Putting a Copilot Studio agent on a Power Pages site is one of the easiest ways to give your visitors real help. The agent can reply to common questions, walk people through a form step by step, and send them to the page they actually need. There is just one catch that trips up a lot of site owners. Out of the box, the agent appears for every single visitor, even the ones who never logged in. For plenty of sites, that is the opposite of what you want. Maybe your agent talks about account balances, private rules, or services that only members pay for. When that is the case, you want the agent to stay out of sight until a person signs in.
Here is the upside. You can absolutely lock it down. In this guide I will show you how to set things up so only signed-in users can find and chat with your Copilot Studio agent on Power Pages. I will keep the language plain and the steps clear, so you can follow along even if this is your first time trying it.
Why Locking the Agent Down Is Worth It
Let us start with the reason behind all of this, because it makes the steps easier to follow. When an agent sits out in the open, anybody who opens your page can start a chat with it. If that agent reaches private data through a tool or a connector, a random visitor might try to coax out details they were never meant to see. And even when your agent only hands out general info, there is still a money angle. Each message a user sends can eat into your capacity, and bots or curious strangers can burn through that quota in no time.
So shutting the door brings two clear benefits. You guard your sensitive data, and you tie your usage to people you actually know. For nearly any business site, that is simply the wiser path.
Think in Two Layers
The cleanest way to picture this is as two separate layers. The first layer lives inside Copilot Studio, with the agent itself. The second layer lives on the Power Pages site where the agent gets displayed. A solid setup leans on both at once. One layer keeps the agent off the page entirely. The other layer makes sure the agent only trusts a visitor who has signed in. Stack them together and the result is both tidy and secure.
Let me unpack each layer.
Layer One: Switch On User Authentication in Copilot Studio
Open the agent you plan to publish inside Copilot Studio. Head into the settings area and find the security or authentication section. This is where you decide how the agent confirms who someone really is.
For a Power Pages site, the usual pick is Microsoft Entra ID or a generic OAuth 2.0 provider. Choose Microsoft Entra ID and the agent will only serve users who came in through Entra. Because Power Pages supports single sign-on, nobody has to type their password twice. They log in to your site one time, and that same identity carries over to the agent without any extra friction.
There is also an option known as token passthrough. To use it, you set the service provider to Generic OAuth 2 and drop placeholder values into the remaining fields. From there, Power Pages hands the signed-in user’s token straight over to the agent. This works nicely when your site already runs its own login and you just want the agent to lean on that existing session.
The heart of it is simple. The moment you switch authentication on, the agent stops answering anyone who lacks a valid token. So even if some clever visitor managed to load the agent, it would still turn them away without a genuine login. Think of this as your firm guard around the back door.
Layer Two: Hide the Agent on Power Pages Using Liquid
The second layer deals with what actually appears on the page. Power Pages runs on a template language called Liquid, and Liquid hands you an easy way to ask whether a user is logged in. It comes with a ready-made object named user. When somebody is signed in, that object holds a value. When they are not, it sits empty.
You can tuck the agent code inside a check like this one:
{% if user %}
<!-- Your Copilot Studio agent embed code goes here -->
{% else %}
<p>Please sign in to chat with our assistant.</p>
{% endif %}
The logic here is short and friendly. A signed-in visitor gets the agent loaded for them. A logged-out visitor instead reads a quick note inviting them to sign in. Best of all, the agent code never reaches the public visitor’s browser at all, so there is nothing for them to inspect or try to load on their own.
You would drop this snippet into the web template or the content block where you would normally place the agent. If you first added the agent through a Power Pages component, simply lift that embed code and wrap it in a conditional block like the one above.
How the Two Layers Cover Each Other
Picture the two layers working as a pair. The Liquid check keeps the agent off the screen for anyone who has not logged in. That takes care of the everyday situation and feels pleasant too, since visitors meet a warm sign-in prompt rather than a broken or empty box. The Copilot Studio authentication setting then acts as your backup. In the rare moment that the front-end check slips or someone tries a trick, the agent still refuses to speak without a real identity behind the request.
I always urge people not to lean on one layer alone. The Liquid check looks good, yet on its own it is not true security, because front-end code can be sidestepped. The authentication setting is genuinely secure, but by itself it might leave a puzzling empty chat box in front of logged-out users. Run both and you land on safety plus a smooth, polished experience.
A Few Things to Check Before Launch
Try your setup with a real account and again with one that is logged out. Open the page in a private browser window so you behave like a fresh visitor. You should meet the sign-in prompt with no agent in sight. Then log in and make sure the agent loads and responds the way it should.
Take a look at your web roles and table permissions too, especially if your agent pulls records from Dataverse. The agent acts with the signed-in user’s access, so those roles need to be set correctly for everything to behave.
Give that first run some patience, and once it holds up, you will have an agent that only your real, signed-in users can ever reach. That keeps your data safer and your site cleaner for every person who stops by.