Are You at Risk? New Copilot Studio Sharing Controls Every Organization Should Enable

If your organization has been running Copilot Studio pilots, you’re not alone in raising concerns about how easily agents could be shared across the entire tenant. Microsoft has just released a crucial update for organizations piloting or scaling Copilot Studio: a new admin control that lets you decide who can share Copilot Studio agents with the entire organization. This change directly addresses a major governance gap, empowering IT leaders to reduce risk and enable innovation safely.

What’s New: Granular Sharing Control for Copilot Agents

Until recently, any user with access to Copilot Studio could share an agent organization-wide, even if that agent was experimental, untested, or connected to sensitive data. For IT and governance leaders trying to scale responsibly, this was a major roadblock.

Now, Microsoft has answered that feedback. A new setting in the Microsoft 365 admin center is available that lets you control exactly who can share Copilot Studio agents with the entire organization, reducing risk and giving teams the flexibility they need to innovate safely.

You’ll find it under: Copilot → Settings → Data access → Agents

The new dropdown option, “Choose who can share agents with the entire organization”, allows admins to select:

• All users who can access agents (default)
• No users
• Specific users or groups

This means you can authorize only trusted makers to publish agents org-wide, while others can keep experimenting safely within their teams or departments.

Why This Matters: Pilots Have Highlighted a Real Governance Gap

As more organizations pilot Copilot Studio, one theme keeps emerging: governance and oversight need to keep pace with creativity.

Copilot Studio makes it easy for employees to build and share AI agents that automate workflows or answer questions using internal data. But without guardrails, organizations risk:

• Accidental data exposure through agents not fully vetted for sensitivity. 
• Duplicate or conflicting agents shared across departments. 
• Loss of control as test environments spill into production. 

This new setting directly addresses those risks by giving administrators a way to decouple creation rights from sharing rights. It’s a change many organizations have been asking for since early pilot phases and now it’s finally here.

This update isn’t about restricting creativity; it’s about enabling it responsibly. By turning on this control, organizations can:

• Reduce risk of oversharing and data leakage. 
• Maintain governance while still encouraging maker experimentation. 
• Align Copilot Studio governance with Power Platform and Purview policies. 
• Increase confidence among compliance, security, and leadership teams who’ve been cautious about scaling Copilot.

It’s a small change that delivers big value: safer pilots, clearer accountability, and a smoother path from experimentation to enterprise deployment.

How to Enable It: Simple Steps for Admins

To activate this new governance control:

1. Navigate to the Microsoft 365 admin center
2. → Copilot → Settings → Data access → Agents 
3. Under “Choose who can share agents with the entire organization,” select your preferred option, ideally Specific users or groups. 
4. Save your changes and communicate them to your Copilot creators.
5. Update your Center of Excellence (CoE) governance documentation to include this new setting. 

The Bigger Picture: Microsoft’s Focus on Responsible AI Adoption

This update reflects Microsoft’s ongoing commitment to help organizations innovate safely. For months, enterprises have voiced a consistent concern during their pilots, they love Copilot’s potential but need stronger guardrails before scaling it company-wide.

By introducing this setting, Microsoft is signaling that Copilot governance is maturing alongside its capabilities. It’s not just about access: it’s about control, visibility, and trust.

Next Steps: Strengthen Your Copilot Governance Model

At 2toLead, we believe innovation and governance must evolve together. We’ve seen firsthand how organizations piloting Copilot Studio often start with enthusiasm, and then pause when questions about oversight, security, or publishing control arise.

This new feature resolves one of the biggest early adoption challenges. It empowers organizations to govern by design, where experimentation thrives within secure boundaries, and every agent shared is intentional, validated, and trusted.

If you’re piloting or scaling Copilot Studio, now is the time to:

• Enable this control to limit org-wide sharing. 
• Define trusted publishers within your governance framework. 
• Update your CoE playbook to reflect the new sharing permissions. 
• Communicate changes clearly to your creators and stakeholders. 

And if you’re looking for help building a scalable Copilot governance model, our experts can guide you through it, aligning Copilot Studio, Power Platform, and Microsoft Purview under one cohesive strategy.