Pre-Session Homework: Purview Compliance Admin
This page lists the 17 control(s) you are responsible for as Purview Compliance Admin. Please review each control and bring the requested evidence to your assessment session.
For the full assessment experience, see the Readiness Assessment.
Control 1.13 — Sensitive Information Types (SITs) and Pattern Recognition
Security · Zone 2, Zone 3
Pass criteria: FSI-relevant built-in and custom SITs (SSN, credit card, ABA routing, account numbers, CRD, MNPI keyword dictionary) are deployed and referenced by DLP, sensitivity labels, and DSPM for AI policies.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.14 — Data Minimization and Agent Scope Control
Security · Zone 1, Zone 2, Zone 3
Pass criteria: Each agent has a documented grounding inventory with zone-based justification, narrowed SharePoint scopes, public web grounding disabled for Zone 3 NPI agents, and active scope-drift monitoring.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.17 — Endpoint Data Loss Prevention (Endpoint DLP)
Security · Zone 2, Zone 3
Pass criteria: Devices onboarded via Defender for Endpoint with Endpoint DLP blocking restricted apps, USB/removable media, personal cloud uploads, and Edge for Business AI-paste rules for unmanaged AI.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.2 — Agent Registry and Integrated Apps Management
Security · Zone 1, Zone 2, Zone 3
Pass criteria: All agents and integrated apps registered with named owner and backup owner, admin consent workflow enabled, and no orphaned service principals across Entra, Integrated Apps, and Copilot Studio.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.22 — Information Barriers for AI Agents
Security · Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.25 — MIME Type Restrictions for File Uploads
Security · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.26 — Agent File Upload and File Analysis Restrictions
Security · Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.27 — AI Agent Content Moderation Enforcement
Security · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.3 — SharePoint Content Governance and Permissions
Security · Zone 1, Zone 2, Zone 3
Pass criteria: External sharing restricted; Everyone groups removed from agent knowledge sites; container sensitivity labels applied; SAM RAC/RCD enabled and quarterly access reviews active for Zone 3.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.5 — Data Loss Prevention (DLP) and Sensitivity Labels
Security · Zone 1, Zone 2, Zone 3
Pass criteria: Purview DLP covers SharePoint, OneDrive, Exchange, Teams, Endpoint, and Copilot/Copilot Chat, plus Power Platform data policies for Copilot Studio agents, all using FSI-tuned SITs.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 1.7 — Comprehensive Audit Logging and Compliance
Security · Zone 1, Zone 2, Zone 3
Pass criteria: Unified Audit Log on; Audit Premium with the 10-year retention add-on enabled and a custom audit retention policy targets Copilot/agent events for the applicable 6-year FINRA/SEC window.
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 2.23 — User Consent and AI Disclosure Enforcement
Management · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 2.25 — Microsoft Agent 365 — Admin Center Governance Console
Management · Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 2.26 — Entra Agent ID — Identity Governance for Agents
Management · Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 3.6 — Orphaned Agent Detection and Remediation
Reporting · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 4.3 — Site and Document Retention Management
SharePoint · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Control 4.7 — Microsoft 365 Copilot Data Governance
SharePoint · Zone 1, Zone 2, Zone 3
Verify in: See control documentation.
Full control documentation · Portal walkthrough
Generated from assessment/manifest/controls.json by scripts/generate_homework_pages.py. Edit the manifest, then re-run.