Hey everyone! Our company is really pushing for users to adopt M365 Copilot, and there's been a suggestion to also include admin accounts, especially since they could benefit from the Admin Agent feature. Currently, each admin has a dedicated account for admin tasks that's unlicensed. I'm contemplating whether I should add Copilot to these accounts so admins can use the Admin Agent, or if I should keep them unlicensed to limit access. What's everyone's thoughts on this? Should I keep the admin accounts unlicensed or allow Copilot but block other licenses?
2 Answers
I think keeping the admin accounts unlicensed is still a good policy, especially if they don’t need Copilot features for their daily tasks. This way, you can ensure that admins are only using their regular accounts, which is usually safer. Maybe consider adding Copilot for non-admin tasks only?
It sounds like you’re dealing with a tricky situation! The trend has been to keep admin accounts unlicensed to minimize security risks. If you keep them unlicensed, they won’t have access to a lot of features, which can make managing those accounts easier. However, adding Copilot could help with certain tasks as long as you’re okay with the risk.
Exactly! It helps to reduce the potential attack surface. But if admins need Copilot to make their work easier, just make sure to monitor how it’s being used.
Agreed! It’s a balance. You want efficiency without compromising security. Keeping those admin accounts light may be the best route.