Skip to content

Portal Walkthrough: Control 3.11 - Centralized Agent Inventory Enforcement

Last Updated: February 2026 Portal: Power Platform Admin Center (PPAC), Microsoft 365 Admin Center, Copilot Studio Estimated Time: 60-75 minutes

Prerequisites

  • Power Platform Admin role
  • Entra Global Admin role (for tenant-wide discovery settings)
  • Access to Power Platform Admin Center, M365 Admin Center, and Copilot Studio
  • Knowledge of governance zone classifications (Control 2.2)
  • List of all Power Platform environments with zone assignments
  • Mandatory metadata requirements documented (owner, zone, risk rating, etc.)
  • Change management process for agent registration and decommissioning
  • Teams channel for governance alerts and notifications

Step-by-Step Configuration

Part 1: Enable and Configure Agent Inventory in PPAC

Step 1: Navigate to Agent Inventory Feature

  1. Open Power Platform Admin Center
  2. Sign in with Power Platform Admin credentials
  3. In the left navigation, look for Agents or Agent Inventory (may be under "Analytics" or "Governance" section)
  4. Click Agent Inventory to open the centralized agent discovery interface
  5. Review the Agent Inventory dashboard layout:
  6. Agent List: Table showing all discovered agents with key attributes
  7. Filter and Sort Controls: Ability to filter by environment, owner, creation date, zone
  8. Export Button: Export to CSV or Excel for offline analysis
  9. Refresh Button: Manual refresh to trigger discovery scan

Note: The Agent Inventory feature in PPAC is in Preview (as of February 2026). If this feature is not visible in your tenant, check the Message Center for rollout status or contact Microsoft Support to enable the preview. Until Agent Inventory GA, use PowerShell-based discovery scripts as a compensating control (see PowerShell Setup playbook).

Step 2: Configure Inventory Data Refresh Schedule

  1. In the Agent Inventory page, look for Settings or Configuration gear icon (typically in top-right corner)
  2. Click Settings to open inventory configuration options
  3. Configure Data Refresh Schedule:
  4. Zone 1 environments: Weekly refresh (acceptable for personal productivity)
  5. Zone 2 environments: Daily refresh (recommended for team collaboration)
  6. Zone 3 environments: Daily refresh + real-time alerts (required for enterprise governance)
  7. Set refresh time to off-hours (e.g., 2:00 AM local time) to minimize performance impact
  8. Enable Automatic Refresh: Toggle on to ensure scheduled discovery runs without manual intervention
  9. Click Save to apply refresh configuration

Zone 3 Requirement: For regulated environments, configure real-time alerts (if available) to notify governance team immediately when new agents are detected. If real-time alerts are not yet available in the preview, configure Power Automate flows (Part 3) to poll the inventory daily and send notifications.

Step 3: Review Current Agent Inventory

  1. In the Agent Inventory page, review the Agent List table
  2. Verify the following columns are displayed (add/remove columns as needed):
  3. Agent Name
  4. Owner (responsible individual)
  5. Environment (Power Platform environment or M365 context)
  6. Creation Date
  7. Last Modified Date
  8. Authentication Method (service principal, managed identity, user delegation)
  9. Sharing Status (Private, Team, Organizational)
  10. Feature Usage (Connectors, Generative Actions, Tools)
  11. Review the list and identify agents with missing or incomplete metadata:
  12. Owner: "Unknown" or blank
  13. Environment: Not classified to a governance zone
  14. No description or documentation link
  15. Export the current inventory to CSV for baseline documentation:
  16. Click Export button
  17. Save file as AgentInventory_Baseline_YYYYMMDD.csv
  18. Store in governance documentation repository

Baseline Documentation: This export serves as the pre-enforcement baseline. After implementing enforcement mechanisms, you'll compare future inventory exports to measure improvement in completeness and compliance.

