Cross-Tenant External Sharing Governance

Version: v1.0.2 | Status: live | Domain: Access & Identity | Tier: 2

Automated detection, validation, and remediation of cross-tenant access for Power Platform AI agents in FSI environments.

Mapped Controls

1.1, 1.18, 2.1, 2.8, 3.1, 1.11

Prerequisites

Role	Requirement
power-platform-admin	Power Platform admin for tenant isolation settings, PPAC access, and Dataverse setup.
m365-admin	Entra Global Admin or Cross-Tenant Access Administrator for Graph consent and partner policy changes.
compliance-admin	Optional compliance/audit reviewer for the Dataverse compliance event log and retention checks.

Dependencies

• agent-registry-automation
• unrestricted-agent-sharing-detector

Verification

Confirm fsi_crosstenantcomplianceevent receives events and fsi_approvedexternaltenant is updated during onboarding and remediation runs.

Documentation

Document
Dataverse Schema
Flow Configuration
Power Apps Configuration
Power Bi Setup
Prerequisites
Troubleshooting

---

View source on GitHub { .md-button }