Control 3.1: Agent Inventory and Metadata Management

Control ID: 3.1
Pillar: Reporting
Regulatory Reference: FINRA Rule 4511, FINRA Regulatory Notice 25-07, SEC 17a-4(b)(4), SOX Sections 302/404, GLBA 501(b), NYDFS Part 500.16 / 500.17, OCC Bulletin 2011-12 / Fed SR 11-7, NIST AI RMF 1.0 GOVERN 1.6, FTC Safeguards Rule 16 CFR §314
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated

Agent 365 Architecture Update

Microsoft Agent 365 is the emerging cross-cloud control plane for agent identity, lifecycle, observability, and registry functions. As of April 2026, capability and cloud availability still vary by tenant and service rollout. Treat Agent 365 as an additional discovery and governance surface—not a replacement for the organization’s authoritative inventory register—until parity is verified. See Unified Agent Governance for capability mapping and migration guidance.

Objective

Maintain an authoritative inventory of all AI agents across the organization to support examination response, help evidence ownership and oversight, track lifecycle state, and aid reconciliation across Microsoft discovery surfaces.

Why This Matters for FSI

FINRA Rule 4511 + SEC 17a-4(b)(4): The agent inventory supports the firm’s books-and-records posture by providing a defensible register of AI assets, owners, approval state, and evidence references.
FINRA Regulatory Notice 25-07 (March 2025): Firms should be able to enumerate, supervise, and explain their use of generative AI tools; an incomplete inventory weakens that supervisory story.
SOX Sections 302/404: Any agent that influences finance, controllership, disclosure drafting, reconciliations, or ICFR workflows should appear in the controls inventory with named ownership and review evidence.
OCC Bulletin 2011-12 / Fed SR 11-7: Higher-risk or finance-touching AI capabilities should be present in the model / use-case inventory and subject to ongoing monitoring and periodic review.
GLBA 501(b) + FTC Safeguards Rule 16 CFR §314: Asset inventory is a foundational safeguard for systems that access or process customer information.
NYDFS Part 500.16 / 500.17: Covered entities should be able to enumerate relevant cyber assets and document ownership, classification, and response context for higher-risk AI systems.
NIST AI RMF 1.0 GOVERN 1.6: Maintaining a current inventory of AI systems is a core governance baseline.

Automation Available

See Compliance Dashboard in FSI-AgentGov-Solutions for aggregated compliance reporting across the framework control catalog with zone-based filtering.

License Requirements

Microsoft 365 Copilot — required for the Microsoft 365 admin center Copilot / Agents inventory surfaces and related first-party agent governance features.
Microsoft Copilot Studio / Power Platform admin access — required for PPAC environment-scoped agent inventory and export workflows.
Microsoft Agent 365 — rollout- and preview-dependent as of April 2026; verify entitlement and availability before relying on it as a primary evidence source.
Supplemental monitoring surfaces such as preview discovery views should be treated as additive, not as the only system of record.
Microsoft Graph and CLI automation rely on the underlying service entitlements and appropriate admin permissions already in scope.

Re-verify SKU and preview availability at deploy time against current Microsoft Learn licensing guidance and your tenant Message Center.

Sovereign Cloud Parity (verify at deploy time)

Capability / Surface	Commercial	GCC	GCC High	DoD
Microsoft 365 admin center Agents / Agent Registry	GA	GA / verify feature rollout	Verify	Verify
Power Platform admin center Copilot / Copilot agents surfaces	GA	Rolling / verify	Verify	Verify
Microsoft Agent 365 admin center	Preview / Frontier	Limited / verify	Verify availability	Verify availability
Programmatic agent inventory APIs / exports	Rolling / verify	Verify	Verify	Verify

Treat any parity gap as a compensating-control conversation, not an assumption of feature equivalence across clouds.

Control Description

This control establishes an authoritative agent inventory practice across the Microsoft 365 admin center (Copilot > Agents / Inventory), the Power Platform admin center (Resources > Copilot agents plus Copilot Hub reporting), the emerging Entra Agent Registry / Agent ID plane, and Microsoft Agent 365 observability where available. No single Microsoft surface is complete on its own; FSI organizations should reconcile all discovery sources into one examiner-ready system of record.

Power Platform Inventory (GA)

The Power Platform Inventory feature is generally available at PPAC > Manage > Inventory. Organizations should be aware of current limitations:

~15-minute refresh cycle - Inventory data refreshes approximately every 15 minutes (Learn source); newly created or modified agents may not appear immediately
500-agent display limit - PPAC portal displays up to 500 agents; larger tenants must use PowerShell or Azure Resource Graph for complete enumeration
Deleted agent visibility - Deleted agents may remain visible for up to 48 hours after deletion
Metadata availability - Some metadata fields may not populate until the next refresh cycle

The control distinguishes between a system of record (the authoritative inventory register used for audit and reporting) and discovery sources (portals and exports used to find and validate what exists). A canonical AgentID should be assigned at registration and used as the immutable join key across systems.

For NYDFS Part 500-covered entities, inventory records must include recovery objectives (RTO/RPO), criticality tier, support expiration dates, and backup compliance status.

Canonical Inventory Metadata Schema

Metadata Field	Minimum expectation for the system of record
AgentID	Immutable unique identifier used across portals, exports, and evidence packages
Display Name / Agent Type	Human-readable name plus agent type (Copilot Studio, declarative, connected / partner, Microsoft-provided, other)
Owner / Backup Owner	Named accountable owner and backup owner; backup owner is required for Zone 2 and Zone 3
Business Justification	Short statement of purpose, approved use case, and business sponsor
Zone	Zone 1 / 2 / 3 classification
Data Classification	Firm taxonomy for data handled or grounded on
Regulatory Scope	Whether the agent is in scope for FINRA communications, SOX ICFR, GLBA, Reg BI, privacy, or other supervisory regimes
Approval Record	CAB / ticket / GRC / exception reference and approval date
Lifecycle State	Draft, In Review, Approved, Active, Deprecated, or Decommissioned
Last Reviewed / Next Review Due	Review cadence evidence and next required governance date
Connected Knowledge Sources	Sites, libraries, files, external knowledge, or embedded content used for grounding
Connected Actions / Connectors / Apps	Approved actions, connectors, plugins, connected apps, and auth mode
Foundation Model / Runtime	Model family or runtime in use, where known and relevant
Effective Sensitivity Label	Record the highest effective label where Microsoft applies label inheritance or labeled content is involved
DLP Policy Mapping	Linked DLP policy, monitoring control, or approved exception
Sovereign Cloud Boundary	Commercial / GCC / GCC High / DoD plus residency caveat where relevant
Evidence Reference	Export hash, evidence package ID, or storage location for retained inventory snapshots

Key Configuration Points

Access environment-scoped inventory in Power Platform admin center and review Resources > Copilot agents plus the Copilot area for usage and management context.
Access organization-wide agent inventory in Microsoft 365 admin center at admin.microsoft.com > Copilot > Agents / Inventory for declarative, shared, published, and Microsoft-provided agents.
Use inventory exports and admin-center details as discovery evidence, then reconcile them into a separate system of record (SharePoint list, Dataverse table, CMDB, or GRC tool).
Assign a canonical AgentID that remains immutable throughout the lifecycle and serves as the join key across portals, exports, tickets, and evidence.
Record the required metadata fields for every agent: Owner, Backup Owner, Business Justification, Zone, Data Classification, Regulatory Scope, Last Reviewed, Next Review Due, Approval Record, Connected Knowledge Sources, Connected Actions/Connectors, Connected Apps/Plugins, Foundation Model, DLP Mapping, effective sensitivity label, and Sovereign Cloud Boundary.
Perform at least weekly reconciliation between discovery sources and the system of record; use higher cadence for Zone 3.
Compute SHA-256 hashes for inventory exports used as audit evidence and retain the evidence ID with the inventory snapshot.
Review ownerless, departed-owner, dormant, and unapproved shared agents as part of the inventory operating cadence and route exceptions to Control 3.6 - Orphaned Agent Detection.
Cross-reference usage analytics from Copilot Hub and related reports for activity-based inventory enrichment (see Control 3.8 - Copilot Hub and Governance Dashboard).

Programmatic Inventory Access

For tenants exceeding the 500-agent portal display limit, use Azure Resource Graph for complete enumeration:

// Azure Resource Graph query for Power Platform agent inventory
resources
| where type =~ 'Microsoft.PowerPlatform/environments'
| extend environmentName = name
| join kind=leftouter (
    resources
    | where type =~ 'Microsoft.PowerPlatform/environments/components'
    | where properties.componentType == 'agent'
    | extend agentName = name, agentId = properties.agentId
) on $left.id == $right.properties.environmentId
| project environmentName, agentName, agentId, properties

PowerShell Alternative:

# Complete agent enumeration via Power Platform Admin PowerShell
$environments = Get-AdminPowerAppEnvironment
foreach ($env in $environments) {
    Get-AdminPowerApp -EnvironmentName $env.EnvironmentName |
        Where-Object { $_.Properties.appType -eq "Agent" }
}

Quality Monitoring as Inventory Metadata

Organizations can track agent quality trends over time using Copilot Studio's evaluation framework (step 8 — Comparative Monitoring), supporting ongoing compliance monitoring. Consider including evaluation scores or quality metrics as recommended inventory metadata fields to provide a holistic view of each agent's operational health alongside ownership and classification data. Sequential evaluation comparisons help identify quality regressions that may warrant inventory status changes or agent lifecycle actions. See Control 2.18 - Automated Conflict of Interest Testing for evaluation methodology details.

Lifecycle State Machine

State	Minimum governance requirement	Inventory implication
Draft	Named owner and business justification assigned	Track as not yet approved for end-user access
In Review	Approval workflow started and metadata substantially complete	Capture reviewer / approver evidence
Approved	Governance, compliance, and technical checks complete	Eligible for controlled activation
Active	Deployed and monitored	Included in reconciliation, orphan detection, and reporting
Deprecated	New use blocked or discouraged; migration plan documented	Remain in inventory until retirement is complete
Decommissioned	Access removed, connectors disabled, and disposition documented	Retain the inventory record and supporting evidence for the applicable books-and-records period

Zone-Specific Requirements

Zone	Requirement	Rationale
Zone 1 (Personal)	Monthly inventory review with minimum metadata: owner, business justification, environment, lifecycle state, and last review date; document exceptions for personal agents	Reduces risk from personal use while keeping friction low
Zone 2 (Team)	Weekly inventory reconciliation with named owner and backup owner, approval record, data classification, connected knowledge sources, and connector/action inventory	Shared agents increase blast radius; controls must be consistently applied
Zone 3 (Enterprise)	Daily or automated reconciliation with full metadata set, regulatory scope, DLP mapping, effective sensitivity label, validation status, and orphan/dormancy review; enforce via policy and exception workflow	Enterprise agents handle sensitive content and are highest audit risk

Roles & Responsibilities

Role	Responsibility
Power Platform Admin	Access and export Power Platform environment-scoped inventory; manage visibility across environments and Copilot Studio surfaces
AI Administrator	Day-to-day Microsoft 365 Copilot agent inventory review, metadata governance, and admin-center reporting
Entra Agent ID Admin	Review and manage Entra-side agent identity registrations and related metadata where Agent ID is in use
Entra Global Reader	Read-only review of inventory and reporting evidence without modification rights
Entra Global Admin	Required only where tenant-wide or Agent 365 administrative access still depends on this role; use Entra PIM for time-bound elevation
Agent Owner	Maintain the business justification, metadata accuracy, review cadence, and exception status for the assigned agent
AI Governance Lead	Define inventory governance policy, required metadata schema, and reconciliation cadence
Compliance Officer	Review inventory completeness and evidence readiness for supervisory, audit, and examination use

Unified Agent Visibility Architecture

Three FSI-AgentGov controls work together to provide complete agent visibility across the organization. Understanding this relationship helps organizations implement comprehensive governance.

flowchart TB
    subgraph "Discovery Layer"
        D1[Power Platform Inventory]
        D2[M365 Agent Registry]
        D3[Entra Agent ID Directory]
        D4[Defender for Cloud Apps]
    end

    subgraph "Control 1.2: Agent Registry"
        R1[Governance Registry<br/>SharePoint/Dataverse]
        R2[Agent Store Curation]
        R3[Approval Workflows]
    end

    subgraph "Control 3.1: Inventory Management"
        I1[System of Record]
        I2[Metadata Management]
        I3[Compliance Reporting]
    end

    subgraph "Control 3.6: Shadow Detection"
        S1[Discovery Scans]
        S2[Gap Analysis]
        S3[Remediation Workflow]
    end

    D1 --> I1
    D2 --> I1
    D3 --> I1
    D4 --> S1

    R1 --> I1
    I1 --> S2
    S2 -->|Unregistered| S3
    S3 -->|Register| R3
    R3 --> R1

    I1 --> I3
    R1 --> I2

Download diagram: PNG | SVG

Control Relationship Summary

Control	Primary Function	Data Flow
1.2 - Agent Registry	Governance registration and approval	Receives approved agents; feeds inventory
3.1 - Agent Inventory (this control)	Authoritative system of record	Aggregates all discovery sources
3.6 - Orphaned Agent Detection	Gap identification and remediation	Compares inventory vs. registry; triggers remediation

How the Controls Work Together

Registration (Control 1.2): New agents must be registered with metadata, owner, and approval status before publishing
Inventory (Control 3.1): All agents—registered and discovered—are tracked in the authoritative inventory
Shadow Detection (Control 3.6): Periodic scans compare discovered agents against registered agents; gaps trigger remediation
Remediation Loop: Unregistered agents are either registered (Control 1.2), transferred, or decommissioned

This unified architecture supports compliance with regulatory inventory requirements by:

✅ No agent operates without governance oversight
✅ Shadow agents are detected and addressed
✅ Regulatory examinations can be answered from a single source of truth
✅ Orphaned agents (no owner) are remediated before becoming compliance risks

Control	Relationship
1.2 - Agent Registry	Governance registration feeds the authoritative inventory
1.19 - eDiscovery for Agent Interactions	Inventory snapshots and ownership records support evidence preservation and examination response
1.21 - Adversarial Input Logging	Higher-risk agents and incident-prone agents should be traceable back to inventory ownership and metadata
2.1 - Managed Environments	Enables advanced governance features for inventory tracking
2.2 - Environment Groups	Provides environment classification for inventory categorization
2.5 - Testing, Validation, and Quality Assurance	Validation status and approval evidence should map back to the inventory record
3.2 - Usage Analytics	Monitors activity for agents in inventory
3.6 - Orphaned Agent Detection	Detects departed-owner, dormant, or unowned agents discovered in inventory
3.8 - Copilot Hub and Governance Dashboard	Provides dashboarding and reporting over the inventory baseline
3.11 - Centralized Agent Inventory Enforcement	Uses the inventory register as the enforcement baseline
4.7 - Microsoft 365 Copilot Data Governance	Data-governance and oversharing posture should be linked to the same authoritative inventory record

Implementation Playbooks

Step-by-Step Implementation

This control has detailed playbooks for implementation, automation, testing, and troubleshooting:

Portal Walkthrough — Step-by-step portal configuration
PowerShell Setup — Automation scripts
Verification & Testing — Test cases and evidence collection
Troubleshooting — Common issues and resolutions

Verification Criteria

Confirm control effectiveness by verifying:

The organization maintains a documented system of record for agents and can reconcile it to the current Microsoft discovery surfaces on the defined cadence.
Microsoft 365 admin center and Power Platform admin center inventory views are reviewed and any reconciliation gap is documented, investigated, and resolved according to the zone-based SLA.
100% of Zone 3 agents and all finance-touching or customer-facing agents have complete metadata for owner, backup owner, justification, classification, regulatory scope, approval record, lifecycle state, and review dates.
Ownerless, departed-owner, dormant, or unapproved shared agents are identified and routed for remediation; unresolved exceptions are tracked.
Inventory exports retained as evidence are hashed with SHA-256 and linked to an evidence location or evidence package ID.
DLP mapping, effective sensitivity label, and connected knowledge/action inventory are recorded for higher-risk agents and spot-checked for accuracy.
Usage analytics from Copilot Hub and related reporting surfaces are cross-referenced with the inventory so dormant agents and untracked agents can be detected.
Decommissioned agents remain represented in the inventory with retirement date, owner sign-off, and retained evidence reference where applicable.

Additional Resources

Agent Essentials Checklist Guidance (Preview)

Preview Notice

Microsoft Agent 365 SDK and Agent Essentials are in limited preview (Frontier program). Verify feature availability and GA timelines before implementing production controls dependent on these capabilities. Expect changes before general availability.

Microsoft's Agent Deployment Checklist includes inventory requirements across 8 categories:

Category 6 (Inventory & Lifecycle) provides specific inventory fields and review cadences
Blueprint registration adds metadata fields for governance tracking
Microsoft Learn: Agent Deployment Checklist (Preview) - Comprehensive inventory guidance in Category 6

Environment Provisioning Registration

For automatic registration of new environments in the inventory system:

Environment Lifecycle Management - New environments are logged with full metadata for inventory tracking

Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current (re-verified April 2026)