Control 1.26: Agent File Upload and File Analysis Restrictions
Control ID: 1.26 Pillar: Security Regulatory Reference: GLBA 501(b), FINRA 4511/3110, OCC 2011-12, SEC 17a-4 Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-12
Relationship to MIME Type Restrictions
This control governs the per-agent File Upload Security toggle in Copilot Studio (v8+), which enables or disables file upload and file analysis capabilities at the individual agent level. It complements Control 1.25 (MIME Type Restrictions), which defines environment-wide MIME type and file extension policies in the Power Platform Admin Center (PPAC). Both controls should be implemented together: this control determines whether an agent accepts uploads, while Control 1.25 determines which file types are permitted across the environment. See Configuration Hardening Baseline items 28-29 for the full hardening context.
Objective
Govern the enablement of file upload and file analysis capabilities at the individual agent level, applying risk-based restrictions by governance zone to help prevent data exfiltration and reduce data leakage risk.
Why This Matters for FSI
- GLBA 501(b): Restricting file upload capabilities on a per-agent basis supports the information safeguards rule by limiting the pathways through which sensitive customer data can be introduced into or extracted from AI-driven workflows
- FINRA 4511/3110: Governing which agents accept file uploads aids in supervisory compliance by providing granular control over file-based interactions that may contain records subject to retention and review obligations
- OCC 2011-12: Per-agent file upload governance supports operational risk management by helping prevent agents from processing unvetted file content that could introduce malicious payloads or trigger unauthorized data flows
- SEC 17a-4: Controlling file upload enablement at the agent level helps meet preservation requirements by ensuring only authorized agents process file-based content that enters the record stream
Control Description
File upload and file analysis capabilities in Copilot Studio allow agents to accept user-submitted files as knowledge sources. When enabled, agents can ingest and analyze files including docx, pptx, xlsx, pdf, txt, and csv formats, with files stored in tenant-owned SharePoint Embedded (SPE) containers. Without per-agent governance, any agent author can enable file uploads, potentially creating unmonitored data ingestion points that bypass established DLP controls and content scanning policies.
This control establishes a risk-based enablement model for the per-agent File Upload Security toggle:
- Per-agent toggle governance — Each agent's file upload capability is explicitly enabled or disabled based on its governance zone classification and approved use case
- SharePoint Embedded storage oversight — Uploaded files are stored in SPE containers owned by the tenant; governance policies determine retention, access controls, and content inspection requirements
- Sensitivity label inheritance — When file upload is enabled, the agent inherits the most restrictive sensitivity label from uploaded files, supporting data classification enforcement
- DLP policy integration — DLP policies control what data agents can access from uploaded files, providing content-level protection beyond the upload toggle itself
The enforcement model escalates by governance zone. Zone 1 environments permit file upload with Microsoft defaults and periodic review. Zone 2 environments require approval before enablement and mandatory DLP integration. Zone 3 environments default to deny for file uploads, requiring formal risk assessment, approval, full DLP integration, and content scanning before any agent may accept file uploads.
Capability Comparison by Zone
| Capability | Zone 1 (Personal) | Zone 2 (Team) | Zone 3 (Enterprise) |
|---|---|---|---|
| File upload toggle default | Allowed (Microsoft defaults) | Disabled until approved | Default deny |
| Approval for enablement | Not required | Manager/admin approval | Formal risk assessment + approval |
| Maximum files per agent | Up to 20 (Microsoft default) | Up to 20 with justification | Determined by risk assessment |
| File size governance | Microsoft defaults (up to 512MB) | Microsoft defaults with monitoring | Reduced limits where feasible |
| Sensitivity label enforcement | Recommended | Required | Required with audit trail |
| DLP integration | Not required | Required | Required with content scanning |
| SPE container monitoring | Periodic review | Monthly review | Continuous monitoring |
| Review cadence | Quarterly | Monthly | Weekly |
Key Configuration Points
- Per-agent File Upload Security toggle — Enable or disable file upload capabilities for each individual agent in Copilot Studio under agent settings; default state should align with the agent's governance zone classification
- Agent-level file upload approval workflow — Establish an approval process requiring documented justification before enabling file uploads for Zone 2 and Zone 3 agents
- SharePoint Embedded container access policies — Configure access controls and retention policies on the tenant-owned SPE containers where uploaded files are stored
- Sensitivity label auto-application — Verify that sensitivity labels are automatically applied to uploaded files and that agents inherit the most restrictive label from their file knowledge sources
