Control 4.7: Microsoft 365 Copilot Data Governance
Control ID: 4.7
Pillar: SharePoint
Regulatory Reference: SEC 17a-3/4, SEC Regulation S-P (May 2024 amendments), GLBA 501(b) and FTC Safeguards Rule 16 CFR §314.4(c)(5), FINRA 3110, FINRA 4511, FINRA 25-07, SOX 302/404, NYDFS 23 NYCRR 500 §500.12, OCC 2011-12, Fed SR 11-7
Last UI Verified: March 2026
Governance Levels: Baseline / Recommended / Regulated
Objective
Establish governance controls for Microsoft 365 Copilot data access, oversharing reduction, label/DLP enforcement, auditability, retention, and records lifecycle across Microsoft Graph-grounded experiences, Copilot Chat, Copilot Pages, and Copilot Notebooks. This control helps administrators reduce accidental exposure of regulated data while preserving examination-ready evidence for FINRA, SEC, GLBA, SOX, and bank-model-risk reviews. For Copilot Studio agent data flows, see Controls 4.6 (grounding scope), 1.14 (data minimization), and 4.8 (item-level permission scanning).
Why This Matters for FSI
- SEC 17a-3 / 17a-4: If Microsoft 365 Copilot prompts, responses, Pages, Notebooks, or grounded outputs constitute business communications or records, firms must be able to preserve and produce them. Usage analytics alone are not enough — audit, retention, and eDiscovery posture must be part of the design.
- FINRA Rules 4511 and 3110 + Regulatory Notice 25-07: Firms must supervise AI-enabled workflows and retain books-and-records in a way that supports examiner reconstruction of what happened, who had access, and what data was surfaced.
- SEC Regulation S-P (May 2024 amendments): Oversharing or unauthorized disclosure of customer information through Copilot can trigger incident-response and customer-notification obligations (30-day clock). Data-governance controls help reduce that exposure path.
- GLBA 501(b) / FTC Safeguards Rule 16 CFR §314.4(c)(5): Least-privilege access, data classification, and leakage-prevention controls are required to safeguard customer information surfaced through AI assistants.
- NYDFS 23 NYCRR 500 §500.12 (effective Nov 1, 2025): Universal MFA and continuous monitoring requirements apply to access pathways that surface NPI, including Copilot grounding flows.
- SOX 302 / 404: Copilot-generated drafts or summaries used in finance, legal, or executive workflows must stay within documented control boundaries and review processes.
- OCC 2011-12 / Fed SR 11-7: M365 Copilot amplifies data-quality and access-governance weaknesses. Administrators should manage oversharing, provenance, and retention as part of the model-risk operating environment.
No companion solution by design
Not all controls have a companion solution in FSI-AgentGov-Solutions; solution mapping is selective by design. This control is operated via native Microsoft admin surfaces and verified by the framework's assessment-engine collectors. See the Solutions Index for the catalog and coverage scope.
Control Description
This control establishes the data-governance posture for Microsoft 365 Copilot. For FSI organizations, the practical design goal is not merely "turn Copilot on safely" but to manage what can be discovered, what can be processed, what must be retained, and what evidence can be produced if Compliance, Legal, or examiners ask questions.
