PACS M365 AI Governance Checklist

📋 Owner: ITSM Manager / AI Administrator 🏢 Tenant scope: PACS M365 (E3/E5 mix) 🔒 Regulatory floor: HIPAA BAA, SOX ITGC, NIST AI RMF 1.0 📅 Start date: —

Progress auto-saves in your browser.

Badge key: 📦 Licensing req. 👤 Role / identity ⚙️ Configuration 📄 Policy 🔍 Audit / compliance

Day 0–30 Foundation & Visibility ▾

Objective: Zero or near-zero cost. Establish roles, enable audit logging, and inventory all AI activity in the tenant before anything is enabled for users. No user-facing AI features are turned on during this phase. This phase produces your governance baseline.

Licensing & Role Setup

✓

Verify M365 license inventory — document E3 vs E5 seat split

M365 Copilot requires E3 or E5 as a base, plus a Copilot add-on license ($30/user/mo as of 2026). Document which users have which base license before any Copilot seats are assigned. Identifies your upgrade path and cost model for leadership.

M365 Admin Center›Billing›Licenses

+ Add notes

Notes save automatically to your browser.

📦 Licensing

✓

Assign the AI Administrator role in Entra ID

GA'd November 2024; expanded March 2026 to include full Agent 365 management. Assign to your designated AI governance lead — this role manages M365 Copilot, Agent 365, and related AI services without requiring Global Admin rights. Do not use a Global Admin account for day-to-day AI management tasks.

Entra Admin Center›Roles & admins›Search: AI Administrator

+ Add notes

Notes save automatically to your browser.

👤 Role

✓

Assign scoped Agent admin roles — principle of least privilege

Three additional roles released November 2025: Agent ID Administrator, Agent ID Developer, and Agent Registry Administrator. These grant fewer permissions than the AI Administrator role. Assign based on job function — do not default everyone to AI Administrator.

Entra Admin Center›Roles & admins›Search each role name

+ Add notes

Notes save automatically to your browser.

👤 Role

✓

Assign Compliance Administrator role in Entra ID (for Purview)

Separate from AI Administrator — required to configure DSPM for AI, audit policies, and DLP rules in Microsoft Purview. Both roles are needed by the governance team. The Compliance Administrator does not grant AI agent management rights and vice versa.

Entra Admin Center›Roles & admins›Compliance Administrator

+ Add notes

Notes save automatically to your browser.

👤 Role

Entra ID — Agent Identity

✓

Enable Microsoft Entra Agent ID — zero cost, immediate inventory

Entra Agent ID gives AI agents managed identities, enabling policy enforcement, Conditional Access, and audit trail. Enabling this immediately creates an inventory of all agents operating in the tenant (including shadow agents). No additional licensing required — it is included in Entra ID.

Entra Admin Center›Applications›App registrations›Enable Agent ID

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Create Conditional Access policy scoped to M365 Copilot — require compliant device + MFA

Target the M365 Copilot application in Conditional Access. Require compliant (Intune-managed) device and MFA. Block personal/unmanaged devices from Copilot surfaces. This is a required control before any Copilot licenses are assigned to users — do not skip.

Entra Admin Center›Protection›Conditional Access›New policy → Cloud apps: M365 Copilot

+ Add notes

Notes save automatically to your browser.

⚙️ Config

Microsoft Purview — Audit & Visibility

✓

Verify Unified Audit Logging is enabled

On by default for new tenants, but must be explicitly verified for PACS. Required prerequisite for DSPM for AI, Copilot activity tracking, and all compliance reporting. If it was ever disabled, re-enabling it only captures events going forward — there is no retroactive backfill.

Microsoft Purview Portal›Audit›Confirm "Recording user and admin activity" is On

+ Add notes

Notes save automatically to your browser.

🔍 Audit

✓

Enable Purview DSPM for AI — observe mode only (no enforcement yet)

Navigate to the new DSPM experience — NOT the legacy "DSPM classic" or "DSPM for AI classic." The new experience reached GA in May 2026. Enable AI observability to surface shadow AI usage, risky prompt interactions, and sensitivity label violations across Copilot and third-party AI apps (e.g., ChatGPT, Gemini accessed via browser on managed devices). Enforcement policies are a Day 31–60 task.

Purview Portal›Solutions›DSPM for AI›AI observability

+ Add notes

Notes save automatically to your browser.

🔍 Audit

✓

Onboard Intune-managed devices to Microsoft Purview (Endpoint DLP)

Required to track AI interactions at the endpoint level and for DSPM for AI to provide signal coverage on managed devices. Intune-managed devices can be onboarded via Intune policy — no agent installation required on Intune-enrolled endpoints. Unmanaged/BYOD devices are out of scope unless they are enrolled.

