Manage access to Microsoft Copilot in Azure

By default, Copilot in Azure is available to all users in a tenant. However, Global Administrators can manage access to Copilot in Azure for their organization. Access can also be optionally granted to specific Microsoft Entra users or groups.

If Copilot in Azure is not available for a user, they'll see an unauthorized message when they select the Copilot button in the Azure portal.

Note

In some cases, your tenant may not have access to Copilot in Azure by default. Global Administrators can enable access by following the steps described in this article at any time.

As always, Microsoft Copilot in Azure only has access to resources that the user has access to. It can only take actions that the user has permission to perform, and requires confirmation before making changes. Copilot in Azure complies with all existing access management rules and protections such as Azure role-based access control (Azure RBAC), Privileged Identity Management, Azure Policy, and resource locks.

Important

Microsoft Copilot in Azure (preview) is currently in PREVIEW. See the Supplemental Terms of Use for Microsoft Azure Previews for legal terms that apply to Azure features that are in beta, preview, or otherwise not yet released into general availability.

Manage user access to Microsoft Copilot in Azure

To manage access to Microsoft Copilot in Azure for users in your tenant, any Global Administrator in that tenant can follow these steps.

  1. Elevate your access so that your Global Administrator account can manage all subscriptions in your tenant.

  2. In the Azure portal, search for Copilot in Azure admin center and select it.

  3. In Copilot in Azure admin center, under Settings, select Access management.

  4. Select the toggle next to On for entire tenant to change it to Off for entire tenant.

  5. To grant access to specific Microsoft Entra users or groups, select Manage RBAC roles.

  6. Assign the Copilot for Azure User role to specific users or groups. For detailed steps, see Assign Azure roles using the Azure portal.

  7. When you're finished, remove your elevated access.

Global Administrators for a tenant can change the Access management selection at any time.

Important

In order to use Microsoft Copilot in Azure, your organization must allow websocket connections to https://directline.botframework.com. Please ask your network administrator to enable this connection.

Next steps