Copilot Studio - High-impact connector invoked
Copilot Studio Sensitive Connector Invocation
Query
let sensitiveConnectors = dynamic([
"office365", "sendemail", "sendmail", "outlook", "exchange",
"http", "webhook", "azuread", "azure", "sql", "dataverse",
"sharepoint", "onedrive", "powershell", "function", "automate",
"logicapp", "graph", "keyvault", "blob", "storage"
]);
AppDependencies
| where AppRoleName == "Microsoft Copilot Studio" or DependencyType == "Connector"
| extend
ConvId = tostring(Properties["conversationId"]),
ChannelId = tostring(Properties["channelId"]),
MatchKey = tolower(strcat(Name, " ", Target))
| where MatchKey has_any (sensitiveConnectors)
| summarize
Calls = count(),
Targets = make_set(Target, 25),
Success = countif(Success == true),
Failures = countif(Success == false),
FirstSeen = min(TimeGenerated),
LastSeen = max(TimeGenerated)
by Name, ConvId, ChannelId
| extend AccountName = iff(isempty(ConvId), strcat("connector:", Name), ConvId)
| project LastSeen, FirstSeen, AccountName, Name, ConvId, ChannelId, Calls, Success, Failures, Targets
| order by LastSeen descExplanation
This query is designed to monitor and raise an alert when a high-impact connector or action is invoked by a Copilot Studio agent. These connectors can perform significant operations like running code, sending emails, accessing HTTP endpoints, querying databases, or executing privileged Microsoft 365/Azure tasks, which are attractive targets for attackers.
Here's a simplified breakdown of the query:
-
Purpose: To detect and alert on the use of high-impact connectors by Copilot Studio agents, which could indicate potential security threats.
-
Data Source: The query reads from
AppDependencieswhere theDependencyTypeis "Connector". -
Sensitive Connectors: It checks against a predefined list of sensitive connectors (e.g., "office365", "sendemail", "http", "azuread", etc.) to identify high-impact actions.
-
Filtering and Matching: It filters the data to include only those entries where the connector name or target matches any of the sensitive connectors.
-
Data Aggregation: It summarizes the data by counting the number of calls, successful and failed attempts, and records the first and last time the connector was seen.
-
Output: The query outputs details such as the last and first seen times, account name, connector name, conversation ID, channel ID, number of calls, successes, failures, and targets.
-
Alert Configuration: If any high-impact connector is invoked, an incident is created with a medium severity level. The alert is triggered if there is more than zero occurrences within an hour.
-
Incident Grouping: Incidents are grouped by account, and the system is configured to not reopen closed incidents within a 6-hour lookback period.
-
Execution Frequency: The query runs every hour and checks data from the past hour.
This setup helps in proactively identifying and responding to potential security threats posed by the misuse of high-impact connectors in the system.
Details

David Alonso
Released: June 8, 2026
Tables
Keywords
Operators
Severity
MediumTactics
Frequency: PT1H
Period: PT1H