Control 1.3: SharePoint Content Governance and Permissions
Control ID: 1.3
Pillar: Security
Regulatory Reference: FINRA 4511, FINRA 3110, FINRA 25-07, SEC 17 CFR 240.17a-4, SEC Reg S-P 17 CFR 248.30, GLBA 501(b), SOX 302/404
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated
Objective
Ensure AI agents only access authorized SharePoint content through proper permission governance, sensitivity labels, and access controls to prevent inadvertent exposure of sensitive customer information.
Why This Matters for FSI
- FINRA 4511(a) and SEC 17 CFR 240.17a-4(b)(4): Books-and-records obligations extend to SharePoint content that grounds AI agents. Permission governance helps preserve the integrity and supervisory traceability of content surfaced by Copilot Studio and Microsoft 365 Copilot, supports retention scoping by site/library, and aids in WORM/immutable-store coverage when paired with retention labels (Control 3.2).
- FINRA Rule 3110 and FINRA Notice 25-07: Supervisory procedures must cover AI tools used in regulated workflows. Restricting agent grounding sources and reviewing site permissions on a defined cadence aids in meeting supervisory expectations for AI-retrieved content.
- SEC Reg S-P 17 CFR 248.30 (2024 Safeguards Rule amendments): Requires written policies, service-provider oversight, and 30-day customer notification for unauthorized access to customer information. Limiting which SharePoint sites are reachable by agents helps reduce the blast radius of a potential incident and supports the "minimum necessary" principle.
- GLBA Safeguards (15 U.S.C. § 6801; 16 CFR 314): Requires administrative, technical, and physical safeguards for customer non-public personal information (NPI). Removing "Everyone" / "Everyone except external users" from agent-grounded sites and applying container sensitivity labels supports those safeguards.
- SOX 302/404 and ICFR: Financial-reporting content surfaced through AI agents inherits the same internal-control expectations as the underlying SharePoint site. Permission governance and access reviews support segregation-of-duties evidence.
- OCC Bulletin 2011-12 / Fed SR 11-7: Model risk management expects controlled inputs to AI systems. Restricting and labeling agent grounding sources helps maintain the integrity of the model's information environment.
- NIST SP 800-53 AC-3, AC-6, AC-24: Access enforcement, least privilege, and access-control decisions map directly to SharePoint permission governance for agent grounding.
- Oversharing prevention: Helps reduce the likelihood that Microsoft 365 Copilot or a Copilot Studio agent surfaces customer NPI, Material Non-Public Information (MNPI), or trading-desk content beyond its intended audience.
No companion solution by design
Not all controls have a companion solution in FSI-AgentGov-Solutions; solution mapping is selective by design. This control is operated via native Microsoft admin surfaces and verified by the framework's assessment-engine collectors. See the Solutions Index for the catalog and coverage scope.
Control Description
SharePoint is the primary grounding source for Microsoft 365 Copilot (Business Chat) and a common knowledge source for Copilot Studio agents. Copilot Studio uses the calling user's Microsoft Entra identity and Copilot responses are security-trimmed per user permissions — meaning a user's effective SharePoint permissions are the agent's permissions. Microsoft 365 Copilot grounds against any SharePoint content the user already has access to, regardless of whether that site was explicitly configured as a knowledge source, which creates a broader governance surface than agents with curated grounding.
This control implements layered SharePoint governance that helps reduce oversharing risk for agent-retrieved content:
- Tenant-level sharing controls — Restrict external sharing and default link types organization-wide via SharePoint admin center.
- Site-level permissions — Apply least-privilege access on sites used as agent knowledge sources; remove "Everyone" and "Everyone except external users" claims; prefer named Microsoft 365 / Entra security groups over direct user grants.
- Container sensitivity labels — Apply Purview sensitivity labels at the site/group container level (privacy, external sharing, unmanaged-device access, default share link) and configure default library labels for file-level protection.
