Control 1.7: Comprehensive Audit Logging and Compliance

Control ID: 1.7
Pillar: Security
Regulatory Reference: FINRA 4511, FINRA 3110, FINRA 25-07 (RFC), SEC 17a-4, SOX 302/404, GLBA 501(b), OCC 2011-12, Fed SR 11-7, CFTC 1.31
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated

Agent 365 Architecture Update

Agent 365 Observability consolidates agent activity logs from all platforms into Application Insights using the OpenTelemetry standard. This simplifies eDiscovery, regulatory reporting, and examination evidence collection by providing a unified audit trail. See Unified Agent Governance for observability architecture and audit trail consolidation details.

Objective

Implement comprehensive audit logging to capture Microsoft 365 Copilot and Copilot Studio agent interactions, providing an evidence trail for regulatory examinations, security investigations, and compliance monitoring. For broker-dealers, this includes guidance supporting SEC 17a-4(f) compliance through either WORM storage or the audit-trail alternative (per October 2022 amendments, compliance date May 2023).

Why This Matters for FSI

FINRA 4511: Requires retention of books and records per regulatory timelines. The FINRA 2026 Annual Regulatory Oversight Report emphasizes that firms must retain not just agent outputs but also prompts, model state, and reasoning chains to enable reconstruction of how the agent reached its conclusion. Audit logs alone capture metadata; verbatim content retention requires eDiscovery / Communication Compliance / DSPM for AI in addition.
SEC 17a-4(b)(4): Communications records require 3-year retention (first 2 years readily accessible). Agent conversation logs typically qualify as communications.
SEC 17a-4(a): Financial / accounting records require 6-year retention.
SEC 17a-4(f): October 2022 amendments (compliance date May 3, 2023) allow either WORM storage or an audit-trail alternative for records preservation.
SEC 17a-3: Record creation requirements — distinct from 17a-4 preservation. Audit logs help evidence the creation events for required books and records.
SOX 302/404: Internal controls over AI system logging require audit trails sufficient to support management certification.
GLBA 501(b): Security safeguards including audit trails for non-public personal information access.
OCC 2011-12 / Fed SR 11-7: Model risk management — model identity, version, and use must be auditable. For Microsoft 365 Copilot, audit captures ModelProviderName only; full model identification requires the model-card store referenced in Control 2.16.
CFTC 1.31: 5-year retention of regulatory records (including AI-generated communications) for FCMs, swap dealers, and CPOs in tamper-evident format with complete metadata.

Updated February 2026

FINRA 2026 examination priorities include validation that AI agent logs support complete decision reconstruction, not just output capture.

Agent Logs Are Typically Communications

Agent conversation logs (prompts, responses, interactions) typically qualify as communications under SEC 17a-4(b)(4), requiring 3-year retention, not the 6-year financial records period. If agent interactions generate or modify financial records, those outputs follow the applicable 6-year period.

Automation Available

Companion solutions in FSI-AgentGov-Solutions:

Deny Event Correlation Report — daily deny event correlation across Purview Audit, DLP, and Application Insights
FINRA Supervision Workflow — automated supervision queue for AI agent outputs supporting FINRA Rule 3110 compliance
RAG Source Validator — integrity validation for RAG knowledge sources with change detection
Audit Compliance Manager — automated validation, drift detection, and remediation of audit configurations

Control Description

Microsoft Purview Audit provides comprehensive logging of user and admin activities across Microsoft 365, including Microsoft 365 Copilot and agent interactions. Audit logs are essential for compliance monitoring, security investigations, and regulatory examinations.

