Manage access to Microsoft Copilot in Azure

Note

We're currently in the process of rolling out Microsoft Copilot in Azure (preview) to all Azure tenants. We'll remove this note once the functionality is available to all users.

By default, Copilot in Azure is available to all users in a tenant. However, Global Administrators can choose to control access to Copilot in Azure for their organization. If you turn off access for your tenant, you can still grant access to specific Microsoft Entra users or groups.

As always, Microsoft Copilot in Azure only has access to resources that the user has access to. It can only take actions that the user has permission to perform, and requires confirmation before making changes. Copilot in Azure complies with all existing access management rules and protections such as Azure role-based access control (Azure RBAC), Privileged Identity Management, Azure Policy, and resource locks.

Important

Microsoft Copilot in Azure (preview) is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Manage user access to Microsoft Copilot in Azure

To manage access to Microsoft Copilot in Azure for users in your tenant, any Global Administrator in that tenant can follow these steps.

  1. Elevate your access so that your Global Administrator account can manage all subscriptions in your tenant.

  2. In the Azure portal, search for Copilot for Azure admin center and select it.

  3. In Copilot for Azure admin center, under Settings, select Access management.

  4. Select the toggle next to On for entire tenant to change it to Off for entire tenant.

  5. To grant access to specific Microsoft Entra users or groups, select Manage RBAC roles.

  6. Assign the Copilot for Azure User role to specific users or groups. For detailed steps, see Assign Azure roles using the Azure portal.

  7. When you're finished, remove your elevated access.

Global Administrators for a tenant can change the Access management selection at any time.

Important

In order to use Microsoft Copilot in Azure, your organization must allow websocket connections to https://directline.botframework.com. Please ask your network administrator to enable this connection.

Next steps