Session
Governance for MCP Action Builders: How Admins Can Monitor, Audit, and Control Copilot Extensions
As organizations extend Copilot Studio with MCP Actions, admins need clear guardrails to prevent data leakage, ensure least‑privileged access, and keep extensions observable and auditable. This session gives administrators and platform owners a practical governance playbook: how to inventory MCP actions, enforce approvals, monitor usage, audit conversations and action calls, and quickly respond to incidents.
We’ll map the lifecycle of an MCP Action from dev registration to production rollout and show where to place controls: environment strategy, solution ownership, DLP boundaries, API Management policies, authentication and scopes with Entra ID, and logging/auditing patterns. You’ll see exactly which logs to collect, how to trace an action call from Copilot to the backing API, and how to detect risky prompts or over‑permissive actions. We’ll also cover change control, versioning, and safe deprecation.
Live demos showcase an admin discovering a risky action, reviewing evidence (runtime traces + API logs), enforcing a fix (policy/role update), and validating remediation with test prompts. You’ll leave with a checklist, dashboards, and approval workflow templates you can apply immediately to keep Copilot extensions compliant and under control.
Manoj Annavajjala
Enterprise AI Architect
Detroit, Michigan, United States
Links
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top