Skip to content

Control 1.16: Copilot Tuning Governance

Control ID: 1.16 Pillar: Readiness & Assessment Regulatory Reference: GLBA §501(b), SR 11-7 / OCC Bulletin 2011-12 (interim — applicable to genAI per the 2026-13 exclusion), Interagency RFI on AI (2023) Last Verified: 2026-06-05 Governance Levels: Baseline / Recommended / Regulated

Objective

Assess and govern Microsoft 365 Copilot Tuning, an early access AI customization capability that lets eligible tenants create task-specific tuned agents from organizational data. This control establishes readiness checks for tenant eligibility, data sufficiency, Microsoft Search/Graph index coverage, default availability settings, snapshot data-handling risk, access controls, and audit trails over tuned agent lifecycles.

Why This Matters for FSI

Copilot Tuning introduces a new category of AI model customization risk that financial institutions must evaluate within their existing risk management frameworks:

  • Model customization on sensitive data: Tuning on confidential trading data, customer PII, or internal policy documents creates model customization risk. Tuned agents may reflect patterns from selected training data in their outputs, requiring output supervision controls to reduce the likelihood of inadvertent disclosure.
  • Eligibility and index coverage: Copilot Tuning availability depends on Microsoft 365 Copilot licensing, preview eligibility thresholds, scenario-specific data snapshot minimums (typically 100K+ indexable documents or items), and selected content being discoverable through Microsoft Search/Microsoft Graph. Content in non-indexed locations, outside the selected scope, inaccessible because of permissions, or restricted by sensitivity labels may be excluded from the tuning corpus.
  • Point-in-time snapshot risk: Copilot Tuning creates a tenant-isolated snapshot of selected SharePoint content for tuning. Snapshot permissions reflect access control lists (ACLs) at tuning time, snapshots are not automatically updated when source content changes, and material changes require re-tuning.
  • Snapshot policy and residency limits: Source Data Loss Prevention (DLP) and retention policies do not automatically apply to snapshot data. During public preview, snapshot data is retained while the tuned agent remains active, is subject to a maximum two-year retention period, is not covered by Advanced Data Residency (ADR) without a Microsoft account-team waiver, and is not covered by Multi-Geo commitments; EU-based tenants should verify current EU Data Boundary behavior.
  • SR 11-7 / OCC Bulletin 2011-12 (model risk management): The interagency guidance on model risk management (SR 11-7 / OCC Bulletin 2011-12, interim — applicable to genAI per the 2026-13 exclusion) establishes expectations for model validation, ongoing monitoring, and governance. Tuned Copilot agents function as customized AI models and should be assessed under these principles, including documentation of the tuning basis, intended use, and limitations.
  • Audit trail requirements: Tuning jobs, data source selections, agent creation events, access changes, re-tuning decisions, and output supervision decisions should be logged to support regulatory examination readiness and internal audit review.
  • Third-party AI governance and privacy: The Interagency RFI on AI (2023) calls for institutions to maintain appropriate governance for AI systems, including those customized from vendor-provided platforms. Microsoft describes Copilot Tuning snapshot data as tenant-isolated, used solely for tuning, and not shared across tenants; organizations should verify Microsoft DPA, subprocessor, Customer Lockbox, and base-model-training commitments for their tenant before approval.

Disclaimer

This control is provided for informational purposes only and does not constitute legal, regulatory, or compliance advice. See full disclaimer.

Control Description

Admin Controls for Copilot Tuning

Copilot Tuning is managed through the Microsoft 365 admin center Copilot control system with the following administrative controls:

Control Description Default / expected behavior
Tenant-level availability Choose Enable for all users, Enable for specific users or groups, or Disable tuning for the tenant Eligible tenants are enabled for all users by default; ineligible tenants do not see the setting; ADR tenants are not enabled by default during public preview
User/group scoping Restrict tuning access to specific users or Entra ID security groups Optional controlled-rollout setting for eligible tenants
Request access flow Users outside the enabled scope can request tuning access with a business justification Available only when tuning is enabled for specific users or groups; admin approval is required
Existing agent behavior Availability changes are forward-looking Existing tuned agents remain available for inference subject to the agent's sharing and permission settings
Open-source model controls Admins can restrict whether external open-source base models are available for tuning Configurable

