Configuration Hardening Baseline
Status: May 2026 - FSI-AgentGov v1.6.2 Related Controls: 1.1, 1.7, 1.8, 1.18, 1.27, 2.1, 2.22, 3.7, 3.8
Purpose
This playbook consolidates security-critical configuration settings across Power Platform, Microsoft Copilot Studio, and the Microsoft 365 admin center into a single reviewable hardening baseline. It enables FSI organizations to proactively verify their configuration posture across agent authentication, audit logging, content moderation, RBAC, environment governance, and AI feature access — addressing the settings most commonly flagged by security posture assessments.
Applies to: All zones; baseline settings apply organization-wide, with stricter requirements for Zone 2/3 environments.
Problem Statement
Financial services organizations face continuous configuration drift risk across dozens of inter-related settings spanning multiple admin portals. Native PPAC security recommendations cover a subset of these settings, but critical agent-level configurations (authentication mode, content moderation level, AI feature toggles, connected agent access) are not surfaced in native posture scoring and require manual verification.
Key challenges:
- Settings span multiple portals — PPAC, Copilot Studio, M365 Admin Center, Entra ID
- No native aggregated view — each setting must be checked individually
- Configuration drift between reviews — settings may change between weekly/monthly review cycles
- Audit evidence collection — manual screenshots and attestation forms for each setting
Master Configuration Hardening Checklist
Automation Feasibility
- Automated — Fully queryable via Power Platform Admin Connector or Dataverse API; validated by
Invoke-HardeningBaselineCheck.ps1 - Semi-Automated — Queryable via Copilot Studio Management API or PPAC REST API (limited GA availability); may require emerging API access
- Manual Attestation — No API access currently; requires portal screenshot and attestation record
Agent Authentication and Access (Control 1.1)
| # | Setting | Portal Path | Expected Value (Zone 2/3) | Severity | Automation |
|---|---|---|---|---|---|
| 1 | Agent authentication mode | Copilot Studio > Agent > Settings > Security (Configure authentication options) | Authentication mode is not No authentication | High | Semi-Automated |
| 2 | Authentication mode selection | Copilot Studio > Agent > Settings > Security (Configure authentication options) | Authentication mode is Authenticate with Microsoft or Authenticate manually | High | Semi-Automated |
| 3 | Authentication prompt timing | Copilot Studio > Agent > Settings > Security (Configure authentication options) | Validate the current prompt-timing label in your tenant before attesting; do not rely on legacy Always / As Needed wording | High | Manual Attestation |
| 4 | Agent sharing scope | Copilot Studio > Agent > Channels (Share an agent in Copilot Studio) | Share only with Copilot Readers or approved security groups (not Anyone) | High | Semi-Automated |
| 5 | Publish bots with AI features | PPAC > Tenant Settings | Disabled (until governance review) | High | Automated |
| 6 | Unapproved shared agents blocked | Microsoft 365 admin center > Copilot > Agents (Manage agents in M365 admin center) | Blocked | High | Semi-Automated |
Automated Validation Available
Items 1–6 can now be validated using Test-AgentAuthConfiguration.ps1, which reads per-agent authentication configuration via BAP/PPAC REST endpoints and validates all 6 SSPM items with zone-based logic, drift detection, and SHA-256 evidence export.
Script Location: scripts/governance/Test-AgentAuthConfiguration.ps1
Audit Logging (Control 1.7)
| # | Setting | Portal Path | Expected Value | Severity | Automation |
|---|---|---|---|---|---|
| 7 | Environment-level auditing | PPAC > Environment > Settings > Audit and logs | "Start Auditing" enabled | High | Automated |
| 8 | Audit log retention period | PPAC > Environment > Settings > Audit and logs > Audit settings > "Retain these logs for" (Manage Dataverse auditing) | ≥ 180 days (Zone 1), ≥ 365 days (Zone 2), ≥ 730 days (Zone 3) | High | Automated |
| 9 | Tenant-wide Power Platform audit visibility | Microsoft Purview portal > Audit (Audit in Purview portal) | Audit searches return Power Platform activity for the required environments | Medium | Semi-Automated |
Content Moderation (Control 1.27)
| # | Setting | Portal Path | Expected Value (Zone 2/3) | Severity | Automation |
|---|---|---|---|---|---|
| 10 | Agent-level content moderation slider (5 positions: Lowest / Low / Medium / High / Highest) | Copilot Studio > Agent > Settings > Generative AI > Content moderation (Content moderation in Copilot Studio) | High (Highest for highest-risk Zone 3) | High | Manual Attestation |
Two distinct moderation surfaces. Item 10 above is the agent-level slider (5 positions, governed by Control 1.8 runtime protection). The separate per-prompt slider (3 positions: Low / Moderate / High) inside the prompt builder is governed by Control 1.27; it is configured independently and is not represented by a single tenant-wide value, so it is reviewed under the 1.27 implementation playbook rather than this baseline.
