Control 2.1: Managed Environments

Control ID: 2.1
Pillar: Management
Regulatory Reference: FINRA Rule 3110 (Supervision), FINRA Rule 4511 (Books and Records), FINRA Regulatory Notice 25-07 (AI Tools — RFC, contextual only), SEC Rules 17a-3/17a-4 (Recordkeeping), SOX Sections 302/404 (Internal Controls), GLBA 501(b) (Safeguards Rule), OCC Bulletin 2011-12 (Technology Risk Management), Federal Reserve SR 11-7 (Model Risk), NYDFS 23 NYCRR 500.06 (Audit Trail), FFIEC IT Examination Handbook (IT Risk Management)
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated

---

Agent 365 Architecture Update

Agent 365 lifecycle management complements Power Platform Managed Environments by providing cross-platform promotion gates and approval workflows. While Managed Environments continue to govern Copilot Studio agents, Agent 365 extends lifecycle governance to Agent Builder, Microsoft Foundry, and SharePoint agents. See Unified Agent Governance for lifecycle management architecture.

Objective

Enable premium governance capabilities for Power Platform environments by designating them as Managed Environments, providing enhanced control over sharing, solution deployment, usage monitoring, and maker onboarding essential for financial services governance.

---

Why This Matters for FSI

• FINRA 4511, FINRA 25-07: Usage insights and activity logs help support books-and-records evidence collection. Managed Environments alone do not satisfy 4511 — pair with retention (Control 1.7) and Purview audit (Control 3.1).
• SEC 17a-3 (record creation): Solution checker enforcement helps establish change-control evidence for systems that create regulated records. (SEC 17a-4 is the WORM-preservation requirement and is addressed by Control 1.7 retention policies, not by Managed Environments.)
• GLBA 501(b): Sharing limits and Tenant Isolation help reduce the surface area for unauthorized access to customer information.
• SOX 302 / SOX 404: Maker welcome content and access reviews aid in documenting policy acknowledgment and access governance for internal controls over financial reporting.
• Federal Reserve SR 11-7 (model risk): Solution checker, sharing limits, and access reviews contribute to the change-control and access-governance pieces of a model-risk framework.

---

Non-substitution — technical guardrails are not governance

Managed Environments provide technical guardrails (sharing limits, solution-checker enforcement, IP firewall, usage insights). They do not replace:

• Model-risk governance committee oversight required by OCC Bulletin 2011-12 / Federal Reserve SR 11-7 — see Control 2.6. A Managed Environment toggle is not an independent model validation.
• Supervisory review by an appropriately registered principal required by FINRA Rule 3110 — see Control 2.12. Solution-checker enforcement is not a Series-24 sign-off.
• Books-and-records retention required by FINRA 4511 / SEC 17a-4 — see Control 1.7 and Control 3.1. The weekly digest is operational telemetry, not a regulated record.
• Written Supervisory Procedures documenting who reviews what, when, and how. Examiners will hold the firm to its own WSPs.

Treat Managed Environments as the enforcement substrate that makes the human-and-process controls above operable and auditable.

Sovereign Cloud Availability — GCC, GCC High, DoD, China

Managed Environments are available in sovereign clouds with material feature gaps that affect FSI evidence pipelines:

• Usage insights / weekly digest: Not available in GCC, GCC High, DoD, or Power Platform / Dynamics 365 services in China (Learn — Usage insights). FSI tenants in these clouds cannot rely on the weekly digest as books-and-records evidence and must substitute Microsoft Graph activity exports, Purview audit (Control 1.7 / Control 3.1), or Sentinel ingestion (Control 3.9).
• Customer-Managed Keys (CMK): Service coverage differs between commercial and GCC High. Several services that CMK-encrypt in commercial (e.g., Power Automate, several Dynamics 365 apps) are not yet on the GCC High CMK list. Verify per-service coverage in Learn — Customer-managed key before asserting CMK coverage in your control narrative.
• Agent 365 governance console: Not yet at parity for GCC, GCC High, or DoD as of GA. See Control 2.25 for the compensating-control pattern (named owner in 1.2 registry, manual quarterly attestation, change-management approval per 2.3, SoD per 2.8) and disclose the gap in your Written Supervisory Procedures.

Re-verify sovereign-cloud parity quarterly via the Microsoft 365 Government roadmap and the linked Learn pages.

---

Automation Available

Companion solutions in FSI-AgentGov-Solutions:

• Environment Lifecycle Management — automated Power Platform environment provisioning with zone-based governance
• Segregation Detector — role conflict detection for Maker/Checker enforcement in agent pipelines
• DR Testing Framework — automated disaster recovery testing for AI agent infrastructure

Prerequisites

Licensing Requirements

Managed Environments require Power Platform Premium capacity or equivalent licensing. Verify the following before implementation:

• Managed Environment activation: Requires Power Apps, Power Automate, or Copilot Studio premium licenses, OR Dynamics 365 licenses, OR Power Platform per-app/per-user plans with premium entitlements
• Advanced security features (IP Firewall, VNet, CMK, Lockbox): Require additional licensing beyond Managed Environment designation
• Usage insights: Included with Managed Environment; no additional license required
• Solution checker enforcement: Included with Managed Environment; no additional license required

Consult Microsoft Learn: Licensing overview for current licensing requirements.