| Capability | April 2026 posture |
|---|---|
| Restricted SharePoint Search (RSS) | GA, but explicitly a short-term oversharing-remediation control with a 100-site allowed-list limit; not a security boundary |
| Restricted Content Discovery (RCD) | GA site-level exclusion from org-wide search / Copilot discovery scenarios; does not change permissions; does not apply to OneDrive |
| Purview DLP for Microsoft 365 Copilot | Use sensitivity labels as DLP conditions and evaluate prompts/responses; block-by-label protection is available/rolling — verify tenant rollout and supported workload coverage before treating as primary control |
| Sensitivity labels / encryption | Copilot respects existing permissions and protection; encrypted content generally requires VIEW + EXTRACT rights to be returned by AI apps |
| Endpoint DLP for Copilot (Edge) | Extends protection to local/device files and helps govern paste/upload into Copilot web surfaces; non-Edge browsers (Chrome, Firefox, Safari) are a documented gap as of early 2026 |
| Copilot Pages / Notebooks lifecycle | Stored in SharePoint Embedded with retention/eDiscovery support and important limitations (manual hold per container, label parity Pages-only, no notebook recycle bin, Information Barriers not supported) |
| Audit + eDiscovery | Required to make the control examination-ready; see Controls 1.7 and 1.19 |
| Residency / subprocessor governance | Interaction data is stored at rest in the relevant region; flex-routing (EU/EFTA) and Anthropic settings require explicit review where applicable |
| Connected Apps / declarative agents (formerly "plugins") | Inventory and approve via Agent Registry — see Control 1.2 |
License Requirements
| Capability | Required SKU / Condition | Notes |
|---|---|---|
| Microsoft 365 Copilot | Microsoft 365 Copilot license | Required for in-scope Copilot users and full first-party Copilot governance scenarios |
| Restricted Content Discovery / DAG reports / RSS | Microsoft 365 Copilot entitlement or standalone SharePoint Advanced Management | Verify current tenant eligibility and rollout |
| Purview DLP + sensitivity labels | Purview licensing appropriate to your M365 SKU / compliance add-ons | Required for label-based data protection posture |
| Purview Audit / eDiscovery | Microsoft 365 E5 / E5 Compliance or applicable add-on for advanced features | Required for evidence, investigation, and hold workflows |
| Endpoint DLP for Copilot (Edge integration) | M365 E5 / E5 Compliance / Endpoint DLP add-on | Edge required for Copilot-on-web coverage; non-Edge browsers are a documented gap |
| Copilot Pages / Notebooks governance | Microsoft 365 Copilot + applicable SharePoint / Purview controls | Stored in SharePoint Embedded and follows its compliance model |
Re-verify SKU and feature entitlement at deploy time against the live Microsoft Learn licensing guidance and your tenant Message Center.
Oversharing controls are not security boundaries
Restricted SharePoint Search (RSS) and Restricted Content Discovery (RCD) help reduce accidental discovery risk, but they do not change permissions and do not guarantee that content will never surface. Recently accessed, shared, or owned content can still appear in some Copilot/search experiences. For regulated use, pair these controls with permissions hygiene, sensitivity labels, DLP, audit, and eDiscovery.
Sovereign Cloud Parity (verify at deploy time)
| Capability | Commercial | GCC | GCC High | DoD |
|---|---|---|---|---|
| Microsoft 365 Copilot | GA | GA | GA / verify feature gaps | GA / verify feature gaps |
| RSS / RCD / DAG reports | GA | Rolling / verify | Rolling / verify | Rolling / verify |
| Purview DLP for Copilot | GA / rolling by feature | Verify rollout | Verify rollout | Verify rollout |
| Endpoint DLP for Copilot (Edge) | GA | Verify | Verify | Verify |
| Copilot Pages / Notebooks | Verify per service description | Verify | Verify | Verify |
| Anthropic subprocessor | Available in commercial (regional caveats apply) | Not available | Not available | Not available |
Do not assume commercial-feature parity in sovereign clouds. Validate the live service description and tenant Message Center before relying on a control as primary evidence.
Key Configuration Points
- Inventory all licensed Copilot users, high-risk business units, and regulated use cases before rollout.
- Run Data Access Governance (DAG) reports and remediate EEEU (Everyone Except External Users), broad-sharing, and stale-permission findings before enabling Copilot at scale.
- Use Restricted SharePoint Search (RSS) only as a temporary remediation lever when oversharing risk is not yet cleaned up; document a time-boxed exit plan.
- Enable Restricted Content Discovery (RCD) on the highest-risk SharePoint sites (executive, legal, HR, M&A, regulatory response, board materials), while recognizing that RCD does not revoke underlying access permissions.
- Configure Purview DLP for Microsoft 365 Copilot using sensitivity labels as conditions and verify label-based blocking behavior in your tenant for the workloads you actually use (prompt-side and response-side evaluation).
- Pair cloud DLP with Endpoint DLP so labeled files opened locally in Word, Excel, and PowerPoint remain in scope of governance and exfiltration controls; enforce Edge for Copilot web surfaces via Conditional Access where Endpoint DLP coverage matters.