RBAC and Agent Governance (Control 1.18)
| # | Setting | Portal Path | Expected Value | Severity | Automation |
|---|---|---|---|---|---|
| 11 | Agent action user consent | Copilot Studio > Agent > Actions | "Ask the user before running this action" enabled for all actions | High | Manual Attestation |
| 12 | Connected agent access | Copilot Studio > Agent > Settings > Agents (Connected agents) (Add other agents overview) | Disabled unless explicitly approved | High | Manual Attestation |
| 13 | Environment admin count | PPAC > Environment > Settings > Users + permissions > Application users / Roles (Manage application users in the Power Platform admin center) | < 10 System Administrators per environment | Medium | Semi-Automated |
Environment Provisioning (Control 2.1)
| # | Setting | Portal Path | Expected Value | Severity | Automation |
|---|---|---|---|---|---|
| 14 | Environment creation restriction | PPAC > Tenant settings > Developer environment assignment / Production environment assignment / Trial environment assignment (Tenant settings reference) | "Only specific admins" | High | Automated |
| 15 | Environment routing | PPAC > Tenant settings > Environment routing (Default environment routing) | Configured for correct region | Medium | Automated |
| 16 | Tenant isolation | PPAC > Security > Tenant isolation (Tenant isolation in Power Platform) | "Restrict Cross-Tenant Connections" enabled | High | Automated |
| 17 | Environment security groups | PPAC > Environment details > Security group | Assigned for all Zone 2/3 environments | High | Automated |
AI Feature Access (Control 3.8)
| # | Setting | Portal Path | Expected Value (Zone 2/3) | Severity | Automation |
|---|---|---|---|---|---|
| 18 | AI Prompts | PPAC > Environment > Settings > Product > Features (Environment features) | Off (unless approved) | Medium | Semi-Automated |
| 19 | Generative Actions | Copilot Studio > Agent > Settings > Generative AI > Orchestration (Generative orchestration in Copilot Studio) | Off (unless approved) | High | Manual Attestation |
| 20 | File uploads / file analysis | Copilot Studio > Agent > Settings > Generative AI (Unstructured data as a knowledge source) | Validate the current file-upload label in your tenant and keep it Off unless explicitly approved | Medium | Manual Attestation |
| 21 | Model Knowledge | Copilot Studio > Agent > Settings > Generative AI (Knowledge sources summary) | Off for sensitive data agents | Medium | Manual Attestation |
| 22 | Knowledge sources semantic retrieval | Copilot Studio > Agent > Settings > Knowledge (Knowledge sources summary) | Validate the current semantic-retrieval label in your tenant; disable or scope tightly for sensitive-data agents | High | Manual Attestation |
| 23 | Generative AI features (per-env) | PPAC > Environment > Settings > Generative AI features (Move data across regions for Copilots, AI agents, and generative AI features) | Restrict by default | Medium | Semi-Automated |
| 24 | Move Data Across Regions | PPAC > Environment > Settings > Generative AI features (Move data across regions for Copilots, AI agents, and generative AI features) | Off | High | Semi-Automated |
| 25 | Web search | PPAC > Environment > Settings > Generative AI features (Move data across regions for Copilots, AI agents, and generative AI features) | Validate the literal label in your tenant (Allow web search or Bing Search) and keep it Off unless approved | Medium | Manual Attestation |
| 26 | Conversational transcript access | PPAC > Environment > Settings > Product > Features (Environment features) | Restricted to authorized personnel | Medium | Semi-Automated |
| 27 | DLP for agent publishing connectors | PPAC > Data policies | Block Copilot Studio for Teams and Microsoft 365 Copilot Chat channel in restricted environments | High | Semi-Automated |
Environment Security Settings (Controls 2.22, 3.7)
| # | Setting | Portal Path | Expected Value | Severity | Automation |
|---|---|---|---|---|---|
| 28 | Blocked attachment extensions | PPAC > Environment > Settings > Privacy + Security | Dangerous extensions blocked (ade, adp, app, asa, asp, bat, cmd, com, dll, exe, hta, jar, js, jse, msi, pst, reg, scr, vb, vbe, vbs, ws, wsc, wsf, wsh, etc.) | Medium | Automated |
| 29 | Blocked MIME types | PPAC > Environment > Settings > Privacy + Security | High-risk MIME types blocked (application/javascript, application/hta, text/javascript, application/x-javascript, text/scriplet, application/xml, application/msaccess, application/prg) | Medium | Automated |
| 30 | Inactivity timeout | PPAC > Environment > Settings > Privacy + Security | Enabled; ≤ 120 minutes (Zone 3: ≤ 60 minutes) | Medium | Automated |
| 31 | Session expiration | PPAC > Environment > Settings > Privacy + Security | Custom session timeout enabled; ≤ 1440 minutes | Medium | Automated |
