View Copilot Studio audit logs

Changes to the content and settings of an agent can affect security and agent behavior. It's important to audit such actions to help mitigate failures, help contain systems of security constraints, adhere to compliance requirements, and act on security threats.

This article lists and describes the Copilot Studio activities that are logged and available using the Microsoft Purview compliance portal.

Important

  • Administrative activities for Copilot Studio are enabled by default on all tenants. You can't disable activity collection.
  • At least one user with an assigned Microsoft 365 E5 or greater license, as required by Microsoft Purview. More information: Auditing solutions in Microsoft Purview

View Copilot Studio audit logs in Microsoft Purview compliance portal

You can find logs of Copilot Studio activities in the Microsoft Purview compliance portal. These logs are also accessible to developers via the Office 365 Management API.

Access the logs

  1. Sign in to the Microsoft Purview compliance portal as a tenant admin.

  2. In the left menu, select Show all.

  3. Select Audit from the Solutions category.

    Select audit from the menu.

Admins can filter for specific activities in the Activities list. Copilot Studio activities are listed here.

See audited events

All logging is done at the SDK layer, so a single action can trigger multiple logged events. Here's a list of events that you can audit.

Category Event Description
Agents BotCreate The creation of a new agent in Copilot Studio
Agents BotDelete The deletion of an agent in Copilot Studio
Agents BotAuthUpdate Updating the authentication settings of an agent in Copilot Studio
Agents BotIconUpdate Updating the agent icon in Copilot Studio
Agents BotPublish Publishing of an agent in Copilot Studio
Agents BotShare Sharing of an agent to other users in Copilot Studio
Agents BotAppInsightsUpdate Updating the App Insights logging configuration of an agent in Copilot Studio
Agent Component BotComponentCreate The creation of a component (such as a topic or skill) for an agent in Copilot Studio
Agent Component BotComponentUpdate The update of a component (e.g. topic, skill, etc.) for an agent in Copilot Studio
Agent Component BotComponentDelete The deletion of a component (e.g. topic, skill, etc.) for an agent in Copilot Studio
AI Plugin AIPluginOperationCreate Creating an AI Plugin for an agent in Copilot Studio
AI Plugin AIPluginOperationUpdate Updating an AI Plugin for an agent in Copilot Studio
AI Plugin AIPluginOperationDelete Removing an AI Plugin for an agent in Copilot Studio
Environment Variable EnvironmentVariableCreate Creating an environment variable for an agent in Copilot Studio
Environment Variable EnvironmentVariableUpdate Updating an environment variable for an agent in Copilot Studio
Environment Variable EnvironmentVariableDelete Deleting an environment variable for an agent in Copilot Studio

Get details on the base schema for logging

Schemas define the Power Automate fields that are sent to the Microsoft Purview compliance portal. Some fields are common to all applications that send audit data to Microsoft 365, while others are specific to Power Automate. The base schema contains these common fields.

Common audit fields

Schemas define which agent fields are sent to the Microsoft Purview compliance portal. Some fields are common to all applications that send audit data to Microsoft Purview, while others are specific to Copilot Studio. The following are fields common to the Power Platform.

Field display name Logical name Type Mandatory Description
Date CreationTime Edm.Date No Date and time when the log was generated in UTC.
Id ID Edm.Guid No Unique GUID for every logged row.
Result Status ResultStatus Edm.String No Status of the logged row.
Organization Id OrganizationId Edm.Guid Yes Unique identifier of the organization from which the log was generated.
Operation Operation Edm.String No Name of operation.
User UserKey Edm.String No Unique identifier of the user in Microsoft Entra ID.
User type UserType Self.UserType No The audit type (admin, regular, or system).

Copilot Studio audit fields

In addition to the fields common to the Power Platform administrator activities, Copilot Studio includes the following fields.

Name Type Mandatory Description
BotId Edm.String No A unique identifier of the agent
BotSchemaName Edm.String No A unique string identifying the agent
BotUpdateDetails Edm.ComplexType (Collection) No Details of the properties updated on the agent
BotComponentId Edm.String No A unique identifier of the agent components, such as topics, entities
BotComponentSchemaName Edm.String No A unique string identifying the components of agent, such as topics, entities
BotComponentType Edm.String No Type of the agent component, such as topics, entities
BotComponentUpdateDetails Edm.ComplexType (Collection) No Details of the properties updated of the agent component
AIPluginOperationId Edm.String No A unique identifier for the operation with the AI plugin
AIPluginOperationName Edm.String No Name of the operation with the AI plugin
EnvironmentVariableDefinitionSchemaName Edm.String No Schema name for the environment variable definition associated with the agent
EnvironmentVariableDefinitionId Edm.String No A unique identifier for the environment variable definition associated with the agent