How to Set Up Audit Trails for AI Agents in Copilot Studio

A Copilot Studio audit trail is a structured, tamper-resistant log of every prompt, agent response, tool call, and data source read your agent produces. Follow this guide to configure that log so any auditor can reconstruct what the agent did, when, and why.

This guide is part of our AI agent how-to series. The steps below apply to any Copilot Studio agent running in a Dataverse-enabled environment.

What you need before you start

• Microsoft Copilot Studio access with a published or draft agent in the target environment.
• System Administrator role in the Dataverse environment linked to that Copilot Studio tenant.
• Azure subscription with an Application Insights workspace, if you plan to route telemetry there alongside or instead of Dataverse.
• Power BI access (Desktop or Service) to build the compliance query dashboard in Step 5.
• Microsoft Purview access if your organization requires retention policy enforcement, sensitivity labeling, or eDiscovery support on transcript data.
• Documented regulator requirements: agree internally on which fields each audit record must contain before you configure anything. Standard mandatory fields are user ID, session ID, UTC timestamp, full prompt text, full agent response text, action names invoked, and data source references.
• PII handling plan: agree with your data protection team on whether transcripts will be stored in full, partially redacted, or pseudonymized before any logging is switched on.

Step-by-step: setting up audit trails for AI agents in Copilot Studio

1. Define what your audit record must contain. Write down every field a log entry must include to satisfy your regulator or internal compliance policy: user ID, session ID, UTC timestamp, full prompt text, full agent response, names of any plugins or Power Automate flows invoked, their input parameters and output values, and the data sources the agent read. This list is your acceptance test. Every configuration step that follows should produce data that populates it.
2. Enable conversation transcript logging and route records to Dataverse or Application Insights. In the Copilot Studio portal, open your agent and go to Settings > Advanced > Conversation logging. Confirm the toggle is on. By default, transcripts are written to the linked Dataverse environment as ConversationTranscript records. To also send real-time telemetry to Azure, enter your Application Insights connection string under Settings > Advanced > Azure Application Insights. Both destinations can be active simultaneously. See the official Microsoft Copilot Studio transcripts documentation for the current field reference.
3. Capture tool and action call inputs and outputs, not just chat text. Dataverse transcript records include the conversation content JSON, which shows each topic execution node. However, the inputs and outputs of plugin calls and connected Power Automate flows are not written to that record automatically. Instrument each flow to log its own inputs and outputs to a separate Dataverse table or an Application Insights custom event. Without this step, your audit record shows that an action was triggered but not what data it processed. That gap is the one regulators most often flag.
4. Store records in an append-only, access-controlled location with a defined retention period. In Dataverse, apply table-level security roles so only compliance and audit personnel can read ConversationTranscript rows. The service account that writes transcripts should not have delete permission on that table. Set the retention period in Dataverse or in a Log Analytics Workspace to cover the full audit window your regulation requires. Financial services and healthcare organizations typically need five to seven years. HITL checkpoint: before go-live, a compliance officer or data protection lead must review and sign off on the storage location, access control list, and retention period in writing. No agent should reach production until that approval is on record.
5. Build a Power BI query or dashboard so compliance can pull a full decision history for any case. Connect Power BI to the Dataverse ConversationTranscript table and, if in use, the Application Insights workspace. Build a report filterable by user ID or session ID that shows the chronological sequence of prompts, responses, actions called, and data sources read. The goal is that a compliance team member can enter a case reference and get a complete, readable account of every related agent interaction within minutes.
6. Schedule regular transcript sampling and review. Audit infrastructure only protects you if someone reads it. Set a recurring review, at minimum monthly, where a team member pulls a random sample of transcripts and checks them against your acceptable-use policy. Look for unexpected tool calls, out-of-policy responses, or personal data appearing where it should not. Document each review session and its findings. This cadence is also your early-warning system for prompt injection attempts and model behavior drift.

Structuring retention and access for audit-ready records

Two decisions determine whether your audit trail holds up under scrutiny: where records are stored and who can modify them. The table below compares the main storage options for a Copilot Studio audit trail:

For most regulated deployments, Dataverse works as the operational store with a scheduled export to Azure Blob Storage or a Log Analytics Workspace for long-term retention. Microsoft Purview then applies retention policies and sensitivity labels at the storage layer.

On access control: the agent service account should have write-only permission on the transcript table, compliance reviewers should have read-only permission, and no account should have delete permission outside an approved retention-expiry process. Document the access matrix and attach it to your audit policy document before going live.

Where this gets tricky

The most common failure mode is logging only the chat text while tool calls and data reads go unrecorded. A transcript that shows the agent replied “your application has been reviewed” tells an auditor nothing about which records the agent read, which rules it applied, or what a connected Power Automate flow did with that data. Regulators reviewing AI decisions will ask for the full execution path, not just the output text.

Retention is the second problem. Copilot Studio's default Dataverse transcript retention may not cover your regulatory window. If you do not set and document a retention period before go-live, you may be unable to produce records for an audit that covers any period before the policy was in place.

PII in transcripts is the third risk. Users include names, account numbers, and other personal data in prompts regularly. Storing that data in a plain-text transcript table without access controls or a redaction process creates a separate data protection obligation. Agree on a redaction or pseudonymization approach with your data protection team before enabling logging, not after the first data subject access request arrives.

How QServices can help

QServices' AI Governance Consulting practice designs audit logging and HITL frameworks for Copilot Studio agents in regulated industries. A typical engagement covers audit record schema design, Dataverse or Application Insights routing, Power BI compliance dashboard build, access control configuration, and a review process your team can run independently.

Engagements run 4 to 12 weeks depending on scope. Governance-focused projects start around $15,000 for a scoped setup and reach $90,000 for enterprise rollouts with multi-environment deployments and third-party compliance review. For a detailed cost breakdown, see our AI governance consulting cost page.

We applied this audit logging pattern for an enterprise software company deploying a knowledge management bot on Copilot Studio and Azure AI Foundry:

Does Copilot Studio log tool calls automatically?

Conversation transcript records in Dataverse include the topic execution flow, which shows plugin invocation nodes. However, the inputs and outputs of those plugin or Power Automate calls are not captured in the transcript record by default. You need to instrument each connected flow to log its own inputs and outputs to a Dataverse table or Application Insights custom event separately.