Agent Access Insights hit GA in June 2026 and it is the first native SharePoint surface for hunting rogue Copilot activity. The heatmap shows every agent operating in your tenant across 1, 7, 14, and 28-day windows, ranks the top 20, and flags "unusual patterns" — new-site access, permission-boundary crossings, and volume spikes. This post is our SharePoint Support Team's triage playbook: what the heatmap actually shows, how to distinguish signal from noise, and the escalation path when you find something real.
What Agent Access Insights Actually Shows
Agent Access Insights lives in SharePoint admin center → Copilot → Agent access. The default view is a heatmap of agents (rows) by sites (columns), with cell intensity indicating access volume. Above the heatmap, a summary card lists the top-20 agents by activity across the chosen time window.
The data is pulled from the tenant's audit stream and the Copilot semantic index request log. Both must be active. If audit is off, the heatmap will show only agent metadata and no access data. If your tenant has never had a Copilot license, you will not see this surface at all.
Reference: Insights on agent access in SharePoint.
The four time windows
- 1-day — real-time triage. Use during an active incident.
- 7-day — weekly review. This is the default for our team's weekly governance sync.
- 14-day — trend detection. Good for spotting agents that have quietly ramped up.
- 28-day — baseline calibration. Use this to establish "normal" for your tenant before you start hunting.
Our recommended sequence for a new tenant: run the 28-day view first to see who the top agents are and what "normal" access patterns look like. Then run the 7-day view weekly to catch anomalies against that baseline. Save the 1-day for incident response.
The four "unusual pattern" indicators
The heatmap flags an agent with a small icon when it exhibits one of four patterns. These are the signals worth investigating:
| Indicator | What it means | Common cause |
|-----------|---------------|--------------|
| New site access | Agent accessed sites it had not touched in the prior 28 days | Legitimate scope expansion, or a scope leak |
| Permission boundary cross | Agent accessed content from a different sensitivity tier | Label misconfiguration, or credential misuse |
| Volume spike | Access count >3x the agent's 28-day median in a single day | Scheduled bulk job, or runaway automation |
| Access outside business hours | Access between 10 PM and 6 AM local time | Scheduled agent (expected), or human-triggered off-hours access (investigate) |
None of these are proof of a rogue agent on their own. They are triggers for a review — not for a takedown.
Triage Playbook — 5 Steps for Every Flagged Agent
When the heatmap flags an agent, follow this sequence. It is designed to eliminate the common false positives before you escalate.
Step 1 — Identify the agent owner and creation date
Click the agent row to open the details pane. Note the owner identity and the creation timestamp. If the owner is a leaver, or the creation date is more than 30 days after the last owner login, that is your first red flag. Agents with unclear ownership are the top cause of governance issues.
Step 2 — Cross-reference against your known agent inventory
Every tenant should have a "known agents" inventory — a list of agents your organization built or deployed, with owner, purpose, and expected access scope. If the flagged agent is on that list and its behavior matches the expected scope, you are done. If it is not on the list, or its behavior does not match, keep going.
If you do not have a known-agents inventory, build one today. The SharePoint Admin Agent prompts post has the exact wording for extracting the inventory in bulk.
Step 3 — Check the accessed sites for sensitivity labels
For every site the flagged agent accessed, check the sensitivity label. If any of them are labeled Confidential or Highly Confidential and the agent's owner is not authorized for that tier, escalate immediately. If they are all labeled General or Public, and the volume is reasonable, the flag is likely a scope expansion — not a compromise.
Step 4 — Correlate with Purview audit for the same time window
Open Purview → Audit → Search and filter by the agent identity, the same time window, and the accessed site URLs. Look for two patterns: legitimate app-only OAuth tokens (normal), or user-impersonation tokens outside the owner's typical use (investigate). Purview will show you the auth method that granted the access — that is the ground truth for "is this the agent doing what it should be doing."
Step 5 — Decide: monitor, restrict, or disable
Based on the evidence from steps 1 through 4, choose one:
- Monitor. Add the agent to a watch list, run the 7-day view every day for two weeks. Use this when the behavior is unusual but not clearly wrong.
- Restrict. Reduce the agent's scope via SharePoint permissions or via the agent's configuration. Use this when the scope is broader than the owner intended but there is no evidence of misuse.
- Disable. Turn the agent off entirely, revoke its OAuth grants, and open an incident ticket. Use this when there is evidence of unauthorized access or the owner is unreachable.