Pay-As-You-Go Does NOT Satisfy Managed Environment Licensing

Enabling pay-as-you-go for a Managed Environment is NOT sufficient to meet licensing requirements if:

• Users without standalone Power Apps licenses are using Power Apps in that environment, OR
• Users without standalone Power Automate licenses are using flows in that environment

Pay-as-you-go billing alone does not satisfy Managed Environment licensing where users otherwise lack qualifying entitlement. Each active user needs a qualifying premium per-user entitlement, or the environment must have applicable capacity-based license rights. Administrators should also review Managed Environment license-consumption reports (PPAC > Resources > License consumption) and Microsoft's 2026 compliance notifications.

Enforcement timeline (June 2026): Microsoft begins user-facing in-app notifications for unlicensed users in Managed Environments and admin alerts in PPAC + Message Center starting June 2026. Run a license-coverage audit before June 2026 to avoid maker-facing disruption.

Source: Microsoft Learn: Managed Environments Licensing

---

Pipeline Targets and Managed Environments

Pipeline target environments — verify current Microsoft guidance before relying on auto-enablement

The Power Platform Pipelines feature has historically required (or strongly recommended) that pipeline target environments be Managed Environments. Microsoft has indicated tightening of this expectation through 2026, but the exact mechanism (admin opt-in vs auto-enable) and date have shifted in successive Learn updates.

Verified action regardless of Microsoft's enforcement timing:

1. Audit all pipeline target environments in your tenant.
2. Verify premium-licensing coverage for each target environment (Learn — Managed Environment Licensing).
3. Proactively enable Managed Environment status on all pipeline targets so you control timing and evidence collection.
4. Use Pipeline Governance Cleanup to discover and remediate personal pipelines.

Sources to re-check before quoting a date:

• Microsoft Learn — Admin Deployment Hub
• Microsoft Learn — Managed Environment Licensing
• Microsoft 365 Roadmap and Message Center for the latest enforcement window.

---

Control Description

Managed Environments provide premium governance capabilities for Power Platform environments, enabling centralized control over sharing, solution deployment, usage insights, and maker onboarding. When enabled, administrators gain access to governance capabilities including sharing controls, solution checker enforcement, usage insights, maker welcome content, and cross-tenant restrictions. Advanced security features such as IP Firewall, VNet support, Customer Managed Keys, and Lockbox require separate licensing and configuration beyond the Managed Environment designation.

For FSI organizations, Managed Environments are essential for enforcing governance policies at the environment level. The feature enables a "sterile default" strategy where all non-personal environments operate under controlled sharing, monitored usage, and enforced deployment gates.

Key capabilities particularly relevant for regulated financial services include:

• Manage sharing - Limit how widely apps, flows, and agents can be shared
• Solution checker enforcement - Block/warn on solution imports with security issues
• Usage insights - Weekly digest of top apps and flows for compliance monitoring
• Maker welcome content - Custom onboarding guidance communicating policy requirements
• Cross-tenant restrictions - Control connector access across tenant boundaries

---

Key Configuration Points

Managed Environment Settings

• Enable Managed Environment status for all non-personal environments
• Configure sharing limits per resource type (Power Apps, Power Automate, Copilot Studio)
• Set solution checker enforcement level: None (Zone 1), Warn (Zone 2), Block (Zone 3)
• Enable usage insights with Compliance team as additional recipients
• Configure maker welcome content with governance policy summary and policy links
• Apply cross-tenant restrictions (disable inbound/outbound for regulated environments)
• Configure the IP Firewall (Zone 3) to restrict access to Power Platform services from allow-listed CIDR ranges
• Configure IP cookie binding (Zone 3) to bind user sessions to source IP, reducing session-token-replay risk
• Configure Customer-Managed Keys (CMK) for environments that hold regulated data, where your KMS posture requires it (additional licensing applies)
• Enable Customer Lockbox for in-tenant approval of any Microsoft engineer access to environment data (additional licensing applies)

Environment Provisioning Governance

• Restrict environment creation to authorized admins: In Power Platform Admin Center > Tenant Settings, configure the following to "Only specific admins" for each environment type:

  • Developer environment assignments
  • Production environment assignments
  • Trial environment assignments

  This prevents uncontrolled environment sprawl where trial or developer environments may expose sensitive data or bypass compliance controls

• Configure environment routing: In PPAC > Tenant Settings > Environment Routing, configure routing rules to ensure new environments are created in the correct region aligned with data residency requirements and organizational governance policies. This supports compliance with data locality regulations and optimizes resource management

• Enable tenant isolation: In PPAC > Security > Identity and access > Tenant Isolation, enable "Restrict Cross-Tenant Connections" to prevent data from moving into or out of the tenant via Power Platform connectors. Configure explicit exceptions (by Tenant ID and direction) only for trusted partner tenants. Unrestricted cross-tenant connectivity increases risk of unintended data exchange and regulatory non-compliance