Capture vs Preservation — read first

Microsoft 365 Audit (Standard and Premium, including the 10-Year Audit Log Retention add-on) is record-CAPTURE operational telemetry. It is not, by itself, a SEC Rule 17a-4(f)–compliant electronic recordkeeping system for the books-and-records record set. Broker-dealers, FCMs, swap dealers, and CPOs subject to SEC 17a-4 / FINRA 4511 / CFTC 1.31 must satisfy preservation through one of:

WORM-format storage of the books-and-records record set (e.g., Azure immutable blob storage with a time-based retention policy in a locked state — Cohasset-attested for SEC 17a-4(f), CFTC 1.31, and FINRA 4511 — see Microsoft Learn: Immutable storage for Azure blob data), or
The audit-trail alternative introduced by the October 2022 amendments to Rule 17a-4(f) (compliance date 3 May 2023), which requires the system to preserve original records and a complete time-stamped audit trail of all modifications and deletions, plus a Designated Executive Officer (DEO) representation or a Designated Third Party (DTP) undertaking, plus an independent records-management assessment.

A 17a-4(f) program for AI agent communications typically combines (a) Microsoft 365 Audit (this control) for activity capture, (b) eDiscovery / Communication Compliance / DSPM for AI for content retrieval (Controls 1.10, 1.19, 1.6), and (c) a 17a-4(f)-attested archive — either Azure immutable blob storage or a journaling / capture pipeline into a books-and-records vendor (Smarsh Enterprise Archive, Global Relay Archive, Proofpoint Enterprise Archive, Mimecast Cloud Archive, Bloomberg Vault, Veritas Enterprise Vault.cloud) — for preservation. Do not rely on the 10-year audit retention add-on as your 17a-4(f) preservation layer.

Capability	Description
Unified audit log	Single log for all M365 activities including Copilot
Agent activity logging	Captures agent creation, publishing, modification, and interactions
Extended retention	Up to 10 years with Audit (Premium) plus the 10-year audit log retention add-on license
Search and export	Advanced query and export for investigations
SIEM integration	Export to Sentinel or third-party SIEM

AI-Generated Communication Tagging (Anticipated per FINRA Notice 25-07)

FINRA Notice 25-07 Status

FINRA Regulatory Notice 25-07 (April 2025) is a Request for Comment on workplace modernization, which includes provisions addressing recordkeeping for AI-generated communications and supervisory requirements for AI workflows. This is not final guidance. The framework anticipates expected requirements based on the RFC direction. Monitor for final rule publication.

The RFC addresses recordkeeping requirements for AI-generated communications, proposing that firms distinguish AI-generated communications from human-generated content in their records. Audit logging supports this by:

Requirement	Implementation
AI Origin Tagging	CopilotInteraction events contain `ApplicationId` identifying Copilot/agent source
Prompt/Response Metadata	Audit captures interaction metadata only (message IDs, timestamps, AgentId, model provider, detection flags). For verbatim prompt/response content retention, pair audit with eDiscovery (Control 1.19), DSPM for AI (Control 1.6), Communication Compliance (Control 1.10), and the Microsoft 365 Substrate / Copilot interactions mailbox. The unified audit log alone does not preserve full prompt and response text.
Human vs AI Attribution	Audit logs distinguish `UserId` (human initiator) from `AgentId` (AI responder)
Modification Tracking	If human edits AI output before sending, both versions should be retained via eDiscovery / Comm Compliance, not audit alone

Audit Event Types (RecordType values in the OfficeActivity table — verify against the live AuditLogRecordType enumeration before authoring queries):

CopilotInteraction — M365 Copilot interactions
ConnectedAIAppInteraction — Connected AI app interactions. Coverage is mixed: per Microsoft Learn (April 2026), Microsoft-built Copilot Studio agents and other Microsoft AI applications are included in Audit (Standard) at no incremental cost, while some scenarios under this RecordType — specifically interactions with non-Microsoft AI apps surfaced via Connected AI App — fall under Audit pay-as-you-go (PAYG) billing and must be explicitly enabled. Verify scope per workload before assuming default coverage.
AIAppInteraction — Non-Microsoft AI assistance events captured via network/browser DLP under the AIApp workload. PAYG-only; explicit enablement required; 180-day retention for PAYG-captured records.
AIAppInteraction — Non-Microsoft AI assistance events (PAYG; explicit enablement required)
MicrosoftCopilotStudio — Copilot Studio admin / agent lifecycle activity
PowerPlatformAdminEnvironment, PowerPlatformAdministratorActivity, MicrosoftFlow, PowerAppsApp — Power Platform admin and runtime telemetry

PowerPlatformAdminActivity is NOT a valid RecordType

Earlier drafts of FSI playbooks used -RecordType PowerPlatformAdminActivity; that name is not in the AuditLogRecordType enumeration. Some Exchange Online module versions silently return zero rows for invalid RecordType values, producing false-clean evidence. Use the names listed above and verify them at runtime via [Enum]::GetNames([Microsoft.Office.CompliancePolicy.PSCmdlets.AuditRecordType]).