Data Handling

  • Tuning corpus eligibility: Before enabling model tuning, confirm the tenant meets Microsoft 365 Copilot licensing and preview eligibility requirements, the selected scenario meets Microsoft's current data snapshot minimums, and the source data is indexable through Microsoft Search/Microsoft Graph.
  • Index coverage exclusions: Data in non-indexed repositories, outside the selected SharePoint scope, inaccessible because of permissions, or restricted by sensitivity labels is excluded from the tuning corpus. Organizations should compare the intended knowledge domain against actual Search/Graph coverage before approval.
  • SharePoint snapshots: Copilot Tuning uses point-in-time snapshots of explicitly selected SharePoint content as the tuning data source. Snapshot ACLs reflect permissions at tuning time and are not automatically updated when source content or permissions change.
  • Snapshot lifecycle: Source DLP and retention policies do not automatically apply to snapshot data. During public preview, snapshots are retained while the tuned agent remains active, are deleted when the tuned agent is deleted, and are subject to a maximum two-year retention period.
  • Privacy controls: Microsoft states that snapshot data is stored in a tenant-isolated Microsoft 365 environment, is used solely for tuning, is not shared across tenants, and is not used to train base models. Microsoft staff should not access tuning data or snapshots without Customer Lockbox authorization for approved support scenarios.
  • Residency controls: Organizations with ADR or Multi-Geo commitments should review current Microsoft Learn guidance and account-team terms before enabling tuning because public preview residency commitments have explicit limitations.
  • Data scope awareness: Organizations should carefully evaluate which SharePoint sites and libraries are included in tuning scope to reduce the likelihood of regulated or restricted content entering a snapshot without approval.

Request and Approval Workflow

The request flow applies when tuning is enabled for specific users or groups; tenants that leave the eligible default as Enable for all users do not receive just-in-time approval prompts for already-enabled users. A controlled request flow should require:

  1. Admin records the current tenant availability setting and policy rationale
  2. End user submits a tuning request with business justification when outside the enabled group scope
  3. Request is routed to the designated admin or approval group
  4. Admin reviews the business justification, data sources, intended use, Search/Graph index coverage, sensitivity labels, snapshot retention, and residency implications
  5. Admin approves or denies the request, with time-bound access where appropriate and documented rationale
  6. Approved tuning jobs and re-tuning decisions are logged for audit trail purposes

Copilot Surface Coverage

Surface Tuning Relevance Notes
Microsoft 365 Copilot Chat Primary Tuned agents are accessed through Copilot Chat
SharePoint Data source SharePoint content serves as the tuning data source
Teams Potential interaction surface Tuned agents may be accessible through Teams Copilot
Other M365 apps Indirect Tuned agent outputs may be referenced in other Copilot surfaces

Governance Levels

Baseline

  • Confirm tenant eligibility and current availability, including Microsoft 365 Copilot license prerequisites, preview access, public-preview license thresholds where applicable, data snapshot minimums, and Search/Graph index coverage requirements
  • Do not assume Copilot Tuning is disabled by default; for eligible tenants, document whether tuning is enabled for all users, limited to specific users/groups, or disabled
  • Document the organization's policy decision on Copilot Tuning (enabled, restricted, disabled, or under evaluation) and the risk owner for that decision
  • If tuning is enabled or was previously enabled, inventory existing tuned agents and template-based agents because access changes are forward-looking
  • Review Microsoft's Copilot Tuning data handling documentation, DPA/subprocessor terms, snapshot retention, source-policy gaps, and residency limitations against the institution's data governance requirements
  • Restrict Copilot Tuning to approved Entra ID groups unless broad enablement has documented executive risk acceptance
  • Require documented business justification and admin approval for tuning access and each new model-tuning job
  • Establish a quarterly review of active tuned agents, including data sources, intended use, output quality, sharing scope, and re-tuning needs
  • Conduct Search/Graph index coverage and data classification review before tuning; restrict tuning data sources to approved non-PII SharePoint sites unless explicitly approved by compliance
  • Document re-tuning triggers for material source-content updates, permission changes, label changes, or model-quality issues
  • Review open-source model controls and configure based on organizational risk tolerance
  • Integrate tuning governance into the existing AI governance committee agenda

