Skip to content

Control 2.13: Plugin and Graph Connector Security Governance

Control ID: 2.13 Pillar: Security & Protection Regulatory Reference: GLBA 501(b), FFIEC Last Verified: 2026-02-17 Governance Levels: Baseline / Recommended / Regulated

Objective

Establish a security governance framework for Microsoft 365 Copilot plugins (extending Copilot's capabilities with third-party actions) and Microsoft Graph connectors (ingesting external data into the Microsoft 365 index for Copilot grounding). Plugins and connectors expand Copilot's reach beyond native M365 data, introducing third-party code execution, OAuth consent flows, and external data ingestion that must be governed through security review, approval workflows, and ongoing monitoring. This control supports compliance with GLBA safeguard requirements and FFIEC expectations for third-party risk management.

Why This Matters for FSI

  • GLBA 501(b) requires safeguards for customer information systems — plugins and connectors introduce third-party processing of data that flows through Copilot, expanding the safeguard boundary
  • FFIEC IT Examination Handbook (Outsourcing) expects due diligence and ongoing monitoring of third-party service providers — plugin publishers and connector data sources are third-party processors requiring risk assessment
  • FFIEC IT Examination Handbook (Information Security) expects controls over API access and OAuth permissions — plugins use OAuth for authentication, and excessive permissions create security risk
  • OCC Bulletin 2013-29 (Third-Party Risk Management) requires risk management throughout the third-party relationship lifecycle — applies to plugin publishers and Graph connector vendors
  • SEC guidance on outsourcing expects firms to maintain supervisory responsibility for outsourced functions — plugins that perform actions on behalf of users require supervisory controls
  • Interagency AI Guidance (2023) expects institutions to understand and manage risks from AI tool extensibility, including third-party integrations

Control Description

Microsoft 365 Copilot can be extended through two primary mechanisms:

Plugin Types and Security Implications

Plugin Type Description Data Flow Security Concern
Message extension plugins Teams message extensions used as Copilot plugins User query → plugin service → response Third-party sees user queries
API plugins Custom API-based plugins with OpenAPI spec User query → API endpoint → response API may process sensitive data
Copilot Studio plugins Plugins built in Copilot Studio User query → Power Platform → response Power Platform governance applies
Graph connector plugins Plugins that query Graph connector data User query → connector index → response External data ingested into search

Graph Connector Data Flow

External Data Source              Microsoft 365              Copilot
┌──────────────┐                ┌─────────────────┐
│ ServiceNow   │  Graph         │ Microsoft Graph  │
│ Salesforce   │  Connector     │ Index            │
│ SAP          │ ─────────────→ │                  │ ──→ Copilot grounds
│ Jira         │  (data         │ Indexed external │     responses on
│ Custom DB    │   ingestion)   │ content          │     Graph data
└──────────────┘                └─────────────────┘
Permission Type Description Risk Level FSI Governance
Delegated permissions Plugin acts on behalf of the signed-in user Medium User consent may be acceptable for low-risk plugins
Application permissions Plugin acts with its own identity High Admin consent only — never user consent for FSI
Graph connector permissions Connector ingests data into the Graph index High Admin consent + security review required
Overprivileged permissions Plugin requests more permissions than needed Critical Block — require least-privilege scoping

Plugin Approval Workflow

Plugin Request
┌──────────────────┐
│ Security Review   │
│                  │
│ ├─ Publisher      │
│ │  reputation     │
│ ├─ Permissions    │
│ │  requested      │
│ ├─ Data flow      │
│ │  analysis       │
│ ├─ SOC 2/ISO     │
│ │  certification  │
│ └─ Privacy        │
│    assessment     │
└────────┬─────────┘
    ┌────┴────┐
    │         │
  Approve   Reject
    │         │
  Deploy    Document
  + Monitor  rationale

Plugin Security Assessment Criteria

Criterion Assessment Questions Weight
Publisher trust Is the publisher Microsoft-verified? SOC 2 certified? Known in FSI? High
Permission scope What permissions are requested? Are they least-privilege? Critical
Data handling Where is data processed? Is data stored? What retention? Critical
Authentication How does the plugin authenticate? OAuth 2.0? Certificate? High
Encryption Is data encrypted in transit and at rest? High
Compliance Does the publisher have FSI-relevant compliance certifications? Medium
Update cadence How frequently is the plugin updated? Security patching? Medium
Exit strategy Can the plugin be removed cleanly? What happens to data? Medium

Copilot Surface Coverage

M365 Application Plugin Support Graph Connector OAuth Consent Notes
Microsoft 365 Copilot Chat Yes Yes Yes Primary extensibility surface
Word Limited Yes Yes Document-focused plugins
Excel Limited Yes Yes Data analysis plugins
PowerPoint Limited Yes Yes Presentation plugins
Outlook Yes Yes Yes Email/calendar plugins
Teams Yes Yes Yes Full plugin support in Teams
OneNote Limited Yes Yes Limited plugin support
Loop Limited Yes Yes Limited plugin support
Copilot Pages Yes Yes Yes Plugins available in Pages
SharePoint (Agents) Yes Yes Yes Agents can use plugins and connectors

