Control 1.25: MIME Type Restrictions for File Uploads
Control ID: 1.25 Pillar: Security Regulatory Reference: FINRA 4511/3110, SEC 17a-4, GLBA 501(b), OCC 2011-12 Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-12
Relationship to File Upload Security
This control defines environment-wide MIME type and file extension policies configured through the Power Platform Admin Center (PPAC). It complements the per-agent File Upload Security toggle and per-agent file type restrictions available in Copilot Studio (v8+), which enable or disable file uploads at the individual agent level and configure allowed file types per agent. Both environment-level and agent-level controls should be implemented together: environment-wide policies establish the maximum allowable file types, while per-agent settings provide granular restrictions for each agent's specific use case. See Configuration Hardening Baseline items 28-29 for the full hardening context and Control 1.26 - Agent File Upload and File Analysis Restrictions for per-agent attachment governance details.
Objective
Define and enforce MIME type and file extension restrictions for Copilot Studio agent file uploads within Power Platform environments, helping prevent the introduction of malicious or high-risk file types while maintaining operational flexibility appropriate to each governance zone.
Why This Matters for FSI
- FINRA 4511/3110: Supervising file-based interactions with AI agents supports compliance with recordkeeping and supervisory obligations; restricting file types aids in maintaining record integrity by limiting uploads to known, inspectable formats
- SEC 17a-4: Controlling the types of files that can be uploaded to agents helps meet preservation requirements by reducing the risk of opaque or unauditable binary formats entering the record stream
- GLBA 501(b): Restricting file uploads to approved MIME types supports the information safeguards rule by reducing the attack surface for malware delivery and data exfiltration through agent interactions
- OCC 2011-12: Managing file type risks across AI agent environments aids in operational risk management by helping prevent executable or high-risk attachments from reaching automated processing workflows
Control Description
MIME type restrictions provide a layered defense against malicious file uploads in Power Platform environments where Copilot Studio agents accept user-submitted files. Without restrictions, agents may process executable files, script payloads, or file types that bypass downstream security scanning, creating pathways for malware introduction and data integrity compromise.
This control uses the Power Platform Admin Center (PPAC) to configure three complementary restriction mechanisms:
- Blocked file extensions — A deny list of file extensions (e.g.,
.exe,.bat,.ps1,.dll) that blocks uploads regardless of MIME type header - Blocked MIME types — A deny list of MIME type identifiers (e.g.,
application/x-msdownload,application/x-shellscript) that blocks files matching specific content type declarations - Allowed MIME types — An explicit allow list that restricts uploads to only approved content types (e.g.,
application/pdf,image/png,text/csv), rejecting all unlisted types
The enforcement model escalates by governance zone. Zone 1 environments apply Microsoft's default blocked extensions list as a baseline. Zone 2 environments add MIME type blocking and an explicit allowlist, with recommended DLP integration for content inspection. Zone 3 environments layer server-side magic-byte validation, required Purview DLP policies, and Microsoft Sentinel monitoring to achieve defense-in-depth file upload governance.
Per-Agent Attachment Restrictions
In addition to environment-wide MIME type policies, Copilot Studio (v8+) provides per-agent attachment governance controls that enable granular file type restrictions tailored to each agent's operational requirements. These controls complement the environment-level restrictions by applying additional constraints at the individual agent level.
Per-agent configuration capabilities include:
- File Upload toggle — A binary enable/disable setting in the agent's Security settings that determines whether the agent accepts file uploads at all
- Allowed file types per agent — A configurable list of permitted file extensions (e.g.,
.pdf,.docx,.csv) specific to the agent's use case, independent of the environment-wide allowlist - Attachment preview and content scanning integration — Configuration hooks for linking agent-level uploads to Purview DLP content inspection before files reach agent processing logic
Governance model: Environment-wide MIME restrictions establish the maximum allowable file types across all agents. Per-agent settings apply additional constraints within those bounds. For example, if the environment allows .pdf, .docx, and .xlsx, an individual agent may be configured to accept only .pdf, further limiting risk based on the agent's specific function.
