Thank you everyone for joining. Happy Friday—what a wonderful morning. I'm so excited to be here. First of all, thank you everyone for joining today. I'm Shantel Scharer, one of the Microsoft sales managers for low-code, and I couldn’t be more thankful for the opportunity to be here this morning. Thank you, Rockhop, for the amazing partnership with Microsoft. We’re grateful for all the wonderful work you do with our customers every single day.
Who’s excited about this webinar today? I am. I love everything as it relates to Copilot. We can’t wait to talk about it and how it relates to security and governance. With that, Paige, I’d love to just pass it over to you—the great co-founder and customer experience officer over at Rockhop—and have you kick it off.
I love the enthusiasm you’re bringing on this Friday about security and governance. Hi everyone, my name is Paige Midness. As Shantel said, I lead our customer experience team at Rockhop. Thank you for joining us. If you were on our webinar on February 2nd, this is serving as a follow-up. Security and governance was a topic that was requested from the registrations for that webinar, so we wanted to make sure we addressed your questions and responded to what you want to hear about.
We’ll get pretty technical today. We’ll focus less on slides and more on showing you the technology and ways you can set yourself up for success when configuring your Copilots, their connections, and related items. Let’s get started—Michael, go to the next slide.
If you’ve joined our prior webinars, you know Rockhop is a Microsoft partner solely focused on Power Platform. We have a solution development practice, where we work with Power Automate, Power Apps, and related tools. We also have a data and analytics practice, where we help customers with Power BI, data architecture, and Azure capabilities.
We kept this webinar to 30 minutes today because it’s National Day of Unplugging. I certainly need one of those after a long week—though I’ll probably be watching TV later. To keep things light, let’s start with a poll. What percentage of Americans say they interact with people more online than in person? The answer submitted most was 74%. The actual number is 13%, which was reassuring to me. I almost asked about time spent on phones, but that felt depressing. So, I was glad to see most people still prefer in-person interaction. Michael, you’re up next.
I’m Michael Buckman, an architect at Rockhop. I’ve been in the Microsoft space for over 12 years, focusing mainly on Power Platform in recent years. I’m excited to show you security and governance with Copilots.
Today we’ll cover several types of security you can configure in Copilot Studio. First, note that Azure AD is now Entra ID—I’ll refer to it as Entra ID throughout. We’ll go over Entra ID authentication with Copilots, how that’s configured, and what the user experience looks like. We’ll cover implementing SSO for Teams, where authentication is seamless. If Entra ID isn’t a fit, we’ll cover generic OAuth 2.0 integration, using HubSpot as an example. If neither option works, we’ll look at ways to architect security into a Copilot manually. Finally, we’ll discuss governance tools, including the Center of Excellence toolkit and DLP policies.
We began with Entra ID authentication. Users are prompted to log in, authenticate, and paste a code into chat. Security is then applied to data sources like SharePoint. If I ask about documents I have access to, Copilot responds correctly. If I ask for restricted content, it responds that it cannot help. This demonstrates security trimming.
Next is SSO. With Teams, once installed, there’s no login prompt. The Copilot leverages the context of the Teams session for seamless security trimming.
OAuth 2.0 is another option. We integrated with HubSpot by setting up OAuth in Copilot Studio. After authentication, we can use the user’s access token for API calls. In the demo, Copilot confirmed whether Paige was an account owner in HubSpot. The response used AI to return a clean, natural answer.
For platforms without Entra ID or OAuth, you can architect lightweight security. For example, we use Rudder for timekeeping. By grabbing the authenticated user’s email in Copilot, we pass it to a flow that returns the Rudder workspace ID. While not ideal for high-stakes use cases, it can provide basic user context.
We also looked at governance. DLP policies in the Power Platform Admin Center restrict which connectors and endpoints are available across Power Apps, Power Automate, and Copilot. Microsoft’s free Center of Excellence toolkit provides monitoring tools. In the Admin Command Center and Power BI dashboards, you can view bots in your tenant, usage stats, and creation trends, ensuring visibility into adoption and activity.
To close, we noted that if you want help jumpstarting governance, Rockhop offers an engagement focused on setting up and configuring governance around Power Platform and Copilot. This includes establishing a Center of Excellence, modeling governance processes, planning for security and compliance, and optimizing licensing.
We’ll reach out to those interested, and our contact information is available on the final slide. Thanks everyone, and have a great weekend.