Regulated

  • Allow Copilot Tuning only with documented CISO and/or CRO approval and legal/privacy review for regulated data scenarios
  • Restrict tuning data sources to approved SharePoint sites with documented data classification, sensitivity label, and business-owner review
  • Validate ADR, Multi-Geo, EU Data Boundary, and macro-region implications with Microsoft account teams before enabling tuning for regulated workloads
  • Maintain a snapshot governance record capturing selected sources, ACL capture time, source-policy gaps, retention expectations, deletion validation, and re-tuning triggers
  • Implement output supervision for tuned agents, including periodic review of agent responses for accuracy and regulatory suitability
  • Maintain a tuning audit log capturing: requestor, approver, data sources, tuning job dates, agent lifecycle events, access changes, re-tuning decisions, and output supervision findings
  • Assess tuned agents under SR 11-7 / OCC Bulletin 2011-12 (interim — applicable to genAI per the 2026-13 exclusion) model risk management principles, including documentation of model basis, intended use, limitations, and validation approach
  • Include tuning governance in regulatory examination evidence packages
  • Conduct annual review of tuning policy, access controls, residency posture, snapshot lifecycle, and active agents with compliance and risk management input

Setup & Configuration

Step 1: Review Tenant Tuning Settings

  1. Navigate to Microsoft 365 admin center > Settings > Microsoft 365 Copilot
  2. Locate the Copilot Tuning section in the Copilot control system
  3. Confirm eligibility: Microsoft 365 Copilot license prerequisites, preview/Frontier availability, public-preview license thresholds where applicable, data snapshot minimums, and Microsoft Search/Graph index coverage
  4. Verify the current tenant availability setting; eligible tenants may default to Enable for all users, so do not assume tuning is disabled
  5. If ADR or Multi-Geo commitments apply, confirm current Microsoft account-team guidance before enabling tuning
  6. Document the current configuration state and policy decision

Step 2: Define Tuning Access Policy

  1. Determine which user populations, if any, are approved for tuning access
  2. Create Entra ID groups for approved tuning users (e.g., Copilot-Tuning-Approved)
  3. Configure tuning access to the approved group only unless broad enablement has documented risk acceptance
  4. Document approval criteria, business justification requirements, review cadence, and access expiration rules

Step 3: Configure Data Source and Index Restrictions

  1. Identify SharePoint sites and libraries that contain regulated, restricted, or PII content
  2. Confirm that proposed tuning sources are indexable through Microsoft Search/Microsoft Graph and meet current data snapshot requirements for the scenario
  3. Document which SharePoint content is approved for use as tuning data and which content is excluded because of permissions, sensitivity labels, non-indexed locations, or business restrictions
  4. Communicate data source restrictions to approved tuning users
  5. Establish a review process for tuning data source selections and re-tuning triggers

Step 4: Review Snapshot, Privacy, and Residency Commitments

  1. Document that tuning uses a point-in-time snapshot and that source DLP/retention policies do not automatically apply to snapshot data
  2. Document snapshot retention expectations, maximum retention, and deletion validation when tuned agents are removed
  3. Review Microsoft DPA, subprocessor, Customer Lockbox, and base-model-training commitments for Copilot Tuning
  4. Validate ADR, Multi-Geo, EU Data Boundary, and macro-region implications before approving regulated workloads

Step 5: Establish Monitoring and Review

  1. Define the review cadence for active tuned agents (quarterly recommended)
  2. Assign responsibility for tuning governance oversight
  3. Configure audit log retention for tuning-related events
  4. Integrate tuning metrics into existing Copilot governance reporting (see Control 4.5)

