Solutions Catalog¶
35 live reference implementations organized by functional domain.
Access & Identity¶
Solutions for controlling who can access, share, and publish AI agents.
| Solution | Description | Version | Controls |
|---|---|---|---|
| Agent Access Governance Monitor | Automated validation of Power Platform environment agent access settings against zone-specific governance requirements. | v1.1.0 | 3.8 |
| Agent Sharing Access Restriction Detector | Detects and remediates agent sharing configurations that violate zone-based security group policies. | v2.0.0 | 1.18, 2.8 |
| Conditional Access Automation | Automated deployment and compliance monitoring of Entra ID Conditional Access policies for Microsoft 365 AI workloads (Copilot Studio, Agent Builder, M365 Copilot). | v1.2.2 | 1.11, 1.23, 1.18 |
| Cross-Tenant External Sharing Governance | Automated detection, validation, and remediation of cross-tenant access for Power Platform AI agents in FSI environments. | v1.0.2 | 1.1, 1.18, 2.1, 2.8, 3.1, 1.11 |
| Inactivity Timeout Enforcement | Cloud Flow template for daily compliance detection of inactivity timeout settings across Power Platform environments. | v1.1.0 | 2.22, 1.23, 3.7, 3.8 |
| Unrestricted Agent Sharing Detector | Continuous detection of overly permissive agent sharing configurations with automated remediation and exception management. | v2.0.0 | 1.1, 3.8 |
Content & Data Protection¶
Solutions for securing agent content, file handling, and knowledge sources.
| Solution | Description | Version | Controls |
|---|---|---|---|
| Agent Knowledge Source Scanner | Item-level permission scanning for SharePoint libraries connected to Copilot Studio agents as knowledge sources. | v1.1.0 | 4.3, 1.4, 1.5 |
| Content Moderation Monitor | Automated validation of Copilot Studio agent content moderation levels against zone-specific governance requirements. | v1.1.0 | 1.8, 1.14 |
| File Upload Security | Automated validation of Copilot Studio agent file upload settings against governance zone policies. Supports Control 1.14 by detecting agents with file uploads enabled where uploads should be restricted or disabled. | v1.1.0 | 1.14, 1.8, 1.4 |
| MIME Type Restrictions for File Uploads | Dataverse plugin, DLP policy template, and Sentinel queries for MIME type restriction governance in Copilot Studio agent file upload scenarios. | v1.1.0 | 1.5, 1.10, 1.11, 1.13, 1.14, 1.25, 3.3, 3.7, 4.3 |
| RAG Source Validator | Integrity validation for Retrieval-Augmented Generation (RAG) knowledge sources with change detection and audit capabilities. | v1.2.0 | 2.16, 1.7, 2.13 |
Compliance & Audit¶
Solutions for audit management, compliance reporting, and regulatory workflows.
| Solution | Description | Version | Controls |
|---|---|---|---|
| Audit Compliance Manager | Unified audit compliance solution for Microsoft 365 and Power Platform environments. Consolidates the ACV and ALCA capabilities into one solution that validates audit configurations, detects gaps, and remediates non-compliant environments. | v1.0.3 | 1.7 |
| Compliance Dashboard | Aggregated compliance reporting dashboard covering all 78 FSI Agent Governance Framework controls, with zone-based filtering and Dataverse-backed control records. | v1.0.3 | 3.3, 3.1, 3.2, 3.4 |
| Cross-Solution Integration | Integration layer that connects the Tier 2 governance solutions into the Compliance Dashboard and Environment Lifecycle Management workflow. | v2.0.0 | 1.7, 1.23, 1.11, 3.8, 1.8, 1.14 |
| FINRA Supervision Workflow | Automated retrospective supervision workflow for AI agent outputs to support FINRA Rule 3110 compliance in financial services organizations. This solution provides a post-delivery review queue, SLA tracking, escalation, and immutable audit logging fed by Microsoft Purview Communication Compliance. | v1.0.1 | 2.12, 1.10, 1.7 |
| HITL Workflow Governance | Validates that Copilot Studio agent flows include required human-in-the-loop checkpoints per zone governance policy using the Request for Information and Run a Multistage Approval actions from the advancedapprovals connector. | v1.1.0 | 2.12, 2.17, 1.10 |
| Model Risk Management Automation | Automated OCC 2011-12 and Fed SR 11-7 model risk management for AI agents deployed on Power Platform. This solution automates model inventory submission, risk scoring, independent validation workflows, ongoing monitoring, and examiner-facing Agent Card generation. | v1.0.2 | 2.6, 2.5, 2.9, 2.11, 2.13, 3.1, 1.2 |
| Segregation of Duties Detector | Automated role conflict detection that supports Maker/Checker controls in AI agent deployment pipelines and helps address SOX Section 404 IT General Controls. | v1.1.0 | 2.8, 2.1, 2.3 |
Monitoring & Analytics¶
Solutions for observability, analytics, event correlation, and drift detection.
