Skip to content

Control 1.14: Data Minimization and Agent Scope Control

Overview

Control ID: 1.14 Control Name: Data Minimization and Agent Scope Control Pillar: Security Regulatory Reference: GLBA 501(b), SEC Reg S-P, FINRA 4511, CCPA §1798.100 Setup Time: 1-2 hours

Purpose

Data minimization ensures that Copilot Studio agents access only the data strictly necessary to perform their intended functions—nothing more. This control implements the principle of least privilege at the data layer, preventing agents from accumulating excessive permissions or accessing sensitive financial information beyond their operational requirements. In financial services, over-permissioned agents represent significant regulatory and security risks.

This control addresses key FSI requirements:

  • Principle of Least Privilege: Agents should have minimum necessary access
  • Scope Creep Prevention: Regular audits to identify permission drift
  • Data Access Justification: Document business need for each data source
  • Regulatory Minimization: US privacy expectations (e.g., CCPA) require collecting only necessary personal information

Prerequisites

Primary Owner Admin Role: Power Platform Admin Supporting Roles: SharePoint Admin, Purview Compliance Admin

Required Licenses

License Purpose
Power Platform per-user or per-app Agent development access
Microsoft 365 E5 or E5 Compliance Advanced governance features
Microsoft Purview (any tier) Data classification and access auditing

Required Permissions

Permission Scope Purpose
Power Platform Admin Tenant-wide Review and modify agent configurations
Environment Admin Production environments Manage environment-level settings
Global Reader Entra ID Access review and permission auditing
Compliance Administrator Microsoft Purview Review data access patterns
SharePoint Admin SharePoint Online Manage site access permissions

Dependencies

Pre-Setup Checklist

  • [ ] Complete agent inventory with data source mapping
  • [ ] Document business justification for each agent's data access
  • [ ] Identify data classification for all connected sources
  • [ ] Establish data access review schedule
  • [ ] Define scope creep alerting thresholds

Governance Levels

Baseline (Level 1)

Restrict agent access to minimum necessary data sources; document data requirements per agent.

Environment-level access controls; quarterly scope reviews; automated scope validation.

Regulated/High-Risk (Level 4)

Mandatory minimal scope; legal review required; continuous monitoring and alerting for scope violations.

Setup & Configuration

Step 1: Inventory Agent Data Access

Portal Path: Power Platform Admin Center → Environments → [Environment] → Resources → Copilot Studio agents

  1. Navigate to Power Platform Admin Center (admin.powerplatform.microsoft.com)
  2. Select Environments from the left navigation
  3. For each production environment:
  4. Click the environment name
  5. Navigate to ResourcesCopilot Studio agents
  6. Export agent list for analysis
  7. For each agent, document:
  8. Connected data sources (SharePoint, Dataverse, external APIs)
  9. Connector permissions and OAuth scopes
  10. Knowledge sources (documents, websites, files)
  11. User context and impersonation settings
  12. Create data access matrix mapping agents to data sources

Step 2: Establish Data Access Justification Framework

Create Data Access Request Process:

  1. Business Justification Template:
  2. Agent Name and ID
  3. Data Source name and type
  4. Data Classification (Public/Internal/Confidential/Restricted)
  5. Business Need (specific use case)
  6. Minimum Data Required (specific fields/tables)
  7. Approver signatures (Business Owner + Security)

  8. Quarterly review date

  9. Approval Workflow:

  10. Tier 1 agents: Self-service with documentation
  11. Tier 2 agents: Manager + Data Owner approval
  12. Tier 3 agents: CISO + Compliance + Data Owner approval

Step 3: Configure Connector Scope Restrictions

Portal Path: Power Platform Admin Center → Data policies → [Policy Name] → Connectors

