Control 2.3: Change Management and Release Planning

Control ID: 2.3
Pillar: Management
Regulatory Reference: SOX 302/404, FINRA 4511, FINRA 25-07, OCC 2011-12, Fed SR 11-7, FFIEC IT Handbook (Development & Acquisition), SEC 17a-3/4, GLBA 501(b)
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated

Agent 365 Architecture Update

Agent 365 standardizes change management across agent platforms through consistent promotion gates and approval workflows. This replaces per-platform approval processes with a unified lifecycle, supporting SOX 302 change management controls. See Unified Agent Governance for promotion gate configuration.

Objective

Establish structured governance over all modifications to AI agents through controlled, documented, and approved change processes. This includes promotions between governance zones, configuration changes, version updates, and rollback procedures.

Why This Matters for FSI

SOX Section 302 (CEO/CFO certification): Officers certify the effectiveness of internal controls over financial reporting; AI agents touching financial data, disclosure workflows, or controls evidence require documented, approved change records to support that certification.
SOX Section 404 (Internal Control Assessment): Change management is a foundational IT general control (ITGC); auditors expect evidence that agent modifications follow a documented approval, segregation-of-duties, and rollback process.
FINRA Rule 4511 / Notice 25-07: Books-and-records obligations require preservation of records evidencing how AI systems used in supervision or customer interactions were modified, by whom, and with what approval.
OCC Bulletin 2011-12 (Supervisory Guidance on Model Risk Management) and Fed SR 11-7: Prompt, knowledge-source, and connector changes that influence a model's output are model changes; OCC and the Federal Reserve expect change controls, version tracking, and independent review proportional to model risk.
FFIEC IT Handbook — Development & Acquisition Booklet: Examiners look for a defined SDLC with separation between development, test, and production environments; pipeline-based promotion supports that expectation.
SEC Rule 17a-3 / 17a-4: Change records, approvals, and rollback evidence must be retained in WORM-compliant or equivalent immutable storage for the regulatory retention period.
GLBA 501(b) Safeguards Rule: Administrative safeguards include controlled changes to systems handling customer information; uncontrolled agent edits create unmanaged risk to nonpublic personal information.

Automation Available

Companion solutions in FSI-AgentGov-Solutions:

Message Center Monitor — monitoring M365 Message Center for platform changes affecting AI agents
Pipeline Governance Cleanup — discovery and cleanup of personal pipelines before enforcing centralized ALM governance
Segregation Detector — role conflict detection for Maker/Checker enforcement in agent pipelines

Control Description

This control requires that modifications to AI agents — including system prompts, topics, knowledge sources, connectors, actions, environment placement, and security settings — be controlled, documented, and approved before promotion to environments serving real users or production data. Power Platform pipelines provide the deployment framework with built-in solution versioning, deployment history, and rollback via re-import of a prior managed solution. Approval gates and segregation of duties are implemented in two complementary ways: (1) delegated deployments, where the deployment runs under a service principal or pipeline owner identity rather than the requestor, enforcing maker/checker separation at the platform layer; and (2) Power Automate approval flows triggered by the OnApprovalStarted and OnPreDeploymentStarted pipeline events, which capture business and compliance approvals before the deployment proceeds.

For Copilot Studio agents, change control hinges on packaging the agent in a Dataverse solution and treating the solution version as the authoritative agent version. Components stored outside the solution boundary (for example, externally hosted knowledge connectors or files referenced by URL) require a parallel change record because they are not captured by solution export.

Approval Gates Implementation

Power Platform pipelines provide the deployment framework with built-in version tracking and rollback. Approval gates are implemented by integrating Power Automate approval workflows that trigger on the OnApprovalStarted or OnPreDeploymentStarted pipeline events before a stage executes. This integration requires custom configuration; the pipeline does not provide a built-in CAB approval UI.

Terminology Update: Delegated Deployments

Pipeline approvals are now documented by Microsoft as "delegated deployments", reflecting the model where deployment authority is delegated to a designated service principal or pipeline owner identity instead of the requesting maker. When referencing Microsoft Learn documentation, search for "delegated deployments" in addition to "pipeline approvals" for current guidance. Delegated deployments help meet SOX 404 segregation-of-duties expectations because the maker who authored the change is not the identity that performs the production deployment.

Native vs. Pipeline Approval Workflows

Agent approval requirements differ based on deployment method:

Deployment Method	Approval Mechanism	Configuration
Copilot Studio native publish	Built-in publishing approval workflow	Agent settings > Approval (requires admin enablement)
Solution-packaged agents via pipelines	Custom Power Automate approval	`OnApprovalStarted` / `OnPreDeploymentStarted` trigger integration
Solution-packaged agents via delegated deployment	Service principal or pipeline owner identity executes the import	Configured per pipeline stage in PPAC > Deployment > Pipelines

Copilot Studio Native Approvals: Copilot Studio includes a built-in approval workflow that requires designated approvers to authorize agent publishing. This is configured per-agent in agent settings and does not require custom Power Automate development.

Pipeline Approvals: When agents are packaged as solutions and deployed via pipelines, approval gates require custom Power Automate configuration using the OnApprovalStarted trigger. This approach provides more flexibility but requires development effort.

FSI Recommendation: Use native Copilot Studio approvals for Zone 2 agents with straightforward approval chains. Use pipeline approvals combined with delegated deployment for Zone 3 agents requiring multi-stage deployments with CAB review.

Capability	Description	Implementation	FSI Relevance
Power Platform Pipelines	Automated solution deployment	Built-in (PPAC > Deployment)	Controlled promotion Dev → Test → Prod
Solution Versioning	Track agent versions via Dataverse solution version	Built-in	SOX 404 audit trail; SEC 17a-4 retention
Delegated Deployments	Pipeline runs under service principal / pipeline owner	Built-in (per stage configuration)	Maker/checker separation per SOX 302/404
Approval Workflows	Gate deployments via Power Automate	`OnApprovalStarted` / `OnPreDeploymentStarted` triggers	CAB and compliance enforcement
Rollback Capability	Revert to previous managed solution	Re-import of prior managed solution version	Business continuity; OCC 2011-12 model rollback
Solution Checker	Static analysis of solution components	Built-in pipeline stage	Pre-deployment quality gate
Service Communications API (Graph)	Programmatic Message Center change tracking	`admin/serviceAnnouncement/messages` (delta)	Detect platform changes that may invalidate agent behavior

Key Configuration Points

Enable Power Platform pipelines for Zone 2 (recommended) and Zone 3 (required) agents; pipeline target environments must be Managed Environments
Configure delegated deployment on each Zone 3 pipeline stage so production imports execute under a service principal or pipeline owner identity, not the requesting maker (maker/checker separation per SOX 302/404)
Implement Power Automate approval flows triggered by OnApprovalStarted (and OnPreDeploymentStarted where pre-deployment validation is needed), with approver chains differentiated by zone: Manager for Zone 2; CAB + Compliance for Zone 3
Enforce semantic solution versioning for agent solutions: [Major].[Minor].[Build].[Revision]; map Major.Minor to documented business changes and reserve Build/Revision for pipeline auto-increment
Capture configuration snapshots (system prompt, topics, knowledge sources, connectors, actions, settings) before any agent modification; commit snapshots to source control with a hash for evidentiary integrity
Define rollback procedures with a clear decision-authority matrix and a tested re-import path for the prior managed solution version
Maintain an immutable audit trail of all change requests, approvals, deployments, and rollbacks for the SEC 17a-4 retention period (typically 6 years for broker-dealers)
Subscribe to Microsoft 365 Message Center via the Service Communications API (admin/serviceAnnouncement/messages with delta queries) so platform changes that may affect agent behavior become input to the change-management process

