Control 1.4: Advanced Connector Policies (ACP)
Control ID: 1.4 Pillar: Security Regulatory Reference: FINRA 4511, GLBA 501(b), SEC Rule 17a-4, SOX 404 Last UI Verified: January 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Control which connectors and actions AI agents can use by implementing Advanced Connector Policies (ACP) and DLP boundaries. This control restricts agent access to approved data sources and services with appropriate action-level restrictions.
Why This Matters for FSI
- FINRA 3110: Requires supervision of data access - ACP controls which external data sources agents can access
- SEC Regulation S-P: Privacy safeguards - blocks unauthorized connectors that could leak customer NPI
- SOX 404: Internal controls - provides technical control over data integration points
- GLBA Safeguards Rule: Helps prevent unauthorized data transmission to non-secure external systems
- FINRA 4511: Requires audit logging of all connector usage for compliance examination
Control Description
Advanced Connector Policies (ACP) provide granular control over which connectors and specific actions are available to AI agents in Power Platform. Combined with DLP policies, this control establishes data boundaries that prevent unauthorized data flows.
| Capability | Description |
|---|---|
| Connector Allowlisting | Explicitly approve connectors for regulated environments |
| Action-Level Control | Restrict to read-only actions by default; require approval for write/update/delete |
| DLP Integration | Business/Non-Business/Blocked classifications prevent cross-boundary data flows |
| Environment Groups | Apply consistent policies across multiple regulated environments |
Key Configuration Points
- Enable Managed Environments before configuring ACP (prerequisite)
- Create Environment Groups for regulated tier classification
- Configure explicit allowlist approach - only approved connectors with business justification
- Set action-level restrictions to read-only by default for high-risk connectors
- Align DLP policies with ACP to enforce data boundaries
- Block social media, public cloud storage, and consumer services
- Establish MCP (Model Context Protocol) governance for external tool integrations
- Configure MCP server blocking (Preview) to prevent connections to unapproved MCP servers
- Note: Per-environment ACP is not yet available; ACP policies are applied at the environment group level only
- Govern Copilot plugins and extensions per the terminology table below
Automation Available
See Scope Drift Monitor in FSI-AgentGov-Solutions for automated monitoring of connector usage patterns that may indicate agents accessing data beyond declared operational scope.
Service Principal Security Group Bypass
DLP connector policies applied via security groups may not cover Service Principal-based connections. Service Principals used by Power Automate flows authenticate as application identities without user group membership, potentially bypassing group-scoped DLP policies.
Compensating Control:
- Apply DLP policies at environment level rather than security group level to ensure Service Principals are subject to connector restrictions
- Use Environment Groups (Control 2.2) to apply consistent DLP policies across Zone 2/3 environments
- Audit Service Principal connections quarterly using Power Platform Admin Center > Data policies > Connectors report
Copilot Plugins and Extensions Terminology
Microsoft 365 Copilot and Copilot Studio support various extension mechanisms. Use consistent terminology for governance:
| Microsoft Term | Also Known As | Governance Scope |
|---|---|---|
| Copilot Plugins | M365 Copilot extensions | Third-party capabilities added to M365 Copilot |
| Copilot Connectors | Graph connectors for Copilot | Data source integrations for Copilot grounding |
| Power Platform Connectors | Custom connectors, Premium connectors | API integrations used by Copilot Studio agents |
| Copilot Studio Actions | Agent tools, Agent actions | Specific operations agents can perform |
| MCP Tools | Model Context Protocol tools | External tool integrations using MCP standard |
| Agent Skills | Copilot Studio skills | Reusable capabilities shared across agents |
MCP Clarification: Model Context Protocol (MCP) is an open protocol for tool integration, not a Microsoft-native capability. Organizations implementing MCP-based integrations must apply vendor risk management (Control 2.7) accordingly. Native Microsoft connectors do not use MCP—this guidance applies only to custom agent implementations.
Plugin Governance Requirements:
- Copilot Plugins (M365): Governed via Microsoft 365 Admin Center > Integrated Apps
- Power Platform Connectors: Governed via DLP policies and ACP in PPAC
- Custom Connectors: Require security review before Zone 2/3 deployment
- MCP Tools: Require vendor assessment per Control 2.7 before enablement
- MCP Server Blocking (Preview): Admins can view and block entire MCP servers in Advanced Connector Policies at the environment group level. Use this capability to prevent agents from connecting to unapproved MCP servers
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Standard DLP; Microsoft 365 Graph connectors only | Personal agents should not access customer PII |
| Zone 2 (Team) | ACP with managed allowlist; Microsoft 365 + internal connectors only | Team agents access shared data within controlled boundaries |
| Zone 3 (Enterprise) | Strict ACP allowlist with action-level restrictions; legal review for new connectors | Customer-facing agents require highest security |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Configure ACP, DLP policies, environment groups |
| Environment Admin | Monitor connector usage within environments |
| Security Team | Review and approve connector requests; vendor assessments |
| AI Governance Lead | Define connector allowlist policy; MCP governance framework |
Related Controls
| Control | Relationship |
|---|---|
| 2.1 - Managed Environments | Required dependency - must enable first |
| 2.2 - Environment Groups | Required dependency - groups needed for ACP |
| 1.5 - DLP and Sensitivity Labels | Complementary control for data protection |
| 1.7 - Audit Logging | Logs ACP policy enforcement events |
| 2.7 - Vendor Risk Management | Third-party connectors require vendor assessment |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Managed Environment is enabled for all regulated environments
- Environment Group is created with appropriate tier classification
- ACP is configured with explicit allowlist (blocked connectors unavailable)
- Action-level restrictions are enforced (write/delete blocked where configured)
- DLP boundaries prevent cross-group data flows
- All policy changes appear in Microsoft Purview Audit logs
Additional Resources
- Microsoft Learn: Advanced connector policies
- Microsoft Learn: Enable Managed Environments
- Microsoft Learn: Environment groups
- Microsoft Learn: Connector Reference
- Microsoft Learn: DLP Strategy
Updated: January 2026 | Version: v1.2 | UI Verification Status: Current