SharePoint Copilot Agents: The Enterprise Reality Check
Every SharePoint site now has a default Copilot agent. That agent can search, summarize, and answer questions about every document in that site. If your permissions are clean, this is powerful. If your permissions are messy — and they almost certainly are — you just gave every user an AI-powered tool to surface content they were never supposed to see.
This is not a hypothetical risk. I have seen it happen in production at three enterprise clients in the past 90 days. In one case, a marketing analyst asked Copilot about Q1 results and received a summary that included executive compensation data from an HR document library that had an "Everyone except external users" permission grant nobody remembered setting.
This guide covers how to build custom SharePoint Copilot agents that are genuinely useful AND how to govern them so they do not become your next security incident.
---
What SharePoint Copilot Agents Actually Are
A SharePoint Copilot agent is an AI assistant scoped to specific SharePoint content. There are three types:
Default site agent: Every SharePoint site automatically has one. It searches all content in that site that the asking user has permission to access. You do not create it — it exists by default.
Custom site agent: You create this in SharePoint by specifying exact sources — specific document libraries, folders, or files. It only answers based on those sources, not the entire site. This is the most useful type for enterprise because you control what it can access.
Copilot Studio agent: Built in Copilot Studio with advanced capabilities — custom prompts, API connections, Power Automate triggers, and multi-source grounding across SharePoint, Dataverse, and external systems. This is the enterprise-grade option for complex workflows.
---
Building a Custom SharePoint Agent (Step by Step)
Step 1: Define the Agent's Purpose
Before touching any tool, answer three questions:
- What questions should this agent answer?
- What content should it use to answer them?
- Who should be able to use it?
Bad agent design: "An agent that helps with everything in our Finance department." Good agent design: "An agent that answers questions about our travel expense policy using only the approved policy documents in the Finance Policies library."
Step 2: Create the Agent in SharePoint
Navigate to your SharePoint site > Site settings > Copilot agents > Create agent. Name it descriptively — "Travel Policy Assistant" not "Finance Bot."
Step 3: Scope the Knowledge Sources
This is the critical step. Add ONLY the specific libraries, folders, or files the agent should reference. Do not scope it to the entire site unless you have verified every document's permissions and sensitivity labels.
Recommended approach: Create a dedicated document library for each agent's knowledge base. Curate exactly what goes in. Review quarterly.
Step 4: Set the Agent Instructions
Write clear instructions that define the agent's behavior:
- What topics it should and should not answer
- What tone to use (formal, technical, conversational)
- Whether it should cite specific documents in its responses
- What to say when it does not know the answer ("I could not find that in the approved policy documents. Please contact HR directly.")
Step 5: Test with Real Users
Before publishing, have 5-10 users from the target audience test the agent. Ask them to try both expected and unexpected questions. Verify the agent never surfaces content from outside its scoped sources.
---
The Governance Framework for Copilot Agents
Without governance, agents proliferate like uncontrolled SharePoint sites did in 2010. Within 6 months you will have 200 agents, nobody will know who owns them, and at least 3 will have overshared permissions.
Rule 1: Agent Registry
Maintain a central list of all Copilot agents across your tenant. For each agent, track: name, owner, purpose, knowledge sources, users, creation date, last review date.
Rule 2: Approval Workflow
No agent goes live without approval. Route requests through IT governance. The approval must verify: knowledge sources are appropriately scoped, sensitivity labels are applied to source content, permissions on source libraries are correct, and the agent's instructions include appropriate guardrails.
Rule 3: Quarterly Review
Every agent must be reviewed every 90 days. The review checks: Is the agent still needed? Are the knowledge sources current? Are permissions still correct? Has the agent surfaced any inappropriate content? Usage analytics — is anyone actually using it?
Rule 4: DLP Integration
Configure Microsoft Purview DLP policies that apply to Copilot agents. Block agents from referencing content labeled "Highly Confidential" unless the agent is explicitly approved for that sensitivity level.
Rule 5: Kill Switch
Every agent must have a documented deactivation procedure. If an agent surfaces inappropriate content, IT must be able to disable it within 15 minutes, not 15 days.