Step 4: Configure Mandatory Metadata Requirements

While PPAC Agent Inventory tracks certain attributes automatically, you need to define mandatory metadata fields that agents must have before approval/publication:

  1. Create a governance document (Word, SharePoint, or Wiki page): Agent Metadata Requirements
  2. Define mandatory fields by zone:

Universal Requirements (All Zones):

Field Required? Validation
Agent Name Yes Non-empty, descriptive, follows naming convention
Owner Yes Valid Entra ID user, active account
Environment Yes Must map to known Power Platform environment
Zone Classification Yes Zone 1, Zone 2, or Zone 3
Creation Date Yes Auto-populated, read-only

Zone 2 and Zone 3 Additional Requirements:

Field Required? Validation
Description Yes Minimum 50 characters explaining agent purpose
Risk Rating Yes High, Medium, or Low based on data access and capabilities
Approval Date Yes (Zone 2/3) Date when agent was approved for deployment
Approver Yes (Zone 2/3) Name of AI Governance Lead or Compliance Officer who approved
Documentation Link Yes (Zone 2/3) Link to SharePoint or Wiki page with detailed agent documentation
Last Reviewed Date Yes (Zone 3) Date of most recent governance review
Decommissioning Plan Yes (Zone 3) Documented plan for agent retirement when no longer needed
  1. Document these requirements in your governance repository
  2. Communicate requirements to all agent authors via email, Teams announcement, or training session
  3. Integrate requirements into pre-publication checklist (see Step 6)

Best Practice: Store mandatory metadata requirements in a version-controlled document (e.g., SharePoint with version history enabled). Update and republish when requirements change, and notify agent authors of changes.

Part 2: Implement Ownership Validation and Orphaned Agent Detection

Step 5: Set Up Ownership Validation Process

Ownership validation ensures that every agent has an active, accountable owner who can maintain and govern the agent.

  1. In the Agent Inventory, filter agents by Owner field
  2. Identify agents with problematic ownership:
  3. Owner field is blank or "Unknown"
  4. Owner is a departed user (no longer in Entra ID)
  5. Owner is a generic service account (e.g., "admin@contoso.com")
  6. Owner is a shared account used by multiple people
  7. Document the list of agents with ownership issues
  8. For each problematic agent, research the correct owner:
  9. Review agent metadata (creator, last modified by)
  10. Check environment ownership (who owns the Power Platform environment?)
  11. Contact business stakeholders using the agent
  12. Review change management tickets related to the agent's creation
  13. Assign or transfer ownership:
  14. In PPAC, navigate to Environments > [Select environment] > Resources > Apps or Copilot Studio agents
  15. Select the agent and click Manage sharing or Transfer ownership
  16. Assign the correct owner and click Save
  17. Document ownership change in change management system
  18. Create a recurring task (quarterly for Zone 1, monthly for Zone 2/3): Agent Ownership Validation
  19. Export Agent Inventory to CSV
  20. Cross-reference owners against active Entra ID users
  21. Identify orphaned agents (owner departed or invalid)
  22. Initiate ownership transfer or decommissioning process

Orphaned Agent Definition: An agent is considered "orphaned" if: (1) the assigned owner is no longer an active user in Entra ID, (2) the owner has moved to a different role and no longer maintains the agent, (3) the agent is part of a discontinued project, or (4) the agent has not been modified in >12 months and owner cannot be contacted.

Step 6: Create Pre-Publication Checklist for Agent Registration

To enforce inventory completeness, agents should not be published or shared until they meet mandatory metadata requirements.

  1. Create a pre-publication checklist document (SharePoint, Word, or embedded in agent approval workflow)
  2. Include the following checklist items:

Agent Registration Pre-Publication Checklist:

  • Agent Name: Descriptive name following naming convention (e.g., [Zone]-[Department]-[Purpose]-Agent)
  • Owner Assigned: Valid Entra ID user identified and assigned as owner
  • Environment: Agent deployed to correct environment for its zone classification
  • Zone Classification: Agent assigned to Zone 1, Zone 2, or Zone 3 based on data access and risk
  • Risk Rating: Risk rating assigned (High/Medium/Low) based on assessment criteria
  • Description: Minimum 50-character description of agent purpose and use cases
  • Documentation Link: Link to full agent documentation (architecture, data sources, approvals)
  • Approval Obtained: (Zone 2/3 only) AI Governance Lead or Compliance Officer approval documented
  • Change Ticket: Change management ticket created and approved for agent deployment
  • Metadata Complete: All mandatory metadata fields populated in inventory system (Agent Inventory or custom registry)
  • Security Review: (Zone 3 only) Security team review completed and documented

  • Decommissioning Plan: (Zone 3 only) Plan documented for agent retirement or ownership transfer

  • Integrate the checklist into your agent approval workflow:

  • If using a formal change management system (ServiceNow, Jira), add checklist as required fields in the agent approval request template
  • If using SharePoint or manual approvals, require requestor to complete checklist and submit as part of approval package
  • Configure approval gates to block publication until checklist is verified complete
  • Train agent authors on the pre-publication checklist requirements
  • Test the checklist by submitting a test agent approval request and verifying all fields are validated

Enforcement Strategy: The pre-publication checklist is your primary enforcement mechanism for inventory completeness. By requiring metadata completion before approval, you prevent unmanaged agents from entering production. This is more effective than retroactive remediation.

Part 3: Automate Incomplete Metadata Detection with Power Automate

Step 7: Create Power Automate Flow for Metadata Completeness Monitoring

Automated monitoring detects agents with missing or incomplete metadata and alerts the governance team for remediation.

  1. Open Power Automate
  2. Select your default environment or a dedicated governance environment (not Zone 3 production)
  3. Click + Create > Scheduled cloud flow
  4. Name the flow: Agent Inventory Completeness Monitor
  5. Configure schedule:
  6. Recurrence: Daily
  7. Start time: 3:00 AM (after Agent Inventory refresh completes)
  8. Click Create

Flow Steps:

Step 1: Get Agent Inventory Data

  1. Add action: HTTP - Send an HTTP request
  2. Configure HTTP request to retrieve agent inventory:
  3. Method: GET
  4. URI: https://api.powerplatform.com/agentInventory/v1/inventory (example endpoint; adjust based on actual API when available)
  5. Authentication: Azure AD (use Managed Identity or service principal with appropriate permissions)
  6. Parse the JSON response to extract agent records

API Availability Note: As of February 2026, the Agent Inventory API is in preview. If the API is not available, use alternative data sources: (1) Export Agent Inventory to CSV and store in SharePoint, parse CSV in Power Automate, or (2) Use PowerShell scripts to query Power Platform environments and populate a Dataverse table, then query that table in Power Automate.

Step 2: Filter Agents with Incomplete Metadata

  1. Add action: Filter array
  2. Configure filter conditions to identify agents with incomplete metadata:
  3. Condition 1: Owner is empty or "Unknown"
  4. Condition 2: Zone Classification is empty
  5. Condition 3: Risk Rating is empty
  6. Condition 4: (Zone 2/3) Description is empty or less than 50 characters
  7. Condition 5: (Zone 3) Approval Date is empty
  8. Output: Array of agents with incomplete metadata

Step 3: Check if Any Agents Have Issues

  1. Add condition: Condition
  2. Check if the filtered array length is greater than 0:
  3. If yes: Proceed to send alert
  4. If no: Flow completes successfully with no action

Step 4: Format Alert Message

  1. In the Yes branch, add action: Compose
  2. Create a formatted message listing agents with incomplete metadata:
⚠️ Agent Inventory Completeness Alert

The following agents have incomplete metadata and require remediation:

1. Agent Name: [Agent Name 1]
   - Environment: [Environment]
   - Missing Fields: Owner, Zone Classification
   - Action Required: Assign owner and classify zone within 7 days

2. Agent Name: [Agent Name 2]
   - Environment: [Environment]
   - Missing Fields: Risk Rating, Description
   - Action Required: Complete metadata within 7 days

Total agents with issues: [Count]

📊 View full inventory: [Link to PPAC Agent Inventory]
📝 Metadata requirements: [Link to governance document]