| 32 | Content Security Policy (CSP) | PPAC > Environment > Settings > Privacy + Security > Content security policy > Model Driven | "Enforce content security policy" enabled | Medium | Automated |
Review Frequency
| Zone | Review Cadence | Reviewer | Evidence Requirement |
|---|---|---|---|
| Zone 1 | Monthly | Power Platform Admin | Checklist completion record |
| Zone 2 | Bi-weekly | Power Platform Admin + AI Governance Lead | Checklist + screenshot evidence |
| Zone 3 | Weekly | Power Platform Admin + Compliance Officer | Checklist + screenshot evidence + attestation statement |
Escalation Triggers
The following conditions require an immediate out-of-cycle baseline review regardless of the scheduled cadence:
- Configuration drift detected — Automated checks report a previously passing item now failing
- Regulatory examination notification — Receipt of examination letter or regulatory inquiry
- Security incident — Any incident involving agent or Power Platform components
- SSPM posture score degradation — PPAC security recommendations score drops below threshold
- New SSPM alert type — Vendor adds new alert category requiring baseline coverage assessment
Review Scope Matrix
| Cadence | Items Reviewed | Evidence Type |
|---|---|---|
| Weekly (Zone 3) | All 32 items | Script + attestation |
| Bi-weekly (Zone 2) | All 32 items | Script + attestation |
| Monthly (Zone 1) | High-severity items (items 1–9, 14, 16–17, 28–32) | Script report |
| Quarterly | Full baseline + evidence package export | Complete package |
| Annual | Baseline review + classification update | Assessment report |
Compliance Calendar Integration
Align baseline reviews with quarterly regulatory examination preparation cycles:
- Week 1 of quarter — Run full automated baseline check and compile evidence package
- Week 2 of quarter — Complete manual attestation for non-automated items
- Week 3 of quarter — Review gaps and remediate findings
- Week 4 of quarter — Archive evidence package with SHA-256 integrity hash for examination readiness
Manual Attestation Procedures
For settings that cannot be validated through automated means (tenant-level toggles, approval-based configurations), collect evidence using the following procedures:
Evidence Collection Template
For each setting in the checklist:
- Navigate to the portal path listed in the checklist
- Capture a screenshot showing the current setting value
- Document in the attestation record:
- Setting name and portal path
- Current value observed
- Expected value per checklist
- Pass/Fail determination
- Reviewer name and date
- Exception documentation (if applicable)
- Archive screenshots and attestation records per your organization's evidence retention policy
Attestation Record Format
Setting: [Name from checklist]
Portal Path: [Path from checklist]
Expected: [Expected value]
Observed: [Actual value]
Status: [Pass / Fail / Exception]
Reviewer: [Name]
Date: [YYYY-MM-DD]
Exception Justification: [If applicable]
Next Review: [Date]
Integration with Existing Solutions
This hardening baseline complements existing FSI-AgentGov solutions:
| Solution | Integration Point |
|---|---|
| Audit Compliance Manager | Validates items 7-9 (audit logging settings) automatically |
| Environment Lifecycle Management | Validates items 14-17 (environment provisioning) at creation time |
| Compliance Dashboard | Aggregate hardening baseline results into compliance posture scoring |
| Hardening Baseline Verification Script | Validates items 7–9 (audit logging), 14–17 (environment provisioning), and 28–32 (environment security settings) with automated pass/fail and evidence export |
Planned Solution: Agent Security Configuration Validator
A new solution is planned to automate validation of Copilot Studio custom-engine agent-level settings (items 1-6, 10-12, 18-22):
- Validates authentication mode, content moderation, connected agent access, and AI feature toggles across all agents in a tenant
- Uses Power Platform Admin Connector + Copilot Studio management API
- Provides daily drift detection with compliance scoring
- Maps to Controls 1.1, 1.8, 1.18, 3.8
Evidence Export for Regulatory Examination
Evidence Package Overview
The hardening baseline supports two evidence collection modes:
- Automated evidence — Generated by
Invoke-HardeningBaselineCheck.ps1for items 7–9 (audit logging), 14–17 (environment provisioning), and 28–32 (environment security settings). The script produces a timestamped JSON report with pass/fail status per item. Items 1–6 (agent authentication and access) can also be validated viaTest-AgentAuthConfiguration.ps1with zone-based logic and drift detection. - Manual attestation evidence — Compiled by reviewers for items without full API access (items 10–12, 18–27). Follows the attestation record format in the Manual Attestation Procedures section above.