Agent-Specific Audit Properties (CopilotInteraction schema — verify nesting before writing KQL):

Property	Schema location	Description	Use Case
`AgentId`	Top-level	Prefixed identifier (`CopilotStudio.Declarative.{guid}` or `CopilotStudio.CustomEngine.{guid}`); the prefix distinguishes declarative vs custom-engine agents	Agent-level activity correlation, FINRA 3110 supervisory segmentation
`AgentName`	Top-level	Display name of the agent	Human-readable identification
`AgentVersion`	Top-level	Version at interaction time	Change tracking and regression analysis
`Messages[].JailbreakDetected`	Nested inside the `Messages` array — per individual message, not per interaction	Boolean flag if jailbreak attempt detected on that message	Security monitoring; query as `Messages[].JailbreakDetected`, not as a top-level property
`AccessedResources[].XPIADetected`	Nested inside the `AccessedResources` array — per resource, not per interaction. XPIA = "Cross Prompt Injection Attack" (per Microsoft Learn — not "cross-domain")	Boolean flag if a referenced resource attempted prompt injection	Security monitoring; query as `AccessedResources[].XPIADetected`
`ModelTransparencyDetails.ModelProviderName`	Nested under `ModelTransparencyDetails`	Provider name (e.g., `OpenAI`, `AzureOpenAI`)	Model attribution
`ModelTransparencyDetails.ModelName` / `ModelVersion`	Nested under `ModelTransparencyDetails`	Not available in Microsoft 365 Copilot scenarios per Learn — only `ModelProviderName` is populated for M365 Copilot. Available for Copilot Studio custom-engine agents.	Bank examiner SR 11-7 model inventories cannot be satisfied by audit logs alone for M365 Copilot — supplement with the model-card store in Control 2.16

Audit Record vs Conversation Content — Where the Text Actually Lives

The CopilotInteraction audit record carries interaction metadata: timestamps, UserId, AgentId, accessed-resource references, model provider, detection flags (JailbreakDetected, XPIADetected), and Messages[] entries containing message IDs (Messages[].ID) and IsPrompt booleans — not the prompt or response body.

The prompt and response text for Microsoft 365 Copilot interactions is preserved in the Microsoft 365 Substrate (the per-user Copilot interaction history mailbox, surfaced to compliance tooling via the Substrate). Per the April 2026 Microsoft Learn: Audit logs for Copilot and AI activities page, that content is retrievable through:

DSPM for AI (Control 1.6) — Compliance managers can view chat transcripts for CopilotInteraction events directly from the DSPM for AI experience.
eDiscovery (Premium) (Control 1.19) — Legal hold, collection, and review of Copilot interactions across custodians.
Communication Compliance (Control 1.10) — Policy-based supervisory review of AI-generated communications (FINRA Rule 3110 alignment).

Compliance design implication: the audit log is the evidence trail and join key; the Substrate (via DSPM / eDiscovery / Comm Compliance) is the content store. A 17a-4(b)(4) communications retention program for Copilot must address both, and (for broker-dealers) export/journal the content tier into the firm's 17a-4(f) preservation layer. The CopilotInteraction audit schema captures interaction metadata (message IDs, timestamps, model info, detection flags, accessed resources), not the actual prompt and response text. To retrieve full conversation content, use:

eDiscovery tools (Control 1.19) - For legal hold and investigation
DSPM for AI (Control 1.6) - For data security monitoring and content review
Communication Compliance (Control 1.10) - For policy-based content review

This distinction is critical for compliance design: audit logs provide the evidence trail; eDiscovery/DSPM provides content retrieval.

