Control 4.13: Copilot Extensibility and Agent Operations Governance
Control ID: 4.13 Pillar: Operations & Monitoring Regulatory Reference: GLBA 501(b), FFIEC IT Examination Handbook, SOX Section 404, OCC Third-Party Risk Management Guidance Last Verified: 2026-03-22 Governance Levels: Baseline / Recommended / Regulated
Objective
Establish ongoing operational governance for Copilot extensibility components and agents, including plugins, Microsoft Graph connectors, shared agents, published agents, and the Microsoft Agent 365 control plane. This control addresses the post-deployment lifecycle: inventory, monitoring, ownership, reassessment, exception handling, and decommissioning.
Why This Matters for FSI
Extensibility and agents expand what Copilot can access and do. In financial services, that means governance cannot stop at initial approval. Organizations should continue to monitor who owns each agent, what data it touches, whether usage is growing in higher-risk functions, and whether third-party or partner integrations still meet policy.
This control helps cover:
- GLBA 501(b) safeguard monitoring for connected data sources and agent behavior
- FFIEC operational governance for third-party dependencies and lifecycle oversight
- SOX Section 404 evidence where extensibility or agents support finance or control-related workflows
- OCC third-party risk expectations for plugins, partner agents, and connected services
Disclaimer
This control is provided for informational purposes only and does not constitute legal, regulatory, or compliance advice. See full disclaimer.
Control Description
Operational governance now spans both traditional Copilot extensibility surfaces and the newer Microsoft Agent 365 control plane.
Core Operational Surfaces
| Surface | Primary Path | Governance Purpose |
|---|---|---|
| Integrated apps | Settings > Integrated apps | App and plugin inventory, deployment, and approvals |
| Graph connectors | Search / data sources administration | External knowledge ingestion and connector health |
| Agent Overview | Agents > Overview | Adoption, runtime, exception rate, and governance action cards |
| Agent Registry / All agents | Agents > All agents / Registry | Inventory, publishing state, blocked agents, ownerless agents |
| Agent settings | Agents > Settings | Allowed types, sharing, templates, and user access |
What Should Be Inventory Tracked
| Component Type | Minimum Inventory Fields |
|---|---|
| Plugins / integrated apps | Name, publisher, access scope, owner, approval date, last review |
| Graph connectors | Name, data source, authentication method, owner, state, last review |
| Shared or published agents | Name, publisher type, owner, audience, knowledge sources, approval status |
| Agents with embedded file knowledge | File source, sensitivity label, storage container reference, owner |
Agent 365 Operational Signals
The Agent Overview surface introduces operational signals that should be reviewed as part of the same governance program:
| Signal | Why It Matters |
|---|---|
| Agent Registry count | Tracks inventory growth across Microsoft, partner, and org-created agents |
| Active users | Shows where agent usage is material enough to require deeper review |
| Total sessions | Indicates scale and growth of agent dependence |
| Exception rate | Helps identify unstable or poorly governed agents |
| Agent runtime | Highlights higher-intensity or more consequential agent use |
| Pending requests / ownerless agents | Indicates governance gaps that need operational follow-up |
Lifecycle Management Stages
| Stage | Operational Activity |
|---|---|
| Request / identify | Capture business need, publisher, and data scope |
| Approve / publish | Record owner, approver, and audience |
| Deploy | Assign user access, sharing, and connected services |
| Monitor | Review usage, exceptions, ownership, and connector health |
| Reassess | Recheck risk, scope, and third-party posture on a recurring cadence |
| Block / remove | Retire stale, risky, or noncompliant components |
Researcher and Analyst Note
Researcher and Analyst should be included in governance reporting because they affect Copilot usage and risk posture. However, they are part of the core Copilot chat experience and are not managed as installable Registry agents in the same way as published or shared agents.
Copilot Surface Coverage
| Surface | Extensibility / Agent Governance Priority | Notes |
|---|---|---|
| Microsoft 365 Copilot Chat | Critical | Main entry point for many agents and extensions |
| Teams | High | Collaboration context and possible plugin or agent exposure |
| SharePoint-backed agents | Critical | Strong dependence on source-site security and ownership |
| Outlook / Word / Excel / PowerPoint | Medium | Governed by access, plugin, and connected-data controls |
| Partner / external agents | High | Third-party risk and data-handling review required |
Governance Levels
Baseline
- Maintain a current inventory of plugins, connectors, and governed agents
- Assign an owner to each published or broadly shared agent
- Review Agent Overview and Registry at least monthly
- Block or remove components that lack a clear owner or approval basis
Recommended
- Review exception rate, adoption growth, and pending requests regularly
- Track embedded-file agents and connector data sources explicitly
- Reassess third-party and partner components on a recurring schedule
- Integrate agent and extensibility changes into formal change management
Regulated
- Include high-risk extensibility and agent components in examination evidence packages
- Maintain formal exception approvals for partner or high-risk components
- Review ownerless agents, blocked agents, and material agent metrics monthly
- Retain approval, review, and decommission evidence in accordance with the firm's records policy
Setup & Configuration
Step 1: Build the Operational Inventory
- Review Settings > Integrated apps for plugins and deployed apps.
- Review connector inventory through the appropriate search / connector administration surface.
- Review Agents > All agents / Registry for shared, published, blocked, and ownerless agents.
- Consolidate the data into one governance inventory.
Step 2: Review Agent Overview
- Open Agents > Overview.
- Review hero metrics and governance action cards.
- Investigate ownerless agents, pending requests, and unusual exception rates.
Step 3: Review Settings and Access
- Open Agents > Settings.
- Confirm allowed types, sharing, templates, and user access align with policy.
- Reconcile settings changes with the formal change log.
Step 4: Reassess Connected Data Sources
- Review Graph connectors and embedded-file agents for sensitivity, permissions, and ownership.
- Confirm the current data scope still matches the approved business case.
- Reassess partner or external publishers against current third-party requirements.
Step 5: Decommission or Block Stale Components
- Identify stale or high-risk plugins, connectors, or agents.
- Block first, then verify business impact.
- Remove or retire components when no longer justified.
- Preserve approval and retirement records.
Financial Sector Considerations
Third-party risk: Partner agents and plugins should be treated as ongoing third-party relationships, not one-time approvals.
Owner accountability: Ownerless agents are a material governance gap because they prevent effective remediation, review, and accountability.
Agent runtime and exception trends: Operational instability can indicate unreliable automations or poorly governed business-critical use cases.
SharePoint-backed knowledge: Any extensibility or agent component that relies on overshared SharePoint content remains risky even if the agent itself is well configured.
Verification Criteria
| # | Verification Step | Expected Result |
|---|---|---|
| 1 | Review consolidated inventory | Plugins, connectors, and governed agents are documented |
| 2 | Verify ownership | All published or broadly shared agents have owners |
| 3 | Review Agent Overview | Metrics and governance action cards are monitored |
| 4 | Confirm settings baseline | Allowed types, sharing, templates, and user access match policy |
| 5 | Review third-party or partner components | Reassessment evidence exists for higher-risk components |
| 6 | Confirm stale component handling | Blocked or retired items are documented |
Additional Resources
- Manage agents in the Microsoft 365 admin center
- Agent 365 Overview in the Microsoft 365 admin center
- Agent Registry in the Microsoft 365 admin center
- Agent settings in Microsoft 365 admin center
- Microsoft 365 Copilot Extensibility
- Related Controls: 2.13 Plugin and Connector Security, 2.14 Declarative Agents Governance, 4.1 Admin Settings, 4.12 Change Management