  1. Navigate to Power Platform Admin Center
  2. Select Data policies from left navigation
  3. For each DLP policy:
  4. Click Edit policyConnectors
  5. Review each connector's classification
  6. Click connector → Configure connector
  7. Restrict OAuth Scopes where available:
  8. SharePoint: Limit to specific site collections
  9. Microsoft Graph: Restrict to specific API permissions
  10. Dataverse: Limit to specific tables
  11. Block unnecessary connectors - remove all not explicitly required

Step 4: Implement SharePoint Content Restrictions

Portal Path: SharePoint Admin Center → Sites → Active sites → [Site] → Permissions

  1. Navigate to SharePoint Admin Center (admin.sharepoint.com)
  2. Select SitesActive sites
  3. For each site used by agents:
  4. Click site → Membership tab
  5. Review all groups and permissions
  6. Remove agent service accounts from unnecessary sites
  7. Apply Site-Level Restrictions:
  8. Use SharePoint groups with minimal permissions
  9. Create dedicated "Agent Access" groups
  10. Enable Limited Access where full control isn't needed
  11. Configure Information Access Governance (IAG) for Restricted Discovery

Step 5: Configure Knowledge Source Minimization

Portal Path: Copilot Studio → [Agent] → Knowledge → Manage sources

  1. Open Copilot Studio (copilotstudio.microsoft.com)
  2. Select the agent to configure
  3. Navigate to KnowledgeManage sources
  4. For each knowledge source:
  5. Review content scope (entire site vs. specific folders)
  6. Narrow scope to minimum required content
  7. Remove outdated or unnecessary sources
  8. Best Practices:
  9. Use specific document libraries instead of entire sites
  10. Exclude archives and historical data
  11. Regular review and cleanup of knowledge sources

Step 6: Enable Data Access Monitoring

Portal Path: Microsoft Purview → Audit → Audit search

  1. Navigate to Microsoft Purview (compliance.microsoft.com)
  2. Select Audit from the left navigation
  3. Configure audit search for agent activities:
  4. Activities: FileAccessed, FileDownloaded, SearchQueryPerformed
  5. Users: Agent service accounts
  6. Date range: Last 30 days
  7. Create Saved Searches:
  8. "Agent Data Access - All"
  9. "Agent Data Access - Sensitive Content"
  10. "Agent Scope Changes"

Step 7: Implement Automated Scope Alerts

Portal Path: Microsoft Purview → Alerts → Alert policies

  1. Navigate to Microsoft PurviewAlerts
  2. Click + Create alert policy
  3. Configure scope creep alerts:
  4. Name: "Agent Data Access Scope Expansion"
  5. Severity: Medium for Tier 2, High for Tier 3
  6. Activity Conditions:
  7. Agent accesses new SharePoint site
  8. Agent connector configuration changes
  9. New knowledge source added
  10. Set appropriate recipients

Step 8: Establish Quarterly Data Access Reviews

Create Review Process:

  1. Generate Access Report:
  2. Export agent-to-data-source mapping
  3. Include access frequency and volume

  4. Flag new data sources since last review

  5. Review Criteria:

  6. Is data access still required?
  7. Has scope expanded unnecessarily?

  8. Are there less-privileged alternatives?

  9. Review Actions:

  10. Remove unnecessary permissions
  11. Document continued access justifications
  12. Update agent inventory and risk classification

PowerShell Configuration

Audit Agent Connector Usage

# Connect to Power Platform
Connect-PowerApps -TenantId "your-tenant-id"

# Get all environments
$environments = Get-AdminPowerAppEnvironment

# Initialize connector usage report
$connectorReport = @()

foreach ($env in $environments) {
    Write-Host "Analyzing environment: $($env.DisplayName)" -ForegroundColor Cyan

    # Get connections in environment
    $connections = Get-AdminPowerAppConnections -EnvironmentName $env.EnvironmentName

    foreach ($conn in $connections) {
        $connectorReport += [PSCustomObject]@{
            Environment = $env.DisplayName
            ConnectionName = $conn.DisplayName
            ConnectorType = $conn.ConnectorName
            CreatedDate = $conn.CreatedTime
            LastModified = $conn.LastModifiedTime
        }
    }
}

