Skip to content

Control 2.3: Conditional Access Policies for Copilot Workloads

Control ID: 2.3 Pillar: Security & Protection Regulatory Reference: GLBA 501(b), NYDFS Part 500, FFIEC Last Verified: 2026-02-17 Governance Levels: Baseline / Recommended / Regulated

Objective

Configure Microsoft Entra Conditional Access policies that govern authentication and session controls for Microsoft 365 Copilot access. These policies enforce device compliance, location-based restrictions, risk-based authentication, and session management to help prevent unauthorized access to Copilot capabilities from unmanaged devices, untrusted locations, or compromised accounts. This control supports compliance with NYDFS cybersecurity requirements and FFIEC authentication guidance for financial institutions.

Why This Matters for FSI

  • GLBA 501(b) mandates safeguards for customer information systems — Conditional Access policies are a primary technical safeguard controlling who can access AI-powered tools that process customer data
  • NYDFS Part 500 (Section 500.12) requires multi-factor authentication for any individual accessing internal networks from an external network — Copilot access from outside the corporate environment must require MFA at minimum. The March 2026 CA enforcement change (see below) strengthens MFA enforcement for Copilot access from non-corporate environments.
  • NYDFS Part 500 (Section 500.07) requires access privilege limitations based on the principle of least privilege — Conditional Access enables risk-proportionate access controls for Copilot
  • FFIEC IT Examination Handbook (Authentication and Access Controls) expects layered authentication controls proportionate to risk — Copilot's ability to access and synthesize data across workloads warrants enhanced authentication controls
  • SEC Reg S-ID requires identity theft prevention programs — risk-based Conditional Access policies help detect and block access from compromised identities attempting to use Copilot

Control Description

Microsoft Entra Conditional Access evaluates signals (user identity, device state, location, risk level) at authentication time and enforces access controls based on policy configuration. For Copilot workloads, Conditional Access can target:

Copilot-Specific App Targeting

Target App App ID Description
Microsoft 365 Copilot (Enterprise Copilot Platform) fb8d773d-7ef8-4ec0-a117-179f88add510 Direct Copilot service
Microsoft 365 (Office 365) 00000003-0000-0ff1-ce00-000000000000 Umbrella targeting for all M365 apps
Microsoft Teams cc15fd57-2c6c-4117-a88c-83b1d56b4bbe Teams Copilot features
SharePoint Online 00000003-0000-0ff1-ce00-000000000000 SharePoint agents and Copilot in SharePoint

Critical: The correct Enterprise Copilot Platform App ID is fb8d773d-7ef8-4ec0-a117-179f88add510. Verify all existing CA policies reference this exact value — misconfigured app IDs will cause policies to miss Copilot traffic entirely.

Conditional Access Enforcement Change (March 2026)

Microsoft Entra ID will begin enforcing a behavioral change to Conditional Access policies starting March 27, 2026, with rollout completing across all cloud environments through June 2026.

What changes: Policies targeting "All resources" that include resource exclusions will now enforce MFA and device compliance even for the excluded resources when users sign in through client applications requesting low-privilege scopes. Previously, these exclusions created a bypass path.

FSI impact: Institutions with CA policies structured as "All resources + exclusions" should audit their policies before March 2026. If the Enterprise Copilot Platform (App ID: fb8d773d-7ef8-4ec0-a117-179f88add510) is listed as an exclusion in any "All resources" policy, those policies will now enforce controls against Copilot access. Per NYDFS 23 NYCRR Part 500, Section 500.12, MFA requirements for external network access apply — this enforcement change closes a gap where Copilot-specific exclusions could bypass MFA requirements.

Action required: Run the Conditional Access optimization agent in Microsoft Entra ID to identify affected policies. Test behavior in report-only mode before the enforcement date. Regulated institutions should complete CA policy remediation by February 2026 to allow time for report-only validation before enforcement begins.