Purview Portal›Settings›Device onboarding›Onboarding → Microsoft Intune

+ Add notes

Notes save automatically to your browser.

⚙️ Config

Microsoft Agent 365 — Registry & Inventory

✓

Open Agent 365 registry and export baseline agent inventory

GA'd April 2026. View all agents in the tenant — Microsoft-built, Copilot Studio, and partner ecosystem agents — in one registry. Export the full list to a spreadsheet. Document the count, owners, and data connections for each agent. This is the baseline your governance program is measured against.

M365 Admin Center›Copilot›Agent overview›Agent Registry

+ Add notes

Notes save automatically to your browser.

🔍 Audit

✓

Review Agent 365 governance cards — document all pending requests and high-risk agents

Two actionable cards require attention: "Pending Requests for Agents" (user-submitted requests awaiting admin approval) and "Agents at risk" (high-severity risks surfaced by Entra, Defender, and Purview). Do not approve any pending requests yet — document and classify first. These cards are your primary daily governance queue.

M365 Admin Center›Copilot›Agent overview›Governance cards

+ Add notes

Notes save automatically to your browser.

🔍 Audit

M365 Admin Center — Baseline Controls

✓

Access AI Administrator homepage and bookmark as daily governance dashboard

The AI Administrator role now has a dedicated M365 admin center homepage (released Ignite 2025) providing at-a-glance org-level AI metrics, adoption data, and governance alerts. Bookmark this as the primary daily starting point for the AI admin function.

M365 Admin Center›Copilot›AI Administrator home

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Confirm M365 Copilot data boundary settings — verify tenant data is NOT opted into model training

Default is off (Microsoft does not train on tenant data under commercial agreements), but this must be explicitly verified. Also confirm Connected Experiences settings and data residency. Document the BAA confirmation with your Microsoft account team — required for HIPAA compliance. Store this confirmation with your Privacy/Legal team.

M365 Admin Center›Settings›Org settings›Microsoft 365 Copilot

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Block consumer Copilot and consumer Microsoft AI surfaces on PACS-managed devices

Create a Conditional Access policy or Intune web content filter blocking access to copilot.microsoft.com (consumer) and consumer Bing AI from PACS-managed devices. Consumer Copilot is NOT covered by the Microsoft HIPAA BAA — any PHI entered into consumer Copilot is a potential HIPAA violation. This is the single most important policy for preventing user error.

Entra Admin Center›Conditional Access›New policy → Block consumer AI → Managed devices

+ Add notes

Notes save automatically to your browser.

📄 Policy

Day 31–60 Data Protection & Policy Enforcement ▾

Objective: Enforcement begins. Sensitivity labels, DLP policies, and Copilot content controls go live. Requires E5 Compliance or Purview add-on for full IRM and Communication Compliance capability — verify licensing before this phase starts.

Purview — Sensitivity Labels & DLP

✓

Verify licensing for Purview advanced AI features — identify E5/add-on gap

E3 base covers basic DLP and sensitivity labels. Advanced AI-specific capabilities — DSPM content capture, Insider Risk Management (IRM) AI policies, and Communication Compliance — require the Microsoft Purview compliance add-on or E5 Compliance. Document the gap vs. current seat mix and escalate to leadership for budget approval before enforcement phase begins.

M365 Admin Center›Billing›Licenses›Compare vs. Purview add-on

+ Add notes

Notes save automatically to your browser.

📦 Licensing

✓

Create or audit sensitivity labels — ensure a PHI label tier exists

Required label tiers at minimum: Public, Internal, Confidential, Highly Confidential (PHI). Copilot inherits and enforces sensitivity labels from source documents — a document labeled "Highly Confidential" will not be surfaced to users who lack access rights. Labels must be published to users and auto-labeling must be configured for known PHI patterns (MRN, SSN, DOB).

Purview Portal›Information Protection›Sensitivity labels›Create label

+ Add notes

Notes save automatically to your browser.

📄 Policy

✓

Configure DLP policy to block PHI in M365 Copilot prompts

Create a DLP policy using the "Healthcare and Medical" built-in template or a custom policy. Scope to Microsoft 365 Copilot as a workload. Configure to block (not just audit) prompts containing SSN, MRN, and DOB patterns. Set policy tips to educate users at the point of violation. Alert the compliance team on policy matches. Start in test/audit mode for 5 business days, then enforce.

