Control 2.24: Agent Feature Enablement and Restriction Governance
Control ID: 2.24 Pillar: Management Regulatory Reference: SOX 302/404, FINRA 3110, OCC 2011-12, GLBA 501(b) Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-12
Objective
Define and enforce zone-based policies for enabling or restricting Copilot Studio agent features, generative actions, preview capabilities, and AI tools to support compliance and risk management requirements in financial services organizations. This control governs which features are permitted per governance zone, with change management integration and explicit feature allowlist/denylist configurations through Power Platform Admin Center.
Why This Matters for FSI
- SOX 302/404: Internal controls over financial reporting — restricting unapproved generative features and AI capabilities supports control environment requirements by preventing unauthorized automation that could affect financial data integrity
- FINRA 3110: Supervisory procedures — governance over agent feature enablement aids in meeting supervisory obligations by ensuring only approved AI capabilities are deployed in customer-facing and operational environments
- OCC 2011-12: Supervisory Guidance on Model Risk Management — controlling which AI features and generative actions are enabled helps meet model risk management requirements by limiting exposure to unvalidated or high-risk AI capabilities
- GLBA 501(b): Administrative, technical, and physical safeguards — feature restriction policies contribute to safeguarding customer information by preventing the use of experimental or high-risk AI features that could expose sensitive financial data
- FINRA 4511: Records retention and supervision — restricting features that lack adequate audit trails or records retention supports regulatory recordkeeping obligations for supervised communications and decisions
Control Description
This control governs the enablement and restriction of Copilot Studio features across governance zones, ensuring that only approved AI capabilities, generative actions, and experimental features are available to agent authors based on agent risk classification and regulatory requirements. Organizations must establish feature governance policies that define which capabilities are permitted in each zone, enforce these policies through Power Platform Admin Center (PPAC) and Dataverse Policy Enforcement, and integrate feature changes with formal change management processes.
Feature Governance Scope
This control addresses feature-level governance across the Copilot Studio platform: generative actions (AI Builder), connectors and data sources (governed by ACP Control 1.4), preview/experimental features, multi-agent orchestration capabilities, tool plugins, and authentication methods. Unlike environment-level controls (Control 2.2), this control governs which specific Copilot Studio features are enabled or restricted within environments based on agent classification.
| Capability | Description | Implementation |
|---|---|---|
| Copilot Governance Dashboard | Central PPAC interface for tenant-wide and environment-specific feature controls | Navigate to PPAC → Copilot → Governance; review feature toggles and environment assignments |
| Generative Actions Restrictions | Control enablement of AI Builder generative actions and prompt-based automation | Configure through PPAC Copilot governance page; restrict generative AI features to approved environments |
| Preview/Experimental Features | Manage access to preview, beta, and experimental Copilot Studio capabilities | Disable preview features in Zone 3; require documented approval for Zone 2; allow in Zone 1 for testing |
| Tool and Plugin Controls | Govern which agent tools (web search, code interpreter, data analysis) are available | Configure tool restrictions per environment; enforce allowlist for Zone 3 agents |
| Multi-Agent Orchestration Limits | Control agent-to-agent communication and orchestration features | Set maximum agent invocation depth; restrict orchestration in Zone 3 without approval |
| Feature Catalog Maintenance | Documented inventory of enabled features per environment and zone | Maintain Dataverse table or SharePoint list tracking: FeatureName, Zone, Status (Allowed/Restricted), ApprovalDate, ChangeTicket |
| DLP Integration | Data Loss Prevention policies enforce feature restrictions at runtime | Leverage DLP connector policies (Control 1.4) to block restricted data sources and actions |
The control uses multiple configuration surfaces depending on scope:
- Power Platform Admin Center (PPAC → Copilot → Governance): Tenant-wide and environment-specific feature toggles, generative AI restrictions, preview feature controls
- Power Platform Admin Center (Settings → Features): Additional feature flags and capability toggles affecting Copilot Studio behavior
- Environment-level DLP Policies: Connector restrictions that limit data sources and generative actions available to agents
- Copilot Studio Agent Settings: Per-agent tool and plugin configuration (constrained by environment-level governance)
- Dataverse Policy Enforcement Tables: Custom tables tracking feature approval status, change tickets, and exception requests
Feature Governance Configuration by Scope
Feature governance operates at multiple levels, each providing different control granularity:
- Tenant-wide: Global feature flags in PPAC apply to all environments unless explicitly overridden; use for disabling high-risk capabilities organization-wide
- Environment-specific: Per-environment feature toggles in PPAC Copilot governance page; align with environment tier classification (Control 2.2)
- Zone-based: Features allowed or restricted based on governance zone (Zone 1/2/3); implemented through environment assignments and DLP policies
- Agent-specific: Individual agents may have further restrictions beyond environment defaults; configured in Copilot Studio agent settings
- Exception-based: Temporary feature enablement for specific use cases; requires change management approval and time-bound access
Relationship to Advanced Connector Policies (Control 1.4)
Control 1.4 governs connector-level restrictions through DLP policies, which directly affect what data sources and generative actions are available to agents. Control 2.24 governs broader feature enablement (preview features, tools, orchestration) beyond connector access. These controls work together: 1.4 restricts what agents can connect to, 2.24 restricts what agent capabilities are available.