Conditional Access Signal Matrix

Signal Source FSI Relevance
User/Group membership Entra ID Scope Copilot access to licensed, approved groups
Device compliance Intune Restrict Copilot to managed, compliant devices
Device platform Entra ID Block Copilot from unsupported platforms
Location (Named locations) Entra ID Restrict Copilot to corporate offices and approved locations
Sign-in risk Entra ID Protection Block Copilot when sign-in risk is medium or high
User risk Entra ID Protection Require password change when user risk is elevated
Client app Entra ID Restrict to approved client applications
Authentication strength Entra ID Require phishing-resistant MFA for Copilot
IRM risk level (via Adaptive Protection) Insider Risk Management Dynamically block Copilot when insider risk is elevated
Policy Name Assignment Conditions Grant Controls Session Controls
FSI-Copilot-RequireMFA All Copilot users All platforms Require MFA (authentication strength: phishing-resistant)
FSI-Copilot-CompliantDevice All Copilot users All platforms Require compliant device
FSI-Copilot-BlockUntrustedLocation All Copilot users Exclude: named locations (corporate) Block access
FSI-Copilot-RiskBasedBlock All Copilot users Sign-in risk: Medium, High Block access
FSI-Copilot-SessionControl All Copilot users All Sign-in frequency: 8 hours; persistent browser: disabled
FSI-Copilot-AppProtection Mobile users iOS, Android Require app protection policy
FSI-Copilot-AdaptiveProtection All Copilot users IRM risk level: High Block or require additional verification

IRM Adaptive Protection Dynamic Blocking

Insider Risk Management integrates with Conditional Access through Adaptive Protection to enable dynamic, risk-responsive access control for Copilot. When IRM identifies a user at elevated risk, Adaptive Protection can automatically adjust the user's Conditional Access policy to restrict or block Copilot access in real time.

This creates a feedback loop: risky behavior detected by IRM → user risk level elevated → CA policy dynamically restricts AI access → user must complete additional verification or is blocked entirely.

Configuration path: Microsoft Purview > Insider Risk Management > Adaptive Protection settings.

The integration works through IRM's real-time risk level signals, which Conditional Access evaluates as an additional condition alongside standard signals. A user who triggers an IRM high-risk alert will find that their next Copilot authentication request is blocked by the dynamically adjusted CA policy — without requiring a manual administrator action.

FSI value: For financial institutions, this dynamic coupling means that a departing employee who begins bulk-downloading data via Copilot can be automatically blocked from further Copilot access while the IRM investigation proceeds. The response is proportionate and immediate.

Access Flow Diagram

User Request to Copilot
  Entra ID Authentication
  ┌─────────────────────┐
  │ Conditional Access   │
  │ Policy Evaluation    │
  │                     │
  │ ✓ MFA completed?    │
  │ ✓ Device compliant? │
  │ ✓ Location trusted? │
  │ ✓ Risk level OK?    │
  │ ✓ App approved?     │
  │ ✓ IRM risk OK?      │
  └─────────┬───────────┘
     ┌──────┴──────┐
     │             │
  All Pass      Any Fail
     │             │
  Grant Access   Block/Remediate
  + Session      + Audit Log
  Controls

Copilot Surface Coverage

M365 Application CA Policy Applies Device Compliance Location Restriction Risk-Based Block Notes
Microsoft 365 Copilot Chat Yes Yes Yes Yes Primary Copilot entry point
Word Yes Yes Yes Yes Via Microsoft 365 app targeting
Excel Yes Yes Yes Yes Via Microsoft 365 app targeting
PowerPoint Yes Yes Yes Yes Via Microsoft 365 app targeting
Outlook Yes Yes Yes Yes Via Microsoft 365 app targeting
Teams Yes Yes Yes Yes Separate Teams app target available
OneNote Yes Yes Yes Yes Via Microsoft 365 app targeting
Loop Yes Yes Yes Yes Via Microsoft 365 app targeting
Copilot Pages Yes Yes Yes Yes Inherits from M365 Copilot app
SharePoint (Agents) Yes Yes Yes Yes Via SharePoint Online app target

