Threat Research

Uncovering agent logging gaps in Copilot Studio

DataDogHQ
Uncovering agent logging gaps in Copilot Studio

Datadog found that from at least August 29, 2025 to September 25, 2025 Microsoft Copilot Studio did not log certain administrative actions involving sharing, authentication, App Insights, and publication of agents. Datadog reported the issue to the Microsoft Security Response Center (MSRC) on September 2, 2025, MSRC remediated logging by October 5, 2025, but later regressions left two of the originally reported events intermittently unlogged and Datadog continues to report this to MSRC. #CopilotStudio #MSRC

Keypoints

  • Datadog discovered gaps in Copilot Studio administrative logging for agent actions between August 29 and September 25, 2025.
  • Four specific Microsoft 365 Audit events were not being generated: BotUpdateOperation-BotAuthUpdate, BotUpdateOperation-BotAppInsightsUpdate, BotUpdateOperation-BotShare, and BotUpdateOperation-BotPublish.
  • Datadog reported the issue to MSRC on September 2, 2025; MSRC assessed it as Important and initially remediated logging by October 5, 2025.
  • Subsequent retesting showed regressions: two events (BotAuthUpdate and BotAppInsightsUpdate) were not consistently logged despite prior remediation.
  • Undetected modifications could allow an Editor to remove authentication, disable App Insights, share or publish agents, and enable anonymous interactions without audit records.
  • Datadog provided detection and hunting guidance (searches for application ID, PowerPlatform operations, and ApiEndpointCallEvent) and communicated repeatedly with MSRC through February–March 2026 about inconsistent logging.

MITRE Techniques

  • [T0000 ] No MITRE ATT&CK techniques explicitly mentioned – β€˜The article does not reference specific MITRE ATT&CK technique identifiers or names.’

Indicators of Compromise

  • [Application ID ] Copilot Studio application identifier used to find sign-ins – 96ff4394-9197-43aa-b393-6a41652e21f8 (Power Virtual Agents)
  • [Audit Event Names ] Administrative audit events referenced as missing or intermittent – BotUpdateOperation-BotAuthUpdate, BotUpdateOperation-BotAppInsightsUpdate, and BotUpdateOperation-BotShare (and BotUpdateOperation-BotPublish)
  • [PowerPlatform Operations ] General operation names useful for hunting Copilot Studio activity – ApiEndpointCallEvent, BotCreate (and BotDelete)

Read more: https://securitylabs.datadoghq.com/articles/copilot-studio-logging-gaps/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint