Control 2.2: Environment Groups and Tier Classification
Control ID: 2.2
Pillar: Management
Regulatory Reference: FINRA Rule 4511, FINRA Rule 3110, FINRA Regulatory Notice 25-07, SEC Rule 17a-4(f), GLBA 501(b), SOX 302/404, OCC Bulletin 2011-12, Federal Reserve SR 11-7
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated
Objective
Provide scalable governance by applying consistent policies across multiple Power Platform environments based on risk classification through environment groups and governance zone alignment.
Why This Matters for FSI
- FINRA Rule 4511 / SEC Rule 17a-4(f):Group-published rules for transcript access and usage insights help meet expectations for consistent books-and-records capture across every Managed Environment in scope.
- FINRA Regulatory Notice 25-07: Centrally enforced AI feature rules (External models, Preview/experimental AI models, AI prompts, Generative AI settings) support the supervisory framework for AI-assisted communications and tooling.
- FINRA Rule 3110: Locking sharing limits, solution checker enforcement, and unmanaged customizations at the group level aids in establishing the consistent supervisory system required for production agents.
- GLBA 501(b): Uniform sharing restrictions and Advanced Connector Policy (ACP) rule enforcement support the safeguards required for nonpublic personal information across environment fleets.
- SOX 302/404: Group-locked rules (read-only at the environment level) help establish segregation of duties between tenant administrators and environment makers, supporting ITGC change-management assertions.
- OCC Bulletin 2011-12 / Federal Reserve SR 11-7: Disabling External models and Preview/experimental AI models at the group level supports the model risk management expectation that only validated models be used in production.
Automation Available
See Environment Lifecycle Management in FSI-AgentGov-Solutions for automated Power Platform environment provisioning with zone-based governance.
Control Description
Environment Groups enable consistent governance policy application across multiple Power Platform environments. By grouping environments and applying rules, administrators can enforce sharing limits, channel restrictions, authentication requirements, and AI model governance at scale.
This control implements a three-zone governance model:
- Zone 1 (Personal Productivity): Individual experimentation and learning; non-sensitive data only; lowest blast radius
- Zone 2 (Team Collaboration): Shared team workloads and shared data sources; internal/confidential data; moderate blast radius
- Zone 3 (Enterprise Managed): Production and enterprise-managed workloads; may include regulated data; highest audit expectations
Environment groups work in conjunction with Managed Environments (Control 2.1) and Environment Routing (Control 2.15) so that makers are placed into correctly governed environments that inherit appropriate rules automatically.
Scope boundary: Environment Groups govern the 23 published group rules documented in Microsoft Learn — Rules for environment groups. Settings that are not group rules (IP firewall, IP cookie binding, Customer Managed Key, agent authentication, channel publishing endpoints, Computer-Using Agents) are governed by separate controls and must be configured per environment or via tenant settings. Cross-references are listed under Related Controls.
Computer-Using Agents (CUA) — governed elsewhere
CUA enablement is not an environment group rule. CUA is governed in Copilot Studio admin / Microsoft 365 admin center and is covered by Control 2.24 — Agent Feature Enablement and Restriction Governance. FSI baseline: Disabled tenant-wide. Do not rely on environment groups to block CUA.
Key Configuration Points
- Confirm prerequisite: all environments to be grouped must be Managed Environments (Control 2.1). Default and trial environments cannot join groups.
- Create one environment group per governance zone with a descriptive name (e.g.,
FSI-Z1-Personal,FSI-Z2-Team,FSI-Z3-Enterprise-Prod). - Configure each of the 23 published group rules per zone (table below).
- Publish rules — saved-but-unpublished rules have no effect on member environments.
- Treat group rule changes as controlled changes for Zone 3 (ticket, peer review, evidence capture).
- Re-review the Microsoft Learn rules list quarterly for new rules and align zone settings.
