Control 4.1: Copilot Admin Settings and Feature Management — Portal Walkthrough
Step-by-step portal review for the current Microsoft 365 Copilot administration model across Copilot settings, Agents, billing, and Cloud Policy.
Prerequisites
- Role: AI Administrator (recommended), Global Reader for read-only review, or M365 Global Admin where broader tenant changes are required
- Access: Microsoft 365 Admin Center and Cloud Policy service
- Governance prerequisite: Approved rollout groups and change approval process
Steps
Step 1: Review Copilot Overview
Portal: Microsoft 365 Admin Center
Path: Copilot > Overview
- Open Copilot > Overview.
- Review readiness, adoption, and recommended actions.
- Capture evidence of who reviewed the dashboard and when.
Step 2: Review Copilot Settings Tabs
Portal: Microsoft 365 Admin Center
Path: Copilot > Settings
- Open User access and confirm which users or groups can use Copilot.
- Open Data access and review web search and related data-source decisions.
- Open Copilot actions and review actions that affect feature behavior or connected experiences.
- Open Other settings and review tenant-level settings that affect the Copilot experience.
- Record any deviations from the approved baseline.
Step 3: Review Agents Governance
Portal: Microsoft 365 Admin Center
Path: Agents > Overview / All agents / Settings
- Open Agents > Overview and review governance signals.
- Open All agents to review inventory, requests, blocked agents, and ownerless agents.
- Open Settings and verify:
- allowed agent types
- sharing settings
- user access scope
Step 4: Review Copilot Pages / Notebooks Policy
Portal: Microsoft 365 Cloud Policy service
Path: https://config.office.com > Customization > Policy Management
- Review Create and view Copilot Pages and Copilot Notebooks.
- Review the code preview policy for Copilot Chat and Pages.
- Confirm the policy is scoped only to the intended user population.
Step 5: Review Billing Controls
Portal: Microsoft 365 Admin Center
- Open Settings > Org settings > Self-service trials and purchases and confirm Microsoft 365 Copilot self-service purchasing is configured as approved.
- Open Billing > Pay-as-you-go services and confirm whether any billing policies are active.
- Open Cost Management and review cost visibility if PAYG is enabled.
Step 6: Review Baseline Security Mode
Portal: Microsoft 365 Admin Center
Path: Settings > Org settings > Security & privacy
- Review the organization's Baseline Security Mode posture.
- Confirm any relevant findings are reflected in Copilot governance decisions.
- Document Baseline Security Mode as a complementary Microsoft 365 baseline rather than a Copilot-specific tab.
FSI Recommendations
| Area | Baseline | Recommended | Regulated |
|---|---|---|---|
| Admin role | AI Administrator | AI Administrator + documented reviewer roles | AI Administrator with PIM / time-bound activation |
| Web search | Disabled | Disabled by default | Disabled |
| Agents | Approved types only | Approved types + scoped user access | Restricted to approved groups with compliance review |
| Pages / Notebooks | Scoped by Cloud Policy | Scoped by Cloud Policy + quarterly review | Disabled for IB-sensitive populations unless exception approved |
| PAYG | Review before enablement | Approved groups only | Approved groups only with documented spend governance |
Next Steps
- Proceed to PowerShell Setup for administrative automation
- See Verification & Testing to validate configuration