Governance Levels

Level Requirement Rationale
Baseline Disable all third-party plugins for Copilot; restrict to Microsoft first-party plugins only; block user consent for OAuth apps; disable Graph connectors from external sources; document the restriction rationale Maximum restriction during initial Copilot deployment — eliminates third-party extensibility risk entirely
Recommended Enable Microsoft first-party plugins; create a plugin approval workflow requiring security review; allow approved Graph connectors with admin consent only; implement OAuth app governance via Entra ID; quarterly review of approved plugins; monitor plugin usage via audit logs Controlled extensibility with formal approval process — suitable for firms that need selected third-party integrations
Regulated All Recommended requirements plus: full third-party risk assessment for each plugin publisher; annual plugin security re-assessment; Graph connector data classification and labeling; plugin-specific DLP policies; real-time monitoring of plugin API calls; plugin governance committee with compliance representation; plugin inventory included in examination packages Comprehensive extensibility governance — designed for firms where every third-party integration requires formal risk management

Setup & Configuration

Step 1: Configure Integrated Apps Settings

Portal: Microsoft 365 Admin Center > Settings > Integrated apps

  1. Review current app deployment status
  2. Set default to "Block all third-party apps for Copilot" for Baseline
  3. For Recommended/Regulated, enable admin-managed deployment only

Portal: Microsoft Entra Admin Center > Applications > Consent and permissions

  1. Set user consent to "Do not allow user consent" for enterprise applications
  2. Enable admin consent workflow
  3. Configure admin consent request notifications to security team
# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Policy.ReadWrite.Authorization"

# Disable user consent for applications
Update-MgPolicyAuthorizationPolicy -DefaultUserRolePermissions @{
  PermissionGrantPoliciesAssigned = @()
}

# Enable admin consent workflow
# Portal: Entra Admin Center > Enterprise applications > Consent and permissions > Admin consent settings

Step 3: Configure Plugin Deployment

Portal: Microsoft 365 Admin Center > Settings > Copilot > Plugins

  1. Review available plugins
  2. For Baseline: Disable all non-Microsoft plugins
  3. For Recommended: Enable approved plugins via admin deployment
  4. Configure which users can access each deployed plugin

Step 4: Configure Graph Connector Governance

Portal: Microsoft 365 Admin Center > Settings > Search & intelligence > Connectors

  1. Review Graph connector deployment requests
  2. Require security review before connector deployment
  3. Configure connector data ingestion scope
  4. Apply sensitivity labels to connector-ingested content

Step 5: Implement Plugin Approval Workflow

Create a formal plugin approval process:

Step Owner Deliverable
1. Business request Requesting department Business justification document
2. Security review Information Security Security assessment report
3. Privacy review Privacy/Legal Privacy impact assessment
4. Compliance review Compliance Regulatory risk assessment
5. Architecture review IT Architecture Integration architecture review
6. Approval decision Plugin governance committee Approval/denial with rationale
7. Deployment IT Operations Controlled deployment with monitoring
8. Ongoing monitoring Information Security Quarterly usage and security review

Step 6: Monitor Plugin Activity

# Search audit logs for plugin-related activities
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-30) -EndDate (Get-Date) `
  -Operations "AppConsented","CopilotPluginUsed" -ResultSize 5000

# Monitor OAuth consent events
Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) `
  -Operations "Consent to application" -ResultSize 5000

Financial Sector Considerations

  • Third-Party Risk Management: Financial regulators (OCC, FFIEC) have specific expectations for third-party risk management. Each plugin publisher and Graph connector vendor should be assessed using the firm's third-party risk management framework. This includes due diligence, contract review, ongoing monitoring, and exit planning.
  • Data Residency for Plugins: Plugins may process data outside the firm's M365 tenant geography. Assess whether plugin data processing locations comply with the firm's data residency requirements (see Control 2.7).
  • Sensitive Data Exposure: When a user asks Copilot a question and a plugin processes the query, the plugin's service receives context from the user's prompt. This may include sensitive business context or customer information. Assess this data exposure risk for each plugin.
  • Graph Connector Data Classification: Data ingested via Graph connectors into the M365 index becomes available to Copilot for grounding. This data must be classified and labeled appropriately. Unclassified external data in the Graph index could be surfaced by Copilot without proper sensitivity controls.
  • SOC 2 Requirements: For Recommended and Regulated governance levels, require SOC 2 Type II reports from plugin publishers. This provides assurance about the publisher's security controls, availability, and data handling practices.
  • Regulatory Notification: Some regulatory frameworks require notification when new third-party services are engaged for processing customer data. Evaluate whether plugin deployment triggers notification requirements.
  • Plugin Inventory for Examinations: Maintain a current inventory of all deployed plugins and Graph connectors, including publisher information, permissions granted, data flows, and last security review date. Examiners may request this during IT examinations.

Verification Criteria

  1. Third-Party Plugin Status: Verify that third-party plugins are disabled (Baseline) or restricted to approved plugins only (Recommended/Regulated)
  2. User Consent Blocked: Confirm that users cannot consent to OAuth applications — attempt user consent and verify it is blocked
  3. Admin Consent Workflow: Verify that admin consent requests are routed to the security team and that a documented review process exists
  4. Plugin Inventory: Confirm a current inventory of deployed plugins exists with publisher, permissions, and last review date
  5. Graph Connector Governance: Verify that Graph connector deployment requires admin approval and that ingested data is classified
  6. Plugin Approval Workflow: Confirm a documented plugin approval workflow exists with security, privacy, and compliance review steps
  7. Permission Scoping: For approved plugins, verify that granted permissions follow the principle of least privilege
  8. Plugin Usage Monitoring: Verify that plugin usage events are captured in audit logs and monitored
  9. Third-Party Risk Assessment: Confirm that plugin publishers have been assessed under the firm's third-party risk management framework
  10. Periodic Review: Confirm that approved plugins are re-assessed at least annually (Recommended) or quarterly (Regulated)

Additional Resources