Control 3.7: PPAC Security Posture Assessment
Control ID: 3.7 Pillar: Reporting Regulatory Reference: FINRA 3110, OCC 2011-12, GLBA 501(b), SOX 404 Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Leverage the Power Platform Admin Center Security page to assess, monitor, and improve the security posture of your Power Platform tenant. This control provides visibility into security configurations, actionable recommendations, and compliance tracking for AI agent environments.
Why This Matters for FSI
- FINRA 3110: Supervisory procedures require documented security assessments
- OCC 2011-12: Third-party risk management extends to platform security posture
- GLBA 501(b): Safeguards rule requires ongoing security evaluation
- SOX 404: IT general controls must be assessed and documented
- Examination Readiness: Documented posture assessments demonstrate due diligence
Control Description
The PPAC Security page provides centralized security posture assessment with recommendations, health monitoring, and audit log access. Regular review helps organizations meet FSI security requirements.
| Capability | Description |
|---|---|
| Security Overview | Top recommendations and linked security controls |
| Health Recommendations | Prioritized list with status and risk level |
| Monitor | Access to audit logs and sign-in activity |
| Controls | Links to Copilot Studio and AI configuration |
Security Posture Scoring
PPAC uses a qualitative scoring scale for security posture:
Security Score Preview
Microsoft is developing a numeric Security Score for Power Platform (Preview) that will complement the qualitative Low/Medium/High scale with a percentage-based score similar to Microsoft Secure Score. Until the numeric score reaches GA, organizations should continue using the qualitative scale below for posture reporting and track the preview score as a supplementary metric.
| Score | Description | FSI Action |
|---|---|---|
| Low | Multiple critical recommendations unaddressed | Immediate remediation required |
| Medium | Some recommendations pending | Scheduled remediation within SLA |
| High | Most recommendations addressed | Maintain and monitor |
Recommendation Trigger Conditions
The following conditions automatically generate security recommendations (based on PPAC security recommendations documentation):
| Condition | Recommendation Category | Risk Level |
|---|---|---|
| More than 10 admins in environment | Identity & Access Management | Medium |
| Auditing turned off | Compliance | High |
| No tenant-level DLP policy | Data Protection | High |
| No IP firewall configured | Data Protection | Medium |
| Guest access not restricted | Identity & Access Management | Medium |
| Environments without security groups | Identity & Access Management | Medium |
| Tenant isolation disabled | Data Protection | High |
| Managed Environments not enabled | Compliance | Medium |
Proactive Policy Categories
PPAC recommendations align to three policy categories:
| Category | Focus | Example Recommendations |
|---|---|---|
| Data Protection | DLP, encryption, firewall | Enable tenant-level DLP policy |
| Identity & Access Management | Admin roles, security groups | Limit admin count, restrict guest access |
| Compliance | Auditing, managed environments | Enable auditing, enable Managed Environments |
Security Page Tabs:
| Tab | Purpose | Key Actions |
|---|---|---|
| Overview | Security recommendations summary | Review priorities |
| Health | Full recommendations list | Track remediation |
| Monitor | Audit logs and sign-ins | Activity review |
| Controls | Configuration links | Access settings |
Key Configuration Points
- Review Security Overview for top recommendations weekly
- Track Health recommendations by status (Not started / In progress / Completed)
- Address High-risk recommendations within 7 days
- Enable Managed Environments for Zone 2-3 (foundational security)
- Apply DLP policies to all environments
- Configure security groups for environment access control
- Generate monthly security posture reports
- Configure blocked attachment extensions to prevent upload of dangerous file types (exe, bat, cmd, js, etc.)