Please remediate within SLA timeframes:
- Zone 1: 30 days
- Zone 2: 14 days
- Zone 3: 7 days
  1. Use dynamic content from the filtered array to populate agent details

Step 5: Send Teams Notification

  1. Add action: Microsoft Teams - Post adaptive card in a chat or channel
  2. Configure notification:
  3. Post as: Flow bot
  4. Post in: Channel
  5. Team: [Your governance team]
  6. Channel: Agent Governance Alerts
  7. Adaptive Card: Paste formatted message (or use adaptive card designer for rich formatting)
  8. Add action buttons to the adaptive card:
  9. View Inventory: Link to PPAC Agent Inventory
  10. View Metadata Requirements: Link to governance document
  11. Create Remediation Ticket: Link to change management system

Step 6: Log Alert to Audit Trail

  1. Add action: Dataverse - Add a new row
  2. Configure to log alert to audit table:
  3. Table name: fsi_inventoryalerts (create this table first; see Step 8)
  4. Fields:
    • fsi_alertdate: Current date/time
    • fsi_agentstaffected: Count of agents with issues
    • fsi_agentlist: JSON string of agent names and missing fields
    • fsi_alerttype: "Incomplete Metadata"
    • fsi_status: "Open"

  5. This creates a persistent audit trail of all inventory alerts

  6. Click Save to save the flow

  7. Click Test > Manually to test the flow with current inventory data
  8. Verify Teams notification is delivered and audit record is created

Teams Channel Setup: Before configuring the flow, create a dedicated Teams channel (e.g., "Agent Governance Alerts") for inventory alerts. Add Power Platform Admins, AI Governance Lead, and Compliance Officer as channel members. Pin the channel for visibility.

Step 8: Create Audit Trail Table in Dataverse

  1. Open Power Apps and select your default or governance environment
  2. Navigate to Tables in the left navigation
  3. Click + New table > Start from blank
  4. Name the table: fsi_inventoryalerts
  5. Add the following columns:
  6. fsi_alertdate (Date and Time) — When the alert was generated
  7. fsi_agentstaffected (Whole Number) — Count of agents with issues in this alert
  8. fsi_agentlist (Multiple lines of text) — JSON or delimited list of affected agents
  9. fsi_alerttype (Choice) — Options: Incomplete Metadata, Orphaned Agent, Unmanaged Agent, Other
  10. fsi_status (Choice) — Options: Open, In Progress, Resolved, Closed
  11. fsi_assignedto (Lookup to User) — Person responsible for remediation
  12. fsi_resolutiondate (Date and Time) — When the issue was resolved
  13. fsi_resolutionnotes (Multiple lines of text) — Remediation actions taken
  14. Click Create to deploy the table
  15. Configure security roles to allow Power Automate flows to write to this table (grant Create and Update permissions)
  16. Use this table to track remediation progress and generate compliance reports

Part 4: Configure Orphaned Agent Detection and Remediation

Step 9: Set Up PowerShell Script for Orphaned Agent Detection

While Power Automate handles real-time metadata monitoring, PowerShell scripts provide deeper analysis for orphaned agent detection.

  1. Create a new PowerShell script: Detect-OrphanedAgents.ps1 (see PowerShell Setup playbook for full script)
  2. Schedule the script to run:
  3. Zone 1: Weekly
  4. Zone 2: Weekly
  5. Zone 3: Daily
  6. Use Windows Task Scheduler or Azure Automation to execute the script on schedule
  7. Configure script to:
  8. Query Agent Inventory (via API or exported CSV)
  9. Cross-reference agent owners against active Entra ID users
  10. Identify agents with departed owners or owners who cannot be contacted
  11. Identify agents with no modifications in >12 months (stale agents)
  12. Generate report of orphaned agents with recommended remediation actions
  13. Send report via email to governance team or post to Teams channel
  14. Test the script by executing it manually and reviewing the report output

Scheduled Execution: For Zone 3 environments, configure the script to run daily at 4:00 AM (after Agent Inventory refresh and before business hours). Set up email alerts if the script fails to execute or encounters errors.