# Export connector usage report
$connectorReport | Export-Csv -Path "AgentConnectorUsage_$(Get-Date -Format 'yyyyMMdd').csv" -NoTypeInformation

# Identify potentially over-permissioned connections
$highRiskConnectors = @("commondataservice", "sharepointonline", "sql", "azureblob")
$overPermissioned = $connectorReport | Where-Object {
    $highRiskConnectors -contains $_.ConnectorType
}

Write-Host "`n=== Connections with High-Risk Connectors ===" -ForegroundColor Yellow
$overPermissioned | Format-Table Environment, ConnectionName, ConnectorType -AutoSize

Audit SharePoint Site Access

# Connect to SharePoint Online and Exchange Online
Connect-SPOService -Url "https://yourtenant-admin.sharepoint.com"
Connect-ExchangeOnline

# Define agent service account
$agentServiceAccount = "copilot-agent-service@yourtenant.onmicrosoft.com"

# Search for agent SharePoint access (last 30 days)
$startDate = (Get-Date).AddDays(-30)
$endDate = Get-Date

$siteAccess = Search-UnifiedAuditLog -StartDate $startDate -EndDate $endDate `
    -UserIds $agentServiceAccount `
    -Operations "FileAccessed","FileDownloaded","FileViewed" `
    -ResultSize 5000

# Parse and summarize by site
$siteSummary = $siteAccess | ForEach-Object {
    $auditData = $_.AuditData | ConvertFrom-Json
    [PSCustomObject]@{
        Site = $auditData.SiteUrl
    }
} | Group-Object Site | Select-Object @{N='Site';E={$_.Name}}, @{N='AccessCount';E={$_.Count}}

Write-Host "=== Agent Site Access Summary ===" -ForegroundColor Cyan
$siteSummary | Sort-Object AccessCount -Descending | Format-Table -AutoSize

# Flag sites with excessive access
$threshold = 1000
$excessiveSites = $siteSummary | Where-Object { $_.AccessCount -gt $threshold }
if ($excessiveSites) {
    Write-Host "WARNING: Sites with excessive agent access:" -ForegroundColor Red
    $excessiveSites | Format-Table -AutoSize
}

Generate Data Minimization Report

# Data Minimization Assessment Script
param(
    [string]$OutputPath = ".\DataMinimizationReport_$(Get-Date -Format 'yyyyMMdd').csv"
)

# Get production environments
$environments = Get-AdminPowerAppEnvironment | Where-Object {
    $_.EnvironmentType -eq "Production"
}

$report = @()

foreach ($env in $environments) {
    $connections = Get-AdminPowerAppConnections -EnvironmentName $env.EnvironmentName

    foreach ($conn in $connections) {
        $highRisk = @("commondataservice", "sql", "azureblob", "http", "sftp") -contains $conn.ConnectorName

        $report += [PSCustomObject]@{
            Environment = $env.DisplayName
            ConnectionName = $conn.DisplayName
            ConnectorType = $conn.ConnectorName
            HighRisk = $highRisk
            ReviewRequired = $highRisk
            Created = $conn.CreatedTime
        }
    }
}

$report | Export-Csv -Path $OutputPath -NoTypeInformation
Write-Host "Report exported to: $OutputPath" -ForegroundColor Green

# Summary
Write-Host "`n=== Summary ===" -ForegroundColor Cyan
Write-Host "Total Connections: $($report.Count)"
Write-Host "High-Risk Connections: $(($report | Where-Object HighRisk).Count)"

Financial Sector Considerations

Regulatory Alignment

Regulation Requirement Data Minimization Implementation
GLBA 501(b) Safeguard customer information Limit agent access to NPI to minimum necessary
SEC Reg S-P Privacy of consumer financial info Document data access justification per agent
FINRA 4511 Books and records Audit trail for data access decisions
CCPA §1798.100 Collect only necessary personal info Quarterly review of data collection scope