Zone-Based Feature Exposure Model
| Feature Category | Zone 1 (Personal) | Zone 2 (Team) | Zone 3 (Enterprise) |
|---|---|---|---|
| Generative Actions | Allowed (Microsoft default) | Allowed with documented approval | Explicit allowlist only; each action requires approval |
| Preview/Experimental Features | Allowed for testing | Disabled (documented exceptions only) | Prohibited |
| AI Builder Custom Prompts | Allowed | Restricted to approved prompts | Explicit allowlist; prompt validation required |
| Web Search Tool | Allowed | Restricted to approved agents | Prohibited or explicit allowlist with limited scope |
| Code Interpreter | Allowed | Disabled (high-risk) | Prohibited |
| Multi-Agent Orchestration | Allowed | Limited depth (max 2 levels) | Prohibited or explicit approval with audit trail |
| Custom Tool Plugins | Allowed | Approved plugins only | Explicit allowlist with security validation |
| External Data Connectors | Microsoft default (DLP enforced) | Approved connectors only (Control 1.4) | Explicit allowlist (Control 1.4) |
| Anonymous Authentication | Allowed | Prohibited | Prohibited |
Key Configuration Points
Power Platform Admin Center (Copilot Governance Page)
- Navigate to Power Platform Admin Center → Copilot → Governance
- Review the central Copilot governance dashboard showing tenant-wide and environment-specific feature controls
- Identify feature toggles for:
- Generative AI features
- Preview/experimental capabilities
- Agent sharing and distribution controls
- Multi-agent orchestration settings
- Configure environment-specific feature restrictions aligned with governance zones
- Document baseline configuration settings for each environment tier (Development, Test, Production)
Generative Actions and AI Builder Controls
- In PPAC Copilot governance page, locate generative AI feature toggles
- For Zone 3 environments: Disable generative AI features by default; enable only through exception process
- For Zone 2 environments: Enable generative actions with documented approval; maintain feature approval log
- For Zone 1 environments: Allow Microsoft default generative features; conduct periodic review of feature usage
- Configure AI Builder capacity allocation to limit resource consumption in production environments
- Integrate with DLP policies (Control 1.4) to restrict which connectors can invoke generative actions
Preview and Experimental Feature Management
- In PPAC → Settings → Features, review all preview feature flags relevant to Copilot Studio
- For Zone 3: Ensure all preview/experimental features are disabled; log any Microsoft-enforced preview features that cannot be disabled
- For Zone 2: Disable preview features by default; implement documented approval process for temporary enablement during evaluation
- For Zone 1: Allow preview features for testing; require summary report of preview feature usage before promotion to Zone 2/3
- Track preview feature graduation to General Availability (GA); update feature allowlists when features reach GA status
- Contact Microsoft Support if GA features cannot be disabled through PPAC (document this as a compensating control gap)
Tool and Plugin Restrictions
- In Copilot Studio agent settings, configure allowed tools per agent:
- Web Search: Restrict to approved agents; configure search scope limitations if available
- Code Interpreter: Disable for Zone 2/3; allow only in sandboxed Zone 1 environments
- Data Analysis: Enable with data source restrictions (DLP integration)
- Custom Plugins: Maintain plugin allowlist; require security validation before approval
- Document tool restriction policy in feature catalog with rationale for each decision
- Test tool restrictions by attempting to enable prohibited tools in restricted environments (should be blocked)
- Configure error messages for authors attempting to use restricted tools: "This feature is restricted in [Zone]. Contact [Governance Team] for approval."
