Control 4.15: Copilot Cowork Governance
Control ID: 4.15 Pillar: Operations & Monitoring Regulatory Reference: FFIEC IT Examination Handbook, GLBA §501(b), Sarbanes-Oxley §§302/404, OCC Heightened Standards (12 CFR part 30, appendix D), FINRA Rule 3110 Last Verified: 2026-05-25 Governance Levels: Baseline / Recommended / Regulated
Scope boundary: FSI-CopilotGov vs FSI-AgentGov
This control governs the Microsoft 365 Copilot surface only — tenant-level configuration, data-source posture, audit/eDiscovery, and admin-managed extensibility. Governance of the agents themselves (Copilot Studio agents, declarative agents, Agent Builder, custom pro-code agents) — including agent registration, risk tiering, environment zoning, model-card review, and lifecycle promotion — lives in the companion FSI-AgentGov framework. See Relationship to FSI-AgentGov for the full boundary map.
Objective
Establish governance over Microsoft 365 Copilot Cowork — an agentic Copilot experience that performs multi-step work on a user's behalf — before it is made broadly available in a financial services tenant. This control helps organizations control availability, plugin extensibility, supervision, and evidence collection for Cowork while it remains a Frontier preview capability, so adoption proceeds under documented governance rather than default tenant exposure.
Why This Matters for FSI
Cowork is delivered through Microsoft's Frontier preview program and is prerelease software whose availability and capabilities may change over time. By default, Cowork is available to all licensed Microsoft 365 Copilot users in a tenant, where they can discover and install it from the Agent Store without administrator action. For a regulated financial institution, an agentic capability that is available by default and can take multi-step actions across a user's accessible content introduces supervision, operational-risk, and books-and-records considerations that should be assessed before broad use.
The FFIEC IT Examination Handbook emphasizes change control, vendor and third-party risk management, and ongoing monitoring for enterprise technology — expectations that apply directly to adopting a preview feature. FINRA Rule 3110 expects firms to maintain supervisory systems and written supervisory procedures reasonably designed to achieve compliance; agentic outputs that influence client-facing work or recordkeeping may fall within that supervisory scope. Sarbanes-Oxley §§302/404 expectations apply where Cowork is used in finance, reporting, or control-support workflows, and the OCC Heightened Standards (12 CFR part 30, appendix D) reinforce board-level risk governance for covered institutions. GLBA §501(b) safeguarding expectations remain relevant because Cowork operates over content the user can already access, so existing oversharing and least-privilege weaknesses can be amplified by automated, multi-step retrieval.
No single control satisfies these obligations on its own. This control is intended to be applied alongside readiness, data-protection, and supervision controls rather than as a standalone assurance. Organizations should verify that their own legal, compliance, and risk functions have reviewed Cowork before enabling it for regulated populations.
Disclaimer
This control is provided for informational purposes only and does not constitute legal, regulatory, or compliance advice. See full disclaimer.
Preview feature
Microsoft 365 Copilot Cowork is a Frontier preview feature. Preview features may have restricted functionality, are subject to existing preview terms, and may change before general availability. FSI organizations should treat Cowork as preview software and re-verify configuration guidance against current Microsoft documentation before relying on it in production governance.
Control Description
Cowork is managed the same way as any other agent, through the Microsoft 365 admin center, but its agentic and preview characteristics warrant explicit governance decisions:
| Governance Surface | Primary Path | Governance Use |
|---|---|---|
| Frontier enrollment | Copilot > Settings > Frontier | Controls whether the tenant and admin accounts have early access to Cowork; required before Cowork appears in Agent management |
| Cowork availability | M365 Admin Center > Copilot > Agents > All agents > Cowork | Sets availability to all users, specific users or groups, or blocked |
| Deployment (pre-install) | M365 Admin Center > Copilot > Agents > All agents > Cowork > Deploy to | Installs Cowork on behalf of the entire organization or specified groups |
| Pinning | M365 Admin Center > Copilot > Agents > Manage pinned agents | Makes Cowork persistently visible in the Copilot rail for targeted populations |
| Plugin management | M365 Admin Center > plugin availability and deployment controls | Controls which Microsoft 365 App Store plugins extend Cowork, how they are deployed, and who can use them |
| Agent 365 integration | Microsoft Entra ID authentication for connected Dynamics 365 environments | Governs plugin connectors that route requests to Dynamics 365 services through Agent 365 |
Availability Controls
When Cowork is selected in the admin center, the key availability settings are:
| Setting | Effect |
|---|---|
| Available to all users | All licensed Copilot users in the tenant can find and install Cowork (the Microsoft default) |
| Available to specific users or groups | Only specified users or security groups can find and install Cowork — recommended for phased rollouts and departmental pilots |
| Blocked | No users in the tenant can access Cowork |
Country or region-based scoping is not a supported availability option; security groups should be used to represent geographic or organizational segments.
Agentic and Data-Access Considerations
Cowork performs multi-step work and retrieves content the user is already permitted to access. It does not grant new permissions, but it can surface and act on existing content more efficiently, which makes the quality of underlying access governance more consequential. While in Frontier preview, Cowork surfaces a Purview sensitivity label for items in its responses and citations (displaying the highest-priority label from the data used), and by default stores conversation content in the tenant's local region geography. Organizations should confirm current data-handling, residency, and compliance behavior against Microsoft documentation as preview capabilities evolve.