Financial Sector Considerations

  • Model risk management: Tuned Copilot agents represent a form of model customization. Institutions applying SR 11-7 / OCC Bulletin 2011-12 (interim — applicable to genAI per the 2026-13 exclusion) should evaluate whether tuned agents meet the definition of a "model" under their model risk management framework and apply proportionate validation and monitoring controls. Organizations should verify their assessment approach with their model risk management team.
  • Eligibility and data sufficiency: Before enabling tuning, confirm Microsoft 365 Copilot licensing, preview eligibility thresholds, scenario-specific data snapshot minimums, and Search/Graph index coverage. A tuned agent may not reflect business-critical knowledge if source repositories are non-indexed, permission-restricted, or excluded by sensitivity labels.
  • Data classification review: Before enabling tuning on any SharePoint content, conduct a data classification review to identify regulated data (customer PII, trading data, material non-public information) that should be excluded from tuning scope unless explicitly approved.
  • Snapshot governance: Treat tuning snapshots as separate governance artifacts. Document ACL capture time, source-policy gaps, maximum retention, deletion validation, and re-tuning triggers when source content, permissions, or labels change.
  • Output supervision: Tuned agents may produce outputs that reflect patterns from the training data. For agents tuned on financial data or internal policy, periodic output review helps identify accuracy issues or inadvertent disclosure of sensitive information.
  • Vendor and privacy risk management: Copilot Tuning extends the institution's use of Microsoft's AI platform. The tuning capability should be assessed under the institution's third-party risk management framework, including review of Microsoft's DPA, subprocessor, Customer Lockbox, data isolation, and base-model-training commitments.
  • Residency review: ADR, Multi-Geo, EU Data Boundary, and macro-region handling can differ during public preview. Organizations should verify current Microsoft account-team guidance before enabling tuning for regulated workloads.
  • Examination readiness: Maintain documentation of tuning decisions, data sources, index coverage, snapshot lifecycle, approval workflows, and governance reviews in the institution's regulatory examination file. Examiners may ask how the institution governs AI model customization.
  • Copilot Tuning Templates (March 2026): Agent Builder includes templates for document drafting, document validation, and style-matching that significantly lower the barrier to creating tuned agents. Templates enable business users to tune fine-grained writing behavior with their own proprietary data in eligible tenants. This changes the risk posture: organizations should assess whether template-based tuning requires the same approval workflow as custom tuning, and whether the template categories (drafting, validation, style) introduce different risk profiles for FSI use cases.
  • AI Model Version Governance for Tuning: Copilot Tuning may allow selection of alternative base models, including external open-source models controlled through admin settings. Each base model selection or change represents a model-governance event that should be evaluated under SR 11-7 / OCC Bulletin 2011-12 (interim — applicable to genAI per the 2026-13 exclusion) principles: document the model selected, the rationale, and any data-residency implications before enabling. Models designated as cross-geo may process tuning data outside the organization's provisioned geography, requiring review under Control 2.7. Organizations should also assess whether a base model change constitutes a material change requiring re-tuning and re-validation, and document the outcome in the tuning audit log. Verify current base model availability, release status, and data-processing geography at the Select an agent model documentation before enabling non-default base models for tuning workloads.

Verification Criteria

# Verification Step Expected Result
1 Review Copilot Tuning eligibility and tenant availability settings License prerequisites, preview eligibility, data snapshot requirements, Search/Graph index coverage, and current availability setting are documented
2 Verify eligible-tenant default posture If tuning defaults to Enable for all users, documented risk acceptance or a configuration change to approved groups/disabled state exists
3 Verify tuning access group membership Only approved users are in the tuning-enabled Entra ID group when group scoping is used
4 Review tuning request and approval workflow Documented approval process exists with business justification, data source review, index coverage review, and residency/privacy review requirements
5 Confirm data source restrictions are documented Approved and restricted SharePoint sites for tuning are identified, including exclusions for non-indexed, permission-restricted, or sensitivity-label-restricted content
6 Review snapshot lifecycle controls ACL capture time, source-policy gaps, retention expectations, deletion validation, and re-tuning triggers are documented
7 Review active tuned agents inventory List of active tuned agents with data sources, owners, sharing scope, and last tuning date is current
8 Verify audit trail for tuning events Tuning requests, approvals, agent lifecycle events, access changes, and re-tuning decisions are logged
9 Confirm output supervision process (Regulated) Periodic output review evidence exists for active tuned agents
10 Review open-source model control settings External base model usage is configured per organizational policy

Additional Resources

FSI Copilot Governance Framework v1.4.0 - April 2026