- DLP policy scoping for file upload agents — Ensure Purview DLP policies are scoped to cover agents with file upload enabled, scanning uploaded content for sensitive data patterns
- File upload inventory and audit — Maintain an inventory of all agents with file upload enabled, including zone classification, approval status, and last review date
- Content scanning integration (Zone 3) — Enable server-side content inspection for uploaded files before agents can access them as knowledge sources
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | File upload allowed with Microsoft defaults; quarterly review of agents with upload enabled | Personal productivity agents present lower risk; periodic review helps identify unused or orphaned upload capabilities |
| Zone 2 (Team) | File upload disabled by default; enabled only with documented approval; DLP integration required; monthly review | Shared team agents may process sensitive content from multiple users; approval and DLP integration reduce data leakage risk |
| Zone 3 (Enterprise) | Default deny for file upload; requires formal risk assessment and approval; full DLP + content scanning required; weekly review | Customer-facing and regulated agents require defense-in-depth governance; uncontrolled file ingestion in enterprise agents creates significant exfiltration and compliance risk |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Enforce file upload governance policies across environments; review and approve file upload enablement requests for Zone 2+ agents; monitor SPE container configurations |
| Purview Compliance Admin | Create and maintain DLP policies scoped to agents with file upload enabled; configure sensitivity label policies for uploaded content; review content scanning results |
| Copilot Studio Agent Author | Request file upload enablement through the appropriate approval process; configure the per-agent File Upload Security toggle per approved settings; document file upload justification |
| Security Operations | Monitor file upload activity and alerts across agents; investigate anomalous upload patterns; triage and escalate confirmed incidents involving uploaded file content |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP and Sensitivity Labels | Complementary DLP policy layer for content inspection of files uploaded to agents |
| 1.4 - Advanced Connector Policies | Boundary controls governing connector access that may interact with file upload data flows |
| 1.25 - MIME Type Restrictions | Companion control providing environment-level file type governance; this control governs per-agent upload enablement |
| 1.8 - Runtime Protection | Content moderation and egress controls that apply to agent interactions involving uploaded files |
| 1.14 - Data Minimization and Agent Scope Control | Data scope minimization complementing file upload restrictions by limiting what agents can access |
| 3.3 - Compliance and Regulatory Reporting | Reporting integration for tracking file upload enablement status and policy compliance |
| 2.22 - Inactivity Timeout Enforcement | Agent-level session timeout settings complement file upload restrictions as part of agent-level configuration governance |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Per-agent File Upload Security toggle is set to the correct state (enabled/disabled) for each agent based on its governance zone classification
- All agents with file upload enabled have documented approval appropriate to their zone (informal for Zone 1, documented for Zone 2, formal risk assessment for Zone 3)
- DLP policies are deployed and active for all agents with file upload enabled in Zone 2 and Zone 3 environments
- Sensitivity labels are being auto-applied to uploaded files and agents inherit the most restrictive label from their file knowledge sources
- An up-to-date inventory of agents with file upload enabled exists, including zone classification, approval status, and last review date
- Content scanning is active for all Zone 3 agents with file upload enabled
Additional Resources
- Microsoft Learn: Copilot Studio file upload knowledge source
- Microsoft Learn: Power Platform Admin Center security overview
- Microsoft Learn: Microsoft Purview DLP policies
- Microsoft Learn: Sensitivity labels overview
FSI Scope Note
Per-Agent Focus: This control targets the per-agent File Upload Security toggle within Copilot Studio. Organizations should implement file upload governance when:
- Copilot Studio agents are being authored or deployed with file upload capabilities
- Agents process user-submitted documents as knowledge sources for retrieval or analysis
- Regulatory requirements mandate control over data ingestion points in supervised AI workflows
For organizations that have not yet enabled file upload on any agents, this control may be deferred until file upload capabilities are activated. Control 1.25 (MIME Type Restrictions) provides environment-level file type governance in the interim.
Complement with MIME Type Restrictions
The per-agent file upload toggle controls whether an agent accepts files, but it does not control which file types are permitted. For defense-in-depth, pair this control with Control 1.25 (MIME Type Restrictions) to define environment-wide MIME type and file extension policies. This layered approach addresses both the agent-level enablement decision and the file-type attack surface for permitted uploads.
Updated: February 2026 | Version: v1.3 | UI Verification Status: Current