| Solution | Description | Version | Controls |
|---|---|---|---|
| Agent Observability Foundation | FSI-compliant telemetry infrastructure for Microsoft Copilot Studio agents with long-term audit retention, operational workbooks, and proactive alerting. | v1.2.0 | 1.7, 2.8, 2.9, 3.2 |
| Copilot Studio Analytics | Business impact analytics for Copilot Studio agents—session outcomes, CSAT, Agent Assisted Hours, and ROI tracking. Extends Agent Observability Foundation with zone-based governance; not a full Viva Insights replacement. | v2.0.0 | 3.2 |
| Deny Event Correlation Report | Daily reporting for correlating deny/no-content events across Copilot and Copilot Studio using Purview, Application Insights, and optional Defender data. | v2.0.2 | 1.5, 1.7, 1.8, 3.4 |
| Hallucination Feedback Tracker | Feedback aggregation pipeline for tracking and analyzing hallucination patterns in AI agent outputs. | v1.1.0 | 3.10, 2.9, 2.12 |
| Scope Drift Monitor | Automated detection of AI agent data access beyond declared operational scope, supporting GDPR data minimization and FSI data governance requirements. | v1.2.0 | 1.14, 1.4, 1.5 |
Agent Configuration¶
Solutions for validating agent runtime configuration, session controls, and connector scope.
| Solution | Description | Version | Controls |
|---|---|---|---|
| Action Confirmation Auditor | Validates that Copilot Studio agent topics include user confirmation steps before executing actions (connector calls, cloud flows, plugins, HTTP requests), with zone-based policy enforcement for financial services governance. | v1.1.0 | 2.12, 1.10 |
| Agent Communication Restriction Detector | Detects unauthorized agent-to-agent communication patterns, zone boundary violations, cross-tenant communication, and maker/checker violations in Copilot Studio multi-agent orchestration. | v1.1.0 | 2.17 |
| Credential Oversharing Detector | Scans Copilot Studio agent credentials against zone policy to detect overprivileged connectors, excessive OAuth scopes, unauthorized service accounts, cross-environment sharing, and stale credentials. | v2.0.0 | 1.14, 1.4, 1.18 |
| Generative AI Config Auditor | Validates generative AI feature configurations (Azure OpenAI integration, generative orchestration, generative answers nodes, knowledge sources, Model Knowledge toggle, Semantic Search toggle) for Copilot Studio agents against zone-specific governance policies. | v1.1.0 | 2.24 |
| Session Security Configurator | Automated session security baseline management for Microsoft 365 AI agent administration, supporting compliance with FINRA, SEC, and GLBA session control requirements. | v1.1.0 | 1.23, 1.11 |
Lifecycle & Operations¶
Solutions for environment provisioning, agent lifecycle, and operational testing.
| Solution | Description | Version | Controls |
|---|---|---|---|
| Agent 365 Lifecycle Governance | Automated Agent 365 lifecycle governance for sponsor assignment, reviews, inactivity, deactivation, and deletion holds. | v1.1.3 | 2.3, 1.2, 1.11, 2.1, 2.8, 2.12, 3.1 |
| Agent Registry Automation | Automated discovery, registration, approval, and lifecycle governance of AI agents across Power Platform. | v2.0.0 | 1.2, 1.7, 2.1, 2.13 |
| Conflict of Interest Testing | Automated conflict-of-interest testing for AI agent recommendations in financial services. | v1.1.0 | 2.18, 2.11, 2.5 |
| DR Testing Framework | Post-recovery validation and evidence packaging for Power Platform DR testing. | v2.0.0 | 2.4, 2.1, 1.9 |
| Environment Lifecycle Management | Automated Power Platform environment provisioning with zone-based governance. | v1.2.0 | 2.1, 2.2, 2.3, 2.8, 1.7 |
| Message Center Monitor | Monitor Microsoft 365 Message Center for platform changes affecting AI agents. | v2.3.0 | 2.3, 2.10 |
| Pipeline Governance Cleanup | Discover and clean up personal Power Platform pipelines before central ALM governance. | v1.2.0 | 2.3, 2.1 |