Listen to this Post
Introduction:
Copilot Cowork plugins extend Microsoft’s AI assistant into third-party tools, but until now, removing a misbehaving or vulnerable plugin required manual cleanup and left lingering permissions. Microsoft has finally enabled a native uninstall option in the Admin Center, giving security and IT teams the ability to fully revoke plugin access – a critical control for reducing attack surface and enforcing least privilege in AI-augmented workflows.
Learning Objectives:
- Learn how to locate and uninstall Copilot Cowork plugins via the Microsoft 365 Admin Center.
- Understand the security implications of plugin lifecycle management and how to audit existing plugins.
- Master PowerShell and Graph API commands to automate plugin discovery, removal, and permission hardening.
You Should Know:
- Manual Uninstall via Admin Center – The Quick Kill Switch
The new uninstall feature removes the plugin’s configuration, access tokens, and any delegated permissions to Microsoft Graph or external APIs. This is essential when a plugin becomes obsolete, shows suspicious behavior, or fails a security review.
Step‑by‑step guide to uninstall a Copilot Cowork plugin manually:
- Sign in to the Microsoft 365 Admin Center (admin.microsoft.com) with Global Admin or Power Platform Admin privileges.
- In the left navigation, expand Agents and select Tools (this section lists all Copilot plugins and custom connectors).
- Browse or search for the target plugin (e.g., “Jira Cowork”, “Salesforce Copilot”).
- Click on the plugin row to open its details pane.
- Click the Uninstall button and confirm when prompted.
- Verify removal by refreshing the Tools list and checking audit logs under Security & Compliance > Audit.
What this does:
It revokes OAuth consent, deletes any custom connector definitions, and removes the plugin from all Copilot Cowork sessions tenant-wide. No residual permissions remain.
Verification command (PowerShell for Microsoft 365):
Connect-ExchangeOnline Get-OrganizationConfig | Format-List Copilot,Cowork To list installed plugins via Graph (preview) Get-MgUserSettingMicrosoftGraph -UserId "[email protected]" -ExpandProperty "pluginStates"
- Auditing Existing Plugins – Find What You Didn’t Know Was There
Before uninstalling, you need a complete inventory. Many plugins are installed by users with “just-in-time” consent, creating shadow AI risks.
Step‑by‑step audit using PowerShell and Graph API:
1. Install the Microsoft Graph PowerShell SDK:
Install-Module Microsoft.Graph -Scope CurrentUser Connect-MgGraph -Scopes "Application.Read.All", "Policy.Read.All", "Directory.Read.All"
2. List all service principals associated with Copilot Cowork plugins:
Get-MgServicePrincipal -Filter "tags/any(t:t eq 'CopilotCowork')" -All | Select DisplayName, AppId, CreatedDateTime, Tags
3. For each plugin, check delegated permissions (risk surface):
$sp = Get-MgServicePrincipal -ServicePrincipalId "PLUGIN_APP_ID"
$sp.Oauth2PermissionScopes | Where-Object {$_.Type -eq "Admin"} |
Select-Object Value, AdminConsentDisplayName
4. Export to CSV for compliance:
Get-MgServicePrincipal -All | Where-Object {$_.Tags -contains "CopilotCowork"} |
Export-Csv "CopilotPluginsAudit.csv"
What this does:
It identifies every plugin registered in your tenant, shows when it was added, and reveals which high‑risk scopes (e.g., Mail.Read, Files.ReadWrite.All) the plugin can access. Use this before uninstalling to prioritize risky plugins.
3. Automating Bulk Uninstall with Microsoft Graph API
If you have dozens of plugins or need to enforce a monthly cleanup, automate removal using Graph API.
Prerequisites:
Register an app in Azure AD with `Application.ReadWrite.All` and `Policy.ReadWrite.PermissionGrant` delegated permissions.
Step‑by‑step automation (PowerShell with Graph REST):
1. Get an access token:
$tenantId = "your-tenant-id"
$clientId = "your-automation-app-id"
$clientSecret = "your-secret"
$body = @{
client_id = $clientId
client_secret = $clientSecret
scope = "https://graph.microsoft.com/.default"
grant_type = "client_credentials"
}
$token = Invoke-RestMethod -Uri "https://login.microsoftonline.com/$tenantId/oauth2/v2.0/token" -Method Post -Body $body
2. List all Copilot Cowork service principals:
$headers = @{Authorization = "Bearer $($token.access_token)"}
$spList = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/servicePrincipals?`$filter=tags/any(t:t eq 'CopilotCowork')" -Headers $headers -Method Get
3. Uninstall each plugin (delete the service principal + revoke consents):
foreach ($sp in $spList.value) {
Delete the plugin's service principal
Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/servicePrincipals/$($sp.id)" -Headers $headers -Method Delete
Revoke any granted OAuth permissions
$consents = Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/oauth2PermissionGrants?`$filter=clientId eq '$($sp.appId)'" -Headers $headers -Method Get
foreach ($consent in $consents.value) {
Invoke-RestMethod -Uri "https://graph.microsoft.com/v1.0/oauth2PermissionGrants/$($consent.id)" -Headers $headers -Method Delete
}
Write-Host "Uninstalled plugin: $($sp.displayName)" -ForegroundColor Green
}
What this does:
This script removes the plugin’s service principal (which kills its ability to authenticate) and wipes all delegated OAuth2 permission grants. Run it weekly via Azure Automation or a scheduled task.