Environment Group Rules — FSI Zone Matrix (April 2026 baseline)
The table below mirrors the 23 rules currently published by Microsoft (alphabetical, GA + preview as marked). Settings that are not group rules are listed in Related Controls.
| # | Rule (Learn name) | Zone 1 (Personal) | Zone 2 (Team) | Zone 3 (Enterprise) | FSI Rationale |
|---|---|---|---|---|---|
| 1 | Accessing transcripts from conversations in Copilot Studio agents | Enabled | Enabled | Enabled | Required for FINRA 4511 / SEC 17a-4 books-and-records of agent conversations |
| 2 | Advanced connector policy (preview) | Not applied | Applied (allow-list) | Applied (strict allow-list) | Helps meet GLBA 501(b) connector data-flow restrictions |
| 3 | AI prompts | Enabled | Enabled | Enabled (with DLP — Control 1.5) | Controlled prompt usage paired with DLP labels |
| 4 | AI-generated descriptions (preview) | Enabled | Enabled | Disabled | Avoids unreviewed AI-authored metadata in regulated artifacts |
| 5 | AI-powered Copilot features | Enabled | Enabled | Enabled (monitored) | Permits maker assistance with audit trail via Control 3.x |
| 6 | Back-up retention | 7 days | 14 days | 28 days | Aligns BCDR window to data sensitivity and recovery objectives |
| 7 | Default deployment pipeline (preview) | Not configured | Recommended | Required | Supports SOX change-management and ALM |
| 8 | Generative AI settings | Enabled (default region) | Enabled (default region) | Enabled (US-only data movement) | Helps support data-residency expectations |
| 9 | External models | Disabled | Disabled | Disabled | OCC 2011-12 / SR 11-7 — helps restrict to validated models |
| 10 | Maker welcome content | Configured (governance link) | Configured (governance link) | Configured (governance link) | Communicates supervisory expectations at maker entry |
| 11 | Power Apps component framework for canvas apps | Enabled | Enabled (review) | Disabled unless approved | Controls custom code components in regulated apps |
| 12 | Preview and experimental AI models | Enabled (sandbox only) | Disabled | Disabled | Required to keep unvalidated models out of regulated workloads |
| 13 | Release channel | Auto | Auto | Scheduled (controlled rollout) | Helps coordinate platform updates with change windows |
| 14 | Sharing agents with Editor permissions | Disabled | Approval-gated | Disabled (use ALM) | Helps prevent unsupervised co-authoring of regulated agents |
| 15 | Sharing agents with Viewer permissions | Disabled | Enabled | Enabled (logged) | Supports controlled distribution with auditability |
| 16 | Sharing controls for canvas apps | Org-only, capped | Org-only, capped | Org-only, capped | Limits blast radius of shared apps |
| 17 | Sharing controls for solution-aware cloud flows | Org-only, capped | Org-only, capped | Org-only, capped | Same as canvas-app sharing rationale |
| 18 | Sharing data between Copilot Studio and Viva Insights | Disabled | Disabled | Disabled | Helps prevent agent-content telemetry leaving controlled boundary |
| 19 | Solution checker enforcement | None | Warn | Block | Catches quality/security defects before production import |
| 20 | Unmanaged customizations | Allowed | Block | Block | Required for ALM discipline in Zone 3 (SOX) |
| 21 | Usage insights | Enabled | Enabled | Enabled | Supports supervisory telemetry under FINRA 3110 |
| 22 | Power Apps code apps | Enabled (sandbox) | Enabled (review) | Disabled unless approved | Controls code-first apps that bypass low-code governance |
| 23 | Content security policy | Default | Configured (report-only → enforce) | Strict (enforced) | Helps mitigate XSS / injection risks for hosted apps |
Rule taxonomy may change
Microsoft adds and graduates rules from preview periodically. Re-baseline this matrix each quarter against the authoritative Learn list. Record any deviations in your governance change log.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Single FSI-Z1-Personal group; sharing rules disabled; External models / Preview models disabled; back-up retention 7 days; document any per-maker exceptions in governance register |
Reduces blast radius for individual experimentation while keeping maker friction low |
| Zone 2 (Team) | Per-business-unit FSI-Z2-* groups; sharing approval-gated; Solution checker = Warn; Unmanaged customizations = Block; named group owner and approval trail; retain rule snapshots quarterly |
