AI agents should not have risky HTTP configurations
Descriptionโ
Checks all Copilot Studio agents for HTTP actions that connect to non-standard ports or non-connector endpoints. HTTP actions to unexpected destinations may indicate data exfiltration, command-and-control communication, or misconfigured integrations.
How to fixโ
Review the HTTP request nodes in each flagged agent's topics. Ensure all HTTP requests use HTTPS on standard port 443. Replace direct HTTP calls with Power Platform connectors where possible, as connectors provide built-in governance and DLP policy enforcement.
Learn more: Configure data policies for agents
Prerequisitesโ
This test evaluates Copilot Studio agent configurations via the Dataverse API.
Connect-Maester -Service Graph,Dataverse