web
You’re offline. This is a read only version of the page.
close
Skip to main content
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio - General / preventing users from ...
Copilot Studio - General
Answered

preventing users from tying sensitive (PII) information in copilot studio agent

(0) ShareShare
ReportReport
Posted on by SPUser1980 56
Hi Everyone,
 
I have a Copilot studio chatbot with the knowledge source as a public facing website. This is for a customer (banking customer).
 
If users enter sensitive information in the chatbot agent (like their email address, or their account number, or credit card number), they are asking if that message can be removed.
 
In the "Settings" of the agent, I know we can set a "moderation level" in the chatbot seting to "high" (Screenshot below). here I also put a message that displays to user not to enter sensitive information. 

 
But the above is not working. This is what i see when i test the agent



I expected it atleast to give above message, but it simply says "thank you for providing account number"....the objective is not only to give the above message, but also block the message user typed with their c.card or account number. How do I configure that and get it working?
Categories:
General
I have the same question (0)
  • SPUser1980 Profile Picture
    SPUser1980 56 on at
    preventing users from tying sensitive (PII) information in copilot studio agent
    Hi Jerry-IN 
     
    Thanks so much.   I have managed to do step 1 (ie, I have created the Regex Entity, for eg : "Account number" entity). 
     
    However I am struggling to create the high priority topic. I have created the topic but struggling to set the priority & add the created entity in here. Can you help me to understand how do i do that, from this attached screenshot of the topic?



    also in the "change trigger" option in the trigger above, I see following options. Not sure which amongst these, should i choose as trigger (so that i can associate it with the entity i created)

    1. the agent chooses
    2. a message is received
    3. a custom client event occurs
    4. an activity occurs
    5. the conversation changes
    6. its invoked
    7. its redirected to
    8. user is inactive for a while
    9. an ai generated response is about to be sent
  • Verified answer
    Jerry-IN Profile Picture
    Jerry-IN 83 on at
    preventing users from tying sensitive (PII) information in copilot studio agent
    Hello SPUser1980,
     
    Greetings!
     
    I understand you're facing a critical issue with your Copilot Studio agent, especially given your work with a banking customer. Preventing users from entering Personally Identifiable Information (PII) and ensuring the bot handles it correctly is a top priority.

    You've correctly identified the need for a solution, but the "Content Moderation" setting in the agent's properties isn't the right tool for this specific job. Let's break down why it's not working and what the correct approach is.
     
    The Content Moderation setting in Copilot Studio (Low, Medium, High) is primarily designed to filter for generally harmful or inappropriate content, such as hate speech, violence, or sexually explicit language. It is not configured to recognize and block context-specific sensitive data like credit card numbers or account numbers.

    When your bot responded, "Thank you for providing your account number," it was using its generative AI capabilities to be helpful based on the knowledge from your public-facing website. It recognized the term "account number" but did not identify it as sensitive user input that should be blocked.
     
    Solution Steps:
    Create Regex Entities:
    • In Copilot Studio, go to Topics & Plugins > Entities.
    • Click New entity and select Regular expression.
    • Create an entity for each PII type (e.g., "AccountNumber") and enter a pattern that matches its format (e.g., \b\d{10}\b for a 10-digit number).
    Create a High-Priority Topic:
    • Go to Topics and click New topic > From blank. Name it "Block PII."
    • Select the topic's Trigger node, open the properties pane, and set the Priority to 100 (the highest).
    • Set Entity Triggers:
    • In the trigger's properties pane, under Triggers, select Entity instead of Phrase.
    • Add the PII entities you created in step 1.
    Build the Topic Flow:
    • On the authoring canvas, add a Send a message node and write your warning (e.g., "Please do not enter sensitive personal information.").
    • Add another node and choose Topic management > End conversation.
    This will ensure any user input matching your PII patterns is immediately caught, the user is warned, and the conversation stops before the data is processed.
     
    Best Regards,
    Jerald Felix

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
Join experts in person to explore low code and AI agents at the Power Platform Community Conference sponsored by Microsoft
Our Community Code of Conduct has been updated!
Responsible AI policies for the Community

Quick Links

Responsible AI policies

As AI tools become more common, we’re introducing a Responsible AI Use…

MS.Ragavendar – Community Spotlight

We are honored to recognize Ragavendar Swaminatha Subramanian as our September…

Congratulations to the August Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Michael E. Gernaey Profile Picture

Michael E. Gernaey 327 Super User 2025 Season 2

#2
Romain The Low-Code Bearded Bear Profile Picture

Romain The Low-Code... 235 Super User 2025 Season 2

#3
trice602 Profile Picture

trice602 166 Super User 2025 Season 2

Last 30 days Overall leaderboard

Featured topics

Generative orchestration updates coming to Microsoft Copilot Studio! 
Please Read for Updates on Forums & Blogs
Tips & tricks for using the Power Virtual Agents Boost Conversational Coverage Preview

Product updates

Microsoft Power Platform Community release plans