Copilot Surface Coverage
| Surface | Coverage | Notes |
|---|---|---|
| Microsoft 365 Copilot (web / desktop) | Full | Cowork is discovered and used through the Agents experience and Copilot rail |
| Microsoft Teams | Partial | Cowork can be added through the Teams agents experience where made available |
| Cowork plugins | Full | Microsoft 365 App Store plugins extend Cowork and are governed through admin plugin controls |
| Agent 365 / Dynamics 365 connectors | Partial | Plugin connectors route to Dynamics 365 through Agent 365 using existing Entra ID authentication and licensing |
Governance Levels
Baseline
- Document whether the tenant is enrolled in the Frontier preview program and which admin accounts are enrolled
- Set Cowork availability deliberately rather than leaving it at the default of available to all licensed users
- Restrict initial Cowork availability to an approved pilot security group while preview governance is assessed
- Maintain an inventory of which plugins are available to Cowork and who approved them
- Require documented approval before deploying or pinning Cowork for any user population
Recommended
- Use group-scoped availability, deployment, and pinning decisions managed through a documented change register
- Separate approval and implementation so the same person does not both authorize and enable Cowork access
- Review Cowork plugin availability and connector authentication periodically against the approved inventory
- Confirm that Cowork activity is captured by existing Purview audit and supervision tooling, and document any coverage gaps
- Coordinate Cowork rollout decisions with Copilot readiness and data-protection controls to limit oversharing exposure
Regulated
- Require dual approval (technology + compliance) before enabling Cowork for any regulated or client-facing population
- Treat Cowork outputs that influence client communications or recordkeeping as in-scope for supervisory review under FINRA Rule 3110, where applicable
- Verify that Cowork-generated outputs subject to retention obligations are captured by existing books-and-records and retention controls
- Restrict Cowork administration using time-bound privileged access (PIM or equivalent) and least-privilege agent administration roles
- Preserve Frontier enrollment, availability, deployment, and plugin-approval evidence for examination-ready retention periods
- Maintain a documented exception register for any deviation from the approved Cowork governance baseline
Setup & Configuration
Step 1: Confirm Frontier Enrollment
Navigate to Copilot > Settings > Frontier and confirm whether the tenant and the relevant admin accounts are enrolled in the Frontier preview program. If Cowork is not visible in Agent management, verify that the administering account is enrolled in Frontier.
Step 2: Set Cowork Availability
Navigate to M365 Admin Center > Copilot > Agents > All agents, select Cowork, and set availability to Available to specific users or groups scoped to an approved pilot group rather than leaving the default of Available to all users. Document the decision, the approver, and the targeted groups.
Step 3: Govern Deployment and Pinning
Decide whether Cowork should be user-installed or pre-installed. If pre-installing, use Deploy to scoped to approved groups, and manage visibility through Manage pinned agents. Record approvals for any deployment or pinning decision, recognizing that deployment accepts users' permissions on their behalf.
Step 4: Govern Plugins
Review the plugins available to Cowork through the admin plugin controls. Maintain an approved-plugin inventory, confirm connector authentication for any Dynamics 365 / Agent 365 integrations, and restrict plugin availability to approved populations.
Step 5: Confirm Monitoring and Supervision Coverage
Confirm that Cowork usage and outputs are visible to existing Purview audit, retention, and supervision tooling. Document any gaps, and define a review cadence for Cowork availability, plugin inventory, and preview-feature changes.
Financial Sector Considerations
Broker-dealers: Before enabling Cowork for registered representatives, evaluate whether agentic outputs that contribute to client communications or correspondence fall within supervisory review and books-and-records obligations, and restrict availability until those procedures are confirmed.
Banking institutions: Treat adoption of a preview agentic capability as a change-control and operational-risk event consistent with FFIEC expectations, and reflect Cowork availability, deployment, and plugin decisions in enterprise technology governance records.
SOX-reporting entities: Where Cowork is used in finance, reporting, or control-support workflows, retain configuration and approval evidence in a form that supports internal and external audit review under Sarbanes-Oxley §§302/404 where applicable to ICFR.
Covered institutions under OCC Heightened Standards: Reflect Cowork adoption within the firm's risk governance framework so that introduction of a new agentic capability is subject to appropriate board and risk-management oversight.
Preview-feature risk: Because Cowork is prerelease and may change, organizations should avoid embedding it in critical or unsupervised workflows until it reaches general availability and has been re-assessed under this control.
Verification Criteria
| # | Verification Step | Expected Result |
|---|---|---|
| 1 | Review Frontier enrollment status | Tenant and admin enrollment status documented; Cowork visibility in Agent management confirmed |
| 2 | Inspect Cowork availability setting | Availability set deliberately (specific groups or blocked) rather than left at the default of all users |
| 3 | Review deployment and pinning configuration | Any deployment or pinning is scoped to approved groups with documented approval |
| 4 | Review Cowork plugin inventory | Available plugins and connector authentication match an approved inventory |
| 5 | Confirm audit and supervision coverage | Cowork activity is captured by existing Purview audit and supervision tooling, or gaps are documented |
| 6 | Confirm review cadence | A documented frequency exists for reviewing Cowork availability, plugins, and preview-feature changes |
Additional Resources
- Manage Cowork for your organization
- Manage plugins for Cowork
- Manage agents in the Microsoft 365 admin center
- Frontier preview program
- Implementation Playbooks: Portal Walkthrough · PowerShell Setup · Verification · Troubleshooting
- Related Controls: 4.1 Admin Settings and Feature Management, 4.13 Extensibility Governance, 4.14 Copilot Studio Agent Lifecycle Governance