Governance Levels

Level Requirement Rationale
Baseline Require MFA for all Copilot users; require managed device (Intune enrolled); block access from anonymous or Tor networks; audit CA policies for Copilot exclusions before March 2026; enable Adaptive Protection in audit mode Minimum access controls — prevents Copilot access from unmanaged devices and unauthenticated sessions; March 2026 enforcement awareness required for all institutions
Recommended Add phishing-resistant MFA (FIDO2, Windows Hello, certificate-based); enforce device compliance (not just enrollment); restrict to named corporate locations + approved VPN; 8-hour sign-in frequency; block medium/high risk sign-ins; remove Copilot-specific exclusions from "All resources" CA policies and validate in report-only before March 2026; enable Adaptive Protection dynamic blocking for high-risk users Strong access posture suitable for most FSI firms — aligns with NYDFS Part 500 MFA requirements and closes the CA exclusion bypass path
Regulated Require phishing-resistant MFA with authentication strength policy; compliant device from approved hardware list; corporate location only (no remote for Copilot); 4-hour sign-in frequency; real-time risk evaluation; integration with Defender for Cloud Apps for session-level monitoring; block all elevated risk sign-ins; enforce CA policies against all resources including Copilot with no exclusions, verified compliant by February 2026; enable Adaptive Protection dynamic blocking at medium-risk threshold with mandatory investigation trigger Maximum access restriction for highest-sensitivity environments — no Copilot exclusion gaps; immediate IRM-triggered access revocation for at-risk users

Setup & Configuration

Step 1: Define Named Locations

Portal: Microsoft Entra Admin Center > Protection > Conditional Access > Named locations

  1. Create IP-based named locations for corporate offices
  2. Create country/region-based named locations for approved jurisdictions
  3. Mark corporate network ranges as "trusted" locations

Step 2: Verify Enterprise Copilot Platform App ID

Portal: Microsoft Entra Admin Center > Protection > Conditional Access > Policies

Before creating or modifying CA policies, verify the correct App ID for the Enterprise Copilot Platform:

  • Correct App ID: fb8d773d-7ef8-4ec0-a117-179f88add510
  • Search existing CA policies for any policies that reference an incorrect Copilot app ID
  • Use the Conditional Access optimization agent to identify policies that may need correction

Step 3: Audit Policies for March 2026 Enforcement

Portal: Microsoft Entra Admin Center > Protection > Conditional Access > Optimization

Before March 27, 2026, audit all CA policies for the "All resources + exclusion" pattern:

  1. Run the CA optimization agent to identify policies with resource exclusions
  2. Identify any policies that exclude the Enterprise Copilot Platform app
  3. Test the impact of removing exclusions in report-only mode
  4. Remove or restructure exclusions before the enforcement date
  5. Document the remediation for examination readiness

Step 4: Create Copilot MFA Policy

Portal: Microsoft Entra Admin Center > Protection > Conditional Access > Policies > New policy

  1. Name: FSI-Copilot-RequireMFA
  2. Assignments: Include — All Copilot-licensed users; Exclude — break-glass accounts
  3. Target resources: Microsoft 365 Copilot app (App ID: fb8d773d-7ef8-4ec0-a117-179f88add510)
  4. Grant: Require authentication strength — Phishing-resistant MFA
  5. Enable policy: Report-only (test for 7 days), then On

Step 5: Create Device Compliance Policy

  1. Name: FSI-Copilot-CompliantDevice
  2. Assignments: Include — All Copilot-licensed users
  3. Target resources: Microsoft 365 Copilot, Microsoft 365
  4. Conditions: All device platforms
  5. Grant: Require device to be marked as compliant
  6. Note: Requires Intune device compliance policies to be configured

Step 6: Create Location-Based Policy

  1. Name: FSI-Copilot-BlockUntrustedLocation
  2. Assignments: Include — All Copilot-licensed users
  3. Conditions: Locations — Include all locations, Exclude named trusted locations
  4. Grant: Block access

Step 7: Create Risk-Based Policy

  1. Name: FSI-Copilot-RiskBasedBlock
  2. Conditions: Sign-in risk — Medium, High
  3. Grant: Block access
  4. Prerequisite: Entra ID Protection P2 license

Step 8: Configure Session Controls

  1. Name: FSI-Copilot-SessionControl
  2. Session: Sign-in frequency — 8 hours (Recommended) or 4 hours (Regulated)
  3. Session: Persistent browser session — Disabled
  4. Session: Use Conditional Access App Control (routes through Defender for Cloud Apps)

Step 9: Enable Adaptive Protection Integration

Portal: Microsoft Purview > Insider Risk Management > Adaptive Protection

  1. Enable Adaptive Protection in Microsoft Purview IRM
  2. Configure risk level thresholds for CA enforcement
  3. In Entra ID Conditional Access, create a policy that evaluates IRM risk levels:
  4. Condition: User risk — tied to IRM Adaptive Protection signal
  5. Grant: Block access (Regulated) or require additional MFA step (Recommended)
  6. Test the integration: trigger an IRM risk event and verify CA policy responds within the configured evaluation interval