- Block high-risk MIME types (application/javascript, application/hta, text/javascript, etc.) per environment
- Enable inactivity timeout (≤ 120 minutes) to force re-authentication after idle periods
- Enable session expiration with custom timeout (≤ 1440 minutes) to limit total session duration
- Enable Content Security Policy (CSP) enforcement for model-driven apps to help mitigate cross-site scripting (XSS) risks
Enhanced Security Posture Features (GA)
- Dismiss recommendations: Administrators can now dismiss security recommendations that are false positives or not applicable, cleaning up the security score view without implementing the recommendation
- Environment group-level security settings: Security settings (sharing restrictions, IP firewall, cookie binding) can now be configured at the environment group level, providing consistent security posture across grouped environments
- Bulk managed environment conversion: Convert multiple environments to managed status simultaneously, accelerating governance deployment across large tenants
Configuration Drift Monitoring
Beyond the native PPAC security recommendations, organizations should maintain a configuration hardening baseline to detect drift in security-critical settings. The following checklist consolidates key configuration points across multiple controls into a single reviewable posture:
| Setting Category | Configuration Check | Portal Path | Control Reference | Review Frequency |
|---|---|---|---|---|
| Agent Authentication | All agents require authentication (not "No Authentication") | Copilot Studio > Agent > Settings > Security | 1.1 | Weekly |
| Agent Authentication | Authentication set to "Always" (not "As Needed") | Copilot Studio > Agent > Settings > Security | 1.1 | Weekly |
| Agent Sharing | No agents shared with unrestricted access | Copilot Studio > Agent > Channels > Share Settings | 1.1 | Weekly |
| Audit Logging | Dataverse auditing enabled per environment | PPAC > Environment > Audit and logs | 1.7 | Monthly |
| Audit Retention | Retention ≥ 180 days per environment | PPAC > Environment > Audit settings | 1.7 | Monthly |
| Content Moderation | Level set to High for Zone 2/3 agents | Copilot Studio > Agent > Settings > Generative AI | 1.27, 1.8 | Weekly |
| Agent Actions | User consent required before execution | Copilot Studio > Agent > Actions | 1.18 | Weekly |
| Connected Agents | Inter-agent connectivity disabled unless approved | Copilot Studio > Agent > Settings > Connected Agents | 1.18 | Monthly |
| Environment Creation | Restricted to authorized admins only | PPAC > Tenant Settings > Environment assignments | 2.1 | Monthly |
| Tenant Isolation | Cross-tenant connections restricted | PPAC > Security > Tenant Isolation | 2.1 | Monthly |
| Security Groups | Assigned to all Zone 2/3 environments | PPAC > Environment > Security group | 2.1 | Monthly |
| AI Feature Toggles | AI Prompts, Generative Actions, File Analysis, Model Knowledge, Semantic Search disabled unless approved | PPAC > Environment > Features; Copilot Studio > Agent > Settings | 3.8 | Weekly |
| Transcript Access | Restricted to authorized personnel | PPAC > Environment > Features > Copilot Studio Agents | 3.8 | Monthly |
| Blocked Attachments | Dangerous file extensions blocked (ade, adp, app, exe, etc.) | PPAC > Environment > Settings > Privacy + Security | 3.7 | Monthly |
| MIME Type Restriction | High-risk MIME types blocked (application/javascript, application/hta, etc.) | PPAC > Environment > Settings > Privacy + Security | 3.7 | Monthly |
| Inactivity Timeout | Inactivity timeout enabled and set to ≤ 120 minutes (Zone 3: ≤ 60 minutes) | PPAC > Environment > Settings > Privacy + Security | 2.22, 3.7 | Monthly |
| Session Expiration | Custom session timeout enabled and set to ≤ 1440 minutes (Zone 3: ≤ 720 minutes) | PPAC > Environment > Settings > Privacy + Security | 2.22, 3.7 | Monthly |
| Content Security Policy | CSP enforcement enabled for model-driven apps | PPAC > Environment > Settings > Privacy + Security | 3.7 | Monthly |
Advanced Implementation: Configuration Hardening Baseline
For a comprehensive implementation guide including automated verification scripts, manual attestation procedures, and evidence collection workflows, see Configuration Hardening Baseline.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Quarterly review; document exceptions | Lower risk, proportionate oversight |
| Zone 2 (Team) | Monthly review; all high-risk addressed | Shared data increases exposure |
| Zone 3 (Enterprise) | Weekly review; 100% recommendations addressed; automated reporting | Customer-facing requires strict posture |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Review recommendations, implement remediations |
| Entra Security Admin | Validate security controls, approve configurations |
| AI Governance Lead | Track posture scores, report to leadership |
| Compliance Officer | Include in regulatory examination evidence |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP Policies | Key recommendation category |
| 2.1 - Managed Environments | Foundational security control |
| 1.7 - Audit Logging | Monitor tab integration |
| 3.8 - Copilot Hub | Complementary governance view |
| 1.1 - Restrict Agent Publishing | Agent authentication and access posture |
| 1.8 - Runtime Protection, 1.27 - Content Moderation Enforcement | Content moderation posture |
| 1.18 - RBAC | Agent action consent and connected agent posture |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Advanced Implementation: Configuration Hardening Baseline
This control is covered by the Configuration Hardening Baseline, which consolidates SSPM-detectable settings across all 7 mapped controls into a single reviewable checklist with automation classification and evidence export procedures.
