Control 4.6: Grounding Scope Governance
Control ID: 4.6 Pillar: SharePoint Regulatory Reference: SEC 17a-3/4, GLBA 501(b), FINRA 4511, SOX 302/404 Last UI Verified: February 2026 Governance Levels: Baseline / Recommended / Regulated Last Verified: 2026-02-03
Objective
Govern which SharePoint content is included in the Microsoft 365 Semantic Index for AI agent grounding. This control restricts agent access to authorized content and helps prevent inadvertent exposure of draft documents, archived materials, or content not intended for AI consumption.
Why This Matters for FSI
- SEC 17a-3/4: Helps restrict agent access to finalized records, not draft or incomplete documents
- GLBA 501(b): Controls agent data access scope to protect customer information
- FINRA 4511: Helps prevent agents from citing draft or unverified documents in responses
- SOX 302/404: Documents data governance decisions as part of internal controls
- OCC 2011-12: Supports agent grounding on accurate, quality-controlled data
Control Description
This control establishes policies for controlling which SharePoint content is indexed and available for AI agent grounding through the Microsoft 365 Semantic Index.
| Capability | Description |
|---|---|
| Site Exclusion | Exclude entire SharePoint sites from Semantic Index via Restricted Content Discovery |
| Content Type Filtering | Exclude Draft, Archived, or Personal content categories |
| CopilotReady Tagging | Positive governance with explicit approval for indexing |
| Metadata-Based Rules | Use site metadata to control index inclusion |
| Restricted Search | Positive governance with allowed site list for AI grounding (up to 100 sites) |
| Audit and Monitoring | Track what content is indexed and accessed |
SharePoint Restricted Search
GA Feature
SharePoint Restricted Search is generally available for Microsoft 365 Copilot customers. This feature provides a positive governance model by specifying an allowed list of SharePoint sites for AI agent grounding.
SAM Licensing Included with Copilot
SharePoint Advanced Management (SAM) features used in this control (RCD, Restricted Search, Data Access Governance reports) are included with Microsoft 365 Copilot licenses — no separate add-on purchase is required. The only SAM feature requiring a separate add-on is Restricted Site Creation.
SharePoint Restricted Search (RSS) implements a positive governance model for controlling which content AI agents can access for grounding. Unlike Restricted Content Discovery (RCD) which excludes specific sites, Restricted Search allows ONLY approved sites — up to 100 maximum.
Restricted Search vs. Restricted Content Discovery
| Approach | Model | Scope | Use Case |
|---|---|---|---|
| Restricted Content Discovery (RCD) | Exclusion list (block specific sites) | Unlimited exclusions | Exclude known sensitive sites |
| Restricted Search | Allowed list (permit specific sites only) | Up to 100 sites | Strict positive governance for regulated environments |
For FSI organizations, Restricted Search is preferred for Zone 3 regulated environments because it implements a "deny by default, allow by exception" model aligned with security best practices. This approach restricts AI agents to ONLY explicitly approved content, regardless of user permissions.
AI Agent Grounding Impact
When Restricted Search is enabled, Microsoft 365 Copilot and AI agents can only ground responses on content from sites in the allowed list. All other SharePoint content becomes invisible to AI grounding, regardless of user permissions. This directly controls the "data surface area" available to AI agents.
| Agent Type | Impact of Restricted Search | Configuration |
|---|---|---|
| M365 Copilot | Grounds only on allowed sites | SharePoint Admin Center |
| Copilot Studio (SharePoint knowledge) | Subject to tenant Restricted Search settings | Inherits tenant setting |
| Agent Builder declarative agents | Grounds only on allowed sites | SharePoint Admin Center |
Key implications:
- Content outside the allowed list is never used for grounding, even if users have direct access
- The 100-site limit requires careful curation of high-value, approved content
- This control is complementary to DLP policies and sensitivity labels
100-Site Allowed List Governance
Restricted Search enforces a maximum of 100 SharePoint sites in the allowed list. Organizations must establish a governance process for managing this limited capacity:
Site Selection Criteria:
| Criterion | Zone 3 Guidance | Rationale |
|---|---|---|
| Content ownership | Clearly identified content owner | Accountability |
| Sensitivity labeling | All content labeled | Data classification |
| Access review | Quarterly access review completed | Permission hygiene |
| Content currency | Content updated within 12 months | Data quality |
| Regulatory clearance | Compliance officer approved for AI access | Regulatory alignment |
Governance Process:
- Site nomination — Content owners nominate sites with business justification
- Compliance review — Compliance officer verifies regulatory suitability
- Security assessment — Security team confirms labeling and access controls
- Approval workflow — AI Governance Lead approves addition to allowed list
- Quarterly review — Reassess all 100 sites for continued relevance
Organizations approaching the 100-site limit should prioritize authoritative, frequently accessed, compliance-approved content sources.
Prepare Now: Restricted Search Readiness
Organizations can prepare for Restricted Search implementation today:
- Audit current SharePoint site inventory for AI-relevant content
- Identify candidate sites for the 100-site allowed list based on selection criteria
- Review sensitivity labeling coverage on candidate sites (ensure all content labeled)
- Establish site nomination and approval workflow with documented decision criteria
- Document current search scopes and Copilot grounding behavior (baseline)
- Train SharePoint admins on Restricted Search configuration and PowerShell cmdlets
Regulatory Mapping: SharePoint Restricted Search helps support SEC 17a-3/4 (controlling which records AI agents can access), GLBA 501(b) (limiting AI agent data surface area to approved content), FINRA 4511 (ensuring agents cite only approved, finalized documents), and OCC 2011-12 (controlling data quality for AI-grounded responses).