Key PowerShell Commands

# Connect to Microsoft Graph
Connect-MgGraph -Scopes "Policy.Read.All","Policy.ReadWrite.ConditionalAccess"

# List all Conditional Access policies
Get-MgIdentityConditionalAccessPolicy | Format-Table DisplayName, State, CreatedDateTime

# Get details of a specific policy
Get-MgIdentityConditionalAccessPolicy -ConditionalAccessPolicyId "<policy-id>" | Format-List

# Export all CA policies for documentation
Get-MgIdentityConditionalAccessPolicy | ConvertTo-Json -Depth 10 | Out-File "CA-Policies-Export.json"

# Search for policies referencing the Copilot app ID
$copilotAppId = "fb8d773d-7ef8-4ec0-a117-179f88add510"
Get-MgIdentityConditionalAccessPolicy | Where-Object {
    $_.Conditions.Applications.IncludeApplications -contains $copilotAppId -or
    $_.Conditions.Applications.ExcludeApplications -contains $copilotAppId
} | Format-Table DisplayName, State

Financial Sector Considerations

  • NYDFS Part 500 Compliance: Section 500.12 specifically requires MFA for accessing internal networks from external networks. For NYDFS-regulated entities, Copilot access from any non-corporate location must enforce MFA. The March 2026 CA enforcement change closes a gap where "All resources + exclusion" policies could allow Copilot access without MFA — NYDFS-regulated institutions should remediate this before the enforcement date. The Regulated governance level addresses this by restricting Copilot to corporate locations only.
  • FFIEC Authentication Expectations: The FFIEC expects layered security controls proportionate to risk. Copilot's ability to synthesize data across the entire tenant makes it a higher-risk application warranting stronger authentication than basic M365 access.
  • Branch Office Considerations: Financial firms with distributed branch networks must define named locations for all branch offices. Consider using compliant network detection via Global Secure Access rather than IP-based ranges for dynamic branch networks.
  • Trading Floor Access: Trading floor environments may require device-based certificates or hardware tokens rather than phone-based MFA to comply with SEC and FINRA requirements restricting personal device use in trading areas.
  • Registered Representative Access: Representatives who access Copilot from client locations or during travel need clear guidance on VPN requirements and approved access methods. Overly restrictive location policies may impair field productivity.
  • Break-Glass Accounts: Maintain at least two break-glass accounts excluded from Conditional Access policies. These accounts should be monitored for use and have strong, unique passwords stored securely. Document break-glass procedures for examination readiness.
  • Examination Readiness: Maintain a Conditional Access policy inventory document showing all policies, their configurations, and last review dates. Include documentation of the March 2026 enforcement audit and remediation. Examiners may request this during IT examinations.

Verification Criteria

  1. App ID Accuracy: Verify all CA policies targeting Copilot reference the correct Enterprise Copilot Platform App ID: fb8d773d-7ef8-4ec0-a117-179f88add510
  2. March 2026 Enforcement Audit: Confirm CA policy audit for "All resources + exclusion" patterns has been completed; document remediation actions taken
  3. MFA Enforcement: Attempt to access Copilot without MFA — confirm access is blocked and MFA prompt is presented
  4. Device Compliance: Attempt to access Copilot from a non-compliant or unmanaged device — confirm access is blocked
  5. Location Restriction: Test Copilot access from an IP address outside named locations — confirm access is blocked (Recommended/Regulated levels)
  6. Risk-Based Blocking: Simulate a risky sign-in (use Entra ID Protection test tools) — confirm Copilot access is blocked when sign-in risk is medium or high
  7. Session Controls: Access Copilot and wait for the sign-in frequency interval to expire — confirm re-authentication is required
  8. Adaptive Protection Integration: Verify Adaptive Protection is enabled and that IRM risk level changes trigger corresponding CA policy enforcement for Copilot access
  9. Break-Glass Exclusion: Confirm break-glass accounts are excluded from Copilot CA policies and that exclusion is documented
  10. Audit Logging: Verify that Conditional Access policy evaluation results (success, failure, not applied) appear in the Entra sign-in logs
  11. Report-Only Testing: Before enabling enforcement, confirm policies have been tested in report-only mode for at least 7 days with acceptable results
  12. Policy Documentation: Confirm Conditional Access policy inventory is maintained and includes last review date, policy purpose, and exception justifications

Additional Resources