Shared agents increase blast radius — uniform application is required for supervisory reviews |
| Zone 3 (Enterprise) | One or more FSI-Z3-* groups; strictest matrix above; Solution checker = Block; Default deployment pipeline required; rule changes treated as controlled changes with ticket + peer review + evidence capture; quarterly rule re-baseline against Learn |
Enterprise agents handle the most sensitive content and carry the highest regulatory and audit exposure |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Primary owner. Create environment groups, configure and publish group rules, maintain the FSI zone matrix, run quarterly Learn re-baseline |
| Environment Admin | Add Managed Environments to the correct zone group, capture per-environment evidence after rule propagation |
| AI Administrator | Approve AI-related rule values (External models, Preview models, AI prompts, Generative AI settings, AI-powered Copilot features) |
| Purview Compliance Admin | Approve zone classification of new environments and review rule configurations against retention and supervisory obligations |
| Entra Security Admin | Review settings that interact with group rules but are configured elsewhere (IP firewall, authentication, CUA — see Related Controls) |
Related Controls
| Control | Relationship |
|---|---|
| 2.1 - Managed Environments | Prerequisite — only Managed Environments can join a group |
| 2.15 - Environment Routing | Routes new makers into Zone 1 environments that inherit group rules automatically |
| 2.24 - Agent Feature Enablement and Restriction Governance | Governs CUA, agent builder, and Copilot Studio feature toggles that are not group rules |
| 1.4 - Advanced Connector Policies | ACP rule (#2 in matrix) is configured here; Control 1.4 defines the policy contents |
| 1.5 - DLP and Sensitivity Labels | DLP policies complement group rules at the connector and data layer |
| 1.15 - Encryption (TLS/CMK) | CMK is configured per environment, not via group rules |
| 3.7 - PPAC Security Posture Assessment | IP firewall, cookie binding, and other env-level security signals are reported here |
Exception Criteria for Simplified Classification
The following scenarios qualify for expedited classification without full assessment:
| Scenario | Classification | Justification |
|---|---|---|
| Proof-of-concept (≤30 days, ≤5 users, no production data) | Zone 1 Auto-Approve | Limited scope, no regulatory exposure |
| Training/demo environment (no customer data) | Zone 1 Auto-Approve | Educational purpose only |
| Migration of existing approved agent to new environment | Retain original zone | No change in risk profile |
Exception Request Process:
- Document business justification
- Confirm data sensitivity (must be public/internal only)
- Set expiration date (max 30 days for POC exceptions)
- Obtain AI Governance Lead approval
- Log exception in governance register
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- At least one environment group exists per governance zone (Zone 1/2/3) with a descriptive
FSI-Z{n}-*name and zone-classification description. - Every production Managed Environment is assigned to the appropriate zone group; no production environment is ungrouped.
- All 23 group rules show Published status with a recent timestamp on each group's Rules tab.
- A newly added Managed Environment inherits the group's rules within 15 minutes (verify via PPAC environment Settings — settings show as locked/read-only).
- The FSI zone matrix has been re-baselined against the Microsoft Learn rules list within the last 90 days, with deviations recorded.
- CUA tenant-wide disable status is verified in Control 2.24 (CUA is not a group rule).
Additional Resources
- Microsoft Learn: Environment Groups Overview
- Microsoft Learn: Rules for Environment Groups (authoritative list)
- Microsoft Learn: Managed Environments Overview
- Microsoft Learn: Sharing limits in Managed Environments
- Microsoft Learn: Solution checker enforcement
- Microsoft Learn: Block unmanaged customizations
- Microsoft Learn: Allow LLM generative responses (External models rule)
- Microsoft Learn: Preview and experimental AI models rule
Advanced Implementation: Environment Lifecycle Management
For automated environment provisioning with automatic Environment Group assignment based on zone classification, see Environment Lifecycle Management.
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current