Purview Portal›Data Loss Prevention›Policies›Create policy → Healthcare template

+ Add notes

Notes save automatically to your browser.

📄 Policy

✓

Enable DSPM for AI enforcement policies — "Detect risky AI usage" (IRM) and "Control unethical behavior in AI" (Communication Compliance)

Two ready-to-use policies in DSPM for AI: (1) "Detect risky AI usage" — IRM policy flagging unusual AI interaction patterns, data exfil signals, and policy violations. (2) "Control unethical behavior in AI" — Communication Compliance policy for AI output monitoring. Start both in report-only mode for two weeks. Requires IRM license (E5 or Purview add-on). Switch to enforce after reviewing initial findings.

Purview Portal›DSPM for AI›Policies›Enable both policies → Report-only mode

+ Add notes

Notes save automatically to your browser.

📄 Policy

✓

Run DSPM for AI data risk assessment on SharePoint — identify oversharing

This is the #1 pre-deployment data hygiene step. Copilot surfaces any content the signed-in user has permission to access — including content shared broadly with "Everyone" or "Everyone except external users." The assessment identifies overshared sites and files with sensitive content. Results feed directly into the Day 61–90 remediation workstream. Run this before any Copilot licenses are assigned to end users.

Purview Portal›DSPM for AI›Data risk assessments›Run assessment

+ Add notes

Notes save automatically to your browser.

🔍 Audit

M365 Admin Center — Copilot & Agent Controls

✓

Configure Copilot agent settings — allowed agent types, sharing, and org store access

Set allowed agent types (Microsoft-built only to start; block user-created agents from production). Disable agent sharing with external users. Restrict who can publish agents to the org store to the AI Administrator role only. These are the gate controls for your agent deployment pipeline — everything else downstream depends on these being set correctly first.

M365 Admin Center›Copilot›Settings›Agent settings

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Designate authoritative content sources for Copilot Search

Designate approved SharePoint sites as authoritative sources — this controls what content Copilot prioritizes when generating answers. Critical for knowledge governance: ensures Copilot answers from validated sources (approved KB, IT Glue, policy documents) rather than whatever is highest-ranked by default. Improves answer quality and reduces hallucination-from-bad-source risk.

M365 Admin Center›Search & intelligence›Authoritative sources›Add sites

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Configure domain exclusion for web grounding in Copilot

GA'd April 2026. Allows admins to block specific external websites from being referenced when Copilot uses web grounding to generate responses. Add known unreliable, non-HIPAA-compliant, or non-authoritative sources. This is a governance control over the external knowledge Copilot can cite — not a security control, but important for answer quality and liability.

M365 Admin Center›Copilot›Settings›Web grounding → Domain exclusion

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Triage ownerless agents in Agent 365 registry — assign owners or disable

Ownerless agents are the top governance gap Microsoft has flagged in Agent 365. Filter the Agent Registry by "No owner." For each: assign an accountable owner, or disable the agent. Ownerless agents have no accountability path, no lifecycle management, and no rollback owner if they malfunction. Document all dispositions for Internal Audit — this is an ITGC-relevant activity.

M365 Admin Center›Agent overview›Agent Registry›Filter: No owner

+ Add notes

Notes save automatically to your browser.

📄 Policy

Copilot Studio & Power Platform — DLP

✓

Create Power Platform DLP policy scoping Copilot Studio connectors

Create an environment-level DLP policy in the Power Platform admin center that restricts which connectors Copilot Studio agents can use. Block connectors to non-BAA services (consumer AI APIs, unapproved third-party systems). This is required before any Copilot Studio agent is allowed to interact with data in a PACS environment — without it, agents can call any connector without restriction.

Power Platform Admin Center›Policies›Data policies›New policy

+ Add notes

Notes save automatically to your browser.

📄 Policy

✓

Confirm data residency — disable cross-geographic data movement for Copilot Studio

Even without an EU data nexus, confirm all Copilot Studio generative AI processing stays within the US data boundary for HIPAA alignment. If geographic data movement is enabled (to access a feature in another region), document the justification. Any cross-border data flow for PHI-adjacent workloads requires Privacy and Legal sign-off.

Power Platform Admin Center›Environments›[Environment]›Settings → Cross-geography data movement

+ Add notes

Notes save automatically to your browser.

⚙️ Config

Day 61–90 Monitoring, Lifecycle & Pilot Readiness ▾

Objective: Shift from setup to ongoing operations. Monitoring dashboards, alert routing, data hygiene remediation, and pilot scope definition. The first formal AI governance checkpoint to leadership is delivered at Day 90. Nothing goes org-wide without this phase clearing first.