Common False Positives — What Not to Panic About
A large share of first-week alerts are false positives. This table is what our team learned to filter out.
| Flag | Frequent innocuous cause | How to confirm |
|------|--------------------------|----------------|
| New site access | Agent owner moved teams or joined a new project | Check the owner's Entra group memberships — new group = new site access |
| Volume spike on Monday | Weekly scheduled report ran | Check the agent config for scheduled triggers |
| Off-hours access | Agent runs on server time, not user local time | Confirm the agent runs on a scheduled job, not interactively |
| Permission boundary cross | Owner has multi-tier access; label was upgraded on the site | Check site label change history in the audit log |
| Multiple flags at once | Agent was reconfigured recently | Check the agent's change log — a reconfig can trigger every indicator at once |
The heuristic our team uses: one flag = triage in the next weekly review; two flags = triage today; three or more flags = triage in the next hour.
When to Escalate to Purview vs Entra vs SAM
Three different teams may need to know about a rogue agent. Choosing the right one saves hours of ping-pong.
- Escalate to Purview when: the incident is about labeled content access, DLP violation, records disposition, or eDiscovery hold. Purview owns the data governance decisions.
- Escalate to Entra when: the incident is about OAuth grants, service principal creation, or authentication anomalies. Entra owns the identity and access decisions.
- Escalate to SharePoint Advanced Management (SAM) when: the incident is about permission sprawl, site ownership, or SharePoint-specific admin actions. SAM owns the SharePoint governance surface.
For a rogue Copilot agent, you often need all three. Open the ticket with the most senior owner and CC the others.
Reference: read the Insights on agent access doc's "Working with agent access data" section for how the underlying schema is structured — that helps enormously when you are correlating with Purview.
Rogue Agent Signals to Take Seriously
None of these should ever be a false positive:
- Agent accessing sites the owner has no group membership for.
- Agent running with app-only permissions the tenant admin did not grant.
- Agent access to a site holding regulated data (PHI, PCI, ITAR) with no compliance-owner review.
- Agent whose creation timestamp is after the owner's HR termination date.
- Agent accessing >100 sites in a 24-hour window (scope-crawl pattern).
Any of these are P1 incidents. Disable the agent, revoke OAuth grants, and open the ticket.
Weekly Habit — 15-Minute Cadence
Our team's weekly rhythm:
- Open Agent Access Insights, set 7-day window.
- Sort by "unusual pattern" indicators.
- Triage the top 5 with the 5-step playbook above.
- Log dispositions in the governance channel.
- Update the known-agents inventory if a new legitimate agent has been added.
Fifteen minutes on Tuesday morning, every week. That is the difference between a governed Copilot rollout and an audit finding.
Expert help from our SharePoint consultants
Our SharePoint Support Team runs Agent Access Insights triage for regulated tenants — we've seen every false positive pattern above and can shortcut the calibration process. If you need help building your known-agents inventory, tuning the Purview correlation, or running an incident response for a real rogue-agent finding, talk to our SharePoint consultants or reach us via our contact page. Rogue agent hunts are one of the highest-leverage governance activities you can run right now — a small investment prevents a much larger incident.
Written by the SharePoint Support Team
Senior SharePoint Consultants | 25+ Years Microsoft Ecosystem Experience
Our senior SharePoint consultants bring deep expertise spanning 500+ enterprise migrations and compliance implementations across HIPAA, SOC 2, and FedRAMP environments. We cover SharePoint Online, Microsoft 365, migrations, Copilot readiness, and large-scale governance.
Expert SharePoint Services
Frequently Asked Questions
Where do I find Agent Access Insights in the SharePoint admin center?▼
What is the difference between "new site access" and "permission boundary cross"?▼
How do I build a known-agents inventory?▼
Should I disable an agent immediately when I see multiple flags?▼
Does Agent Access Insights capture Copilot Cowork activity?▼
How long is the data retained in Agent Access Insights?▼
What is the fastest way to reduce false positives?▼
Need Expert Help?
Our SharePoint consultants are ready to help you implement these strategies in your organization.
Continue Reading in Security
SharePoint Security Hardening: Protect Your Enterprise...
Comprehensive security guide covering permissions, external sharing, sensitivity labels, and advanced threat protection.
SecuritySharePoint Backup and Recovery: Enterprise Protection Guide
Protect your SharePoint data with comprehensive backup and recovery strategies. Learn about native tools, third-party solutions, and disaster recovery planning.
SecuritySharePoint External Sharing: Secure Collaboration Guide
Enable secure external collaboration in SharePoint while maintaining governance and compliance. Learn sharing policies, guest access, and security best practices.
SecuritySharePoint Extranet Setup Guide: Secure External...
Complete guide to setting up a SharePoint extranet for clients, vendors, and partners. Covers architecture options, security controls, permissions, and governance for B2B collaboration.
SecuritySharePoint Permissions Management
Master SharePoint permissions with this enterprise guide. Covers permission levels, inheritance, groups, unique permissions, broken inheritance risks, auditing, and modern best practices.
SecuritySharePoint External Sharing & Guest Access
Securely configure SharePoint external sharing and guest access for enterprise collaboration. Learn sharing policies, guest user management, conditional access, auditing external activity, and compliance controls.
