Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned
| Enabled for | Public preview | General availability |
|---|---|---|
| Admins, makers, marketers, or analysts, automatically | 
Sep 3, 2025 |
Oct 2025 |
Business value
By blocking the use of maker's credentials by AI agents, admins can increase the security and compliance of agents in their organizations:
- Prevent unauthorized access to sensitive systems or data that the maker's credentials might have access to.
- Help organizations comply with data protection regulations (such as GDPR or HIPAA) by ensuring only authorized identities are used for data access.
- Enable IT and security teams to enforce organizational policies around identity and access management.
- Increase trust among stakeholders and IT departments, making it easier to adopt AI agents at scale.
Feature details
This governance feature in Microsoft Copilot Studio allows administrators to restrict how agent tools are authenticated.
This feature lets an admin disable the use of maker-provided credentials for all tools in an agent, ensuring that only end-user credentials can be used for authentication. By applying this control, an agent author (maker) can no longer embed their own credentials into the agent’s tools. Instead, all connections must be established by the end user at runtime through a sign-in prompt. Caching and single sign-on (SSO) could be leveraged at runtime for a specific channel.
Under normal circumstances, a maker could add a tool (like a connector or Power Automate flow) to an agent using personal credentials, and then any end user who uses the agent would indirectly leverage the maker’s access. This could lead to oversharing of data or capabilities. For example, an end user might retrieve information or perform actions that only the maker’s account is permitted to do.
With maker authentication controls enforced, such scenarios are prevented because each end user only has access to what their own account allows. The agent will prompt the user to sign in (to the relevant service or connector) when needed. No stored maker credentials are used at run time, aligning the agent’s behavior with the end-user’s actual permissions.
This feature is not enabled by default, and admins must enable it in the Power Platform admin center for specific environments or managed environment groups.
If admins do not enable these controls, makers retain the freedom to choose authentication methods (including their own credentials) for agent tools as usual.
Geographic areas
Visit the Explore Feature Geography report for Microsoft Azure areas where this feature is planned or available.
Language availability
Visit the Explore Feature Language report for information on this feature's availability.
Additional resources
Configure user authentication with Microsoft Entra ID (docs)