Control 4.9: Embedded File Content Governance
Control ID: 4.9 Pillar: SharePoint Regulatory Reference: FINRA Rule 4511 (books and records), SEC Rules 17a-3/17a-4 (records retention and production), GLBA § 501(b) (safeguards rule), SOX §§ 302/404 (internal controls over financial reporting) Last UI Verified: April 2026 Governance Levels: Baseline / Recommended / Regulated
Critical FSI Compliance Risk — Information Barriers NOT Supported
Microsoft Purview Information Barriers (IB) are NOT enforced on SharePoint Embedded containers used by Agent Builder knowledge files. Any user who can access an agent can receive responses grounded in the agent's embedded file content — regardless of IB segment assignments or IB policies applied to that user's account.
This is a first-order compliance failure risk for any FSI institution with information barrier requirements between business lines (e.g., investment banking vs. sales and trading, research vs. proprietary trading, asset management vs. banking). An agent with IB-sensitive research or deal files embedded in its knowledge base will serve that restricted content to every user with agent access — silently bypassing your information barrier program.
Required actions before deploying any agent with embedded files in a regulated environment:
- Classify the business lines that can access the agent and confirm no IB wall exists between them.
- Obtain written sign-off from the Chief Compliance Officer or designated IB officer that the embedded content is IB-exempt for the entire intended user population.
- Prohibit agents with embedded files from serving users across IB-segregated segments (Zone 3 absolute control).
- Document this platform limitation in your FINRA/SEC examination file as a known, assessed, and mitigated technology constraint.
Objective
Establish governance requirements for the use of embedded file content as agent knowledge sources in Microsoft 365 Copilot, ensuring that all files uploaded to agents via Agent Builder are properly classified, their sensitivity labels are correctly applied and enforced, the critical Information Barriers gap is assessed and mitigated before deployment, container integrity is maintained, and all agents using embedded files are tracked in the enterprise agent inventory.
Why This Matters for FSI
When users configure an agent in Agent Builder and upload files as knowledge sources, those files are stored in SharePoint Embedded containers automatically created and managed by the M365 service. This creates a distinct and largely invisible data storage layer that sits outside normal SharePoint site governance, DLP channel enforcement, and — critically — Information Barriers policy scopes.
For financial services institutions, the regulatory implications are direct:
- FINRA Rule 4511 and SEC 17a-3/4 require that firms retain and produce records of communications and data used in the conduct of their business. Files embedded in agents constitute data used to generate customer-facing or employee-facing responses; they must be inventoried, retained, and producible.
- GLBA § 501(b) requires firms to implement administrative, technical, and physical safeguards to protect customer information. Files containing customer PII or account data embedded in an agent become accessible to any agent user — a significant safeguard failure without compensating controls.
- SOX §§ 302/404 require management to maintain and attest to effective internal controls over financial reporting. An agent that can serve restricted financial or legal documents to users without authorization undermines the access control assertions in the SOX compliance posture.
- Information Barrier rules enforced by FINRA and the SEC require firms to maintain information walls between certain business lines. The IB gap in embedded file containers can invalidate those walls if not specifically assessed and addressed.
FINRA examination teams increasingly review AI and automated system configurations as part of technology risk reviews. Maintaining a documented control posture for embedded file agents — including evidence of IB assessments and container audits — is examination-ready practice.
Control Description
| Attribute | Detail |
|---|---|
| Control Type | Preventive / Detective |
| Enforcement Mode | Policy + Administrative procedure |
| Platform Scope | Microsoft 365 Copilot Agent Builder (embedded file knowledge sources) |
| Container Type | SharePoint Embedded containers (application: "Declarative Agent") |
| Availability Status | Generally Available — IB support: NOT available (as of April 2026) |
| Admin Portal | M365 Admin Center › Copilot › Agents › All Agents; SharePoint Admin Center |
| Primary Risk | IB wall bypass via embedded knowledge files; uncontrolled customer data exposure |
| Baseline Requirement | Identify all embedded file agents; ensure sensitivity labels present |
| Recommended Requirement | IB assessment before upload; default label policy configured; quarterly audit |
| Regulated Requirement | Zone 3 prohibition or compliance sign-off; container audit log; agent inventory entry |
What Embedded File Content Is
When an agent author uploads files as knowledge sources using Agent Builder in M365 Copilot, the platform:
- Creates a SharePoint Embedded container scoped to that agent, owned by the tenant.
- Stores the uploaded files in that container. Copilot uses only the text content of the files for grounding agent responses.
- Labels the container with a sensitivity label derived from the most restrictive label of all uploaded files, or from the tenant's default sensitivity label policy if files are unlabeled.
- Associates the container with the application name "Declarative Agent" — visible in SharePoint Admin Center and via PowerShell.
Containers are created automatically. They persist independently of the agent record. If the agent is deleted via the M365 Admin Center agent deletion workflow, associated files are deleted; however, the container itself is not automatically removed. Manually deleting a container outside of this workflow will break the agent.
