Control Implementation Playbooks
Comprehensive implementation guides for every control in the FSI Copilot Governance Framework. Each control includes four playbooks covering portal configuration, PowerShell automation, verification testing, and troubleshooting.
Pillar 1: Readiness and Assessment (15 Controls)
Pre-deployment controls that establish the foundation for secure M365 Copilot adoption.
| Control | Name | Playbooks |
|---|---|---|
| 1.1 | Copilot Readiness Assessment and Data Hygiene | Portal / PowerShell / Verification / Troubleshooting |
| 1.2 | SharePoint Oversharing Detection (DSPM for AI) | Portal / PowerShell / Verification / Troubleshooting |
| 1.3 | Restricted SharePoint Search Configuration | Portal / PowerShell / Verification / Troubleshooting |
| 1.4 | Semantic Index Governance | Portal / PowerShell / Verification / Troubleshooting |
| 1.5 | Sensitivity Label Taxonomy Review | Portal / PowerShell / Verification / Troubleshooting |
| 1.6 | Permission Model Audit | Portal / PowerShell / Verification / Troubleshooting |
| 1.7 | SharePoint Advanced Management Readiness | Portal / PowerShell / Verification / Troubleshooting |
| 1.8 | Information Architecture Review | Portal / PowerShell / Verification / Troubleshooting |
| 1.9 | License Planning and Assignment Strategy | Portal / PowerShell / Verification / Troubleshooting |
| 1.10 | Vendor Risk Management for Microsoft AI Services | Portal / PowerShell / Verification / Troubleshooting |
| 1.11 | Change Management and Adoption Planning | Portal / PowerShell / Verification / Troubleshooting |
| 1.12 | Training and Awareness Program | Portal / PowerShell / Verification / Troubleshooting |
| 1.13 | Extensibility Readiness | Portal / PowerShell / Verification / Troubleshooting |
| 1.14 | Item-Level Permission Scanning | Portal / PowerShell / Verification / Troubleshooting |
| 1.15 | SharePoint Permissions Drift Detection | Portal / PowerShell / Verification / Troubleshooting |
Pillar 2: Security and Protection (15 Controls)
Runtime controls that protect data, enforce policies, and govern Copilot interactions.
| Control | Name | Playbooks |
|---|---|---|
| 2.1 | DLP Policies for M365 Copilot Interactions | Portal / PowerShell / Verification / Troubleshooting |
| 2.2 | Sensitivity Labels and Copilot Content Classification | Portal / PowerShell / Verification / Troubleshooting |
| 2.3 | Conditional Access Policies for Copilot Workloads | Portal / PowerShell / Verification / Troubleshooting |
| 2.4 | Information Barriers for Copilot (Chinese Wall) | Portal / PowerShell / Verification / Troubleshooting |
| 2.5 | Data Minimization and Grounding Scope | Portal / PowerShell / Verification / Troubleshooting |
| 2.6 | Copilot Web Search and Web Grounding Controls | Portal / PowerShell / Verification / Troubleshooting |
| 2.7 | Data Residency and Cross-Border Data Flow | Portal / PowerShell / Verification / Troubleshooting |
| 2.8 | Encryption (Data in Transit and at Rest) | Portal / PowerShell / Verification / Troubleshooting |
| 2.9 | Defender for Cloud Apps — Copilot Session Controls | Portal / PowerShell / Verification / Troubleshooting |
| 2.10 | Insider Risk Detection for Copilot Usage | Portal / PowerShell / Verification / Troubleshooting |
| 2.11 | Copilot Pages Security and Sharing Controls | Portal / PowerShell / Verification / Troubleshooting |
| 2.12 | External Sharing and Guest Access Governance | Portal / PowerShell / Verification / Troubleshooting |
| 2.13 | Plugin and Graph Connector Security | Portal / PowerShell / Verification / Troubleshooting |
| 2.14 | Declarative Agents from SharePoint Governance | Portal / PowerShell / Verification / Troubleshooting |
| 2.15 | Network Security and Private Connectivity | Portal / PowerShell / Verification / Troubleshooting |
Pillar 3: Compliance and Audit (13 Controls)
Audit logging, retention, eDiscovery, regulatory record-keeping, supervisory review, and compliance monitoring controls.
