Pre-Session Homework: Entra Global Admin
This page lists the 14 control(s) you are responsible for as Entra Global Admin. Please review each control and bring the requested evidence to your assessment session.
For the full assessment experience, see the Readiness Assessment.
Control 1.1 — Restrict Agent Publishing by Authorization
Security · Zone 1, Zone 2, Zone 3
Pass criteria: Environment Maker role removed from All Users; named publisher security group exists; share-with-everyone disabled and agent publish gated by approval workflow across Zone 2/3 environments.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.18 — Application-Level Authorization and Role-Based Access Control (RBAC)
Security · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.2 — Agent Registry and Integrated Apps Management
Security · Zone 1, Zone 2, Zone 3
Pass criteria: All agents and integrated apps registered with named owner and backup owner, admin consent workflow enabled, and no orphaned service principals across Entra, Integrated Apps, and Copilot Studio.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.23 — Step-Up Authentication for AI Agent Operations
Security · Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.25 — MIME Type Restrictions for File Uploads
Security · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.28 — Policy-Based Agent Publishing Restrictions
Security · Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.6 — Microsoft Purview DSPM for AI
Security · Zone 2, Zone 3
Pass criteria: DSPM for AI activated with Activity Explorer, sensitive-interaction policies, weekly risk assessments on in-scope SharePoint sites, and extended insights for approved third-party AI.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 2.23 — User Consent and AI Disclosure Enforcement
Management · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 2.24 — Agent Feature Enablement and Restriction Governance
Management · Zone 1, Zone 2, Zone 3
Pass criteria: Per-zone feature catalog approved by change management; tenant, environment, and agent-level toggles enforce it; preview/MCP/code-interpreter features explicitly approved per zone.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 2.25 — Microsoft Agent 365 — Admin Center Governance Console
Management · Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 3.1 — Agent Inventory and Metadata Management
Reporting · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 3.11 — Centralized Agent Inventory Enforcement
Reporting · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 3.8 — Copilot Hub and Governance Dashboard
Reporting · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 4.4 — Guest and External User Access Controls
SharePoint · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Generated from assessment/manifest/controls.json by scripts/generate_homework_pages.py. Edit the manifest, then re-run.