---
The 5 Mistakes That Turn Agents Into Data Leaks
Mistake 1: Scoping to the Entire Site
The default agent scopes to everything. Custom agents should scope to specific libraries. A Finance site might have 50 libraries — scoping to the entire site means the agent can surface executive compensation, M&A plans, and Board communications alongside routine expense reports.
Mistake 2: Forgetting About Permission Inheritance
If Library A has restricted permissions but Folder B inside Library A has "Everyone" access (inheritance was broken years ago), the agent can surface Folder B content to everyone. Audit permissions before creating agents.
Mistake 3: Not Labeling Source Content
If documents in the agent's knowledge base are not labeled with sensitivity labels, DLP policies cannot protect them. The agent will happily summarize unlabeled confidential documents.
Mistake 4: No Instructions Guardrails
Without clear instructions, agents will attempt to answer any question using any available content. Set explicit boundaries: "Only answer questions about travel expense policies. For any other topic, respond with: This agent only covers travel expense policies."
Mistake 5: No Monitoring
If nobody monitors what users are asking and what the agent is responding with, you will not know when it surfaces inappropriate content until someone screenshots it and sends it to your CISO.
---
SharePoint Knowledge Agent (Preview)
Microsoft recently released the SharePoint Knowledge Agent in preview. Unlike custom agents you build, this is an AI assistant that automatically enriches, organizes, and maintains SharePoint content. It can:
- Auto-generate metadata for documents that lack it
- Suggest content organization improvements
- Identify stale or outdated content
- Recommend taxonomy changes based on usage patterns
For enterprises with messy, ungoverned SharePoint environments, the Knowledge Agent is potentially transformative — but it needs the same governance controls as any other agent. It has access to your content and can make changes. Treat it as a digital worker with appropriate permissions.
---
Frequently Asked Questions
Do I need a Copilot license for SharePoint agents?
Yes. Users need a Microsoft 365 Copilot license ($30/user/month) to interact with SharePoint Copilot agents. The default site agent and custom agents require this license. Copilot Studio agents may have different licensing depending on their configuration.
Can agents access content across multiple sites?
Default and custom SharePoint agents are scoped to a single site. Copilot Studio agents can be configured to access content across multiple SharePoint sites, Dataverse, and external systems. For cross-site agents, governance is even more critical because the blast radius of a permission error is larger.
How do I prevent agents from surfacing sensitive content?
Three layers: (1) Clean permissions — remove oversharing before deploying agents. (2) Sensitivity labels — label all content so DLP policies can enforce rules. (3) Agent scoping — limit knowledge sources to specific, curated libraries rather than entire sites.
Should every department have its own agent?
Not automatically. Create agents when there is a clear use case with defined knowledge sources and a specific audience. A department agent that tries to answer every possible question using every document in the department is less useful than three focused agents for specific workflows.
What is the difference between a SharePoint agent and a Copilot Studio agent?
SharePoint agents are simple — scoped to SharePoint content, no code required, limited customization. Copilot Studio agents are powerful — custom prompts, API connections, multi-source grounding, Power Automate triggers, and advanced logic. Use SharePoint agents for simple Q&A over documents. Use Copilot Studio for complex workflows that span multiple systems.
How do I monitor what agents are doing?
Use the Copilot dashboard in the Microsoft 365 Admin Center to view agent usage analytics. For detailed monitoring, configure Microsoft Purview audit logging to capture Copilot interaction events. Alert on unusual patterns: high-volume queries from a single user, queries that trigger DLP matches, and queries about sensitive topics.
Written by Errin O'Connor
Founder, CEO & Chief AI Architect | Microsoft Press Bestselling Author | 25+ Years Microsoft Ecosystem
Errin O'Connor is a Microsoft Press bestselling author of 4 books covering SharePoint, Power BI, Azure, and large-scale migrations. He leads our SharePoint consulting practice with expertise spanning 500+ enterprise migrations and compliance implementations across HIPAA, SOC 2, and FedRAMP environments.
Expert SharePoint Services
Need Expert Help?
Our SharePoint consultants are ready to help you implement these strategies in your organization.