Security and governance policies
Content sharing is a critical aspect of agent governance and security. Controlling how agents share content, helps mitigate risks such as data leakage, unauthorized access, and compliance violations. Robust content-sharing policies ensure that agents operate within your organization's security framework while still enabling collaboration and productivity.
To enforce organizational standards and strengthen agent governance and security, apply a template that includes predefined policies. These policies help you manage and mitigate risks associated with agent deployment and usage. Applying a template ensures that all agents meet your organization's security standards and compliance requirements.
Default templates
Microsoft offers default templates that include essential security and compliance controls from Microsoft Entra, Microsoft Purview, Microsoft Defender, and SharePoint. These templates help:
Standardize governance across all agents in your organization
Reduce manual configuration by applying multiple policies at one time
Ensure compliance with security and regulatory requirements
Some templates include lifecycle management for agents and restrict external sharing of sites and its content. For a complete list of default templates, see Default templates.
Custom templates
If you need governance beyond the default policies and templates, create a custom template. Custom templates include Microsoft Entra policies that you can apply on a case-by-case basis to address specific governance needs.
With custom templates, you can set the following governance policies for agents:
Microsoft Entra policies for identity protection
Microsoft Purview policies for data, security, and compliance
Microsoft Defender policies for threat protection
You can specify the following policies for agents in a custom template:
| Policy name | Description |
|---|---|
| Conditional access | Configure conditional access policies for agents to align with your organization's security requirements. For more information, see Conditional Access for Agent ID. |
| Access packages | Govern agents access rights through access packages. For more information, see Allow users, service principals, and agent identities in your directory to request the access package. |
| Custom security attribute | Assign custom security attributes to enforce fine-grained access control. For more information, see What are custom security attributes in Microsoft Entra ID? |
Conditional access
Create a conditional access policy for agents in Microsoft Entra. This process includes the following key components:
Assignments: Scope policies to specific agents.
Target resources: Define the resources to which the policy applies.
Conditions: Set conditions such as sign-in risk.
Access controls: Configure grant or block access controls.
Policy state: Toggle policies On, Off, or Report only.
For more information, see Custom templates.