Evidence expectations for per-agent governance:
- Screenshot evidence of the File Upload toggle state (enabled/disabled) in the agent's Security settings panel
- Screenshot evidence of allowed file types configured per agent, with justification for each permitted extension
- Audit trail records showing configuration changes to per-agent file type restrictions, including who made changes and when
- Periodic attestation that per-agent restrictions align with the principle of least privilege (only permitting file types required for the agent's documented purpose)
This layered approach—combining environment-wide MIME policies with per-agent restrictions—aids in achieving defense-in-depth for file upload governance while maintaining operational flexibility. Organizations should document the rationale for each agent's file type allowlist and review per-agent settings during monthly (Zone 2) or weekly (Zone 3) policy reviews.
Capability Comparison by Zone
| Capability | Zone 1 (Personal) | Zone 2 (Team) | Zone 3 (Enterprise) |
|---|---|---|---|
| Blocked file extensions | Microsoft defaults | Customized per environment | Comprehensive blocklist |
| Blocked MIME types | Not configured | Configured and maintained | Strictly enforced |
| Allowed MIME types (allowlist) | Not configured | Explicit allowlist active | Strict allowlist with justification |
| Template enforcement | Manual review | FsiMimeControl module | FsiMimeControl with drift detection |
| Server-side validation | None | Optional | Required (magic bytes verification) |
| DLP integration | None | Recommended | Required |
| Sentinel monitoring | None | Optional | Required (active alert rules) |
| Review cadence | Quarterly | Monthly | Weekly |
Key Configuration Points
- PPAC blocked file extensions list — Configure the deny list of dangerous file extensions (
.exe,.bat,.cmd,.ps1,.dll,.vbs,.js,.wsf,.msi,.scr) in the Power Platform Admin Center - PPAC blocked MIME types list — Define blocked MIME type identifiers (e.g.,
application/x-msdownload,application/x-msdos-program,application/x-shellscript) to prevent uploads by content type - PPAC allowed MIME types (explicit allowlist) — Specify the permitted MIME types (e.g.,
application/pdf,image/png,image/jpeg,text/csv,text/plain) and reject all unlisted types - Zone-based template application via FsiMimeControl module — Apply standardized MIME restriction templates per zone using the
Set-FsiMimeConfigcmdlet to maintain consistent configuration across environments - Server-side magic bytes validation (Zone 3 only) — Enable header-content verification to confirm uploaded files match their declared MIME type, detecting extension-spoofing attacks
- Purview DLP policy integration (Zone 2+) — Link MIME type restrictions with Purview DLP policies for content-level inspection of permitted file types, scanning for sensitive data patterns within uploads before files reach agent processing logic
- Per-agent file type restrictions — Configure allowed file types at the individual agent level in Copilot Studio, applying the principle of least privilege to limit each agent to only the file extensions required for its documented purpose
- Agent-level File Upload toggle — Enable or disable file uploads per agent via the Security settings panel, with screenshot evidence documenting the toggle state for each production agent
- Attachment content scanning integration — Configure Purview DLP policy evaluation to occur before uploaded files are processed by agent logic, blocking uploads that contain sensitive data patterns or violate content policies
- Sentinel monitoring queries and alert rules — Deploy KQL-based analytics rules to detect file upload anomalies, blocked-type bypass attempts, and policy drift across environments
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Blocked extensions list applied (Microsoft defaults); quarterly review of extension list | Baseline protection against common executable file types for personal productivity agents |
| Zone 2 (Team) | Blocked extensions + blocked MIME types + explicit allowlist; monthly review; DLP integration recommended | Shared team agents require tighter file type governance; MIME-level controls help prevent content-type spoofing |
| Zone 3 (Enterprise) | Comprehensive blocklist + strict allowlist + server-side magic-byte validation + DLP required + Sentinel monitoring; weekly review | Customer-facing and regulated agents require defense-in-depth with content verification and continuous monitoring |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Configure blocked extensions, blocked MIME types, and allowed MIME types in PPAC; apply zone templates via FsiMimeControl module; review and update restriction lists per zone cadence |
