Responsible AI and Security Governance

Why responsible AI and governance are planning decisions

Simple explanation

Think of your agent as a new hire who represents your company in every customer conversation.

You would not let a new employee talk to customers without training, guidelines, and supervision. Responsible AI is the training manual — it tells the agent what is appropriate to say and what is off-limits. Security governance is the building access policy — it controls which systems the agent can touch, which data it can move, and who can build agents in the first place.

Get this wrong and you end up in the news for the wrong reasons: an agent that gives medical advice, leaks confidential data, or generates biased responses. These are planning-phase decisions because retrofitting governance after deployment is painful and expensive.

Microsoft’s six Responsible AI principles

These six principles form the foundation of every RAI question on the exam.

Principle	What it means	Copilot Studio feature
Fairness	Treats all users equitably	Test diverse inputs, monitor for bias
Reliability	Behaves predictably, no harm	Content moderation, guardrails, fallback topics
Privacy	Data protected, access scoped	Auth, DLP, environment segmentation, audit
Inclusiveness	Accessible to all users	Multi-language, accessible cards, plain language
Transparency	Users know it is AI	Disclosure messages, citations, confidence indicators
Accountability	Clear ownership and oversight	Admin roles, audit trails, human escalation

Exam tip: transparency is not optional

Microsoft requires that agents identify themselves as AI. Copilot Studio includes a default system message at the start of conversations. Removing or hiding this disclosure violates Microsoft’s RAI guidelines. If the exam asks about transparency, the answer always involves making the AI nature clear to users.

Security controls in Copilot Studio

Security governance in Copilot Studio operates at multiple levels. The exam tests your understanding of each layer.

Security controls operate at different scopes — from tenant-wide DLP to per-agent moderation
Feature	What it controls	Configured by	Scope
DLP policies	Which connectors agents and flows can use — classified as Business, Non-Business, or Blocked	Power Platform admin (or tenant admin)	Environment or tenant level
Environment security roles	Who can create, edit, share, and delete agents within an environment	Environment admin	Per environment
Connector classification	Groups connectors into categories that cannot be mixed in the same flow/agent	DLP policy definition	Per DLP policy
Authentication settings	How users authenticate and what identity the agent uses for backend calls	Agent developer + admin approval	Per agent
Generative AI moderation	Content safety filters for generative answers — blocks harmful, violent, or inappropriate content	Agent developer (toggle in Copilot Studio)	Per agent
Audit logs	Track who created, modified, published, and deleted agents	Microsoft 365 compliance center	Tenant level

DLP connector classification

DLP (Data Loss Prevention) policies are the primary governance mechanism for controlling what agents and flows can connect to. This is heavily tested on the exam.

How DLP works:

Connectors classified into three groups: Business, Non-Business, and Blocked
A flow or agent cannot mix Business and Non-Business connectors — prevents data flowing between trusted and untrusted systems
Blocked connectors cannot be used at all
DLP policies are environment-scoped — production policy does not affect dev

DLP Policy: "Production - Insurance"
├── Business: SharePoint, Dataverse, ServiceNow, Azure AI Search
├── Non-Business: Twitter, Gmail, personal OneDrive
└── Blocked: Anonymous HTTP webhook, custom SMTP

Exam tip: DLP is environment-scoped

A common exam trap: DLP policies apply to environments, not to individual agents. If you block a connector in the production environment’s DLP policy, ALL agents in that environment lose access — not just the one that was misbehaving. To give one agent an exception, you would need to move it to a different environment with a different DLP policy. Remember: environment-scoped, not agent-scoped.

What happens when DLP is violated?

The agent or flow is suspended — not deleted, but disabled. The maker is notified and the admin sees the violation in the Power Platform admin center. The agent cannot run until the violation is resolved (remove the offending connector or update the DLP policy).

Content moderation and generative AI safety

Copilot Studio provides built-in controls for generative answers:

Content moderation toggle: High/medium/low filtering aggressiveness. High blocks more but may over-filter legitimate responses.
Topic-level instructions: System prompts on generative nodes — e.g., “Never provide medical advice.”
Blocked phrases: Words or phrases the agent must never output.
Citation requirements: Force the agent to cite source documents (supports transparency).
Human escalation triggers: Hand off when the user expresses frustration, asks legal questions, or AI confidence is low.

Scenario: Kai builds governance for Pacific Mutual

Kai is setting up governance for Pacific Mutual’s Copilot Studio deployment:

DLP Policy (Production): Business: SharePoint, Dataverse, ServiceNow, Claims API, Azure AI Search. Non-Business: social media, personal email. Blocked: anonymous HTTP webhooks, custom SMTP.

Environment Security: Only 12 IT staff can create production agents. Security review required before solution promotion. Human escalation mandatory for claims above $50,000.

Content Moderation: High moderation on all generative answers. System instruction: “Never provide legal advice. Never guarantee claim outcomes.” Blocked phrases: competitor brand names.

Audit: Conversations logged to Application Insights. Monthly generative answer review. Quarterly RAI assessment.

Question

Name Microsoft's six Responsible AI principles.