View Copilot Studio audit logs
Changes to the content and settings of an agent can affect security and agent behavior. It's important to audit such actions to help mitigate failures, help contain systems of security constraints, adhere to compliance requirements, and act on security threats.
This article lists and describes the Copilot Studio activities that are logged and available using the Microsoft Purview compliance portal.
Important
- Administrative activities for Copilot Studio are enabled by default on all tenants. You can't disable activity collection.
- At least one user with an assigned Microsoft 365 E5 or greater license, as required by Microsoft Purview. More information: Auditing solutions in Microsoft Purview
View Copilot Studio audit logs in Microsoft Purview compliance portal
You can find logs of Copilot Studio activities in the Microsoft Purview compliance portal. These logs are also accessible to developers via the Office 365 Management API.
Access the logs
Sign in to the Microsoft Purview compliance portal as a tenant admin.
In the left menu, select Show all.
Select Audit from the Solutions category.
Admins can filter for specific activities in the Activities list. Copilot Studio activities are listed here.
See audited events
All logging is done at the SDK layer, so a single action can trigger multiple logged events. Here's a list of events that you can audit.
Category | Event | Description |
---|---|---|
Agents | BotCreate |
The creation of a new agent in Copilot Studio |
Agents | BotDelete |
The deletion of an agent in Copilot Studio |
Agents | BotAuthUpdate |
Updating the authentication settings of an agent in Copilot Studio |
Agents | BotIconUpdate |
Updating the agent icon in Copilot Studio |
Agents | BotPublish |
Publishing of an agent in Copilot Studio |
Agents | BotShare |
Sharing of an agent to other users in Copilot Studio |
Agents | BotAppInsightsUpdate |
Updating the App Insights logging configuration of an agent in Copilot Studio |
Agent Component | BotComponentCreate |
The creation of a component (such as a topic or skill) for an agent in Copilot Studio |
Agent Component | BotComponentUpdate |
The update of a component (e.g. topic, skill, etc.) for an agent in Copilot Studio |
Agent Component | BotComponentDelete |
The deletion of a component (e.g. topic, skill, etc.) for an agent in Copilot Studio |
AI Plugin | AIPluginOperationCreate |
Creating an AI Plugin for an agent in Copilot Studio |
AI Plugin | AIPluginOperationUpdate |
Updating an AI Plugin for an agent in Copilot Studio |
AI Plugin | AIPluginOperationDelete |
Removing an AI Plugin for an agent in Copilot Studio |
Environment Variable | EnvironmentVariableCreate |
Creating an environment variable for an agent in Copilot Studio |
Environment Variable | EnvironmentVariableUpdate |
Updating an environment variable for an agent in Copilot Studio |
Environment Variable | EnvironmentVariableDelete |
Deleting an environment variable for an agent in Copilot Studio |
Get details on the base schema for logging
Schemas define the Power Automate fields that are sent to the Microsoft Purview compliance portal. Some fields are common to all applications that send audit data to Microsoft 365, while others are specific to Power Automate. The base schema contains these common fields.
Common audit fields
Schemas define which agent fields are sent to the Microsoft Purview compliance portal. Some fields are common to all applications that send audit data to Microsoft Purview, while others are specific to Copilot Studio. The following are fields common to the Power Platform.
Field display name | Logical name | Type | Mandatory | Description |
---|---|---|---|---|
Date | CreationTime |
Edm.Date |
No | Date and time when the log was generated in UTC. |
Id | ID |
Edm.Guid |
No | Unique GUID for every logged row. |
Result Status | ResultStatus |
Edm.String |
No | Status of the logged row. |
Organization Id | OrganizationId |
Edm.Guid |
Yes | Unique identifier of the organization from which the log was generated. |
Operation | Operation |
Edm.String |
No | Name of operation. |
User | UserKey |
Edm.String |
No | Unique identifier of the user in Microsoft Entra ID. |
User type | UserType |
Self.UserType |
No | The audit type (admin, regular, or system). |
Copilot Studio audit fields
In addition to the fields common to the Power Platform administrator activities, Copilot Studio includes the following fields.
Name | Type | Mandatory | Description |
---|---|---|---|
BotId |
Edm.String |
No | A unique identifier of the agent |
BotSchemaName |
Edm.String |
No | A unique string identifying the agent |
BotUpdateDetails |
Edm.ComplexType (Collection) |
No | Details of the properties updated on the agent |
BotComponentId |
Edm.String |
No | A unique identifier of the agent components, such as topics, entities |
BotComponentSchemaName |
Edm.String |
No | A unique string identifying the components of agent, such as topics, entities |
BotComponentType |
Edm.String |
No | Type of the agent component, such as topics, entities |
BotComponentUpdateDetails |
Edm.ComplexType (Collection) |
No | Details of the properties updated of the agent component |
AIPluginOperationId |
Edm.String |
No | A unique identifier for the operation with the AI plugin |
AIPluginOperationName |
Edm.String |
No | Name of the operation with the AI plugin |
EnvironmentVariableDefinitionSchemaName |
Edm.String |
No | Schema name for the environment variable definition associated with the agent |
EnvironmentVariableDefinitionId |
Edm.String |
No | A unique identifier for the environment variable definition associated with the agent |