Copilot Studio vs Foundry in financial services: what changes?

TL;DR: Financial services teams are adopting Microsoft Copilot Studio and Foundry for AI agents, but Zenity’s analysis shows the governance problem is not platform choice alone: business-led low-code agents and technical mission-critical agents create different security and compliance pressures, especially around shadow AI, excessive privilege, and runtime enforcement. The decisive gap is governance that follows the agent lifecycle, not just the build platform.

NHIMG editorial — based on content published by Zenity: Considerations for Microsoft Copilot Studio vs. Foundry in Financial Services

By the numbers:

• 96% of technology professionals identify AI agents as a growing security threat, and 66% believe this risk is immediate.

Questions worth separating out

Q: How should security teams govern business-built AI agents in low-code platforms?

A: Start with discovery, ownership, and access boundaries.

Q: Why do technical AI agents create higher privilege risk than simple workflow bots?

A: Technical agents usually integrate with multiple systems, so a single identity can accumulate broad delegated access across models, data sources, and tools.

Q: What do organisations get wrong about AI agent governance?

A: They often treat agent governance as a build-time review problem.

Practitioner guidance

• Define an agent inventory owner Assign a named owner for every Copilot Studio and Foundry agent, including business-built agents that originate outside central engineering.
• Separate business-built and technical agent controls Use different review criteria for low-code citizen-developed agents and technically engineered agents.
• Enforce runtime policy before sensitive actions Block high-risk actions at execution time, including access to sensitive financial data, outbound sharing, and transactions triggered from agent output.

What's in the full article

Zenity's full article covers the operational detail this post intentionally leaves for the source:

• How Copilot Studio and Foundry differ in builder profile, agent scope, and deployment patterns
• Examples of common financial services use cases, including onboarding, fraud-related automation, and regulatory workflows
• The webinar context with Zenity, Microsoft, and Slalom, including the practical defense-in-depth themes discussed
• The article's specific framing of visibility, policy enforcement, and lifecycle governance for agent programmes

👉 Read Zenity's analysis of Copilot Studio vs Foundry governance in financial services →

Copilot Studio vs Foundry in financial services: what changes?

Explore further

View Full Forum →  |  NHI Foundation Course →