- Enable and publish sensitivity labels for SharePoint and OneDrive and confirm that encryption / usage-right posture supports the intended Copilot user population.
- Configure Cloud Policy / admin controls for Copilot Pages and Copilot Notebooks. If your firm cannot yet support the SharePoint Embedded lifecycle and recordkeeping caveats, disable creation for regulated populations.
- Define retention, eDiscovery, and hold procedures for Copilot interactions, Pages, and Notebooks. Reconcile retention scope across the chat thread (mailbox), Pages (OneDrive / SharePoint Embedded), and Notebooks (SharePoint Embedded). Do not rely on usage analytics alone for books-and-records obligations.
- Enable Purview Audit and join audit evidence with DLP and eDiscovery results for supervisory review and incident reconstruction.
- Publish acceptable-use rules, but treat them as a supplementary control — not a substitute for technical governance.
- Review AI subprocessors, flex routing, and sovereign-cloud feature parity during change-control or quarterly governance cadence.
- Inventory Connected Apps / declarative agents via the Agent Registry (see Control 1.2) — prior "plugin governance" terminology has been retired.
Anthropic Subprocessor / Residency Review (April 2026)
- Anthropic models are now governed under Microsoft's Product Terms and DPA when enabled through Microsoft offerings.
- Anthropic is enabled by default for most commercial tenants, but disabled by default in EU/EFTA and UK and not available in government clouds (GCC, GCC High, DoD).
- Anthropic models are out of scope for EU Data Boundary and in-country processing commitments.
- Copilot interaction content is stored at rest in the tenant's relevant region, but eligible EU/EFTA tenants can also have flex routing configured for inferencing during peak demand.
- Microsoft does not share customer data with Anthropic for model training; built-in content filtering is operated by Anthropic.
- For US FSI tenants with cross-border data restrictions, the Anthropic addition is the principal item to flag in vendor-risk registers and DPIA / TPRM updates.
- Bing web grounding (web-search toggle) sends prompt fragments to Bing's commercial backend independently of Copilot's substrate processing. Disable for tenants that cannot tolerate prompt egress to a search backend.
FSI Third-Party Risk / Residency Action Required
For regulated or residency-sensitive deployments, review Anthropic settings, flex-routing settings, and cloud-specific service availability before production rollout. Document the result in the firm's AI governance register and third-party risk register. Track subprocessor changes at Microsoft Copilot AI Subprocessor.
Technical Implementation Notes
Permission Hygiene Prerequisite
Critical: Organizations must audit and remediate over-permissioning before deploying Microsoft 365 Copilot. Copilot operates under a strict permission inheritance model where it only accesses data the user is already authorized to access. However, Copilot's discovery capabilities amplify existing permission issues by making previously obscure but technically accessible content more discoverable.
Pre-deployment requirements:
- Run DAG "Content Shared with EEEU" report and remediate all findings
- Review Site Permissions for Users report for all pilot users
- Audit broken permission inheritance using SharePoint Admin Center
- Bulk disable risky "Anyone" sharing links
EEEU Risk (Everyone Except External Users)
Content shared with "Everyone Except External Users" (EEEU) represents the highest-priority remediation target:
- EEEU grants access to all internal users, including new hires and contractors
- Copilot can surface EEEU content to any licensed user who asks relevant questions
- Financial institutions often have EEEU content containing sensitive information from legacy migrations
Recommendation: Run the EEEU report monthly and treat all findings as critical remediation items.
Discovery Amplification
Copilot does not bypass permissions but significantly enhances content discoverability:
| Without Copilot | With Copilot |
|---|---|
| User must know where to look | Natural language queries find relevant content |
| Content buried in deep folder structures remains obscure | All accessible content surfaces based on relevance |
| Oversharing rarely discovered until incident | Oversharing becomes immediately apparent |
This amplification effect means that pre-existing permission gaps that may have been "acceptable" due to obscurity become material risks with Copilot deployment.
No Elevated Access
Microsoft 365 Copilot does not have superuser, service-level, or elevated credentials:
- Copilot queries Microsoft Graph using the signed-in user's identity.
- Semantic Index and Microsoft Graph results are filtered by the user's existing permissions.