Supported File Types and Size Limits
| File Format | Maximum Size |
|---|---|
| .docx | 512 MB |
| .pptx | 512 MB |
| 512 MB | |
| .doc | 150 MB |
| .ppt | 150 MB |
| .xls / .xlsx | 150 MB |
| .txt | 150 MB |
| .csv | 150 MB |
Maximum files per agent: 20. Files exceeding size limits are rejected at upload time and are not grounded.
Sensitivity Label Behavior
| Condition | Behavior |
|---|---|
| Agent created via Agent Builder AND files embedded | Service applies sensitivity label based on most restrictive label of all uploaded files |
| Unlabeled files uploaded | Default sensitivity label policy applied (if configured); otherwise no label assigned |
| User lacks extract rights to the applied label | User cannot access the agent — access is blocked |
| Admin review | Sensitivity label visible in Agent Overview tab in M365 Admin Center |
| Label applies only when | Agent created via Agent Builder AND agent includes embedded files |
Unlabeled Files Are a Compliance Gap
If a default sensitivity label policy is not configured and users upload unlabeled files, the container may have no sensitivity label. This means no access restriction via label and no automatic classification signal. Configure a default label policy in Microsoft Purview before permitting any embedded file uploads.
Key Configuration Points
| Configuration Action | Portal Path | Priority |
|---|---|---|
| Identify all agents using embedded files | M365 Admin Center › Copilot › Agents › All Agents › filter "Embedded files" | Immediate |
| Review sensitivity labels on embedded files | M365 Admin Center › Copilot › Agents › [Agent] › Overview tab › Sensitivity label | Immediate |
| Review file metadata (name, sensitivity, container ID) | M365 Admin Center › Copilot › Agents › [Agent] › Data & tools tab | Immediate |
| Audit all Declarative Agent containers in SharePoint | SharePoint Admin Center › filter application "Declarative Agent" | Immediate |
| Configure default sensitivity label policy for unlabeled files | Microsoft Purview › Information Protection › Label policies › Default label | High |
| Establish IB assessment workflow before file uploads (Zone 2/3) | Internal procedure + agent inventory Control 3.1 | High |
| Alert on new Declarative Agent container creation | SharePoint Admin Center or PowerShell monitoring | Recommended |
| Establish pre-upload file review process (Zone 2/3) | Internal procedure + manager approval workflow | Recommended |
| Log embedded file agents in agent inventory | Control 3.1 — Agent Inventory with IB assessment status field | Required (Regulated) |
| Quarterly container and sensitivity label audit | Scheduled administrative review cycle | Required (Regulated) |
Container Deletion Is Irreversible Without Recovery Action
Never delete a SharePoint Embedded container associated with an active agent. Doing so immediately breaks the agent and its file knowledge sources. If a container is accidentally deleted, attempt recovery from the SharePoint recycle bin before the 93-day retention window expires. The correct agent retirement workflow is: delete the agent via M365 Admin Center — this removes associated files and triggers the appropriate container cleanup.
Zone-Specific Requirements
| Zone | Use Case | Embedded File Permission | Requirements |
|---|---|---|---|
| Zone 1 — Personal productivity | Individual user agents | Permitted with restrictions | User must review all files for sensitivity before upload. Document file contents in agent metadata. Maximum classification: Internal Use. No customer-facing data. No files crossing IB boundaries. |
| Zone 2 — Team / departmental | Team-scoped agents | Permitted with controls | Sensitivity label required on all uploaded files before upload. Maximum classification: Internal / Confidential (non-IB-restricted). Manager must approve file selection before upload. No files that cross information barrier boundaries. Pre-upload review workflow required. |
| Zone 3 — Enterprise / cross-segment | Org-wide or multi-segment agents | PROHIBITED (default) | Embedded files are prohibited for any agent serving users across IB-segregated business segments. Exception path: Content must be formally classified as IB-exempt for the entire agent user population with written sign-off from the Chief Compliance Officer or designated IB officer. Quarterly container audit required. All embedded file agents logged in Control 3.1 agent inventory with IB assessment record attached. |
Zone 3 Absolute Control
No agent serving users across information barrier segments may use embedded file knowledge sources unless the compliance officer has provided documented written certification that all embedded content is IB-exempt for every user in the agent's access scope. This certification must be renewed annually or whenever the agent's user population or file set changes. Store certifications in your examination-ready compliance file.