Zone-Specific Requirements

Zone	Requirement	Rationale
Zone 1 (Personal)	Basic change documentation recommended (date, what changed, who changed it) in agent description or owner-maintained log; pipelines optional; no production data; no customer-facing surface	Low risk, individual productivity scope; over-control discourages adoption
Zone 2 (Team)	Pipelines recommended (Dev → Prod minimum); manager or team-lead approval via native Copilot Studio publish approval or Power Automate flow; configuration snapshots captured before each change; change records retained 1 year; rollback to prior managed solution tested at least quarterly	Shared agents create accountability requirements; team data may include sensitive but non-customer information
Zone 3 (Enterprise)	Pipelines required (Dev → Test → Prod) with Managed Environments on every stage; delegated deployment with service principal on Prod stage; CAB + Compliance approval via Power Automate `OnApprovalStarted` flow; standard 48-hour CAB review window (compressible per Emergency Change Procedures); pre-deployment Solution Checker pass required; tested rollback within RTO defined in Control 2.4; 6-year change-record retention in WORM-compliant or immutable storage; Message Center monitoring integrated with change intake	Customer-facing or financially material; highest examination risk under SOX 404, FINRA 4511, OCC 2011-12

Emergency Change Procedures

The standard 48-hour CAB review period may be compressed for emergency situations:

Emergency Type	Approval Path	Review Window	Post-Action Requirement
Security vulnerability (CVSS ≥7.0)	Security Admin + CISO	Immediate	Post-implementation CAB review within 72 hours
Regulatory mandate	Compliance Officer + CCO	4 hours	Documentation within 24 hours
Customer-impacting production issue	AI Governance Lead	2 hours	Root cause analysis within 48 hours

Rollback Authority: Security Admin, Compliance Officer, and AI Governance Lead have authority to initiate immediate rollback without pre-approval. Post-rollback documentation required within 24 hours.

Cross-reference: Control 2.4 (Business Continuity and Disaster Recovery) for incident response SLAs.

Roles & Responsibilities

Role	Responsibility
Power Platform Admin	Configure pipelines, manage delegated-deployment service principals, target environment setup, deployment history retention
Pipeline Admin	Day-to-day pipeline operations, stage configuration, approval-flow integration
AI Governance Lead	Define approval workflows, change classification criteria, CAB facilitation for Zone 3 changes
Compliance Officer	Approve Zone 3 changes, verify regulatory requirements met, oversee change-record retention
Entra Security Admin	Security review for major changes; rollback authority for security-driven incidents
Agent Owner	Submit change requests, attach test evidence, perform post-deployment validation

Control	Relationship
2.1 - Managed Environments	Target environments must be Managed
2.5 - Testing and Validation	Testing requirements for deployments
2.15 - Environment Routing	Environment placement for agents
3.1 - Agent Inventory	Version tracking in registry

Advanced Implementation: Platform Change Governance

For operationalizing Microsoft Message Center changes with structured governance workflows, see Platform Change Governance.

Advanced Implementation: Pipeline Governance Cleanup

Organizations with existing personal pipelines that need cleanup before enforcing centralized ALM governance should refer to the Pipeline Governance Cleanup Solution in the FSI-AgentGov-Solutions repository. The solution provides discovery, owner notification, controlled cleanup, custom host enforcement, and ongoing compliance monitoring.

February 2026 Pipeline Deadline

Microsoft has signaled tightening of the Managed Environments expectation for pipeline target environments through 2026, but the exact mechanism and date have shifted in successive Learn updates. Organizations using deployment pipelines should review Control 2.1: Managed Environments for current guidance, licensing implications, and recommended proactive actions.

Advanced Implementation: Environment Lifecycle Management

For treating environment provisioning as a controlled change with approval workflows, audit trails, and baseline configuration, see Environment Lifecycle Management.

Implementation Playbooks

Step-by-Step Implementation

This control has detailed playbooks for implementation, automation, testing, and troubleshooting:

Portal Walkthrough — Step-by-step portal configuration
PowerShell Setup — Automation scripts
Verification & Testing — Test cases and evidence collection
Troubleshooting — Common issues and resolutions

March 2026 Preview Updates

Enhanced admin controls as automated change gates

⚠️ Preview feature: Power Platform enhanced admin controls entered public preview in March 2026 and are scheduled for April 2026 general availability. Microsoft notes that delivery timelines can change before release.

Microsoft documents new security settings at the environment or environment group level for agent sharing, anonymous access endpoints, and approved authentication providers. These settings are validated during agent deployment and runtime, which means they operate as an automated change gate after design-time approval.