- Conditional Access and MFA policies apply to the user session that invokes Copilot.
- Label-based protection is honored, including encryption and usage rights; for protected content, the user generally needs the required rights (such as VIEW and EXTRACT) for AI apps to return the content.
- Purview DLP for Microsoft 365 Copilot can enforce label-based restrictions for supported scenarios, but admins should verify current tenant rollout and workload coverage before relying on it as a sole control.
- Endpoint DLP remains relevant for local files and device-side exfiltration scenarios and should be deployed alongside cloud controls. Note that Endpoint DLP coverage of Copilot web surfaces requires Microsoft Edge; Chrome, Firefox, and Safari are documented coverage gaps as of early 2026.
Zone-Specific Requirements
| Zone | Requirement | Rationale |
|---|---|---|
| Zone 1 (Personal) | Baseline permissions review, acceptable-use guidance, and retention policy for Copilot interactions; avoid customer NPI / MNPI use unless labels and DLP are already in place | Lower-risk personal productivity still creates discoverable business content |
| Zone 2 (Team) | Monthly DAG review, RCD on highest-risk sites, Purview DLP + sensitivity labels verified for shared-document workflows, audit enabled, and documented review process for Copilot-generated shared outputs | Shared content and collaboration increase oversharing and records risk |
| Zone 3 (Enterprise / regulated) | RSS only as a time-boxed remediation control; RCD on high-risk sites; label coverage and DLP enforcement validated; Endpoint DLP on managed devices with Edge enforcement for Copilot web; audit + eDiscovery + retention evidence collected; Copilot Pages / Notebooks disabled or exception-only until the firm accepts SharePoint Embedded lifecycle limitations | Highest-risk population requires technical controls plus examination-ready evidence |
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| AI Administrator | Day-to-day Copilot settings, feature access, and tenant Copilot governance configuration; preferred over broad Global Admin access where possible |
| SharePoint Admin | Configure RSS / RCD / DAG reports and remediate oversharing issues in SharePoint content sources |
| Purview Compliance Admin | Configure Copilot-related DLP, audit, supervisory, and eDiscovery posture |
| Purview Info Protection Admin | Publish and tune sensitivity labels and label policies for documents used with Copilot |
| Purview Records Manager | Align retention, records, legal-hold, and defensible-disposal requirements for Copilot interactions, Pages, and Notebooks |
| Endpoint Security Admin / Intune Admin | Configure Endpoint DLP policy and Edge enforcement for Copilot web surfaces on managed devices |
| eDiscovery Manager | Production of Copilot interactions, Pages, and Notebooks in response to legal/regulatory requests (Control 1.19) |
| Designated Supervisor / Registered Principal | FINRA 3110 supervisory sign-off for Copilot-generated business communications and recordkeeping-scope use |
| Vendor / Third-Party Risk Manager | Anthropic subprocessor monitoring and ongoing review per OCC 2011-12 / interagency third-party guidance |
| Compliance Officer | Approve regulated-use posture, review residual risk, and validate supervisory requirements for FINRA / SEC / Reg S-P alignment |
| CISO | Risk acceptance for Anthropic subprocessor, sovereign-cloud parity gaps, and Zone 3 enforcement posture |
| AI Governance Lead | Own the cross-control operating model, governance cadence, and exception process |
Related Controls
| Control | Relationship |
|---|---|
| 1.5 - DLP and Sensitivity Labels | Primary label / DLP control plane for Microsoft 365 Copilot data protection |
| 1.7 - Comprehensive Audit Logging and Compliance | Audit evidence plane for Copilot interactions, DLP events, and supervisory review |
| 1.19 - eDiscovery for Agent Interactions | Preservation, legal hold, and production of Copilot interactions and related evidence |
| 1.21 - Adversarial Input Logging | Prompt-injection and suspicious-interaction evidence should feed the same Copilot governance and review workflows |
| 4.5 - Security & Compliance Monitoring | Operational monitoring via DAG, SharePoint Advanced Management, and related reporting |
| 4.6 - Grounding Scope Governance | Governs RSS / RCD and the SharePoint grounding corpus used by Copilot |
| 4.8 - Item-Level Permission Scanning | Extends oversharing validation from site level to file/folder level |
| 4.9 - Embedded File Content Governance | Covers SharePoint Embedded, embedded file knowledge, lifecycle, and information-barrier caveats most relevant to Pages / Notebooks style storage |
| 3.8 - Copilot Hub | Usage analytics and governance reporting for Copilot adoption and oversight |
Note: This control focuses on Microsoft 365 Copilot and Copilot Studio agents. For SharePoint Premium (document intelligence and content understanding scenarios), consult Microsoft's dedicated SharePoint Premium governance documentation.
