Query Details

Copilot Studio - High-impact connector invoked

Copilot Studio Sensitive Connector Invocation

Query

let sensitiveConnectors = dynamic([
    "office365", "sendemail", "sendmail", "outlook", "exchange",
    "http", "webhook", "azuread", "azure", "sql", "dataverse",
    "sharepoint", "onedrive", "powershell", "function", "automate",
    "logicapp", "graph", "keyvault", "blob", "storage"
]);
AppDependencies
| where AppRoleName == "Microsoft Copilot Studio" or DependencyType == "Connector"
| extend
    ConvId    = tostring(Properties["conversationId"]),
    ChannelId = tostring(Properties["channelId"]),
    MatchKey  = tolower(strcat(Name, " ", Target))
| where MatchKey has_any (sensitiveConnectors)
| summarize
      Calls     = count(),
      Targets   = make_set(Target, 25),
      Success   = countif(Success == true),
      Failures  = countif(Success == false),
      FirstSeen = min(TimeGenerated),
      LastSeen  = max(TimeGenerated)
    by Name, ConvId, ChannelId
| extend AccountName = iff(isempty(ConvId), strcat("connector:", Name), ConvId)
| project LastSeen, FirstSeen, AccountName, Name, ConvId, ChannelId, Calls, Success, Failures, Targets
| order by LastSeen desc

Explanation

This query is designed to monitor and raise an alert when a high-impact connector or action is invoked by a Copilot Studio agent. These connectors can perform significant operations like running code, sending emails, accessing HTTP endpoints, querying databases, or executing privileged Microsoft 365/Azure tasks, which are attractive targets for attackers.

Here's a simplified breakdown of the query:

  1. Purpose: To detect and alert on the use of high-impact connectors by Copilot Studio agents, which could indicate potential security threats.

  2. Data Source: The query reads from AppDependencies where the DependencyType is "Connector".

  3. Sensitive Connectors: It checks against a predefined list of sensitive connectors (e.g., "office365", "sendemail", "http", "azuread", etc.) to identify high-impact actions.

  4. Filtering and Matching: It filters the data to include only those entries where the connector name or target matches any of the sensitive connectors.

  5. Data Aggregation: It summarizes the data by counting the number of calls, successful and failed attempts, and records the first and last time the connector was seen.

  6. Output: The query outputs details such as the last and first seen times, account name, connector name, conversation ID, channel ID, number of calls, successes, failures, and targets.

  7. Alert Configuration: If any high-impact connector is invoked, an incident is created with a medium severity level. The alert is triggered if there is more than zero occurrences within an hour.

  8. Incident Grouping: Incidents are grouped by account, and the system is configured to not reopen closed incidents within a 6-hour lookback period.

  9. Execution Frequency: The query runs every hour and checks data from the past hour.

This setup helps in proactively identifying and responding to potential security threats posed by the misuse of high-impact connectors in the system.

Details

David Alonso profile picture

David Alonso

Released: June 8, 2026

Tables

AppDependencies

Keywords

CopilotStudioMicrosoftAzureOffice365SQLSharepointOnedrivePowershellLogicappGraphKeyvaultBlobStorageConnectorsAI

Operators

letdynamicwhereorextendtostringtolowerstrcathas_anysummarizecountmake_setcountifminmaxbyiffisemptyprojectorder bydesc

Severity

Medium

Tactics

ExecutionLateralMovement

MITRE Techniques

Frequency: PT1H

Period: PT1H

Actions

GitHub