (CCS) is Microsoft’s integrated set of controls and capabilities designed to help IT, security, and compliance teams secure, manage, and analyze the use of Microsoft 365 Copilot, Copilot Chat, Microsoft Copilot Studio, and AI agents across the organization.

CCS brings together three core functional areas:

• Security and governance – Controls to protect data, manage access, and meet compliance requirements.
• Management controls – Tools to govern how Copilot licenses and agents are deployed, governed, and monitored.
• Measurement and reporting – Analytics to understand adoption, usage, and business impact.

Under the hood, Microsoft 365 Copilot models run on Azure OpenAI infrastructure, which enables an end-to-end chain of compliance for data passed to the foundation models. CCS builds on existing Microsoft 365 commitments, including:

• Alignment with Microsoft 365 Compliance requirements.
• Enterprise data protection (EDP) commitments.
• Built-in safety and governance controls in the Copilot infrastructure.
• Responsible AI services to help protect against harmful content and bad actors.

For CIOs and IT leaders facing a rapid expansion of AI tools and agents, CCS is intended to help them reimagine AI administration at scale—protecting data, enforcing governance, and generating insights that support AI-powered business transformation.

CCS is structured to help organizations tackle the new security, governance, and compliance challenges that come with AI adoption. It does this through a combination of foundational and optimized controls.

Security and data protection

• Data and site access management: Control who can access which data and sites through Copilot, and reduce oversharing with built-in site governance tools.
• Automatic inheritance of data classification: Copilot responses and created documents inherit existing data classifications, helping keep protection policies consistent.
• Protection against prompt injection and harmful content: Copilot includes built-in defenses against prompt injection attacks and harmful content.
• Control over AI apps: Microsoft Entra provides foundational controls to restrict which AI applications users can access.

Optimized security controls (Purview & Defender for Cloud Apps)

• Microsoft Purview adds visibility into and control over sensitive data in Copilot and agent interactions, including the ability to:
  • Exclude specific files from being processed by Copilot.
  • Restrict or block a user if a pattern of risky behavior is detected.
• Defender for Cloud Apps helps security teams detect suspicious interactions with Copilot (for example, sensitive data access from a risky IP) and provides detailed alerts to support investigations.

Compliance, privacy, and auditing

• Auditing of AI activity: Purview foundational controls allow you to audit AI interactions.
• Retention and legal requirements: Enforcement of retention policies, support for litigation holds, and defensible eDiscovery of AI interactions.
• Compliance and ethics monitoring: Optimized Purview controls provide alerts and investigative tools for potential compliance or ethical violations, plus templates to help align with regulatory requirements.
• Web-grounded search controls: Copilot offers foundational controls and visibility over how web search is used to ground AI responses.

Together, these capabilities help organizations protect sensitive data from internal and external threats, manage which AI tools are available, and maintain a clear compliance posture as AI usage grows.

CCS gives IT and business leaders tools to both govern Copilot and agents and measure their impact.

Management controls

Management capabilities are primarily available in the Microsoft 365 admin center (MAC), Power Platform admin center (PPAC), and Copilot Studio. They include:

• Copilot licensing: Assign and manage Microsoft 365 Copilot licenses, and control access to agents to align with policies, usage limits, and budget.
• Agent lifecycle management:
  • Visibility into agent status, governance, and lifecycle.
  • Ability to review agent details, approve or block agents, and manage usage.
  • Control over environments, routing, groups, and rules to reflect organizational policies.
  • Configuration of pay-as-you-go billing, review of agent message consumption, and management of agent consumption costs.

Microsoft has also signaled upcoming CCS features focused on agent management, including richer views into agents and their metadata, and the ability to block or take down agents when needed.

Measurement and reporting (Copilot Analytics)

CCS measurement capabilities are delivered through Copilot Analytics, which combines out-of-the-box dashboards with advanced reporting tools in MAC, Viva Insights, and PPAC:

• Copilot Dashboard: High-level view of Copilot and agent adoption and usage.
• Workplace analytics: Prepare for deployment by understanding current collaboration and work patterns.
• Feature-level reports: Track how specific Copilot and agent features are being used to drive adoption.
• Behavior and collaboration insights: Explore how Copilot-assisted actions relate to time savings, behavior changes, collaboration patterns, and employee satisfaction.
• Business value and ROI: Connect Copilot and agent usage to KPIs in areas such as Sales, Service, Finance, and Marketing to understand impact on the bottom line.

As AI adoption accelerates, Microsoft plans to continue expanding CCS with new controls and analytics so organizations can keep reshaping how they manage and measure AI in line with their specific needs.