Skip to main content
Panopticore
Request early access
Solutions

Governance for Copilot agents and Power Platform flows that takes evidence seriously.

Copilot Studio agents and Power Platform flows are taking action across your Microsoft 365 environment. Panopticore provides the governance layer that produces evidence auditors and insurers can verify independently.

Request early access
The problem

Copilot agents are acting. Audit teams can't prove what they did.

Agents are calling tools

Copilot Studio agents are executing tool calls against Microsoft 365 data. Power Platform flows are taking actions across systems. These are consequential operations, not chat completions.

Audit evidence doesn't exist yet

Most organizations cannot answer three questions: what did the agent do, which policies were in effect, and were those policies actually enforced. Operational telemetry is not the same as audit-grade evidence.

Architecture

Where Panopticore sits in the Microsoft stack.

Architecture: Microsoft stack
Microsoft 365 Trust Boundary
Copilot Studio
Power Platform
Dataverse
internal data
M365 APIs
internal calls
Actions inside this boundary: not interceptable
egress
Panopticore
Policy Engine
allow / block / approve
Evidence Binder
signed, offline-verifiable
Separate trust boundary
External
APIs, tools,
third-party
services
Agent actions that cross the M365 network boundary are governable. Actions that stay inside the M365 trust boundary are outside the interception surface.

Agent actions that cross the network boundary are governable. Panopticore intercepts egress, applies policy, orchestrates approvals when needed, and records tamper-evident evidence. Actions that remain entirely inside the M365 trust boundary (Copilot acting on Dataverse within the platform) are outside the interception surface.

How it works

The enriched 403: what happens when policy says no.

1

Copilot agent attempts an action that violates policy, e.g., calling an external API with production data.

2

Panopticore evaluates the request against policy and returns an enriched 403 with the specific reason and the policy that triggered the block.

3

If an approval flow is configured, the request is held and routed to the appropriate approver via Slack with a signed token.

4

The full session is recorded in a cryptographically signed Evidence Binder: identity, action, policy decision, approval chain, and verification artifacts.

HTTP Response 
HTTP/1.1 403 Forbidden
X-Panopticore-Reason: policy-violation
X-Panopticore-Policy: prod-data-egress-block
X-Panopticore-Session: bnd_8f3a...

{"error": "blocked_by_policy",
 "policy": "prod-data-egress-block",
 "reason": "Outbound data transfer to
  external API violates production data
  egress policy.",
 "approval_available": true,
 "approval_channel": "#copilot-approvals"}
Comparison

The Microsoft Agent Governance Toolkit question.

Microsoft's Agent Governance Toolkit is application-level governance that runs in the same trust boundary as the agent. Their own README describes it as governance where "the policy engine and agents run in the same process." It hooks into agent frameworks via SDK integration: LangChain callback handlers, CrewAI decorators, Microsoft Agent Framework middleware pipeline. Adoption requires framework changes.

Panopticore operates at the network layer in a separate trust boundary from the agent and requires no framework changes. The Evidence Binder is self-contained and offline-verifiable by any third party.

Both are useful; they answer different questions.

In-process governance
Shared trust boundary
Agent
framework runtime
Policy Engine
SDK middleware
Agent can modify, bypass, or disable governance
Out-of-process governance
Agent boundary
Agent
framework runtime
Separate boundary
Panopticore
policy + evidence
Governance runs in a boundary the agent does not control
Panopticore Agent Governance Toolkit
Trust boundary Separate from the agent Same process as the agent
Integration Network layer, no SDK changes SDK callbacks, framework decorators
Audit evidence Offline-verifiable Evidence Binder OpenTelemetry spans in App Insights
Enforcement Deterministic block/allow/approve Policy evaluation in-process
Bypass risk Out-of-process, separate boundary Shares agent's runtime

The trust-boundary argument, on the record.

The same trust-boundary critique we make of in-process governance is documented in our formal NIST submission on AI agent security.

“The governance mechanism and the entity being governed share the same trust boundary. This is analogous to relying on an application to enforce its own access controls without an external authentication service, a pattern that the security community abandoned decades ago.”

— Comment of Panoptic Systems, NIST RFI on AI Agent Security, February 2026
Read the full NIST comment →

Microsoft ecosystem partnerships

Panopticore is designed to complement the Microsoft ecosystem, not compete with it. We're actively exploring partnerships with Microsoft Inner Circle partners, system integrators, and ISVs building on Copilot Studio and Power Platform. If your clients need governance infrastructure for their agent deployments, we'd like to talk.

Partner inquiries →

“Panopticore delivers the controls and evidence that compliance teams, auditors, and often insurers need before agents can move from pilot to production.”

Ready to govern your Microsoft agent workflows?

Request early access with your Microsoft scenario and we'll scope a design partner engagement.

Request early access