Phase 2: Hardening

Advanced governance phase for mature operations (6-12 months).

Overview

Phase 2 implements advanced security controls, monitoring integration, and adversarial testing to achieve steady-state governance operations.

Timeline: 6-12 months (after Phase 1) Outcome: Full control implementation, steady-state operations

Prerequisites

Before starting Phase 2, confirm you have the required licenses and admin roles:

Quarter 3 (Months 7-9): Advanced Security

Control 1.8: Runtime Protection

Purpose: Detect and respond to threats in real-time

Steps:

Enable Microsoft Defender for Cloud Apps
Configure Copilot Studio app connector
Create alert policies:
Unusual usage patterns
Data exfiltration attempts
Suspicious authentication
Configure automated responses

Verification:

Connector configured
Policies active
Test alert fires correctly

Control 1.6: DSPM for AI

Purpose: Discover and protect sensitive data in AI contexts

Steps:

Navigate to Microsoft Purview > Data Security Posture Management
Enable DSPM for AI
Configure sensitivity scanning
Review discovered data exposures
Remediate findings

Verification:

DSPM enabled
Scan results reviewed
Remediation tracked

Control 1.19: eDiscovery Configuration

Purpose: Enable legal hold and search for agent interactions

Steps:

Navigate to Microsoft Purview > eDiscovery
Create case template for AI agent investigations
Test search capabilities
Document procedures

Verification:

Case template created
Search finds agent interactions
Procedures documented

Control 1.22: Information Barriers (If Needed)

Purpose: Prevent information sharing between specific groups

Steps:

Identify barrier requirements
Configure segments in Entra
Create barrier policies
Test barrier enforcement

Verification:

Segments defined
Policies active
Test confirms barriers work

Quarter 4 (Months 10-12): Advanced Monitoring and Testing

Control 3.9: Microsoft Sentinel Integration

Purpose: Centralized security monitoring and threat detection

Steps:

Navigate to Microsoft Sentinel workspace
Enable Power Platform connector
Create analytics rules:
Agent configuration changes
DLP violations
Unusual access patterns
High-risk activities
Configure workbooks for visualization
Set up automated response playbooks

Verification:

Connector configured
Analytics rules active
Workbooks displaying data
Test playbook executes

Control 2.20: Adversarial Testing

Purpose: Proactively test agent resilience to attacks

Steps:

Document adversarial testing framework
Define test scenarios:
Prompt injection attempts
Data extraction attempts
Jailbreak attempts
Social engineering
Schedule regular testing (quarterly for Zone 3)
Track findings and remediation

Verification:

Framework documented
First test completed
Findings tracked

Control 3.10: Hallucination Feedback Loop

Purpose: Monitor and improve output accuracy

Steps:

Implement user feedback mechanism
Create logging for flagged responses
Establish review process
Track accuracy trends
Feed learnings into agent improvement

Verification:

Feedback mechanism active
Review process operational
Trends tracked

Control 2.11: Comprehensive Bias Testing

Purpose: Full fairness assessment program

Steps:

Document comprehensive testing approach
Define protected characteristics for testing
Create test datasets
Conduct quarterly assessments
Document and remediate findings

Verification:

Testing program documented
Quarterly schedule established
Results tracked

Annual Governance Review

Full Framework Assessment

Conduct comprehensive review of all 71 controls:

Each control assessed for implementation status
Gaps identified and documented
Remediation plans created
Priority controls for next year identified

Regulatory Alignment Review

Review any new regulatory guidance
Assess framework alignment
Update mappings as needed
Brief legal and compliance

Technology Roadmap Review

Review Microsoft platform updates
Assess impact on governance
Update playbooks for portal changes
Plan for new capabilities

Governance Effectiveness Assessment

Review metrics and KPIs
Assess control effectiveness
Identify improvement opportunities
Update governance procedures

Steady-State Operations

Ongoing Activities

Activity	Frequency	Owner
Agent inventory reconciliation	Weekly	AI Governance Lead
DLP policy review	Monthly	Power Platform Admin
Security posture review	Monthly	CISO
Governance committee meeting	Monthly	AI Governance Lead
Bias testing	Quarterly	AI Governance Lead
Adversarial testing	Quarterly	Security Team
Comprehensive governance review	Quarterly	Governance Committee
Annual framework assessment	Annual	Governance Committee

Operational Documentation

Create and maintain:

Steady-state operations guide
Runbooks for common tasks
Escalation procedures
On-call rotation (if applicable)

Phase 2 Completion Checklist

Advanced Security

Runtime protection enabled
DSPM for AI configured
eDiscovery procedures documented
Information barriers (if needed)

Advanced Monitoring

Sentinel integration complete
Analytics rules active
Response playbooks configured
Hallucination feedback operational

Advanced Testing

Adversarial testing program established
Comprehensive bias testing operational
Quarterly testing schedule confirmed

Steady-State Operations

All 71 controls assessed
Gaps documented with remediation plans
Operations guide created
Ongoing cadence established

Success Criteria

Phase 2 is complete when:

Runtime protection is detecting threats
Sentinel integration provides centralized monitoring
Adversarial testing program is operational
All 71 controls have been assessed
Steady-state operations documentation is complete
Annual governance review has been conducted

Continuous Improvement

After Phase 2, governance enters steady-state with focus on:

Continuous monitoring and response
Regular control testing and validation
Platform updates and playbook maintenance
Regulatory change management
Ongoing training and awareness

Last Updated: January 2026 FSI Agent Governance Framework v1.2