Control 3.7: PPAC Security Posture Assessment
Control ID: 3.7
Pillar: Reporting
Regulatory Reference: FINRA 3110, FINRA 25-07, OCC 2011-12, GLBA 501(b), SOX 404
Last UI Verified: April 2026
Governance Levels: Baseline / Recommended / Regulated
Objective
Leverage the Power Platform Admin Center Security page to assess, monitor, and improve the security posture of your Power Platform tenant. This control provides visibility into security configurations, actionable recommendations, and compliance tracking for AI agent environments.
Why This Matters for FSI
- FINRA 3110, FINRA 25-07: Supervisory procedures require documented security assessments
- OCC 2011-12: Third-party risk management extends to platform security posture
- GLBA 501(b): Safeguards rule requires ongoing security evaluation
- SOX 404: IT general controls must be assessed and documented
- Examination Readiness: Documented posture assessments demonstrate due diligence
No companion solution by design
Not all controls have a companion solution in FSI-AgentGov-Solutions; solution mapping is selective by design. This control is operated via native Microsoft admin surfaces and verified by the framework's assessment-engine collectors. See the Solutions Index for the catalog and coverage scope.
Control Description
The Power Platform Admin Center (PPAC) Security area provides a centralized location to view a tenant security score, act on system-generated recommendations, and manage proactive policies for governance and security. Regular review helps support FSI security expectations under FINRA, OCC, GLBA, and SOX.
The Security node in PPAC navigation contains four pages, plus a related Actions page (formerly Power Platform Advisor) that surfaces actionable recommendations across the tenant:
| PPAC Page | Purpose | Typical FSI Use |
|---|---|---|
| Security > Overview | Security score (Preview), top recommendations, environment-management conversion entry point | Weekly posture review and score trending |
| Security > Data protection and privacy | DLP policies, customer-managed keys, IP firewall, Azure VNet, customer lockbox | Configuration review for data-handling controls |
| Security > Identity and access management | Tenant isolation, security groups, guest access, admin counts, client app access control, IP cookie binding | Identity boundary and least-privilege review |
| Security > Compliance | Auditing posture, Managed Environment conversion, compliance settings | Audit-readiness and supervisory evidence |
| Actions (formerly Advisor) | All system-generated recommendations across Apps, Sites, Tenant settings; severity, refresh frequency, inline actions, history, dismiss/snooze | Day-to-day remediation queue and audit history |
Prerequisite: Tenant-level analytics
The Security score and most recommendations are populated only after tenant-level analytics is turned on. After enabling, expect up to 24 hours before data appears; until then, Security > Overview shows "Calculating security score." See How do I turn on tenant-level analytics?.
Security Posture Scoring
Security Score is in Preview
Microsoft has stated they do not plan to invest in changes to the current preview implementation of the security score logic, and recommend using the score "for evaluation purposes only at this time." Behaviour may change without notice. FSI organizations should not rely on the numeric score as a sole compliance metric. Use it as a directional indicator and base supervisory evidence on documented review of individual recommendations and underlying configuration.
The score is expressed as a percentage and mapped to a qualitative label. The score is recalculated every 24 hours and considers all environments (Managed and unmanaged):
| Score Range | Qualitative Label | Suggested FSI Response |
|---|---|---|
| 0–50 | Low | Treat as elevated risk; remediate High-severity items immediately and document compensating controls |
| 51–80 | Medium | Schedule remediation within zone-aligned SLA; document accepted exceptions |
| 81–100 | High | Maintain; continue cadence; investigate any score regression |
Calculation formula: (Your score ÷ Total possible score) × 100. As Microsoft adds new scored features, the Total possible score can change, which may shift your displayed score even when your tenant configuration is unchanged. Document this in your monthly posture report so reviewers can distinguish configuration drift from scoring-model changes.
Recommendation Trigger Conditions
System-generated recommendations are produced when the following conditions are met (per Security overview — Conditions that trigger feature recommendations):
| Feature | Scope | Trigger Condition |
|---|---|---|
| Administrator privileges | Environment | More than 10 administrators |
| Auditing | Environment | Auditing turned off |
| Customer Lockbox | Tenant | Customer Lockbox on, but no Managed Environments |
| Client application access control | Environment | Auditing on, but client app access control not configured |
| Data policy | Tenant | No tenant-level data policy set |
| Environment Azure Virtual Network | Environment | No VNet policy |
| Environment security group | Environment | No security group assigned |
| Guest access | Environment | Restricted guest access turned off |
| IP firewall | Environment | IP firewall not configured |
| IP address-based cookie binding | Environment | Cookie binding not configured |
| Sharing | Environment | No sharing limit |
| Tenant isolation | Tenant | Tenant isolation turned off |
Inline actions require Managed Environments
Inline remediation from the Actions page (and most score-improvement actions from Security > Overview) is available only on Managed Environments. For non-Managed Environments, recommendations are visible but must be applied by opening the environment Settings page and configuring the feature manually. After conversion to Managed, allow up to 72 hours for the Actions page to show full affected-resource detail.