Multi-Agent Orchestration Governance
- In PPAC Copilot governance page, configure multi-agent orchestration limits:
- Zone 1: Allow orchestration with monitoring
- Zone 2: Restrict orchestration depth to 2 levels (agent → sub-agent, no further nesting)
- Zone 3: Prohibit orchestration by default; require explicit approval with audit trail and limited scope
- For approved orchestration scenarios, document the agent interaction graph and data flow between agents
- Implement orchestration depth limits to prevent infinite loops or uncontrolled escalation
- Integrate with Communication Compliance (Control 1.10) to monitor cross-agent conversations
Feature Catalog Maintenance
- Create and maintain a feature catalog in Dataverse or SharePoint documenting:
- FeatureName: Descriptive name of the Copilot Studio feature
- FeatureCategory: Generative Actions, Preview Feature, Tool, Plugin, Orchestration, etc.
- Zone1Status: Allowed / Restricted / Prohibited
- Zone2Status: Allowed / Restricted / Prohibited
- Zone3Status: Allowed / Restricted / Prohibited
- ApprovalRequired: Yes/No (whether feature requires documented approval before use)
- ApprovalDate: Date feature was approved for use in specific zone
- ChangeTicket: Reference to change management ticket authorizing feature enablement
- ExpirationDate: For time-bound feature exceptions
- RiskRating: High / Medium / Low based on feature risk assessment
- Update feature catalog quarterly or when new features are released
- Use feature catalog as input to agent registry (Control 1.2) validation: agents cannot use features not approved for their zone
Change Management Integration
- Establish change management process for feature enablement changes:
- Requester: Agent author or business owner submits feature enablement request
- Justification: Document business need and risk assessment
- Security Review: Power Platform Admin and Security team review feature security implications
- Compliance Review: Compliance Officer approves for Zone 2/3 based on regulatory impact
- Implementation: Power Platform Admin enables feature in target environment
- Documentation: Update feature catalog with approval details and change ticket reference
- Notification: Inform agent authors of feature availability
- For Zone 3 feature changes: Require additional approval from AI Governance Lead and Compliance Officer
- Implement time-bound feature enablement for evaluation periods (e.g., 90-day trial with mandatory review)
- Document compensating controls if high-risk features must be enabled due to business requirements
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Microsoft default features enabled; preview features allowed for testing; periodic review of feature catalog (quarterly); risk awareness training for agent authors | Personal productivity agents have lower regulatory exposure; allowing preview features supports innovation while periodic review ensures feature usage is monitored |
| Zone 2 (Team) | Preview/experimental features disabled by default; generative AI features require documented approval; feature catalog maintained and updated monthly; change management for feature enablement | Team collaboration environments process shared organizational data requiring explicit approval for AI capabilities; documented approval supports audit trail and risk management |
| Zone 3 (Enterprise) | Explicit allowlist of permitted features only; no preview/experimental features unless approved by Compliance Officer; generative actions restricted to approved list with prompt validation; no code interpreter or unapproved orchestration; formal change management for all feature changes; quarterly feature risk assessment | Customer-facing and enterprise agents process sensitive financial data requiring formal approval per FINRA 3110, SOX 302/404, and OCC 2011-12; explicit allowlist ensures only validated features are available; compensating controls required if high-risk features must be enabled |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Configure feature toggles in PPAC Copilot governance page; manage environment-specific feature restrictions; implement DLP policies enforcing feature limits; test feature restrictions |
| Entra Global Admin | Tenant-wide feature governance decisions; approve high-impact feature changes affecting all environments |
| Copilot Studio Agent Author | Request feature enablement for specific agents; document business justification; comply with feature restrictions for assigned governance zone |