Querying AI Audit Events

These are RecordType values, not table names. Query via the OfficeActivity table in Log Analytics or use Search-UnifiedAuditLog PowerShell cmdlet with the -RecordType parameter.

Key Configuration Points

Tenant-Level Audit Configuration

Enable unified audit logging at tenant level
Configure retention policies per governance tier (180 days to 10 years)
Search for agent-related activities: CopilotInteraction, AgentPublished, ConnectorAdded
Export logs regularly for WORM storage (broker-dealers)
Integrate with SIEM for real-time monitoring (Zone 2-3)
Retain complete prompt/response pairs per anticipated FINRA 25-07 requirements (no summaries)
Implement adversarial pattern detection in audit log analysis

Dataverse Purview Audit Event Changes — May 2026

Starting May 2026, Dataverse will no longer include before-and-after field change values in audit events sent to Microsoft Purview. Organizations requiring detailed field-level change data for regulatory recordkeeping should retrieve this data directly from Dataverse APIs.

This change may affect SEC 17a-4 / FINRA 4511 compliance programs that rely on Purview audit integration for Dataverse field-level change records. Organizations should begin transitioning to Dataverse API-based audit retrieval before May 2026.

See Regulatory Mappings for detailed regulatory impact on recordkeeping requirements.

Dataverse Environment-Level Audit Configuration

Enable environment-level auditing: In Power Platform Admin Center, select each environment > Settings > Audit and logs > enable "Start Auditing" to capture Dataverse entity changes, user sign-ins, and security events
Configure audit log retention period: In PPAC > Environment > Settings > Audit and logs > Audit settings > set "Retain these logs for" to a minimum of 180 days (Zone 1), 365 days (Zone 2), or 730+ days (Zone 3). Select "Custom" for specific day counts or "Forever" for indefinite retention
Enable tenant-level Dataverse auditing policy: In PPAC > Security > Compliance > Auditing > enable "Turn on Auditing" and additionally enable "User Sign-In" and "Activity" checkboxes to capture sign-in events and entity-level activity across all Dataverse environments

Preview Feature

The agentSignIn resource type and MicrosoftServicePrincipalSignInLogs diagnostic stream are currently in preview. Configuration and field names may change before general availability. Verify availability against your tenant's Entra Admin Center surface — at the time of writing, Microsoft Learn does not document a Frontier-program gate on agentSignIn; treat any "Frontier required" claim in third-party documentation as unverified until confirmed in your tenant.

agentSignIn Resource Type (Preview)

The agentSignIn resource type is a category within Entra sign-in logs dedicated to authentication events performed by AI agent identities. This is the source for attributing authenticated actions to a specific agent identity during audit investigations.

Verify the Entra sign-in filter against the live UI

Earlier drafts referenced an Is Agent = Yes filter chip on the Sign-in logs page. As of the April 2026 verification window, the published Entra sign-in logs UI exposes four sign-in types (Interactive user / Non-interactive user / Service principal / Managed identity) plus a separate Agent activity log entry on the Monitoring & health page. Verify the actual filter affordance in your tenant before documenting it in tenant-specific runbooks.

Property	Value
Log resource type	`agentSignIn`
Event scope	Authentication events performed by a registered AI agent identity
Primary FSI use	Attributing agent-initiated actions to a specific agent identity in audit investigations and evidence packages
Availability	Preview

Every Zone 2 and Zone 3 agent authentication event should be captured in this log and forwarded to the SIEM or Log Analytics workspace with retention aligned to applicable regulatory minimums.

The following Entra sign-in log fields support agent-specific audit correlation. AppOwnerTenantId, ResourceOwnerTenantId, SessionId, and ASN are long-standing fields in the Entra sign-in log schema (present on every user, service principal, and managed identity sign-in for years) — they are not agent-specific or new. Confirm with your SIEM team that they are already in the ingestion schema before adding new mappings.