Proactive Policy Categories
PPAC organizes proactive policies into three areas, aligned to the Security navigation pages:
| Category | Focus | Example Settings |
|---|---|---|
| Data Protection and Privacy | DLP, customer-managed keys, IP firewall, VNet, customer lockbox | Enable tenant-level DLP policy; configure IP firewall on Zone 2/3 environments |
| Identity and Access Management | Tenant isolation, security groups, guest access, admin count | Enable tenant isolation; assign security groups to all Zone 2/3 environments |
| Compliance | Auditing, Managed Environments, supervisory evidence | Enable Dataverse auditing; convert in-scope environments to Managed |
Key Configuration Points
- Review Security Overview for top recommendations weekly
- Track Health recommendations by status (Not started / In progress / Completed)
- Address High-risk recommendations within 7 days
- Enable Managed Environments for Zone 2-3 (foundational security)
- Apply DLP policies to all environments
- Configure security groups for environment access control
- Generate monthly security posture reports
- Configure blocked attachment extensions to prevent upload of dangerous file types (exe, bat, cmd, js, etc.)
- Block high-risk MIME types (application/javascript, application/hta, text/javascript, etc.) per environment
- Enable inactivity timeout (≤ 120 minutes) to force re-authentication after idle periods
- Enable session expiration with custom timeout (≤ 1440 minutes) to limit total session duration
- Enable Content Security Policy (CSP) enforcement for model-driven apps to help mitigate cross-site scripting (XSS) risks
Enhanced Security Posture Features (GA)
- Dismiss recommendations: Administrators can now dismiss security recommendations that are false positives or not applicable, cleaning up the security score view without implementing the recommendation
- Environment group-level security settings: Security settings (sharing restrictions, IP firewall, cookie binding) can now be configured at the environment group level, providing consistent security posture across grouped environments
- Bulk managed environment conversion: Convert multiple environments to managed status simultaneously, accelerating governance deployment across large tenants
Configuration Drift Monitoring
Beyond the native PPAC security recommendations, organizations should maintain a configuration hardening baseline to detect drift in security-critical settings. The following checklist consolidates key configuration points across multiple controls into a single reviewable posture:
| Setting Category | Configuration Check | Portal Path | Control Reference | Review Frequency |
|---|---|---|---|---|
| Agent Authentication | All agents require authentication (not "No Authentication") | Copilot Studio > Agent > Settings > Security | 1.1 | Weekly |
| Agent Authentication | Authentication set to "Always" (not "As Needed") | Copilot Studio > Agent > Settings > Security | 1.1 | Weekly |
| Agent Sharing | No agents shared with unrestricted access | Copilot Studio > Agent > Channels > Share Settings | 1.1 | Weekly |
| Audit Logging | Dataverse auditing enabled per environment | PPAC > Environment > Audit and logs | 1.7 | Monthly |
| Audit Retention | Retention ≥ 180 days per environment | PPAC > Environment > Audit settings | 1.7 | Monthly |
| Content Moderation | Level set to High for Zone 2/3 agents | Copilot Studio > Agent > Settings > Generative AI | 1.27, 1.8 | Weekly |
| Agent Tools | User consent required before execution | Copilot Studio > Agent > Tools | 1.18 | Weekly |
| Connected Agents | Inter-agent connectivity disabled unless approved | Copilot Studio > Agent > Settings > Connected Agents | 1.18 | Monthly |
| Environment Creation | Restricted to authorized admins only | PPAC > Tenant Settings > Environment assignments | 2.1 | Monthly |
| Tenant Isolation | Cross-tenant connections restricted | PPAC > Security > Tenant Isolation | 2.1 | Monthly |
| Security Groups | Assigned to all Zone 2/3 environments | PPAC > Environment > Security group | 2.1 | Monthly |
| AI Feature Toggles | AI Prompts, Generative Actions, File Analysis, Model Knowledge, Semantic Search disabled unless approved | PPAC > Copilot > Settings (previously under Environment > Settings > Features); Copilot Studio > Agent > Settings | 3.8 | Weekly |
| Transcript Access | Restricted to authorized personnel | PPAC > Copilot > Settings (previously under Environment > Features > Copilot Studio Agents) | 3.8 | Monthly |
| Blocked Attachments | Dangerous file extensions blocked (ade, adp, app, exe, etc.) | PPAC > Environment > Settings > Privacy + Security | 3.7 | Monthly |
| MIME Type Restriction | High-risk MIME types blocked (application/javascript, application/hta, etc.) | PPAC > Environment > Settings > Privacy + Security | 3.7 | Monthly |
| Inactivity Timeout | Inactivity timeout enabled and set to ≤ 120 minutes (Zone 3: ≤ 60 minutes) | PPAC > Environment > Settings > Privacy + Security | 2.22, 3.7 | Monthly |
| Session Expiration | Custom session timeout enabled and set to ≤ 1440 minutes (Zone 3: ≤ 720 minutes) | PPAC > Environment > Settings > Privacy + Security | 2.22, 3.7 | Monthly |
| Content Security Policy | CSP enforcement enabled for model-driven apps | PPAC > Environment > Settings > Privacy + Security | 3.7 | Monthly |
Advanced Implementation: Configuration Hardening Baseline
