Clear governance. Real visibility. Confident control.

Business sponsors and IT leadership agree the organisational vision for agentic AI, success criteria and KPIs, agent sponsors and technical owners per department or business function, and an initial prioritised inventory of business scenarios and use cases – framing the tiered agent classification used by later activities. 

A clear map of Copilot Studio and PAYG (pay as you go) consumption forecasting in relation to Copilot Studio features and capacity monitoring ownership at tenant and environment level. 

Discovery of existing Copilot Studio agents across Power Platform environments – including shadow agents built outside IT oversight – an assessment of current environment structure, a review of existing data policies and connector governance, a gap analysis against target governance, and a recommendation on inventory tooling (Copilot Studio Kit). 

Organisational roles and responsibilities mapped to the common roles needed to govern Copilot Studio agents, defining who can create, edit, publish agents and read transcripts, plus documented sharing rules, viewer limits, and agent and solution naming conventions. 

Structured review and decision capture for each Power Platform Admin Center tenant setting focusing on Copilot Studio – covering tenant-level controls for authoring, publishing, environment routing, data sharing, unauthenticated usage, channels, knowledge sources, connectors, skills, Application Insights and triggers. Outputs feed directly into the tenant settings decision register. 

Design of the Power Platform environment strategy: environment count and purpose (personal developer, dedicated developer, test, production), environment routing for new makers, environment group rules, environment-level access controls via security groups, environmental settings relevant to Copilot Studio and AI features, and a Managed Environments activation plan where licensed. 

Power Platform DLP at tenant and environment level, classification of Copilot Studio-specific connectors, endpoint filtering for HTTP, SharePoint and public website connectors, authentication enforcement per agent and environment, web channel security, and sharing and publishing controls. 

Establish best practices for ALM pipeline management for agent promotion across development, test and production environments, gated release process, agent inventory flow, test automation approach, and recommendations for nominated Kit administrators. 

The centrepiece. Your agent-building population mapped to Microsoft's Citizen, Partnered and Professional governance zones, with controls per zone across connectors, sharing rules, monitoring and publishing approval, an agreed agent promotion path between zones, and zones mapped to the environments defined during advisory. 

A tiered support model: L1 maker self-service, L2 Centre of Excellence or governance team, L3 IT and security escalation. Escalation paths for agent failure, data exposure, compliance violation and performance degradation, with SLAs per tier and incident type aligned to your organisational standards. 

Advisory design covering Copilot Studio analytics surfacing in the Power Platform admin centre, transcript review processes and retention, and the governance monitoring dashboard specification – with an oversharing risk assessment and an ongoing compliance monitoring playbook as outputs. 

Admin enablement session focused on the practical use of the Copilot Studio Kit. This includes guidance on key applications, dashboards, reporting capabilities to support governance decisions. The session also outlines recommended review cadences and operational activities to ensure effective and ongoing use of the tooling.  

Teams app versus Copilot agent deployment models, each planned agent mapped to its deployment model, review of the Copilot Control System in the Microsoft 365 Admin Centre (agent policies, sharing, publishing and visibility) with recommended target settings, validation against the Microsoft agents governance visual guide, and a documented governance committee charter. 

Backup and recovery procedures (Dataverse backups, environment recovery, extended backup for Managed Environments), human oversight requirements per agent risk tier, responsible AI guardrails (content moderation, disclaimers, transparency, bias review), generative orchestration controls, and an AI incident response playbook aligned to the Microsoft AI Principles. 

Consolidation of governance artefacts produced during the engagement into a structured and consumable documentation set. This includes key decisions, standards, and operating processes to support ongoing governance, handover, and future scalability, including potential next steps for configuration activities.   

Design effective communication framework based on our change management expertise, ensuring that the outcomes of the engagement are clearly understood across the organisation. This ensures the governance model is clearly understood, adopted, and embedded across the organisation.   

A zone-based agent academy curriculum, a maker enablement resource pack (templates, governance cheat sheet, shared component library), initial training workshops per zone, a Microsoft Teams maker community channel for peer support and knowledge sharing, and an ongoing training cadence including quarterly updates and new feature briefings.