Attribute	Status	Purpose	FSI Use Case
`AppOwnerTenantId`	Long-standing field	Tenant that owns the agent application	Cross-tenant agent attribution
`ResourceOwnerTenantId`	Long-standing field	Tenant that owns the resource being accessed	Data residency verification
`SessionId`	Long-standing field	Correlates events within a single agent execution session	Session-level audit reconstruction
`SourceAppClientID`	Newer in agent on-behalf-of (OBO) context	Originating application that initiated the agent action	Agent identity chain mapping
`ASN`	Long-standing field	Autonomous system number for the originating network	Geolocation and routing audit review

Include agent correlation attributes in SIEM ingestion schema

If the SIEM or Log Analytics workspace uses a custom ingestion schema or field mapping, verify that AppOwnerTenantId, ResourceOwnerTenantId, SessionID, SourceAppClientID, and ASN are included in the ingested field set. These fields are required for agent-specific alert rules and investigation queries.

MicrosoftServicePrincipalSignInLogs (Preview)

MicrosoftServicePrincipalSignInLogs is an opt-in diagnostic log stream that captures first-party Microsoft service-to-service token requests, including interactions such as Teams requesting resources from Word, Copilot requesting agent APIs, and M365 service orchestration calls.

High-volume stream - review before enabling

This log stream can generate significantly higher event volume than standard sign-in logs. Enable it only after assessing ingestion-cost impact on the Log Analytics workspace and SIEM.

Enable Path:

Microsoft Entra admin center
  > Monitoring & health
    > Diagnostic settings
      > Add diagnostic setting
        > Check: MicrosoftServicePrincipalSignInLogs
        > Destination: Log Analytics workspace / Storage account / Event Hub

Property	Value
Stream name	`MicrosoftServicePrincipalSignInLogs`
Activation model	Opt-in; not enabled by default
Availability	Preview
Recommended for	Tenants with complex M365 service orchestration or regulated Zone 3 agent workloads

Agent Log Coverage Checklist

Configuration Item	Zone Applicability	Status Field
`agentSignIn` log type enabled and forwarded to SIEM	Zone 2, Zone 3	[ ]
Entra sign-in log filter affordance for agent identities verified in tenant UI (filter chip naming has shifted across recent UI revisions — confirm the live label before adding it to a runbook)	Zone 2, Zone 3	[ ]
`AppOwnerTenantId` field included in SIEM ingestion schema	Zone 2, Zone 3	[ ]
`ResourceOwnerTenantId` field included in SIEM ingestion schema	Zone 2, Zone 3	[ ]
`SessionID` field included in SIEM ingestion schema	Zone 2, Zone 3	[ ]
`SourceAppClientID` field included in SIEM ingestion schema	Zone 2, Zone 3	[ ]
`ASN` field included in SIEM ingestion schema	Zone 3	[ ]
`MicrosoftServicePrincipalSignInLogs` evaluated for activation	Zone 3	[ ]
Agent sign-in log retention policy set to the approved minimum	Zone 2, Zone 3	[ ]

Info

For implementation guidance on combining these log types with custom telemetry correlation, see Control 3.14 - Agent 365 Observability SDK and Custom Agent Telemetry.

Zone-Specific Requirements

Zone	Requirement	Rationale
Zone 1 (Personal)	Baseline logging; 180-day retention; monthly review	Low risk, standard coverage
Zone 2 (Team)	1+ year retention; weekly review; SIEM recommended	Shared agents require accountability
Zone 3 (Enterprise)	10-year retention via per-user 10-Year Audit Log Retention add-on (no native 7-year tier — 10 years used to satisfy a 7-year SEC 17a-4 / OCC examination floor); daily review; WORM storage or audit-trail alternative for broker-dealer environments per SEC 17a-4(f); SIEM required	Highest regulatory risk; per-user license alignment is mandatory or retention silently falls back to 180 days

