Credential Oversharing Detector¶
Version: v2.0.0 | Status: live | Domain: Agent Configuration | Tier: 2
Scans Copilot Studio agent credentials against zone policy to detect overprivileged connectors, excessive OAuth scopes, unauthorized service accounts, cross-environment sharing, and stale credentials.
Mapped Controls¶
Prerequisites¶
| Role | Requirement |
|---|---|
power-platform-admin |
Power Platform admin tenant role and Dataverse environment with the fsi publisher prefix. |
Verification¶
Confirm Invoke-CredentialScan.ps1 writes rows to fsi_credentialscans and fsi_credentialviolations.
Documentation¶
| Document |
|---|
| Dataverse Schema |
| Flow Configuration |
| Prerequisites |
| Troubleshooting |
View source on GitHub { .md-button }