Query Details

Microsoft 365 Copilot - AI agent access drift outside baseline

Copilot Access Drift Detection

Query

// Confirmed schema: LLMEventData.AccessedResources[].Type / .SiteUrl
// Drift is computed on the resource-type set per user across a 14d window.
let lookback = 14d;
let recentWindow = 1h;
let events =
    CopilotActivity
    | where TimeGenerated > ago(lookback)
    | where RecordType == "CopilotInteraction"
    | mv-expand r = LLMEventData.AccessedResources
    | extend
        ResourceType = tostring(r.Type),
        SiteUrl = tolower(tostring(r.SiteUrl)),
        ResourceAction = tostring(r.Action)
    | where isnotempty(ResourceType);
let baseline =
    events
    | where TimeGenerated between (ago(lookback) .. ago(recentWindow))
    | summarize BaselineTypes = make_set(ResourceType, 64) by ActorUserId;
let recent =
    events
    | where TimeGenerated > ago(recentWindow);
recent
| join kind=leftouter baseline on ActorUserId
| extend BaselineTypes = coalesce(BaselineTypes, dynamic([]))
| where array_index_of(BaselineTypes, ResourceType) < 0
| summarize
    DriftCount = count(),
    NewResourceTypes = make_set(ResourceType, 16),
    SampleSites = make_set(SiteUrl, 16),
    SampleActions = make_set(ResourceAction, 8),
    AgentNames = make_set(AgentName, 8),
    AgentIds = make_set(AgentId, 8),
    AnyActor = take_any(ActorName),
    ClientIPs = make_set(SrcIpAddr, 16),
    FirstSeen = min(TimeGenerated),
    LastSeen = max(TimeGenerated)
    by ActorUserId, TenantId
| extend
    AgentName = tostring(AgentNames[0]),
    AgentId = tostring(AgentIds[0]),
    ActorName = AnyActor,
    SrcIpAddr = tostring(ClientIPs[0])

Explanation

This query is designed to monitor and detect unusual behavior by Microsoft 365 Copilot agents, specifically when they access tools or data sources that are not part of their usual activity over the past 14 days. Here's a simple breakdown:

  1. Purpose: The query identifies when a Microsoft 365 Copilot agent accesses resources outside its established 14-day baseline. This could indicate unauthorized access or misuse of permissions.

  2. Severity: The alert is marked as "Medium" severity, suggesting that while it's not critical, it still requires attention.

  3. Data Source: It uses data from the "MicrosoftCopilot" connector, specifically looking at "CopilotActivity" data.

  4. Frequency and Period: The query runs every hour and examines data from the past 14 days.

  5. Detection Logic:

    • It first collects all resource access events by Copilot agents over the last 14 days.
    • It establishes a baseline of resource types accessed by each agent during this period.
    • It then checks for any recent access (within the last hour) to resource types not in the baseline.
    • If such access is detected, it counts these occurrences and gathers additional details like the types of new resources accessed, sample sites, actions, agent names, and IP addresses.
  6. Alerting: If any access drift is detected, an alert is triggered. The alert includes details about the agent, the user involved, and the IP address from which the access occurred.

  7. Entity Mapping: The query maps detected entities to cloud applications, user accounts, and IP addresses for better context in alerts.

  8. Incident Management: When an alert is generated, it can create an incident in the system. Incidents are grouped by the cloud application to manage related alerts efficiently.

  9. Version and Tags: The query is versioned as 1.0.0 and tagged for easy identification and categorization within the system.

Overall, this query helps security analysts monitor for potential privilege escalation or unauthorized access by AI agents, ensuring that any deviation from normal behavior is promptly investigated.

Details

David Alonso profile picture

David Alonso

Released: May 20, 2026

Tables

CopilotActivity

Keywords

Microsoft365CopilotAIAgentAccessDataSourcesSharePointExchangeGraphResourceTypeUserActorTenantCloudApplicationAccountIPAddress

Operators

letmv-expandextendtostringtolowerisnotemptybetweenagosummarizemake_setjoinkind=leftoutercoalescedynamicarray_index_ofcounttake_anyminmax

Severity

Medium

Tactics

PrivilegeEscalationDiscovery

MITRE Techniques

Frequency: PT1H

Period: P14D

Actions

GitHub