• Configure environment security groups: In PPAC > Security > Identity and access > Environment Security Groups, assign a security group to each environment to control user access. Without security groups, environment access may default to broad access, increasing risk of unauthorized access to sensitive data and applications

---

Zone-Specific Requirements

Zone	Requirement	Rationale
Zone 1 (Personal)	Apply baseline minimum; document exceptions for personal agents; environment creation restricted to admins	Reduces risk from personal use while keeping friction low
Zone 2 (Team)	Enable managed environment governance; require identified owner and approval trail; security groups required; tenant isolation enabled	Shared agents increase blast radius; controls must be consistently applied
Zone 3 (Enterprise)	Require strictest configuration enforced via policy; treat changes as controlled; security groups required; tenant isolation enforced; environment routing configured for data residency compliance	Enterprise agents handle most sensitive content and highest regulatory risk

---

Roles & Responsibilities

Role	Responsibility
Power Platform Admin (or Dynamics 365 Admin)	Only these tenant-level roles can enable / edit Managed Environments per Learn — Permissions. Configure environment settings, sharing limits, IP Firewall, CMK
Environment Admin	Environment-level user management; cannot change Managed Environments property
Delegated Admin	Delegated administration; cannot change Managed Environments property
Compliance Officer	Reviews usage insights; approves governance zone classifications; receives weekly digest
IT Governance	Defines sharing-limit policy, solution-checker enforcement level, IP-allow-list standards
AI Governance Lead	Configures agent-specific sharing settings within managed environments

---

Related Controls

Control	Relationship
1.20 - Network Isolation	VNet support implementation for private connectivity
2.2 - Environment Groups	Group-level governance rules that complement environment settings
2.15 - Environment Routing	Automatic maker placement into governed environments
1.4 - Advanced Connector Policies	Data policies enforced within managed environments
2.3 - Change Management	Solution deployment controls using solution checker
2.22 - Inactivity Timeout Enforcement	Inactivity timeout policies operate within managed environment framework

---

Implementation Playbooks

Step-by-Step Implementation

This control has detailed playbooks for implementation, automation, testing, and troubleshooting:

• Portal Walkthrough — Step-by-step portal configuration
• PowerShell Setup — Automation scripts
• Verification & Testing — Test cases and evidence collection
• Troubleshooting — Common issues and resolutions

Advanced Implementation: Configuration Hardening Baseline

This control is covered by the Configuration Hardening Baseline, which consolidates SSPM-detectable settings across all 7 mapped controls into a single reviewable checklist with automation classification and evidence export procedures.

---

Verification Criteria

Confirm control effectiveness by verifying:

1. Managed Environment status shows enabled in PPAC environment details
2. Sharing limits block attempts to share beyond configured thresholds (test with non-admin user)
3. Solution checker blocks non-compliant solution imports (if Block mode enabled)
4. Weekly usage insights digest arrives at configured recipient addresses
5. Maker welcome content displays for new users accessing the environment
6. Environment creation is restricted to authorized admins only (PPAC > Tenant Settings > verify "Only specific admins" is set for Developer, Production, and Trial environment assignments)
7. Environment routing is configured for correct region (PPAC > Tenant Settings > Environment Routing)
8. Tenant isolation is enabled (PPAC > Security > Identity and access > Tenant Isolation > "Restrict Cross-Tenant Connections" is on)
9. Security groups are assigned to all Zone 2/3 environments (PPAC > Environment details > Security group)
10. License-entitlement coverage verified for every active maker (PPAC > Resources > License consumption)
11. IP Firewall allow-list reviewed against current corporate egress ranges (Zone 3)
12. Inactive-environment / quarantine notifications routed to the governance distribution list

---

Additional Resources

• Microsoft Learn: Managed Environments Overview
• Microsoft Learn: Enable Managed Environment
• Microsoft Learn: Sharing Limits
• Microsoft Learn: Solution Checker Enforcement
• Microsoft Learn: Usage Insights
• Microsoft Learn: Cross-tenant Restrictions

Advanced Implementation: Environment Lifecycle Management

For automated environment provisioning with Managed Environment status enabled from creation, see Environment Lifecycle Management.

Deployable Solution: environment-lifecycle-management provides Python automation scripts for Dataverse schema creation, security roles, and evidence export.

Agent 365 Blueprint Lifecycle (Preview)

Preview Notice

Microsoft Agent 365 SDK and Agent Essentials are in limited preview (Frontier program). Verify feature availability and GA timelines before implementing production controls dependent on these capabilities. Expect changes before general availability.

Agent 365 Blueprints introduce 3-phase lifecycle management that aligns with Managed Environment promotion paths:

• Phase 1: Design - Define agent requirements and governance zone
• Phase 2: Build - Develop in development Managed Environment

• Phase 3: Deploy - Promote to production Managed Environment via Blueprint registration

• Microsoft Learn: Agent 365 Blueprint (Preview) - 3-phase deployment framework

---

Implementation Note

Organizations should verify that their implementation meets their specific regulatory obligations. This control supports compliance efforts but requires proper configuration and ongoing validation.

Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current