- SharePoint Advanced Management (SAM) — Restricted Access Control (RAC) to hard-limit a site to a named group; Restricted Content Discovery (RCD) to suppress a site from organization-wide search and Microsoft 365 Copilot grounding without changing site permissions; Data Access Governance (DAG) reports for oversharing and sensitivity insights. SAM features require either a Microsoft 365 Copilot license or a standalone SharePoint Advanced Management license.
- Restricted SharePoint Search (RSS) — Tenant-wide allow-list that limits Microsoft 365 Copilot grounding to a curated set of sites while remediation is in progress (intended as a temporary safeguard, not a permanent control).
- DLP for SharePoint and OneDrive — Purview DLP policies scoped to agent-relevant sensitive information types (SSN, account numbers, MNPI keywords) provide an additional enforcement layer.
- Access reviews — Microsoft Entra Identity Governance access reviews on the Microsoft 365 groups backing agent grounding sites, on a cadence aligned to the governance zone.
Properly configured, these layers help reduce the likelihood that an agent retrieves or surfaces sensitive customer or trading content outside its intended audience. They do not, on their own, satisfy any single regulation — they support the broader books-and-records, supervisory, and safeguards obligations referenced above.
Key Configuration Points
- Set tenant
SharingCapabilitytoDisabled(no external sharing) orExistingExternalUserSharingOnlyfor FSI tenants that have sanctioned partner collaboration; setDefaultSharingLinkType = InternalandDefaultLinkPermission = View. - Block consumer email domains (e.g.,
gmail.com,yahoo.com,outlook.com) via tenant sharing allow/block list when external sharing is permitted. - Remove
Everyone(c:0(.s|true) andEveryone except external users(c:0-.f|rolemanager|spo-grid-all-users/<tenant>) claims from every site that is, or could become, an agent grounding source. - Apply Purview container sensitivity labels to the Microsoft 365 group / site (controls privacy, external sharing, unmanaged-device access, default sharing link) and configure default library labels for file-level protection.
- Enable SharePoint Advanced Management and configure: Restricted Access Control (RAC) on Zone 3 agent grounding sites, Restricted Content Discovery (RCD) on sites that should be invisible to organization-wide search and Microsoft 365 Copilot, and review Data Access Governance (DAG) "Sites shared with Everyone except external users", "Sites shared with people in the org", and "Permission state" reports monthly. See Control 4.1 for cross-reference.
- Where remediation is in progress, scope Microsoft 365 Copilot grounding to a curated allow-list using Restricted SharePoint Search (
Set-SPOTenant -RestrictedSharePointSearchEnabled $trueplus a tenant allow-list of up to 100 sites). Treat as temporary. - Publish at least one Purview DLP policy scoped to SharePoint and OneDrive, targeting FSI-relevant sensitive information types (US SSN, US Bank Account Number, ABA routing, custom MNPI keyword classifiers).
- Configure quarterly Entra access reviews on the Microsoft 365 groups that own agent grounding sites; require justification on attestation; auto-remove on no-response for Zone 3.
- Provision agent grounding content in dedicated, purpose-named sites (for example
Agent-CustomerService-Knowledge) rather than reusing general-purpose business sites, to keep the permission and label boundary explicit.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Site SharingCapability inherits tenant default; container label recommended (Internal minimum); annual access review on the owning M365 group; remove Everyone except external users from any site that surfaces in personal Copilot grounding. |
Low aggregate exposure; user is both author and consumer. |
| Zone 2 (Team) | SharingCapability = ExistingExternalUserSharingOnly with a vetted partner allow-list; container label required at Internal or higher; default library label applied; semi-annual access review with named reviewer (not the site owner alone); DAG "shared with Everyone except external users" report reviewed monthly. |
Shared workspace, mixed-sensitivity content, partner involvement. |
| Zone 3 (Enterprise) | SharingCapability = Disabled; container label Confidential or Highly Confidential with unmanaged-device access set to Block; RAC enabled binding the site to a single named M365/Entra security group; RCD enabled unless the site is intentionally part of the Copilot grounding surface; quarterly access review with auto-remove on no-response and dual reviewer; DLP policy in Enforce mode; retention label coverage aligned to FINRA 4511 / SEC 17 CFR 240.17a-4(b)(4) (typically 6+ years, immutable where required); e-discovery hold readiness verified before site is added as a knowledge source. |