| Purview Compliance Admin | Create and maintain DLP policies for file upload content inspection; configure sensitivity label integration for uploaded documents |
| SOC Analyst | Monitor Sentinel analytics rules for file upload anomalies and blocked-type bypass attempts; triage and investigate alerts; escalate confirmed incidents |
| Entra Global Admin | Configure Conditional Access policies restricting file upload capabilities to managed devices or compliant endpoints where applicable |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP and Sensitivity Labels | Complementary DLP policy layer for content inspection of uploaded files before agent processing |
| 1.10 - Communication Compliance Monitoring | Supervision of agent interactions where file uploads may occur |
| 1.11 - Conditional Access and Phishing-Resistant MFA | Access controls that determine which users and devices can interact with file-upload-enabled agents |
| 1.13 - Sensitive Information Types (SITs) | Pattern recognition for detecting sensitive data within uploaded file content |
| 1.14 - Data Minimization and Agent Scope Control | Data scope minimization complementing file type restrictions |
| 1.26 - Agent File Upload and File Analysis Restrictions | Companion control for per-agent attachment governance and File Upload toggle configuration |
| 3.3 - Compliance and Regulatory Reporting | Reporting integration for tracking file upload policy compliance and rejection rates |
| 3.7 - PPAC Security Posture | Security posture assessment including MIME restriction configuration status |
| 4.3 - Site and Document Retention Management | Retention policies for content sources that may also process uploaded files |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Blocked file extensions list is configured in PPAC and includes all required dangerous extensions for the target zone
- Blocked MIME types list is configured in PPAC with content-type identifiers appropriate to the zone (Zone 2+)
- Allowed MIME types are explicitly defined, restricting uploads to approved content types only (Zone 2+)
- Zone template compliance is verified via
Test-FsiMimeCompliancecmdlet, confirming configuration matches the expected zone profile - Per-agent File Upload toggle state is documented with screenshot evidence for each production agent, showing whether file uploads are enabled or disabled
- Per-agent allowed file types are configured and documented for each file-upload-enabled agent, with justification for each permitted extension aligned to the agent's documented purpose
- Attachment content scanning is configured, with Purview DLP policy evaluation occurring before uploaded files reach agent processing logic
- Audit trail records capture configuration changes to per-agent file type restrictions, including administrator identity, timestamp, and change details
- DLP policy is deployed, active, and generating alerts for sensitive content detected within uploaded files (Zone 2+)
- Sentinel analytics queries are returning data and alert rules are active for file upload anomaly detection (Zone 3)
Additional Resources
- Microsoft Learn: Power Platform Admin Center security overview
- Microsoft Learn: Copilot Studio file upload knowledge source
- Microsoft Learn: Microsoft Purview DLP policies
- Microsoft Learn: Microsoft Sentinel analytics rules
FSI Scope Note
Power Platform Focus: This control targets file upload restrictions within Power Platform environments where Copilot Studio agents accept user-submitted files. Organizations should implement MIME type restrictions when:
- Copilot Studio agents are configured with file upload capabilities enabled
- Agents process user-submitted documents as part of knowledge retrieval or workflow automation
- Regulatory requirements mandate control over file types entering supervised communication channels
For organizations without file upload-enabled agents, this control may be deferred until file upload capabilities are activated. Controls 1.5 (DLP) and 1.10 (Communication Compliance Monitoring) provide foundational security coverage in the interim.
Complement with DLP Content Inspection
MIME type restrictions control which file types reach your agents, but they do not inspect file contents. For defense-in-depth, pair this control with Control 1.5 (DLP and Sensitivity Labels) to scan permitted uploads for sensitive data patterns such as account numbers, SSNs, or confidential classifications. This layered approach addresses both the file-type attack surface and the data exposure risk within allowed uploads.
Updated: February 2026 | Version: v1.3 | UI Verification Status: Current