>
    Strata Copilot
    Onboard a Microsoft 365 Copilot App to SSPM
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Security
    3. Onboard SaaS Apps Supported by SSPM
    4. Onboard a Microsoft 365 Copilot App to SSPM
    Download PDF
    SaaS Security

    Onboard a Microsoft 365 Copilot App to SSPM

    Table of Contents

    Onboard a Microsoft 365 Copilot App to SSPM

    Learn how you can manually provide SSPM with the configuration values for a Microsoft 365 Copilot instance.
    Where Can I Use This?What Do I Need?
    • Strata Cloud Manager
    • SaaS Security Posture Management license
    Or any of the following licenses that include the Data Security license:
    • CASB-X
    • CASB-PA
    The onboarding process for Microsoft 365 Copilot is different from most applications, because SSPM does not support scans for Microsoft 365 Copilot. During the onboarding process for most applications, SSPM establishes a connection to your application instance by using credentials that you provide, such as a login password or an access token. After SSPM has established this connection, SSPM can scan your application instance's settings by using an API provided by the application or by using data extraction techniques.
    Although SSPM does not support scans for Microsoft 365 Copilot, you can still onboard a Microsoft 365 Copilot application to SSPM. However, when you onboard a Microsoft 365 Copilot application to SSPM, you don’t supply SSPM with any authentication credentials. SSPM does not establish a connection to your Microsoft 365 Copilot instance and does not run scans to determine the Microsoft 365 Copilot settings. Instead, you will manually enter your Microsoft 365 Copilot instance's settings, which SSPM will compare against its recommended settings. You can think of this process as a virtual onboarding. SSPM creates a tile on the Applications page to represent your Microsoft 365 Copilot instance, but this tile is isolated to SSPM. SSPM will show rule violations for the Microsoft 365 Copilot instance, but SSPM determines the violations based entirely on the information that you manually enter. If you change the value of a setting in your application instance, you must also manually update the setting value in SSPM. If you don’t keep the setting values synchronized, the rule violations that SSPM displays will be unreliable.
    To onboard a Microsoft 365 Copilot instance, you complete the following steps:
    1. Log in to Microsoft 365 Copilot as an administrator.
      Logging in will enable you to view the current values of the configuration settings, and, if necessary, update the settings to our recommended values.
    2. Log in to Strata Cloud Manager.
    3. Select ConfigurationSaaS SecurityPosture SecurityApplicationsAdd Application and click the Copilot tile.
    4. On the Posture Security tab, Add New instance.
      SSPM displays the onboarding page, which lists the Microsoft 365 Copilot configuration settings and our recommended configuration values.
    5. From your Microsoft 365 Copilot instance, identify the configuration values, and provide these configuration values to SSPM.
      To avoid triggering rule violations in SSPM, you can update the values in Microsoft 365 Copilot to match our recommended values.
      You can enter the configuration values in the fields provided, or upload a comma-separated values (CSV) file that contains the configuration values. To simplify the process of creating the CSV file, you can download a CSV template file from SSPM. To upload a CSV file, complete the following steps:
      1. Select Upload Security Setting Values and then Download Template.
      2. Open the CSV template file in a spreadsheet application such as Microsoft Excel or Google Sheets.
      3. Enter the configuration values into the CSV template file, and save your changes.
      4. Upload your edited CSV file to SSPM, and Save. You can either drag and drop the file into the File Upload area or you can Browse to locate the file.
    6. Connect with Copilot.
      SSPM adds a tile on the Applications page to represent your Microsoft 365 Copilot instance. Based on the values that you entered, SSPM will determine if your Microsoft 365 Copilot instance has any rule violations.
      Because SSPM is not scanning your Microsoft 365 Copilot instance, you must ensure that the information that SSPM has about your Microsoft 365 Copilot instance remains accurate. If you change a setting value in Microsoft 365 Copilot, manually update that value in SSPM. To do this, complete the following steps:
      1. Navigate to the Applications page (SSPMApplications).
      2. Locate the Microsoft 365 Copilot instance's tile and View Details.
      3. Edit Current Value of the setting.

    © 2026 Palo Alto Networks, Inc. All rights reserved.