Key Configuration Points
- Enable Restricted Content Discovery (RCD) on sensitive sites
- Configure SharePoint Restricted Search for Zone 3 environments to limit AI grounding to approved sites only
- Exclude all sites with "draft", "archive", or "test" in the URL
- Personal OneDrive content excluded from organizational agent grounding by default
- Implement CopilotReady metadata for positive governance (explicit opt-in)
- Document grounding scope decisions for compliance
- Establish quarterly review process for grounding scope
RCD Scope Limitation
Restricted Content Discovery (RCD) only affects Business Chat (Microsoft 365 Copilot chat at microsoft365.com/chat and in Teams). RCD does not prevent Copilot from accessing site content when users work directly within documents (e.g., summarizing a document in Word, generating slides in PowerPoint). For data-in-use protection, combine RCD with sensitivity labels and DLP policies (see Control 1.5).
Avoid Overuse of RCD
Microsoft advises against applying RCD to more sites than necessary. Excessive use degrades search quality and Copilot effectiveness across the tenant. Use RCD surgically for highly sensitive sites and rely on permissions-based access controls as the primary governance mechanism.
Technical Implementation Notes
DLP Policy Enforcement for Knowledge Sources
Power Platform DLP policies can govern Copilot Studio knowledge sources using the "Knowledge source with SharePoint and OneDrive in Copilot Studio" connector. This enables policy-based control over which SharePoint sites agents can access for grounding.
Connector Name Verification
Connector name current as of January 2026. If connector name changes, search for "Copilot Studio" in DLP policy connector list.
Configuration Steps:
- Power Platform Admin Center > Data Policies > Create new policy
- Add "Knowledge source with SharePoint and OneDrive in Copilot Studio" connector
- Configure endpoint filtering to allow or deny specific SharePoint site URLs
- Apply policy to target environments
Note: DLP enforcement must be enabled at the environment level. Makers receive immediate feedback when attempting to add blocked knowledge sources.
Endpoint Filtering
Endpoint filtering allows granular control over specific SharePoint URLs:
- Allowlist: Only specified SharePoint sites can be used as knowledge sources
- Blocklist: Specific sites (HR, Legal, M&A) are blocked from agent access
- Pattern Matching: Use wildcards to allow/block site collections (e.g.,
contoso.sharepoint.com/sites/hr-*)
Technical Limits for Copilot Studio Knowledge Sources
| Limit | Value | Impact |
|---|---|---|
| Files per Source | 500 files maximum (updated July 2025 with File Groups feature) | Large libraries require folder-based organization |
| Folders per Source | 50 folders, 10 layers deep | Limits complex hierarchical structures |
| File Size | 512 MB per file | Excludes large media or dataset files |
| Selection Batch | 15 files/folders per session | Multiple "Add knowledge" sessions required |
| Knowledge Source Count | 25 sources for generative orchestration | Agent filters sources if exceeded |
| Sync Frequency | Varies by source type: Salesforce and ServiceNow connectors sync every 4–6 hours; SharePoint knowledge sources sync automatically with a delay (verify current sync intervals in Copilot Studio documentation) | Content updates not immediately available; verify current sync behavior for SharePoint sources before deployment |
Source: Copilot Studio system limits — verify current limits before large-scale deployments.
Supported Content Types
- Modern SharePoint pages (classic ASPX pages NOT supported)
- File types: DOC/DOCX, PPT/PPTX, PDF, XLS/XLSX
- Confidential/highly confidential sensitivity labels excluded from indexing
- Password-protected documents cannot be indexed
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Personal OneDrive excluded by default; document personal site policy | Personal agents access only individual user content |
| Zone 2 (Team) | Exclude draft/archive sites; implement CopilotReady tagging; monthly review | Team agents need controlled access to shared content |
| Zone 3 (Enterprise) | Explicit approval required for indexing; sensitivity label integration; quarterly attestation | Enterprise agents require strictest content governance |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| SharePoint Admin | Configure site exclusions via RCD |
| AI Governance Lead | Define grounding scope policy and approve changes |
| Compliance Officer | Review regulatory requirements for content access |
| Content Owners | Certify sites as CopilotReady |
Related Controls
| Control | Relationship |
|---|---|
| 4.1 - Information Access Governance | Complementary: RCD excludes sites, Restricted Search allows sites |
| 1.5 - DLP and Sensitivity Labels | Content classification for grounding decisions |
| 1.14 - Data Minimization | Scope control principles |
| 2.16 - RAG Source Integrity | Knowledge source approval |
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Site inventory is completed with Copilot exclusion status documented
- Draft sites have RestrictContentOrgWideSearch = true
- Archive sites are excluded from grounding scope
- Copilot query against excluded site does not return content
- Copilot query against approved site returns content appropriately
- Quarterly review process is established and documented
Additional Resources
- Microsoft 365 Copilot data, privacy, and security
- Restrict Discovery of SharePoint Sites and Content
- Microsoft Learn: Restricted SharePoint Search
- Data Access Governance Reports
- SharePoint Advanced Management overview
Updated: February 2026 | Version: v1.2 | UI Verification Status: Current