{"slug": "we-rolled-out-copilot-sales-asked-it-for-a-25-discount-policy-allows-ten", "title": "We rolled out Copilot. Sales asked it for a 25% discount. Policy allows ten.", "summary": "A company deploying Microsoft Copilot for its sales team discovered that the AI could generate emails offering discounts exceeding policy limits, such as a 25% discount when leadership caps discretionary offers at 10%. The incident highlighted that prompt guidelines and acceptable-use policies are insufficient without enforcement at the action level. The company is piloting AgentGovernance as a control layer to intercept, enforce, and audit AI actions across systems like M365 and CRM.", "body_md": "Our sales team got Copilot in January. By February someone almost sent a 25% discount email when leadership caps discretionary offers at 10%.\n\nI'm not on an AI platform team. I'm the person who gets cc'd when IT, legal, and sales leadership all want \"Copilot\" and \"controls\" in the same sentence.\n\nAn account rep typed something like: *Follow up with John at Acme — offer 25% off next quarter if they renew early.*\n\nCopilot drafted a good email. Professional tone. Correct product names. It also updated the opportunity in Salesforce.\n\nNobody on the thread was trying to bypass policy. The model doesn't know your promo calendar. It optimizes for the instruction in the chat window — and that instruction is not authorization.\n\nWe caught it because the rep still sends most mail manually. Next quarter half the team won't.\n\nWe already had an acceptable-use doc. We ran a webinar. People still move fast on quarter-end.\n\nPrompt guidelines fail at the moment of **send** — same way \"double-check your expense report\" fails without a manager approval rule in the system.\n\nWhat we needed:\n\nNot a better system prompt. Not \"always review AI output.\" Enforcement.\n\nMicrosoft Purview and Business Premium give you sensitivity labels, DLP on generated content, eDiscovery on Copilot interactions. Worth having.\n\nThey don't answer: *Can Copilot commit a discount in Salesforce and email the customer in one flow without a manager?*\n\nThat action crosses M365 and your CRM. Governance has to sit where **actions** happen — not only where documents live.\n\nNo custom model. No \"AI team.\" Three rules the ops lead already understood.\n\nWe're piloting [AgentGovernance](https://agentgovern.ai) as the control layer between Copilot/ChatGPT and the systems they reach — intercept, enforce, audit. The [demo](https://agentgovern.ai/agent-governance-demo) walks through the discount-above-policy case with a live approval queue.\n\nYou don't need to become AI experts. You need the same discipline you use for refunds and vendor payments:\n\nStart with one department and one threshold. Measure for a month. Expand.\n\nFull guide: [Retail Copilot AI governance](https://agentgovern.ai/retail-copilot-ai-governance)\n\nEarly access — [agentgovern.ai](https://agentgovern.ai) · [interactive demo](https://agentgovern.ai/agent-governance-demo)", "url": "https://wpnews.pro/news/we-rolled-out-copilot-sales-asked-it-for-a-25-discount-policy-allows-ten", "canonical_source": "https://dev.to/rnagulapalle/we-rolled-out-copilot-sales-asked-it-for-a-25-discount-policy-allows-ten-3404", "published_at": "2026-06-30 14:30:23+00:00", "updated_at": "2026-06-30 14:49:10.309716+00:00", "lang": "en", "topics": ["ai-agents", "ai-safety", "ai-policy", "ai-tools", "developer-tools"], "entities": ["Microsoft Copilot", "Salesforce", "Microsoft Purview", "AgentGovernance", "M365", "CRM", "Acme"], "alternates": {"html": "https://wpnews.pro/news/we-rolled-out-copilot-sales-asked-it-for-a-25-discount-policy-allows-ten", "markdown": "https://wpnews.pro/news/we-rolled-out-copilot-sales-asked-it-for-a-25-discount-policy-allows-ten.md", "text": "https://wpnews.pro/news/we-rolled-out-copilot-sales-asked-it-for-a-25-discount-policy-allows-ten.txt", "jsonld": "https://wpnews.pro/news/we-rolled-out-copilot-sales-asked-it-for-a-25-discount-policy-allows-ten.jsonld"}}