Step 10: Create Orphaned Agent Remediation Workflow

When orphaned agents are detected, a structured remediation workflow ensures timely resolution.

  1. Document the Orphaned Agent Remediation Workflow in your governance repository:

Workflow Steps:

a. Detection: PowerShell script or Power Automate flow identifies orphaned agents and generates alert b. Notification: Governance team receives Teams or email notification with list of orphaned agents c. Investigation: Power Platform Admin researches the agent: - Who created the agent? - What environment and zone is it in? - Is the agent still in use? (Check usage analytics) - Can the original owner or team be contacted? d. Decision: - Option 1 - Ownership Transfer: If agent is still in use, identify new owner and transfer ownership - Option 2 - Decommissioning: If agent is unused or abandoned, initiate decommissioning process - Option 3 - Temporary Hold: If decision is unclear, place agent in "Under Review" status and escalate to AI Governance Lead e. Execution: - If transferring ownership: Update owner in PPAC, notify new owner, update inventory - If decommissioning: Follow decommissioning workflow (Step 11), archive metadata, disable agent f. Documentation: Record remediation action in change management system and update audit trail table g. Verification: Confirm orphaned agent no longer appears in next scheduled detection run

  1. Communicate the workflow to governance team members
  2. Conduct a dry-run test by simulating an orphaned agent detection and walking through the workflow
  3. Measure and track remediation SLAs:
  4. Zone 1: Resolve within 60 days
  5. Zone 2: Resolve within 30 days
  6. Zone 3: Resolve within 14 days

Part 5: Establish Agent Decommissioning Process

Step 11: Create Agent Decommissioning Workflow

Decommissioning removes or disables abandoned agents while preserving metadata for audit trail.

  1. Document the Agent Decommissioning Workflow in governance repository:

Decommissioning Workflow Steps:

a. Trigger: Orphaned agent identified, or agent marked for retirement by owner b. Business Validation: Confirm agent is no longer in use: - Check usage analytics for last 90 days (zero usage indicates abandonment) - Contact business stakeholders to verify no dependencies - Review agent documentation for any critical business process dependencies c. Change Request: Create change request in change management system: - Change type: Agent Decommissioning - Agent name, environment, owner (original) - Business justification for decommissioning - Risk assessment (impact of removal) - Approvals required: Power Platform Admin, AI Governance Lead (Zone 2/3), Business Owner d. Metadata Archival: - Export agent metadata from Agent Inventory - Export agent configuration from Copilot Studio (if applicable) - Store archived metadata in SharePoint or compliance repository - Retain for minimum 7 years (regulatory requirement for FSI) e. Agent Disablement: - Disable agent sharing (set to "Private" or "Only me") - Remove agent from organizational catalog or Teams app store - Disable any scheduled triggers or background processes - Revoke service principal or managed identity permissions (if applicable) f. Inventory Update: - Update Agent Inventory status to "Decommissioned" - Add decommissioning date and reason to metadata - Preserve record in inventory (do not delete) for audit trail g. Final Deletion (Optional): - After retention period (7 years for FSI), agent may be permanently deleted - Requires additional approval from Compliance Officer and Records Manager - Document deletion in audit log h. Notification: - Notify original owner (if still employed) of decommissioning - Notify business stakeholders of agent removal - Update governance team via Teams channel

  1. Create a decommissioning request template in your change management system with required fields:
  2. Agent name, environment, owner
  3. Business justification for decommissioning
  4. Usage analytics (last 90 days)
  5. Business owner approval (confirming no dependencies)
  6. Risk assessment
  7. Metadata archival confirmation
  8. Test the workflow by decommissioning a test agent and verifying all steps are completed

Regulatory Retention: FSI organizations must retain agent metadata and audit trails for minimum 7 years per FINRA 4511 and SEC 17a-4. Do not permanently delete agent records until retention period expires and appropriate approvals are obtained.