Zone-Specific Configuration

Configuration Zone 1 (Personal Productivity) Zone 2 (Team Collaboration) Zone 3 (Enterprise Managed)
Data Access Review Annual Quarterly Monthly
Connector Restrictions Standard DLP Enhanced DLP Strict allowlist
Scope Change Approval Self-service Manager CISO
Knowledge Source Limit 10 sources 20 sources Unlimited + justification
Access Monitoring Basic logging Weekly audit Real-time

FSI Use Case Example

Scenario: Customer Service Agent scope reduction

Before Minimization:

  • Agent had read/write access to entire CRM
  • Could access all customer records globally
  • Connected to legacy order database with full SELECT

After Minimization:

  • Read-only access to CRM
  • Limited to customers in agent's assigned region
  • Order database restricted to recent orders only
  • Removed access to archived records

Regulatory Benefit: Reduced GLBA/Reg S-P exposure by 70%, clear audit trail for examiner questions

Verification & Testing

Verification Steps

  1. Connector Audit:
  2. [ ] Export list of all agent connectors
  3. [ ] Verify each has documented business justification
  4. [ ] Confirm no unused connectors remain

  5. [ ] Validate OAuth scopes are minimum necessary

  6. Knowledge Source Review:

  7. [ ] Document all knowledge sources per agent
  8. [ ] Verify sources are scoped to specific folders

  9. [ ] Confirm sensitive content is excluded

  10. Permission Verification:

  11. [ ] Review SharePoint group memberships
  12. [ ] Verify Dataverse permissions are row-filtered

  13. [ ] Test access denials for removed permissions

  14. Audit Trail Validation:

  15. [ ] Verify data access logging enabled
  16. [ ] Confirm access justifications documented
  17. [ ] Validate alert policies functioning

Compliance Checklist

  • [ ] All agents have documented data access justification
  • [ ] Quarterly access review process established
  • [ ] Scope creep alerts configured and tested
  • [ ] Data minimization policy published
  • [ ] High-risk agents reviewed monthly

Troubleshooting & Validation

Issue 1: Agent Functionality Broken After Permission Removal

Symptoms: Agent errors, failed connector calls

Resolution:

  1. Review agent error logs in Copilot Studio
  2. Identify specific permission causing failure
  3. Evaluate minimum alternative permission
  4. Restore with documentation if required
  5. Update data access justification

Issue 2: Unable to Scope Connector Permissions

Symptoms: Connector doesn't support granular control

Resolution:

  1. Check connector documentation for scope options
  2. Use Power Automate flow as intermediary
  3. Implement row-level filtering in data source
  4. Use sensitivity labels to restrict content
  5. Document compensating control

Issue 3: Scope Creep Alert False Positives

Symptoms: Excessive alerts for legitimate access

Resolution:

  1. Review and adjust alert thresholds
  2. Create allowlist for approved patterns
  3. Tune time-based conditions
  4. Document tuning decisions

Issue 4: Quarterly Review Bottleneck

Symptoms: Reviews backlogged

Resolution:

  1. Prioritize Tier 3 agents
  2. Automate report generation
  3. Delegate Tier 1 reviews to owners
  4. Consider GRC tool integration

Additional Resources

Control ID Control Name Relationship
1.2 Agent Registry Inventory for data mapping
1.3 SharePoint Governance Content access restrictions
1.4 Advanced Connector Policies Connector restrictions
1.5 DLP and Sensitivity Labels Data classification
1.7 Audit Logging Access monitoring
1.18 RBAC Role-based permissions

Support & Questions

For implementation support or questions about this control, contact:

  • AI Governance Lead (governance direction)
  • Compliance Officer (regulatory requirements)
  • Technical Implementation Team (platform setup)

Updated: Dec 2025
Version: v1.0 Beta (Dec 2025)
UI Verification Status: ❌ Needs verification