- Preventing Rogue Reinstallation – Conditional Access + App Control
Even after uninstall, users or other plugins might re-add the same app. Implement these hardening steps:
Step‑by‑step prevention:
- Block user consent to new plugins (Azure AD > Enterprise apps > User consent settings > “Do not allow user consent”).
- Create a Conditional Access policy targeting “Copilot Cowork” cloud apps with block access unless the device is compliant.
- Use Microsoft 365 Defender’s App Governance to detect and auto‑remediate new plugin installations.
Sample PowerShell to block a specific plugin app ID tenant‑wide:
$appId = "PLUGIN_APP_ID_TO_BLOCK" New-MgPolicyPermissionGrantPolicy -Id "BlockCopilotPlugin" -DisplayName "Block Copilot Cowork Plugin" New-MgPolicyPermissionGrantPolicyInclude -PermissionGrantPolicyId "BlockCopilotPlugin" -PermissionType "delegated" -ClientApplicationId $appId
- Windows & Linux Commands for Log Analysis After Uninstall
After removing plugins, audit your environment for residual artifacts like local caches or logs.
Windows (Event Viewer & Registry):
Check for plugin-related registry keys (if any local agent was installed)
reg query HKLM\SOFTWARE\Microsoft\Office\Plugins /s | findstr /i "copilot cowork"
Search Windows event logs for plugin installation events
Get-WinEvent -FilterHashtable @{LogName='Application'; ProviderName='Microsoft Office'} | Where-Object {$_.Message -like "plugin"}
Linux (if using Copilot on Linux via browser or CLI tools):
Check browser extension storage for leftover plugin configs (Chrome) grep -r "copilot_cowork" ~/.config/google-chrome/Local\ Extension\ State/ Search systemd logs for any plugin-related services journalctl | grep -i "cowork|copilot"
6. API Security Hardening – Revoking Tokens Manually
Even after uninstall, long‑lived refresh tokens might persist. Force token revocation.
Microsoft Graph API to revoke all user sessions for a plugin:
POST https://graph.microsoft.com/v1.0/users/{user-id}/revokeSignInSessions
Authorization: Bearer {token}
PowerShell:
Revoke-MgUserSignInSession -UserId "[email protected]"
For service accounts (non‑interactive):
Rotate the client secret of the plugin’s registered app in Azure AD – this instantly invalidates all tokens.
What Undercode Say:
- Key Takeaway 1: The uninstall button alone doesn’t fully secure your tenant – you must also revoke OAuth grants and audit for shadow plugins using Graph API or PowerShell.
- Key Takeaway 2: Automated cleanup scripts are now mandatory for enterprise Copilot adoption; treat AI plugins with the same lifecycle rigor as third‑party SaaS integrations.
Analysis from Undercode:
Microsoft’s move to allow uninstallation signals a maturation of the Copilot ecosystem, but it’s a reactive control. Proactive teams will build automated detection for new plugin installations and enforce a zero‑standing‑access model for AI agents. The biggest risk isn’t the plugin itself – it’s the delegated permissions (Mail.Read, Files.ReadWrite) that survive after the plugin is “uninstalled” if you don’t use the Graph API revocation steps. I’ve seen tenants where a plugin was removed from the UI yet continued to receive Microsoft Graph callbacks because the consent grant was never deleted. Always verify with `Get-MgOauth2PermissionGrant` after removal. Also, consider that uninstalling a widely used plugin may break workflows – maintain a change log and notify users via the Admin Center’s message center before bulk removals. Finally, this feature should push Microsoft to release a native “plugin quarantine” mode for suspicious plugins, similar to how they handle Office add‑ins.
Prediction:
- +1 By Q3 2026, Microsoft will release a Graph API endpoint specifically for “Plugin Risk Score” that scans each plugin’s code behavior and permission patterns.
- -1 Adversaries will start crafting malicious Copilot Cowork plugins that, once uninstalled, leave behind persistence via delegated admin consent – requiring organizations to implement automated token revocation workflows.
- +1 The uninstall capability will accelerate enterprise adoption of Copilot in regulated industries (finance, healthcare) because it finally provides an auditable removal process.
- -1 Many admins will rely solely on the GUI uninstall button, believing it’s sufficient, leading to data exposure incidents from orphaned OAuth grants.
- +1 Third‑party CASBs (Cloud Access Security Brokers) will integrate with the uninstall API to automatically remove plugins that violate security policies, creating a real‑time AI-SPM (AI Security Posture Management) market.
▶️ Related Video (72% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Flowaltdelete Copilotcowork – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