Roles & Responsibilities
| Role | Responsibilities |
|---|---|
| Agent Author / Owner | Review all files for sensitivity classification before upload. Ensure no IB-restricted content is included. Complete pre-upload checklist for Zone 2/3. Notify Compliance of any files above Internal classification. |
| Manager / Team Lead | Approve file selection for Zone 2 agents before upload. Verify no IB wall exists between the agent's user population and the content owners of the embedded files. |
| SharePoint Admin | Maintain default sensitivity label policy. Configure container creation alerts. Execute quarterly container audits via SharePoint Admin Center and PowerShell. Never delete containers outside of proper agent deletion workflow. |
| Compliance Officer / IB Officer | Assess IB implications of embedded file agents in Zone 2 and Zone 3. Provide written sign-off for any Zone 3 exception. Review quarterly audit results. Maintain IB platform limitation in examination file. |
| Information Security | Monitor for unlabeled containers. Escalate sensitivity label gaps. Validate that label-based access blocking is functioning for users without extract rights. |
| Internal Audit | Verify quarterly audit completion and documentation. Test IB bypass scenario as documented known limitation. Confirm agent inventory completeness per Control 3.1. |
Related Controls
| Control ID | Title | Relationship |
|---|---|---|
| 1.2 | Agent Registry | Agent registry must include embedded file status and IB assessment record for all applicable agents |
| 1.5 | DLP and Sensitivity Labels | Governs the label policies that determine sensitivity label assignment on embedded file containers |
| 1.7 | Audit Logging | Audit log entries for agent access and embedded file grounding events must be retained per regulatory requirements |
| 1.22 | Information Barriers for AI Agents | Authoritative control for IB policy framework; Control 4.9 documents the specific embedded file exception to IB enforcement |
| 3.1 | Agent Inventory | All agents with embedded files must be registered with file metadata, sensitivity labels, and IB assessment status |
| 4.3 | Site and Document Retention Management | Retention requirements apply to embedded files as business records subject to FINRA 4511, FINRA 25-07 / SEC 17a-4 |
| 4.4 | Guest and External User Access Controls | Where agents with embedded files are shared externally, guest access controls help limit cross-tenant exposure of embedded content |
Implementation Playbooks
| Playbook | Description | Audience |
|---|---|---|
| Portal Walkthrough | Step-by-step M365 and SharePoint Admin Center procedures for identifying, reviewing, and auditing embedded file agents | M365 Administrators, Compliance Officers |
| PowerShell Setup | PowerShell scripts to query all Declarative Agent containers, export embedded file inventories with sensitivity labels, and configure monitoring alerts | SharePoint Administrators, IT Operations |
| Verification Testing | Test procedures to confirm filter visibility, sensitivity label enforcement, IB bypass documentation, and agent inventory completeness | Compliance Officers, Internal Audit, Security Teams |
| Troubleshooting | Remediation guidance for common issues: agent not appearing in embedded files filter, sensitivity label not applying, broken container recovery, IB bypass documentation | M365 Administrators, Compliance Officers |
Verification Criteria
The following criteria constitute evidence of control effectiveness for FINRA/SEC examination purposes:
| # | Criterion | Evidence Type | Frequency |
|---|---|---|---|
| 1 | All agents with embedded files identified via M365 Admin Center "Embedded files" filter | Admin Center screenshot or exported agent list | Quarterly |
| 2 | Sensitivity labels applied to all embedded file containers (verified in agent Overview tab) | Sensitivity label field populated for 100% of embedded file agents | Quarterly |
| 3 | IB assessment completed and documented for all embedded file agents in Zone 2 and Zone 3 | Written IB assessment records in agent inventory (Control 3.1) | At agent creation; reviewed quarterly |
| 4 | Zone 3 embedded file prohibition enforced, or compliance officer sign-off documented for any exception | Prohibition enforcement confirmation OR signed exception certificate | At agent creation; annual renewal |
| 5 | Quarterly container audit completed and results logged | Audit report from SharePoint Admin Center and/or PowerShell export | Quarterly |
| 6 | No containers deleted outside of proper agent deletion workflow | Container count reconciliation — no orphaned or broken containers | Quarterly |
| 7 | Agent inventory (Control 3.1) includes embedded file metadata for all applicable agents | Inventory completeness check: file names, sensitivity labels, container IDs, IB assessment status | Quarterly |
| 8 | Default sensitivity label policy configured and verified to apply to unlabeled uploaded files | Microsoft Purview label policy configuration screenshot; test upload of unlabeled file confirming label assignment | At initial configuration; verified semi-annually |
FINRA/SEC Examination Readiness
Examiners reviewing AI/technology governance may request evidence that your firm has assessed the capabilities and limitations of AI systems used in the conduct of your business. The IB platform limitation documented in this control — Microsoft's current non-support for Information Barriers on SharePoint Embedded containers — must be present in your examination file with evidence of how the firm assessed and mitigated the risk (Zone 3 prohibition, IB-exempt content certification, or documented agent scope restriction). Absence of this documentation in the face of an IB incident would be an aggravating factor in an examination finding.
Additional Resources
- Microsoft Learn: Upload files as a knowledge source (Copilot Studio)
- Microsoft Learn: Agent Registry in the Microsoft 365 admin center
- Microsoft Learn: SharePoint Embedded overview
- Microsoft Learn: Sensitivity labels — Microsoft 365 Copilot
- Microsoft Purview: Information Protection label policies
- FINRA Rule 4511 — General Requirements
- SEC Rule 17a-4 — Records retention requirements
- Control 1.22 — Information Barriers for AI Agents
- Control 3.1 — Agent Inventory
Updated: April 2026 | Version: v1.4.0 | UI Verification Status: Current