Roles & Responsibilities

Role	Responsibility
Purview Audit Admin	Configure unified audit logging; enable PAYG record types where applicable
Purview Compliance Admin	Search audit logs for examinations; export evidence to immutable storage
Organization Configuration role (Exchange Online)	Author audit retention policies (per Microsoft Learn — `Compliance Admin` alone is not sufficient for retention policy create/modify)
SOC Analyst	SIEM integration, Sentinel rule authoring, daily review
Entra Security Admin	Configure `agentSignIn` log forwarding and diagnostic settings
Power Platform Admin	Configure Dataverse environment audit settings and per-table audit on the Copilot Studio entities
Azure Storage Account Owner / Contributor	Configure Azure immutable blob storage container and time-based retention policy (if WORM export used)

Control	Relationship
1.6 - DSPM for AI	AI interaction visibility
1.19 - eDiscovery	Legal discovery
3.2 - Usage Analytics	Activity monitoring
3.9 - Sentinel Integration	SIEM integration
3.14 - Agent 365 Observability SDK	Extends Entra audit logging with custom agent telemetry and session correlation

Automated Validation: Deny Event Correlation Report

For daily operational reports correlating deny events across Purview Audit, DLP, and Application Insights with anomaly detection and zone-based alerting, see the Deny Event Correlation Report solution.

Capabilities:

Multi-source deny event extraction (RAI telemetry, Purview Audit, Purview DLP)
Daily correlation engine with 7-day trend analysis and volume anomaly detection
Zone-based alerting with Teams adaptive cards and email notifications
Dataverse persistence with zone-based retention (90d/365d/730d)
SHA-256 integrity-hashed evidence export with regulatory alignment mapping

Deployable Solution: deny-event-correlation-report provides PowerShell extraction scripts, Dataverse infrastructure, Power Automate orchestration flow, and evidence export pipeline.

Automated Validation and Remediation: Audit Compliance Manager

For automated validation of tenant and environment audit configurations, drift detection, and approval-gated remediation of audit logging gaps, see the Audit Compliance Manager (ACM) solution.

Capabilities:

Tenant-level audit validation (Unified Audit Log, mailbox audit, Purview retention)
Environment-level audit validation (Power Platform audit retention)
Zone-based retention thresholds (180d/365d/730d)
Daily scheduled validation with drift detection and SHA-256 evidence hashing
Automated detection of Purview unified audit and Dataverse audit status across all environments
Remediation with org-level and entity-level Dataverse audit enablement (6 Copilot Studio entities)
WhatIf simulation for safe remediation dry runs
Power Automate approval workflow for governance-gated remediation
Compliance tracking via Dataverse upsert pattern (one record per environment)
Enterprise-grade Managed Identity authentication

Deployable Solution: audit-compliance-manager provides PowerShell validation scripts, Azure Automation runbooks with Managed Identity auth, Dataverse compliance tracking, Power Automate flows for validation and approval-gated remediation, and evidence export pipeline.

Implementation Playbooks

Step-by-Step Implementation

This control has detailed playbooks for implementation, automation, testing, and troubleshooting:

Portal Walkthrough — Step-by-step portal configuration
PowerShell Setup — Automation scripts
Verification & Testing — Test cases and evidence collection
Troubleshooting — Common issues and resolutions

Advanced Implementation: Configuration Hardening Baseline

This control is covered by the Configuration Hardening Baseline, which consolidates SSPM-detectable settings across all 7 mapped controls into a single reviewable checklist with automation classification and evidence export procedures.

Verification Criteria

Confirm control effectiveness by verifying:

Unified audit logging is enabled — run Get-AdminAuditLogConfig | Format-List UnifiedAuditLogIngestionEnabled from Exchange Online PowerShell (not Security & Compliance PowerShell, which always returns False per Microsoft Learn) and confirm the value is True
Audit (Premium) license entitlement is verified for every Copilot user — without an E5 / Microsoft 365 E5 / Microsoft Purview Suite / E5 eDiscovery & Audit add-on assigned to the user generating the event, retention silently falls back to 180 days regardless of policy
For Zone 3 (>1 year retention), the per-user 10-Year Audit Log Retention add-on is assigned to every Copilot user
Copilot and agent record types appear in audit search results (CopilotInteraction, ConnectedAIAppInteraction, MicrosoftCopilotStudio); AIAppInteraction is enabled via PAYG if non-Microsoft AI apps are in scope
Custom audit retention policies explicitly include the Copilot record types — the default Audit (Premium) retention policy covers only AzureActiveDirectory, Exchange, OneDrive, and SharePoint; Copilot record types fall back to 180 days unless a custom policy names them
Retention policies are configured per governance tier (180 days / 1 year / 10 years; no native 7-year tier exists — use 10 years to satisfy a 7-year regulatory floor)
Export capability produces complete audit records using Search-UnifiedAuditLog -SessionCommand ReturnLargeSet -SessionId <guid> paginated to completion (single-shot -ResultSize truncates silently)
SIEM integration is functional with documented end-to-end ingestion latency (no fabricated SLA)
WORM storage or audit-trail alternative is configured for broker-dealer environments per SEC 17a-4(f) (October 2022 amendments, compliance date May 3, 2023)
Dataverse environment-level auditing is enabled (PPAC > Environment > Audit and logs > "Start Auditing") for all environments
Per-table Dataverse audit is enabled for the six Copilot Studio entities (bot, botcomponent, botcomponentcollection, etc.) so agent admin events surface in ConnectedAIAppInteraction
Audit log retention is set to a minimum of 180 days per environment (PPAC > Environment > Audit settings > "Retain these logs for")
agentSignIn logging is enabled or validated as available for Zone 2 and Zone 3 agent identities
The agent-correlation sign-in fields are confirmed present in the SIEM ingestion schema (note: AppOwnerTenantId, ResourceOwnerTenantId, SessionId, ASN are long-standing fields and likely already mapped — only SourceAppClientID is reliably newer in the agent OBO context)
MicrosoftServicePrincipalSignInLogs has been evaluated and documented for Zone 3 workloads
Evidence-pack capture procedure produces named, hashed, immutable artifacts per the verification-testing playbook

Additional Resources

Regulatory Guidance:

FINRA 2026 Annual Regulatory Oversight Report — Audit trail requirements for AI agents (December 2025)
SEC Rule 17a-4 (2022 Amendments) — Broker-dealer recordkeeping requirements including audit-trail alternative

Microsoft Documentation:

Microsoft Audit Reporting Tools

For enterprise-scale audit data export beyond native portal limits, see:

Microsoft Audit Reporting Tools Playbook - PAX (Portable Audit eXporter) for large-scale audit extraction and AI-in-One Dashboard for adoption analytics

Environment Provisioning Audit Trail

For immutable audit logging of environment provisioning activities:

Environment Lifecycle Management - ProvisioningLog provides complete audit trail of environment creation with Service Principal attribution

Agent 365 Audit Events (Preview)

Note: The following resources are preview documentation and may change.

Agent 365 SDK introduces additional audit event types for Blueprint-registered agents:

Event Type	Description	Logged When
BlueprintRegistration	Agent registered via Blueprint process	Agent manifest submitted for registration
BlueprintPromotion	Agent promoted between lifecycle phases	Design→Build, Build→Deploy transitions
BlueprintDemotion	Agent demoted to previous phase	Rollback or compliance failure
AgentIdentityCreated	New Agent ID created in Entra	First-time agent identity provisioning
AgentIdentityModified	Agent identity permissions changed	Permission scope updates
AgentIdentityDeleted	Agent identity removed from Entra	Agent decommissioning
ObservabilityConfigured	Observability SDK settings modified	Telemetry configuration changes

Querying Agent 365 Events:

OfficeActivity
| where TimeGenerated > ago(7d)
| where RecordType in ("ConnectedAIAppInteraction", "CopilotInteraction")
| extend agentType = tostring(parse_json(AuditData).ApplicationType)
| where agentType == "Agent365Blueprint"
| project TimeGenerated, UserId, Operation, AuditData

See Microsoft Learn: Agent 365 SDK (Preview) for evolving audit capabilities.

Observability by Agent Type

(A) Copilot Studio Agents:

Power Platform Admin Center analytics
Managed Environment insights
Microsoft Purview Audit logs

(B) Agent 365 SDK Agents (Preview):

OpenTelemetry SDK integration
Application Insights workbooks
Custom telemetry configuration

Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current