-### Manage how your organization interacts with Copilot in Bing, Microsoft Edge, and Windows

-Copilot capabilities with [enterprise data protection](/copilot/overview) provides enhanced security for users accessing the generative AI capabilities of Copilot. This experience is on by default for [users with eligible licenses](/copilot/manage#commercial-data-protection-eligibility) assigned by your organization when they are signed in with their work or school (Entra ID) accounts.

-Copilot in Bing, Edge, and Windows is the public version of Copilot and doesn't require users to be signed in. You can reroute to the documentation available on the panel to turn off the public experience and still have access to the Copilot capabilities with enterprise data protection experience.

-You should use a PowerShell script to control access to Microsoft 365 Copilot in Bing, Edge, and Windows. Running this script controls access to Microsoft 365 Copilot in Bing.com, Edge sidebar, Edge mobile app, Copilot in Windows, copilot.microsoft.com, and the Copilot app. It doesn't change how users access Copilot in other Microsoft 365 productivity apps.

-To turn on or turn off Microsoft 365 Copilot in Bing, Edge, and Windows, follow these steps:

-1. Download the [PowerShell script](https://download.microsoft.com/download/8/9/d/89d41212-7ece-414c-b6d3-f4ecb070c613/ConfigureM365Copilot.ps1).

-2. Open an instance of the Windows PowerShell in admin mode.

-3. Run the following command first: 'Set-ExecutionPolicy unrestricted'.

-4. Run the PowerShell script.

-5. Follow the instructions prompted by the script.

-6. The cmdlet prompts you to sign in with your Entra ID account, which must be a Search Admin or Global Admin account.

-7. Follow these steps:

- - To get the **current status** of Microsoft 365 Copilot in Bing, Edge, and Windows in your tenant, run: *'.\ConfigureM365Copilot.ps1'*

- - To **turn on** Microsoft 365 Copilot in Bing, Edge, and Windows, run: *'.\ConfigureM365Copilot.ps1 -enable $true'*

- - To **turn off** Microsoft 365 Copilot in Bing, Edge, and Windows, run: *'.\ConfigureM365Copilot.ps1 -enable $false'*

-8. If you encounter a problem, try running the script again. If the problem persists, you can contact support.

-You can use this report to see how ready your organization is to adopt Microsoft 365 Copilot. The Readiness section is set up to show your data over the past 28 days. Currently this portion does not include any other time period options, but we'll be rolling out updates soon to enable 7-day, 30-day, 90-day, and 180-day periods.

-> - Admins can disable this functionality for a user or a group. Also, admins control how individual agents are approved for use and which agents are enabled.

-When Copilot extensibility is enabled, users can see third party agents in Copilot that allows them to access the Copilot. The hub Copilot experience shows the list of agents that are available and deployed for the user. Users can toggle it on or off to restrict access of Copilot to any specific agents during the interaction. Users can also add or remove agents in their Copilot experience by right-clicking on the agents and selecting the appropriate option. Users can only access the agents that are allowed by the admin and that they have installed or been assigned to.

-## Enable or disable Copilot extensibility

-Admins can enable or disable Copilot extensibility for their org by using a setting in the tenant default options in the Integrated Apps section of the Microsoft 365 admin center. This setting lets you control who can access Copilot agents in their organization. The setting has three options:

-> [!NOTE]

->

-> - Once extensibility is disabled in the tenant, it can take up to 24 hours for agents to disappear for users.

-> - The Microsoft pinned Visual Creator agent will still be visible even when extensibility is disabled.

-Microsoft 365 customers and partners can build declarative agents that extend Microsoft 365 Copilot with custom instructions, grounding knowledge, and actions invoked via REST API descriptions configured by the declarative agent. At runtime, Microsoft 365 Copilot reasons over a combination of the userΓÇÖs prompt, custom instructions that are part of the declarative agent, and data which was provided by custom actions. All of this data might influence the behavior of the system, and such processing comes with security risks, specifically that if a custom action can provide data from untrusted sources (such as emails or support tickets), an attacker might be able to craft a message payload which causes your agent to behave in a way they control ΓÇô incorrectly answering questions or even invoking custom actions. While Microsoft takes many measures to prevent such attacks, organizations should only enable declarative agents that use trusted knowledge sources and connect to trusted REST APIs via custom actions. If the use of untrusted data sources is necessary, design the declarative agent around the possibility of breach and don't give it the ability to perform sensitive operations without careful human intervention.

- 1. If the application is approved, it becomes available to the org users based on the org default settings and Copilot default settings. The application also becomes part of the `Available apps` list in the admin center, where admins can manage user assignments and other settings as any other app.

-If you need further data to troubleshoot, or are requesting assistance from Microsoft support, obtaining the following information should allow you to expedite finding a solution. Microsoft support's **TSS Windows CMD-based universal TroubleShooting Script toolset** can help you to collect the relevant logs in a simple manner. The tool and instructions on use can be found at <https://aka.ms/TssTools>.