Change-management impact	How to operationalize
Consistent policy across many environments	Apply shared settings to regulated environment groups and record group membership in the change ticket
Runtime validation after deployment	Treat blocked deployments as failed changes that require remediation before release closure
Authentication-provider enforcement	Record approved identity provider scope as part of the release design and rollback plan
Anonymous endpoint blocking	Include endpoint state in release evidence for any customer-facing or externally shared agent

⚠️ Preview feature: Safe-sharing enforcement that detects credential oversharing enters public preview in April 2026 and is scheduled for June 2026 general availability.

Microsoft documents that Copilot Studio can identify agents and flows that rely on connections marked as not safe for sharing, surface inventory and advisor guidance, and block publishing or sharing of unsafe assets before exposure. For change management, these blocks should be treated as release-gate failures that stop promotion until the identity model is remediated.

FSI implementation guidance: - Capture blocked publish/share events in the change record alongside approval evidence - Require remediation plans when maker or system credentials are flagged as not safe for sharing - Document these preview controls as supplemental automated gates that support, but do not replace, manual CAB or compliance review

Verification Criteria

Confirm control effectiveness by verifying:

Power Platform pipelines are configured for all Zone 2-3 agents and pipeline target environments are Managed Environments
Zone 3 production stages are configured for delegated deployment under a service principal whose identity is distinct from any active maker account
Power Automate approval flows (OnApprovalStarted / OnPreDeploymentStarted) are functioning, route to the documented approver chain by zone, and block deployments when not approved
All changes are documented with change ID, justification, approvals (with timestamps), and a link to the deployment run
Rollback procedure has been tested within the last 90 days for Zone 3 agents and can restore the previous managed solution within the RTO defined in Control 2.4
Audit trail captures complete change history (request, approval, deployment, validation, rollback events) and is retained per zone retention requirements (1 year Zone 2; 6 years Zone 3 in immutable storage)
Configuration snapshots exist for all Zone 2-3 agents and are committed to source control with a hash for integrity
Microsoft 365 Message Center is monitored (UI or Service Communications API) and platform-change events are routed into the change-management intake for impact assessment
If enhanced admin controls or safe-sharing preview is enabled, policy validation results and blocked publish/share events are retained with the change record
Components stored outside the Copilot Studio solution boundary (external knowledge sources, hosted files) have a parallel change record because solution export does not capture them

Additional Resources

Agent 365 Blueprint Deployment (Preview)

Preview Notice

Microsoft Agent 365 SDK and Agent Essentials are in limited preview (Frontier program). Verify feature availability and GA timelines before implementing production controls dependent on these capabilities. Expect changes before general availability.

Agent 365 introduces a 3-phase deployment blueprint that complements Power Platform ALM:

Design → Build → Deploy lifecycle with governance gates at each transition
Blueprint registration provides formal change documentation for audit trail
Promotion between phases requires approval workflows

Blueprint Promotion Workflow:

Phase Transition	Approval Required	Change Documentation
Design → Build	Technical review (Zone 2), Architecture review (Zone 3)	Requirements sign-off, data source declaration
Build → Deploy	QA sign-off, Security review	Test results, security scan results
Deploy → Production	Business owner + Compliance (Zone 3)	UAT sign-off, rollback plan

Integration with Power Platform ALM:

For agents built in Copilot Studio and registered via Blueprint:

Solution Export - Export Copilot Studio agent as solution
Blueprint Registration - Register solution in Agent 365 Blueprint
Pipeline Deployment - Use ALM pipelines with Blueprint phase gates
Promotion Approval - Blueprint promotion triggers ALM approval workflow

Solution Export Limitations

Not all Copilot Studio agent components are included in solution export/import. Custom topics and knowledge sources may be excluded if stored separately. Organizations should verify all agent components are captured during the export process and maintain separate backup procedures for excluded components.

Change Record Requirements:

Each Blueprint promotion must include:

Change ID (linked to ALM pipeline run)
Business justification
Approval chain with timestamps
Rollback reference (previous Blueprint version)
Test evidence (linked to Control 2.5)
Microsoft Learn: Agent 365 Blueprint (Preview) - 3-phase deployment framework for agent change management

Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current