| Control | Name | Playbooks |
|---|---|---|
| 3.1 | Copilot Audit Logging | Portal / PowerShell / Verification / Troubleshooting |
| 3.2 | Data Retention Policies | Portal / PowerShell / Verification / Troubleshooting |
| 3.3 | eDiscovery for Copilot Content | Portal / PowerShell / Verification / Troubleshooting |
| 3.4 | Communication Compliance Monitoring | Portal / PowerShell / Verification / Troubleshooting |
| 3.5 | FINRA Rule 2210 Compliance | Portal / PowerShell / Verification / Troubleshooting |
| 3.6 | Supervision and Oversight (FINRA 3110) | Portal / PowerShell / Verification / Troubleshooting |
| 3.7 | Regulatory Reporting Automation | Portal / PowerShell / Verification / Troubleshooting |
| 3.8 | Model Risk Management (OCC 2011-12 / SR 11-7) | Portal / PowerShell / Verification / Troubleshooting |
| 3.9 | AI Disclosure and Transparency | Portal / PowerShell / Verification / Troubleshooting |
| 3.10 | SEC Regulation S-P Privacy Compliance | Portal / PowerShell / Verification / Troubleshooting |
| 3.11 | Record Keeping and Retention (SEC 17a-3/4) | Portal / PowerShell / Verification / Troubleshooting |
| 3.12 | Evidence Collection and Audit Packages | Portal / PowerShell / Verification / Troubleshooting |
| 3.13 | FFIEC IT Examination Alignment | Portal / PowerShell / Verification / Troubleshooting |
Pillar 4: Operations and Monitoring (13 Controls)
Feature management, per-app configuration, analytics, cost tracking, incident response, and business continuity controls.
| Control | Name | Playbooks |
|---|---|---|
| 4.1 | Admin Settings and Feature Management (Copilot Control System) | Portal / PowerShell / Verification / Troubleshooting |
| 4.2 | Teams Meetings Governance | Portal / PowerShell / Verification / Troubleshooting |
| 4.3 | Teams Phone and Queues | Portal / PowerShell / Verification / Troubleshooting |
| 4.4 | Viva Suite Governance | Portal / PowerShell / Verification / Troubleshooting |
| 4.5 | Usage Analytics | Portal / PowerShell / Verification / Troubleshooting |
| 4.6 | Viva Insights Measurement | Portal / PowerShell / Verification / Troubleshooting |
| 4.7 | Feedback and Telemetry | Portal / PowerShell / Verification / Troubleshooting |
| 4.8 | Cost Allocation and PAYG Governance | Portal / PowerShell / Verification / Troubleshooting |
| 4.9 | Incident Reporting | Portal / PowerShell / Verification / Troubleshooting |
| 4.10 | Business Continuity | Portal / PowerShell / Verification / Troubleshooting |
| 4.11 | Sentinel Integration | Portal / PowerShell / Verification / Troubleshooting |
| 4.12 | Change Management for Rollouts | Portal / PowerShell / Verification / Troubleshooting |
| 4.13 | Extensibility Governance | Portal / PowerShell / Verification / Troubleshooting |
How to Use These Playbooks
- Start with Portal Walkthrough to understand what needs to be configured and where
- Use PowerShell Setup to automate configuration at scale and create repeatable deployments
- Run Verification and Testing to validate controls are working and collect evidence
- Reference Troubleshooting when issues arise during implementation or operation
Each playbook is self-contained but references related playbooks within the same control and across related controls.
FSI Copilot Governance Framework v1.2.1 - March 2026