| Compliance Officer | Approve feature changes for Zone 2 and Zone 3 environments; review regulatory impact of new features; define compliance requirements for high-risk features |
| AI Governance Lead | Maintain feature catalog; conduct quarterly feature risk assessments; approve time-bound feature exceptions; coordinate with Microsoft on feature availability and restrictions |
| Change Management Team | Process feature enablement change requests; track approval workflow; generate feature change audit reports for regulatory examination |
| Security Architect | Assess security implications of new features; recommend restrictions for high-risk capabilities; validate compensating controls for approved exceptions |
Related Controls
| Control | Relationship |
|---|---|
| 1.4 - Advanced Connector Policies (ACP) | ACP controls restrict data sources and connectors available to agents; 2.24 governs broader feature enablement — complementary controls working together to limit agent capabilities |
| 2.2 - Environment Groups and Tier Classification | Environment tier classification determines which feature restrictions apply; feature governance aligns with environment tiers to ensure Zone 3 environments have strictest restrictions |
| 1.25 - MIME Type Restrictions | MIME type restrictions limit file types agents can process; feature restrictions limit AI capabilities agents can use — both controls reduce attack surface and risk exposure |
| 2.17 - Multi-Agent Orchestration Limits | Multi-agent orchestration is one feature category governed by 2.24; 2.17 provides detailed orchestration-specific controls while 2.24 addresses broader feature governance |
| 1.2 - Agent Registry and Integrated Apps Management | Agent registry tracks which features are enabled per agent; feature catalog feeds into registry validation to ensure agents comply with zone-specific feature restrictions |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, verification, and troubleshooting:
- Portal Walkthrough — Step-by-step configuration of PPAC Copilot governance page, feature toggles, and zone-based restrictions
- PowerShell Setup — Scripts for feature catalog deployment, compliance reporting, and automated feature audits
- Verification & Testing — Test cases for feature restrictions, exception workflows, and change management integration
- Troubleshooting — Common issues with feature toggles, GA features that cannot be disabled, and compensating controls
Automated Feature Compliance Reporting
Use PowerShell scripts to audit feature configuration across all environments, validate that Zone 3 environments have only approved features enabled, and generate quarterly feature risk assessment reports showing feature usage and compliance status.
Verification Criteria
Confirm control effectiveness by verifying:
- PPAC Copilot governance page is configured with environment-specific feature restrictions aligned with governance zones
- Zone 3 environments have preview/experimental features disabled (or documented exceptions with approval)
- Generative AI features are restricted to approved list in Zone 3; Zone 2 has documented approval for enabled generative actions
- Feature catalog is deployed and maintained with current status for all Copilot Studio features
- High-risk features (code interpreter, unapproved orchestration) are disabled in Zone 2 and Zone 3 environments
- DLP policies (Control 1.4) enforce feature restrictions by blocking prohibited connectors and data sources
- Change management process is operational with documented approvals for Zone 2/3 feature changes
- Testing confirms that agent authors cannot enable restricted features in their assigned environments (blocked by policy)
- Feature catalog includes: FeatureName, ZoneStatus, ApprovalDate, ChangeTicket, ExpirationDate (for exceptions)
- Quarterly feature risk assessment is conducted with results documented and feature restrictions updated based on findings
Additional Resources
- Microsoft Learn: Power Platform Admin Center Copilot Governance
- Microsoft Learn: Copilot Studio Feature Management
- Microsoft Learn: AI Builder in Copilot Studio
- Microsoft Learn: Data Loss Prevention for Power Platform
- Microsoft Learn: Multi-Agent Orchestration in Copilot Studio
- Microsoft Learn: Power Platform Settings and Features
- OCC Bulletin 2011-12: Supervisory Guidance on Model Risk Management
Updated: February 2026 | Version: v1.3 | UI Verification Status: Current