Part 6: Configure Agent 365 Control Plane (Preview)

Step 12: Enable Agent 365 Unified Discovery (When Available)

Microsoft's Agent 365 control plane provides unified discovery and policy enforcement across the Microsoft ecosystem. As this feature moves from Frontier Preview to GA, configure it as your primary enforcement mechanism.

  1. Open Microsoft 365 Admin Center or navigate to the dedicated Agent 365 portal (URL TBA when GA)
  2. Navigate to Settings > Agent 365 or look for Agent Control Plane in the navigation
  3. Enable Unified Agent Discovery:
  4. Toggle on "Enable Agent 365 discovery" (or similar option)
  5. Configure discovery scope: All environments, specific environments, or Zone-based
  6. Set discovery frequency: Daily recommended for Zone 2/3
  7. Configure Discovery Sources:
  8. Enable discovery for Copilot Studio agents
  9. Enable discovery for Microsoft 365 Copilot agents
  10. Enable discovery for Declarative Agents
  11. Enable discovery for Microsoft Foundry agents (if applicable)
  12. Enable discovery for Integrated Apps agents
  13. Configure Policy Enforcement:
  14. Enable "Block unmanaged agents" (if available) — prevents agents without complete metadata from running
  15. Configure enforcement actions: Alert only, Require owner assignment, Block execution, Automatic decommissioning
  16. Set enforcement grace period: 7 days for Zone 3, 14 days for Zone 2, 30 days for Zone 1
  17. Click Save to apply Agent 365 configuration

Preview Status: As of February 2026, Agent 365 control plane is in Frontier Preview and not available in all tenants. Monitor the Microsoft 365 Roadmap and Message Center for GA announcements. When available, migrate enforcement mechanisms from PPAC + PowerShell to the unified Agent 365 control plane.

Step 13: Configure Agent 365 Observability and Alerting

  1. In Agent 365 control plane, navigate to Observability or Monitoring section
  2. Configure Inventory Completeness Metrics:
  3. Dashboard showing percentage of agents with complete metadata
  4. Trend charts showing improvement over time
  5. Breakdown by zone, environment, and owner
  6. Configure Real-Time Alerts:
  7. Alert when new agent is created without owner assignment
  8. Alert when agent ownership becomes invalid (owner departs)
  9. Alert when agent exceeds age threshold without recent modifications (stale agent)
  10. Configure Alert Destinations:
  11. Teams channel notifications (preferred for real-time visibility)
  12. Email notifications to governance team distribution list
  13. Webhook to external ticketing system (ServiceNow, Jira) for automatic ticket creation
  14. Test alerting by creating a test agent with incomplete metadata and verifying alert is delivered

Part 7: Verification and Reporting

Step 14: Generate Inventory Completeness Report

  1. In PPAC Agent Inventory, click Export to download current inventory to CSV
  2. Open the CSV file in Excel or Power BI
  3. Calculate Completeness Metrics:
Metric Calculation Target
Owner Assignment Rate (Agents with valid owner) / (Total agents) * 100% >95% Zone 1, >98% Zone 2, >99% Zone 3
Zone Classification Rate (Agents with zone assigned) / (Total agents) * 100% 100% all zones
Risk Rating Completeness (Agents with risk rating) / (Total agents) * 100% >90% Zone 2/3
Description Completeness (Agents with description ≥50 chars) / (Total agents) * 100% >90% Zone 2/3
Approval Documentation (Zone 2/3 agents with approval date) / (Zone 2/3 agents) * 100% >95% Zone 2/3
Orphaned Agent Rate (Agents with departed/invalid owner) / (Total agents) * 100% <5% all zones
  1. Create visualizations (bar charts, trend lines) showing progress toward completeness targets
  2. Generate monthly or quarterly report for governance leadership:
  3. Executive summary of completeness metrics
  4. Count of agents remediated since last report
  5. Outstanding remediation items with SLA status
  6. Trend analysis showing improvement or degradation
  7. Recommendations for improving enforcement effectiveness