Both modes produce evidence packages suitable for regulatory examination preparation under FINRA 4511 and SEC 17a-4 requirements.
Automated Evidence Collection
Run the hardening baseline verification script with evidence export:
.\scripts\governance\Invoke-HardeningBaselineCheck.ps1 `
-OutputFormat JSON `
-OutputPath .\evidence\hardening-baseline-$(Get-Date -Format 'yyyy-MM-dd').json `
-IncludeEvidence
SHA-256 Integrity Hash
Each evidence export includes a SHA-256 integrity hash for tamper detection. The hash is computed over the results JSON before the hash field is populated:
# Hash computation pattern (performed automatically by the script)
$resultsJson = $baselineResults | ConvertTo-Json -Depth 10 -Compress
$hashBytes = [System.Security.Cryptography.SHA256]::Create().ComputeHash(
[System.Text.Encoding]::UTF8.GetBytes($resultsJson)
)
$integrityHash = [BitConverter]::ToString($hashBytes) -replace '-'
Examiners can verify evidence integrity by recomputing the hash against the exported JSON (excluding the IntegrityHash field).
Evidence Package JSON Structure
{
"Metadata": {
"CheckedAt": "2026-02-11T14:30:00Z",
"ScriptVersion": "1.0.0",
"EnvironmentsScanned": 3,
"IntegrityHash": "A1B2C3..."
},
"Summary": {
"TotalChecks": 7,
"Passed": 5,
"Failed": 2,
"Skipped": 0,
"OverallStatus": "GapsFound"
},
"Checks": [ ... ],
"Gaps": [ ... ]
}
Manual Attestation Evidence
For items requiring manual attestation, compile evidence packages using the attestation record format documented in the Manual Attestation Procedures section. Each attestation record should include:
- Screenshot of the portal setting at the documented path
- Attestation record with reviewer name, date, observed value, and pass/fail determination
- Exception documentation for any approved deviations from expected values
Store manual attestation records alongside automated evidence exports for a complete evidence package.
Storage Recommendations
| Storage Option | Use Case | Retention Feature |
|---|---|---|
| SharePoint compliance library | Organizations with M365 E5 | Retention labels with regulatory record classification |
| Azure Blob with immutable storage | Organizations requiring WORM compliance | Time-based immutability policies for SEC 17a-4 |
| On-premises file share | Air-gapped environments | File system ACLs with audit logging |
Retention Guidance
Evidence retention periods should align with applicable regulatory requirements:
| Regulation | Minimum Retention | Applies To |
|---|---|---|
| FINRA 4511 | 6 years | Broker-dealer communications and records |
| SEC 17a-3/4 | 3–6 years (varies by record type) | Books and records of securities firms |
| SOX 302/404 | 7 years | Internal control documentation |
| OCC Bulletin 2026-13 (formerly OCC 2011-12) | Per institution policy (typically 5+ years) | Model risk management records |
Retention Advisory
Organizations should consult with their compliance and legal teams to determine the appropriate retention period based on their specific regulatory obligations. The periods listed above represent minimum requirements and may not cover all applicable regulations.
Related Resources
- Control 2.22: Inactivity Timeout Enforcement — Zone-based inactivity timeout validation and enforcement
- Control 3.7: PPAC Security Posture Assessment — Native PPAC posture scoring
- Control 1.24: Defender AI Security Posture Management — Multi-cloud AI infrastructure posture
- PPAC Security Best Practices
Updated: May 2026 | Version: v1.6.2 | UI Verification Status: Current