Customer NPI, MNPI, trade-desk content, regulator-examinable records. |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| SharePoint Admin | Configure tenant sharing, RAC/RCD, Restricted SharePoint Search, DAG reviews, and admin-level site settings. |
| SharePoint Site Collection Admin | Manage site-level permissions, break inheritance where required, remove broad claims. |
| SharePoint Site Owner | Maintain library default labels, approve membership changes, respond to access reviews. |
| Purview Info Protection Admin | Author and publish container and file sensitivity labels; configure auto-labeling. |
| Purview Compliance Admin | Author and publish DLP policies scoped to SharePoint/OneDrive; configure retention labels for agent grounding content. |
| Entra Identity Governance Admin | Configure access reviews on M365 groups backing agent grounding sites. |
| AI Governance Lead | Approve sites that may be used as agent knowledge sources; maintain the agent-grounding site inventory. |
| Compliance Officer | Review access-review outcomes, DAG reports, and DLP incident evidence; sign attestation. |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP & Sensitivity Labels | Labels and DLP policies referenced here must be authored and published in Purview first. |
| 1.14 - Data Minimization & Agent Scope Control | Agent-side scope control complements site-side restriction. |
| 4.3 - Site & Document Retention Management | Retention labels on agent-grounding sites help meet FINRA 4511 / SEC 17 CFR 240.17a-4 retention obligations. |
| 4.1 - SharePoint IAG / Restricted Content Discovery | RAC, RCD, and DAG configuration details live here. |
| 4.2 - Site Access Reviews & Certification | Periodic recertification cadence and tooling for site permissions. |
| 4.4 - Guest & External User Access Controls | Guest lifecycle that pairs with tenant sharing settings. |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
Get-SPOTenantreturnsSharingCapability = Disabled(Zone 3 expected) orExistingExternalUserSharingOnly(Zone 2 with documented partner allow-list);DefaultSharingLinkType = Internal;DefaultLinkPermission = View.- For every site in the agent-grounding inventory,
Get-SPOUser -Limit Allreturns no entries matchingc:0(.s|true(Everyone) orspo-grid-all-users(Everyone except external users). - Each agent-grounding site has a container sensitivity label set (
Get-SPOSite -DetailedexposesSensitivityLabel) and the default library label is applied to the document library used by the agent. - A Microsoft 365 Copilot test session impersonating a least-privileged user cannot return content from a site outside the user's effective permissions or from a site with RAC/RCD applied.
- Entra access reviews on the M365 groups backing agent-grounding sites are configured at the zone-appropriate cadence and the most recent review completed with documented outcomes.
- SharePoint Advanced Management Data Access Governance reports show no Zone 3 agent-grounding site shared with
Everyone except external usersand no anonymous links over the threshold defined by your governance policy.
Additional Resources
- Microsoft Learn: SharePoint site permissions
- Microsoft Learn: Manage external sharing for your SharePoint environment
- Microsoft Learn: Sensitivity labels for Microsoft Teams, Microsoft 365 Groups, and SharePoint sites
- Microsoft Learn: SharePoint Advanced Management overview
- Microsoft Learn: Restricted Access Control policy for SharePoint sites and OneDrive
- Microsoft Learn: Restrict SharePoint site content from being discovered by organization-wide search and Copilot (RCD)
- Microsoft Learn: Restricted SharePoint Search
- Microsoft Learn: Data Access Governance reports for SharePoint sites
- Microsoft Learn: Microsoft 365 Copilot data, privacy, and security
- Microsoft Learn: Plan permissions for Copilot Studio agents and connectors
- Microsoft Learn: Data loss prevention reference for SharePoint and OneDrive
- Microsoft Learn: Create an access review of groups and applications
- FINRA Regulatory Notice 25-07: Use of Artificial Intelligence in the Securities Industry
- SEC 17 CFR 240.17a-4 — Records to be preserved by certain exchange members, brokers, and dealers
- SEC Reg S-P 17 CFR 248.30 — Procedures to safeguard customer records and information (2024 amendments)
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current