Microsoft Copilot Studio gives you the flexibility to administer analytics and manage agent security.

Analytics

The Analytics section is divided into several pages to provide you with different ways to understand agent performance.

The Summary tab provides a detailed overview of the total number of agent sessions run during the selected period. Information such as the total number of sessions, engagement rate, resolution rate, escalation rate, and abandonment rate can help you understand the agent’s effectiveness and identify areas that need improvement.

The customer satisfaction report helps identify which topics have the greatest impact and where analysts go to stay informed.

The Sessions tab gives you the ability to download the raw data of all agent sessions. This option includes a full transcript of the sessions as well as their outcome.

The Billing tab displays the billable interaction between a customer and an agent and represents a consumption unit. The billed session begins when a user topic is triggered.

A session ends for one of the following reasons:

• The user ends the chat session. When the agent does not receive any new message for more than 30 minutes, the session is considered closed.
• The session lasts more than 60 minutes. The first message that occurs after 60 minutes starts a new session.
• The session contains more than 100 turns. A turn is defined as an exchange between a user and the agent. The 101st turn starts a new session.

Security

You can implement additional security measures for your agent and your users. Security is accessible by going to Settings > Security. Two security options are available:

• Authentication: Used to identify the user’s identity during a conversation.
• Web channel security: Provides the ability to configure enhanced security options for your agent.

Sharing

You can share your agent with other users so that multiple people can edit, manage, and collaborate on it. You can stop sharing with individual users at any time. It is not necessary to share an agent with another user for them to be able to chat with the agent.

You can view the current access rights a user has for your environment and assign security roles to the selected user by clicking the three dots (…) next to the Settings menu button, then selecting Share.

Agent Author, Agent Contributor, and Agent Transcript Reader are the three security roles for Microsoft Copilot Studio that you can manage in the Microsoft Power Platform admin center.

You can assign the Environment Maker security role when sharing an agent with a user who does not have sufficient permissions in the environment to run Microsoft Copilot Studio.

When you share the agent, if the specified user does not have sufficient permissions to use the Microsoft Copilot Studio agent in the environment, you are notified that the Environment Maker security role is assigned to the person so they can use the agent.

The Access and Authentication options control who can access your agent. You can select one of two groups:

• All agent managers: This selection allows only agent managers to chat with the agent. You can share your agent so other agent managers can access it.
• Everyone in my organization (Organization Name): This selection allows all members of the organization to access and chat with your agent. External users see an error when they try to chat with the agent.

The Authentication setting impacts how you can manage access to the agent.

Select Manage in the side navigation pane, then go to the Security tab and select Authentication.

Three authentication options are available:

• No authentication: Any user with a link to the agent (or who can find it, for example on your website) can chat with it. Therefore, access setting options are disabled.
• Authentication with Microsoft: The agent is available in Microsoft Teams, Power Apps, or Microsoft 365 Copilot. Since it uses Microsoft Entra ID, it requires users to sign in. This is the default setting for all newly created agents.
• Manual authentication: This option includes the following settings:
  • If your authentication setting is configured to Manual and the service provider is Microsoft Entra ID, you can disable the Require users to sign in option and modify access settings for the agent.
  • If your authentication provider is set to Generic OAuth 2, you can disable the Require users to sign in option, but you cannot control which users can access the agent. This option is only available when using Microsoft Entra ID authentication.

Web Channel Security

When you create a Microsoft Copilot Studio agent, it is immediately available in the Demo Website and Custom Website channels to anyone who knows the agent ID. These channels are available by default and require no configuration.

Users can find the agent ID directly in Microsoft Copilot Studio or by receiving it from someone. Depending on the agent’s capabilities and sensitivity, this scenario may not be desirable.

With Direct Line-based security, you can enable access only to locations you control by activating secure access with Direct Line secrets or tokens. You can enforce the use of secrets and tokens for each individual agent. Once this option is enabled, channels must authenticate their requests using a secret or a token generated from the secret, obtained at runtime. Any access to the agent that does not provide this security measure will not work.

To access this, go to Settings > Security, then select Web Channel Security.

If you need to disable the Web Channel Security option, you can do so by toggling Require secure access to Off. Disabling secure access may take up to two hours to propagate.

Next unit: Export and Import Agents