For a comprehensive implementation guide including automated verification scripts, manual attestation procedures, and evidence collection workflows, see Configuration Hardening Baseline.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Quarterly review; document exceptions | Lower risk, proportionate oversight |
| Zone 2 (Team) | Monthly review; all high-risk addressed | Shared data increases exposure |
| Zone 3 (Enterprise) | Weekly review; 100% recommendations addressed; automated reporting | Customer-facing requires strict posture |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| Power Platform Admin | Review recommendations, implement remediations |
| Entra Security Admin | Validate security controls, approve configurations |
| AI Governance Lead | Track posture scores, report to leadership |
| Compliance Officer | Include in regulatory examination evidence |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP Policies | Key recommendation category |
| 2.1 - Managed Environments | Foundational security control |
| 1.7 - Audit Logging | Monitor tab integration |
| 3.8 - Copilot Hub | Complementary governance view |
| 1.1 - Restrict Agent Publishing | Agent authentication and access posture |
| 1.8 - Runtime Protection, 1.27 - Content Moderation Enforcement | Content moderation posture |
| 1.18 - RBAC | Agent action consent and connected agent posture |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Advanced Implementation: Configuration Hardening Baseline
This control is covered by the Configuration Hardening Baseline, which consolidates SSPM-detectable settings across all 7 mapped controls into a single reviewable checklist with automation classification and evidence export procedures.
Governance Script: Publishing Restriction Validation
restrict-agent-publishing.ps1 validates 6 publishing restriction criteria against your tenant configuration: Environment Maker role removal, authorized security groups, Share with Everyone disabled, DLP connector blocking, Managed Environment sharing limits, and approval workflow status — with SHA-256 evidence export for audit readiness.
Script Location: scripts/governance/restrict-agent-publishing.ps1
Verification Criteria
Confirm control effectiveness by verifying:
- Tenant-level analytics turned on; Security > Overview displays a current security score (not stuck on "Calculating")
- PPAC > Security navigation pages (Overview, Data protection and privacy, Identity and access management, Compliance) and the Actions page are accessible to the Power Platform Admin role
- High-severity recommendations on the Actions page addressed within the zone-aligned SLA
- Managed Environments enabled for all Zone 2-3 environments
- DLP policies applied to 100% of environments
- Monthly posture report generated with trend analysis
- Configuration hardening baseline checklist reviewed per documented frequency
- No configuration drift detected in agent authentication, content moderation, or AI feature settings
- Evidence of configuration baseline review archived for audit readiness
- Blocked attachment extensions configured per environment to prevent dangerous file uploads
- High-risk MIME types blocked per environment to help mitigate code injection risks
- Inactivity timeout enabled and set to ≤ 120 minutes per environment
- Session expiration enabled with custom timeout ≤ 1440 minutes per environment
- Content Security Policy enforcement enabled for model-driven apps per environment
Additional Resources
- Security in Power Platform Admin Center
- Managed Environments Overview
- Power Platform DLP Policies
- Power Platform Security Best Practices
Agent 365 Security Posture (Preview)
Note: The following guidance reflects preview capabilities that may evolve.
Agent 365 introduces additional security posture considerations for Blueprint-registered agents:
Microsoft Defender Integration:
| Capability | Description | FSI Relevance |
|---|---|---|
| AI Agent Inventory | Defender for Cloud Apps provides visibility into deployed AI agents | Complements PPAC inventory for comprehensive coverage |
| Attack Path Analysis | Identifies potential attack vectors involving agent identities | Supports NYDFS cybersecurity requirements |
| Security Exposure Management | Correlates agent permissions with sensitive data exposure | Helps meet GLBA 501(b) safeguards |
Agent 365 Security Metrics:
When available, incorporate these metrics into security posture reporting:
| Metric | Source | Target |
|---|---|---|
| Blueprint registration compliance | M365 Admin Center | 100% Zone 3 agents |
| Agent identity provisioning status | Entra Admin Center | All enterprise agents |
| Observability SDK coverage | Application Insights | 100% Zone 2-3 agents |
| DLP policy coverage for Agent 365 | Purview Compliance | 100% production agents |
Integration with PPAC Security Page:
- PPAC Security Overview surfaces Agent 365-related recommendations
- Controls tab links to Agent 365 governance settings (when GA)
- Monitor tab includes Agent 365 audit events via unified audit log
Zone-Specific Agent 365 Security Requirements:
| Zone | Requirement |
|---|---|
| Zone 1 | Basic inventory tracking via PPAC |
| Zone 2 | Blueprint registration recommended; DLP policy coverage required |
| Zone 3 | Blueprint registration required; Defender integration for attack path analysis |
- Microsoft Learn: AI Agent Inventory (Defender for Cloud Apps) - Discover AI agents in your tenant
- Microsoft Learn: Agent 365 Security Overview (Preview) - Security guidance for Agent 365 deployments
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current