Implementation Playbooks
Step-by-Step Implementation
This control has detailed playbooks for implementation, automation, testing, and troubleshooting:
- Portal Walkthrough — Step-by-step portal configuration
- PowerShell Setup — Automation scripts
- Verification & Testing — Test cases and evidence collection
- Troubleshooting — Common issues and resolutions
Verification Criteria
Confirm control effectiveness by verifying:
- Copilot licenses are inventoried with assigned users documented and reconciled to in-scope business units.
- DAG / oversharing review completed for pilot and production populations, including remediation of EEEU, Anyone links, and other broad-sharing findings.
- RSS / RCD behavior validated in the tenant, with admins documenting the key caveat that recently accessed/shared/owned content can still surface via some Copilot/search experiences.
- Purview DLP for Microsoft 365 Copilot is configured and a labeled test document in Word / Excel / PowerPoint demonstrates the expected block or restriction behavior for the tenant's current rollout state (prompt-side and response-side).
- Sensitivity-label encrypted content is verifiably blocked from Copilot grounding via a synthetic test (negative test).
- Endpoint DLP on managed devices prevents or alerts on local handling / exfiltration of in-scope labeled files used with Copilot, and the non-Edge browser coverage gap is documented as a compensating control.
- Purview Audit shows relevant
CopilotInteractionand DLP governance events and the evidence is retained per the approved policy (Control 1.7). - eDiscovery / retention posture is validated for Copilot-related content, including Pages / Notebooks where used, and legal/compliance staff can place or document required holds (Control 1.19).
- Copilot Pages / Notebooks lifecycle is documented, including manual hold process per container, SharePoint Embedded storage model, notebook recycle-bin limitation, label-parity gap (Pages only), and any restrictions or disablement for regulated populations.
- Retention reconciliation across surfaces: Copilot chat thread (mailbox hidden folder), Pages (OneDrive / SharePoint Embedded), and Notebooks (SharePoint Embedded) all have retention policies aligned to SEC 17a-4(f) recordkeeping scope (Control 1.9).
- Residency / subprocessor settings (including Anthropic where applicable, and flex routing for EU/EFTA tenants) are reviewed and documented in governance records.
- Sovereign-cloud parity confirmed for the deployment cloud — feature gaps documented as compensating controls or risk acceptances on file with the CISO.
- Bing web-grounding toggle posture is documented per zone (enabled / disabled / restricted).
- Connected Apps / declarative agents inventoried via Agent Registry (Control 1.2) and approved per governance workflow.
- Zone 3 exception handling exists for any use case involving regulated data, high-risk departments, or unresolved platform limitations.
- Cross-control evidence package includes screenshots / exports from SharePoint Admin, Purview, Audit, and eDiscovery sufficient for Internal Audit or regulatory response.
Additional Resources
- Microsoft 365 Copilot data, privacy, and security
- Data Residency for Microsoft 365 Copilot and Copilot Chat
- Flex routing (EU and EFTA)
- Restricted Content Discovery
- Restricted SharePoint Search
- Use Microsoft Purview to mitigate and manage AI risks
- Use sensitivity labels as conditions in DLP policies
- Summary of governance, lifecycle, and compliance capabilities for Copilot Pages and Copilot Notebooks
- Understand Microsoft U.S. government cloud environments for Microsoft 365 Copilot
- Microsoft Copilot AI Subprocessor / Anthropic guidance
- ISO 42001 AI Management System Certification — Microsoft has achieved ISO 42001 certification as the operator of Microsoft 365 Copilot. This certification covers Microsoft's service operations and does not transfer to customer governance or use cases.
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current