Control 4.3: Copilot in Teams Phone and Queues Governance — Verification & Testing
Test cases and evidence collection procedures for Copilot governance in Teams Phone and call queues.
Test Cases
Test 1: Call Transcription and Summary Generation
- Objective: Verify that Copilot generates accurate call summaries with transcription
- Steps:
- Place a test call using Teams Phone with a Copilot-enabled user.
- Discuss predefined test content (e.g., account review, product inquiry).
- End the call and wait for Copilot to generate the call summary.
- Review the summary for accuracy, completeness, and appropriate detail level.
- Expected Result: Call summary accurately reflects the conversation content with key topics and action items.
- Evidence: Call summary output with comparison to the actual conversation content.
Test 2: Call Summary Access Controls
- Objective: Confirm that call summaries are only accessible to authorized parties
- Steps:
- Generate a call summary from a test client call.
- Verify only the call participants can access the summary.
- Verify the supervisor has appropriate oversight access.
- Confirm external callers do not receive the AI-generated summary.
- Expected Result: Call summaries are restricted to authorized internal users only.
- Evidence: Access permissions documentation for call summary storage.
Test 3: DLP Enforcement on Call Transcripts
- Objective: Validate that DLP policies scan call transcripts for sensitive information
- Steps:
- Place a test call and verbally mention test sensitive data (test SSN, account number).
- Wait for transcription to complete.
- Verify DLP policies detect the sensitive information in the transcript.
- Confirm the appropriate DLP action is taken (notification, blocking).
- Expected Result: DLP detects sensitive information in call transcripts and takes configured action.
- Evidence: DLP incident report showing detection from the call transcript.
Test 4: Call Queue Copilot Integration
- Objective: Verify that Copilot functions correctly for agents handling queue calls
- Steps:
- Route a test call through a configured call queue.
- Have an agent answer the call with Copilot enabled.
- Verify Copilot provides real-time assistance during the call.
- After the call, verify the summary is generated and accessible to the supervisor.
- Expected Result: Copilot assists agents during queue calls and generates summaries for supervisory review.
- Evidence: Agent experience screenshots and supervisor access to call summary.
Evidence Collection
| Evidence Item |
Source |
Format |
Retention |
| Calling policy configuration |
Teams Admin Center |
Screenshot |
With control documentation |
| Call summary samples |
Teams Phone |
Redacted screenshots |
Per retention policy |
| DLP detection results |
Purview DLP |
CSV |
7 years |
| Queue configuration |
Teams Admin Center |
Screenshot |
With control documentation |
Compliance Mapping
| Regulation |
Requirement |
How This Control Helps |
| FINRA 3110 |
Phone communication supervision |
Supports compliance with supervisory review of phone-based interactions |
| SEC 17a-4 |
Communication record retention |
Helps meet record retention for AI-summarized phone communications |
| FINRA 4511 |
Books-and-records for communications |
Supports record-keeping of AI-generated call summaries |
Next Steps