The Agent Governance whitepaper focuses on how to securely administer and govern agents in Microsoft 365 environments. It explains how different types of agents—Microsoft 365 agents, SharePoint agents, Agent Builder agents, and Copilot Studio agents—can be used to improve operational efficiency while maintaining strong security and compliance. The document is written for IT practitioners and IT decision-makers in both Small to Medium Businesses (SMBs) and Large Enterprises. It is especially relevant for those responsible for: - Defining and enforcing agent management and governance strategy - Controlling data access and preventing data exfiltration - Meeting regulatory and compliance requirements The whitepaper also breaks down the main user audiences who create agents: - End Users: Build simple agents using tools like SharePoint and Agent Builder, operating within their existing permissions. - Makers: Use Copilot Studio and Agent Builder to create more advanced and sometimes autonomous agents using triggers and richer logic. - Developers: Use pro developer tools such as Teams Toolkit and Azure AI Foundry to build fully customized agents that are typically managed through centralized IT catalogs. Across these audiences, the paper outlines three main governance dimensions: - Tool controls: What capabilities are available in the agent-building tools. - Content controls: What data agents can access, process, and generate. - Agent management: How agents are deployed, monitored, reported on, and retired. Overall, it is a practical guide to help IT teams reimagine how they manage agents so they stay secure, compliant, and aligned with organizational policies.

Microsoft 365 provides a set of integrated tools and controls to govern agents across their lifecycle—from creation to deployment, monitoring, and retirement. 1. Governance controls - Tool controls: Managed primarily through the Microsoft 365 Admin Center (MAC) and Power Platform Admin Center (PPAC). These define what capabilities are available in tools like Copilot Studio, Agent Builder, and other agent-building environments. - Content controls: Managed via MAC, PPAC, Microsoft Purview, and SharePoint Advanced Management. These govern which information agents can access, process, and generate, helping align with privacy and compliance requirements. - Agent management: Handled mainly in the Microsoft 365 Admin Center. IT can: - Roll out agents in stages - Review detailed usage reports (user engagement, per-agent activity) - Track adoption and identify underused agents - Support chargeback or forecasting - Manage lifecycle, including decommissioning and deletion 2. Microsoft 365 Admin Center (MAC) The MAC is the central portal for managing Microsoft 365 services and many agent-related settings. It allows administrators to: - Manage user accounts, licenses, and access to applications - Configure and monitor Microsoft 365 Copilot - Govern both end-user-created agents and IT Catalog agents - Use analytics and reporting to monitor activity, performance, and security 3. Copilot Control System The Copilot Control System is a set of integrated controls and capabilities for Copilot and agents, surfaced largely through the MAC. It helps administrators: - Gain oversight of agent usage and adoption through usage and inventory analytics - Identify usage trends and optimize resource allocation - Streamline operational workflows and automate responses to incidents 4. Integrated Apps and inventory management Within MAC, the Integrated Apps section is used primarily to manage IT Catalog agents: - All agents are treated as apps, giving IT a centralized inventory. - The Integrated Apps page lists all apps and agents available in the tenant. - Admins can: - View detailed metadata about each agent (capabilities, data sources, custom actions) - Assess security and privacy posture - Allow or block agents - Assign agents to specific users or groups - Search for and review shared agents across departments Publisher attestation and Microsoft 365 certification add further assurance for agents from the public store: - Publisher attested: The publisher legally attests to the app’s authenticity, security, and development practices. - Microsoft 365 certification: Microsoft performs a deeper evaluation of security, compliance, and performance. 5. Usage reports The Microsoft 365 Copilot page in MAC (Reports → Usage) provides reporting on agents and their usage. Admins can: - Monitor which agents are used, how often, and for how long - See distribution across platforms (desktop, web, mobile) - Identify which agents are most effective and candidates for promotion into the IT Catalog 6. Security monitoring with Microsoft Sentinel For security operations, Microsoft Sentinel can be used to: - Monitor agent-related activities in real time - Detect potential threats, suspicious behavior, and compliance issues - Trigger alerts and automate responses - Analyze historical data to refine security posture over time Together, these capabilities help organizations rethink how they manage agents—keeping them secure, compliant, and aligned with business and IT governance frameworks.

SharePoint-based agents are governed using the existing SharePoint Online permission model and additional controls from SharePoint Advanced Management (SAM). This approach lets organizations control both who can use the agents and what data those agents can access. 1. SharePoint Online permissions SharePoint agents inherit and respect the standard SharePoint Online permission structure, which includes levels such as: - Full Control - Edit - Contribute - Read Key points: - By default, a SharePoint agent can only access or update content that the current user already has permission to access. - SharePoint agents themselves are stored as files, so file-level permissions also govern who can see or use a given agent. - This helps ensure that users only interact with data they are authorized to see, reducing the risk of unauthorized access. 2. SharePoint Advanced Management (SAM) SAM provides more granular control over how Copilot and agents interact with SharePoint content at the source level. Capabilities include: - Restricted Content Discovery: - Hides a site’s content from global search and Copilot indexing. - Useful for protecting sensitive or confidential sites from broad discovery. - Site sharing restrictions: - Let administrators define who can share content and with whom. - Help prevent oversharing of sensitive information. - Block download policies: - Prevent users from downloading files from certain sites. - Support scenarios where viewing is allowed but local copies are not. - Oversharing detection and remediation: - Helps identify where content may be shared too broadly and take corrective action. These controls help organizations tailor content visibility and access, supporting compliance with data protection regulations while still enabling collaboration. 3. Relationship to Integrated Apps SharePoint agents are not managed through the Integrated Apps section in the Microsoft 365 Admin Center. Instead: - Their governance is handled through SharePoint permissions and SAM. - IT teams should use SharePoint’s own management tools and policies to control access, sharing, and Copilot behavior for these agents. In practice, this means you can reimagine SharePoint agents as an extension of your existing SharePoint security model: if your SharePoint permissions and advanced management policies are well designed, your SharePoint agents will naturally operate within those same secure boundaries.