Control 2.14: Declarative and SharePoint Agents Governance

Control ID: 2.14 Pillar: Security & Protection Regulatory Reference: GLBA 501(b) Last Verified: 2026-03-22 Governance Levels: Baseline / Recommended / Regulated

Objective

Govern the creation, sharing, user access, and data boundary enforcement for declarative agents, with specific attention to SharePoint-backed agents and other agents surfaced through Microsoft 365 Copilot. This control focuses on the security guardrails that determine who can use agents, who can share them, and how agent access is limited to approved publishers, audiences, and knowledge sources.

Why This Matters for FSI

GLBA 501(b) requires safeguards for customer information. Agents can accelerate access to site content, uploaded knowledge, and external tools, so security boundaries should be explicit.
Agent proliferation risk increases when users can create or broadly share agents without governance approval.
Data boundary enforcement matters because SharePoint-backed agents can expose sensitive site content to new audiences if permissions and sharing are not reviewed carefully.
FFIEC and OCC AI governance expectations support maintaining oversight of who can use AI tools, how those tools are shared, and what data they can access.

Control Description

Microsoft 365 now exposes agent governance through the Agents control plane in the Microsoft 365 admin center. Security decisions for agents are no longer limited to the original SharePoint agent creation flow. Administrators can now review agent inventory, restrict allowed agent types, control sharing, and scope user access through centralized settings.

Agent Types Relevant to CopilotGov

Agent Type	Security Consideration	Primary Governance Surface
Published by your organization	Broad availability requires approval and ownership	Agents > All agents / Registry
Shared by creator	Creator-shared agents can spread quickly without central review	Agents > All agents / Sharing controls
Microsoft agents	First-party experiences require access decisions and usage oversight	Agents > Settings > Allowed agent types
External partner agents	External publishers may introduce new data handling terms or integrations	Agents > Settings > Allowed agent types
SharePoint-backed agents	Ground on SharePoint sites and therefore inherit site-permission risk	Agents + SharePoint Admin Center

Central Security Controls

Control	Description	Admin Configuration
Allowed agent types	Controls which classes of agents users can install	Agents > Settings > Allowed agent types
Sharing	Controls who can share agents broadly in the organization	Agents > Settings > Sharing
User access	Limits who can use agents at all	Agents > Settings > User access
Registry review	Tracks published, shared, blocked, or ownerless agents	Agents > All agents / Registry
Knowledge source review	Validates SharePoint sites, embedded files, and external data sources	SharePoint Admin Center, Agent details, Search / connector review

Researcher and Analyst Nuance

Microsoft documents Researcher and Analyst as first-party experiences within the core Microsoft 365 Copilot chat experience. They coexist with agents and inherit related governance capabilities, but they do not fall under installable agent settings in the same way as Registry-managed agents. Document them as Copilot Chat capabilities when defining access policy and supervision requirements.

Agent Risk Assessment Matrix

Risk Factor	Low Risk	Medium Risk	High Risk
Publisher	Microsoft	Internal approved creator	External partner or unreviewed creator
Knowledge source	Public intranet or non-sensitive content	Department knowledge	Client data, regulated records, or uploaded files with sensitive content
Sharing scope	Creator only or named users	Department	Organization-wide or cross-functional
Allowed users	Approved pilot group	Documented business group	Broad tenant access without governance review
Web / action capability	Disabled or limited	Approved business use	External or high-impact actions without control evidence

Copilot Surface Coverage

M365 Surface	Agent Access	Security Governance Notes
Microsoft 365 Copilot Chat	Yes	Primary user experience for many agents
Teams	Yes	Review alongside collaboration and supervision controls
SharePoint	Yes	Important for SharePoint-backed agent knowledge scope
Copilot Pages	Indirect	Agent responses can create Pages; align with Control 2.11
Word / Excel / PowerPoint / Outlook	Limited / varies	Review by scenario and agent type

Governance Levels

Level	Requirement	Rationale
Baseline	Restrict agent user access to approved users or groups; allow only approved agent types; review Registry inventory monthly; review SharePoint knowledge sources before publication	Minimum control over who can use and share agents
Recommended	All Baseline requirements plus: group-based sharing rules, documented owner for each published agent, quarterly source-site review for SharePoint-backed agents, formal approval workflow for broader publication	Balanced production governance for most FSI deployments
Regulated	All Recommended requirements plus: compliance review for high-risk or client-data agents, documented exception process for external or broadly shared agents, monthly registry review, evidence retained for examination support	Stronger security posture for regulated or segmented environments

Setup & Configuration

Step 1: Configure Agent User Access

Portal: Microsoft 365 Admin Center
Path: Agents > Settings > User access

Choose All users, No users, or Specific users/groups.
For FSI deployments, prefer approved user or group scoping over broad default access.
Document the approved audiences and the associated business justification.

Portal: Microsoft 365 Admin Center
Path: Agents > Settings > Allowed agent types / Sharing

Decide whether Microsoft, internal, and external agents are permitted.
Restrict broad sharing to approved groups where required.
Document how creator-shared agents are reviewed before broader use.

Step 3: Review Agent Registry

Portal: Microsoft 365 Admin Center
Path: Agents > All agents / Registry

Review published, shared, blocked, and ownerless agents.
Confirm each broadly available agent has an owner and approval record.
Block or remove agents that do not meet policy.

Step 4: Review SharePoint-Backed Knowledge Sources

Portal: SharePoint Admin Center and agent details

Review source sites or uploaded knowledge used by high-risk agents.
Confirm permissions, labels, and sharing posture are appropriate.
Cross-reference Control 1.2 for oversharing remediation and Control 2.5 for grounding scope decisions.

Step 5: Establish Security Review Workflow

Define who reviews new agents before broader publication.
Require extra review for:
client-data or regulated-content agents
external partner agents
agents with embedded file knowledge
Record approval, owner, and review cadence for each governed agent.

Financial Sector Considerations

Client-data agents: Agents grounded on client or account content should undergo stronger review than general knowledge assistants.
Publisher trust: External partner agents require review of data handling, privacy terms, and operational dependency.
SharePoint oversharing: A well-designed agent still inherits risk from an overshared source site. Security review should include the underlying content boundary.
Research and analysis workflows: If Researcher or Analyst are enabled for high-risk business functions, document that decision in Copilot governance even though those tools are not managed like Registry-installed agents.

Verification Criteria

User access scoped: Verify agent access is limited to the approved users or groups.
Allowed types configured: Confirm allowed agent types match the institution's policy.
Sharing rules configured: Verify broad agent sharing is limited or approved.
Registry inventory current: Confirm published and shared agents are inventoried and ownered.
SharePoint source review completed: Confirm high-risk agents have documented knowledge-source review.
Exception handling documented: Verify any external or high-risk agent exceptions have approval evidence.