Governance Script: Publishing Restriction Validation
restrict-agent-publishing.ps1 validates 6 publishing restriction criteria against your tenant configuration: Environment Maker role removal, authorized security groups, Share with Everyone disabled, DLP connector blocking, Managed Environment sharing limits, and approval workflow status — with SHA-256 evidence export for audit readiness.
Script Location: scripts/governance/restrict-agent-publishing.ps1
Verification Criteria
Confirm control effectiveness by verifying:
- Security page accessible with all four tabs displaying correctly
- Health recommendations show current status for each item
- High-risk recommendations addressed within 7-day SLA
- Managed Environments enabled for all Zone 2-3 environments
- DLP policies applied to 100% of environments
- Monthly posture report generated with trend analysis
- Configuration hardening baseline checklist reviewed per documented frequency
- No configuration drift detected in agent authentication, content moderation, or AI feature settings
- Evidence of configuration baseline review archived for audit readiness
- Blocked attachment extensions configured per environment to prevent dangerous file uploads
- High-risk MIME types blocked per environment to help mitigate code injection risks
- Inactivity timeout enabled and set to ≤ 120 minutes per environment
- Session expiration enabled with custom timeout ≤ 1440 minutes per environment
- Content Security Policy enforcement enabled for model-driven apps per environment
Additional Resources
- Security in Power Platform Admin Center
- Managed Environments Overview
- Power Platform DLP Policies
- Power Platform Security Best Practices
Agent 365 Security Posture (Preview)
Note: The following guidance reflects preview capabilities that may evolve.
Agent 365 introduces additional security posture considerations for Blueprint-registered agents:
Microsoft Defender Integration:
| Capability | Description | FSI Relevance |
|---|---|---|
| AI Agent Inventory | Defender for Cloud Apps provides visibility into deployed AI agents | Complements PPAC inventory for comprehensive coverage |
| Attack Path Analysis | Identifies potential attack vectors involving agent identities | Supports NYDFS cybersecurity requirements |
| Security Exposure Management | Correlates agent permissions with sensitive data exposure | Helps meet GLBA 501(b) safeguards |
Agent 365 Security Metrics:
When available, incorporate these metrics into security posture reporting:
| Metric | Source | Target |
|---|---|---|
| Blueprint registration compliance | M365 Admin Center | 100% Zone 3 agents |
| Agent identity provisioning status | Entra Admin Center | All enterprise agents |
| Observability SDK coverage | Application Insights | 100% Zone 2-3 agents |
| DLP policy coverage for Agent 365 | Purview Compliance | 100% production agents |
Integration with PPAC Security Page:
- PPAC Security Overview surfaces Agent 365-related recommendations
- Controls tab links to Agent 365 governance settings (when GA)
- Monitor tab includes Agent 365 audit events via unified audit log
Zone-Specific Agent 365 Security Requirements:
| Zone | Requirement |
|---|---|
| Zone 1 | Basic inventory tracking via PPAC |
| Zone 2 | Blueprint registration recommended; DLP policy coverage required |
| Zone 3 | Blueprint registration required; Defender integration for attack path analysis |
- Microsoft Learn: AI Agent Inventory (Defender for Cloud Apps) - Discover AI agents in your tenant
- Microsoft Learn: Agent 365 Security Overview (Preview) - Security guidance for Agent 365 deployments
Updated: February 2026 | Version: v1.3 | UI Verification Status: Current