Step 15: Conduct Quarterly Inventory Audit

  1. Schedule quarterly inventory audits (add to governance calendar)
  2. For each audit, perform the following:
  3. Export Agent Inventory to CSV
  4. Review completeness metrics against targets
  5. Identify agents with incomplete metadata and initiate remediation
  6. Validate orphaned agent remediation is on track
  7. Review decommissioned agents and verify metadata retention
  8. Cross-reference Agent Inventory against change management tickets (verify all production agents have approved change tickets)
  9. Identify any unmanaged agents (agents not registered in inventory) and investigate
  10. Update mandatory metadata requirements if needed (based on lessons learned)
  11. Document audit findings in a formal audit report
  12. Present audit report to AI Governance Lead and Compliance Officer
  13. Update enforcement procedures based on audit recommendations

Configuration by Governance Level

Setting Baseline (Zone 1) Recommended (Zone 2) Regulated (Zone 3)
Agent Inventory refresh frequency Weekly Daily Daily + real-time alerts
Mandatory metadata fields Owner, Name, Environment + Zone, Risk Rating, Description, Approval + Compliance Status, Audit Trail, Decommissioning Plan
Pre-publication checklist enforcement Recommended Required (approval gate) Required (multi-stage approval)
Orphaned agent detection schedule Quarterly Monthly Weekly
Remediation SLA (metadata issues) 30 days 14 days 7 days
Remediation SLA (orphaned agents) 60 days 30 days 14 days
Decommissioning SLA 90 days 30 days 7 days
Automated monitoring (Power Automate) Optional Recommended (daily) Required (daily + real-time)
Audit trail persistence 3 years 5 years 7 years (regulatory requirement)
Quarterly inventory audit Recommended Required Required (+ external audit verification)

Validation

After completing these steps, verify:

  • Agent Inventory feature is enabled in PPAC with appropriate refresh schedule (daily for Zone 2/3)
  • Baseline inventory export captured for pre-enforcement comparison
  • Mandatory metadata requirements documented and communicated to agent authors
  • Pre-publication checklist created and integrated into agent approval workflow
  • Ownership validation process established with recurring tasks scheduled
  • Power Automate flow for incomplete metadata detection is deployed and tested
  • Teams channel for governance alerts is created and team members added
  • Audit trail table (fsi_inventoryalerts) deployed in Dataverse
  • PowerShell script for orphaned agent detection is deployed and scheduled
  • Orphaned agent remediation workflow documented and tested
  • Agent decommissioning workflow documented with change request template
  • Agent 365 control plane enabled and configured (when available)
  • Inventory completeness report generated and reviewed by governance team
  • Quarterly inventory audit scheduled and first audit completed
  • Completeness metrics meet or exceed targets (>95% owner assignment, >90% zone classification)

Visual Reference

Expected portal locations:

  • PPAC Agent Inventory: Power Platform Admin Center → Agents → Agent Inventory (or Analytics → Agent Inventory)
  • Agent Inventory Settings: PPAC → Agent Inventory → Settings (gear icon)
  • Ownership Transfer: PPAC → Environments → [Environment] → Resources → [Agent] → Manage sharing → Transfer ownership
  • Power Automate Completeness Monitor: Power Automate (make.powerautomate.com) → My flows → Agent Inventory Completeness Monitor
  • Dataverse Audit Table: Power Apps (make.powerapps.com) → Tables → fsi_inventoryalerts → Data
  • Agent 365 Control Plane: M365 Admin Center → Settings → Agent 365 (when available)
  • Teams Alerts Channel: Microsoft Teams → [Governance Team] → Agent Governance Alerts channel

UI Note: Agent Inventory in PPAC is in Preview (February 2026). Portal location and UI may change before GA. If Agent Inventory is not visible, check Message Center for rollout status or contact Microsoft Support. Use PowerShell-based discovery scripts as a compensating control until GA.

Back to Control 3.11 | PowerShell Setup | Verification Testing | Troubleshooting

Updated: February 2026 | Version: v1.0