Monitoring & Reporting

✓

Enable and baseline Copilot usage analytics — establish pre-expansion baseline

Enable the Copilot dashboard in M365 admin center and document your baseline: active users, feature usage by app, and high-usage users (the "High-usage users" view was added April 2026). Capture this baseline before pilot expansion. Without a baseline, you cannot demonstrate ROI or detect anomalous usage spikes to leadership or Internal Audit.

M365 Admin Center›Reports›Usage›Microsoft 365 Copilot

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Configure Purview audit log retention for AI interaction events — minimum 1 year

Copilot interaction events are logged separately from general M365 audit events and must be configured explicitly. E5 licenses support up to 1 year of audit retention. For SOX and HIPAA defensibility, target 1 year minimum. E3 default is 90 days — insufficient for annual compliance cycles. Confirm which event types are captured: CopilotInteraction, AiInteraction, and related event schemas.

Purview Portal›Audit›Audit retention policies›Create policy → Set 1 year

+ Add notes

Notes save automatically to your browser.

🔍 Audit

✓

Configure DSPM for AI observability alerts — route to SOC/Teams channel

Configure alert thresholds for high-severity agent risk events in the DSPM observability dashboard. Connect alerts to your SOC email group or a dedicated Teams channel. Alerts fire when: an agent attempts to access restricted data, DLP blocks an AI interaction, or insider risk signals spike. Without alert routing, the dashboard generates events that nobody acts on.

Purview Portal›DSPM for AI›AI observability›Alert settings

+ Add notes

Notes save automatically to your browser.

🔍 Audit

✓

Review Microsoft Secure Score for AI-specific recommendations

Filter Secure Score recommended actions for Copilot/AI-related items. Address any high-impact items before pilot expansion — these commonly include: data oversharing in SharePoint, missing sensitivity labels on high-value sites, and missing Conditional Access coverage for AI apps. Document the score before and after remediation for leadership reporting.

Microsoft Defender Portal›Secure Score›Recommended actions›Filter: Copilot / AI

+ Add notes

Notes save automatically to your browser.

🔍 Audit

Agent Lifecycle & Pilot Governance

✓

Configure agent approval workflow in Agent 365 — set SLA and assign approvers

Configure an approval-required flow for any new agent deployment request. Assign approvers at the AI Administrator role level. Establish a documented SLA (recommended: 5 business days for standard, expedited path for IT-critical). This is the operational intake workflow that ties your NIST AI RMF "Govern" function to the M365 portal — every new agent must flow through this before going to users.

M365 Admin Center›Agent overview›Agent Registry›Requests tab → Configure approval

+ Add notes

Notes save automatically to your browser.

📄 Policy

✓

Pin governance-approved agents to M365 Copilot for pilot security group — not org-wide

Scope the pilot to a defined security group (IT team + designated power users, max 25–50 people). Pin only agents that have passed the Day 31–60 governance review. Do not enable org-wide. This limits the blast radius of any misconfiguration or policy gap discovered in the pilot. Expand only after the Day 90 governance checkpoint is cleared.

M365 Admin Center›Copilot›Agents›Manage → Pin → Scope to security group

+ Add notes

Notes save automatically to your browser.

⚙️ Config

✓

Enable organizational messages for AI adoption comms — scoped to pilot group

Enable Copilot adoption message templates in M365 admin center. Available templates include "Welcome to Copilot" and weekly "M365 Copilot Journey" emails. Email delivery channel became GA March 2026. Scope to the pilot security group only — drives controlled adoption messaging and prevents users from seeking out unsanctioned AI tools to fill the perceived gap.

M365 Admin Center›Organizational messages›Create → AI adoption templates → Scope to pilot group

+ Add notes

Notes save automatically to your browser.

⚙️ Config

Data Hygiene — SharePoint Remediation

✓

Remediate oversharing findings from DSPM data risk assessment

Use results from the Day 31–60 DSPM assessment. Remove "Everyone" and "Everyone except external users" permissions from SharePoint sites that contain sensitive data. Prioritize in this order: (1) HR and Payroll sites, (2) Finance and billing-adjacent sites, (3) Clinical-adjacent or PointClickCare-linked SharePoint data, (4) General shared drives. This remediation is the single most impactful action to prevent Copilot from becoming a data leakage vector.

DSPM for AI assessment results›SharePoint Admin Center›Sites → Permissions → Remove broad sharing

+ Add notes

Notes save automatically to your browser.

📄 Policy

✓

Restrict Copilot SharePoint indexing to pilot-approved sites only

For the pilot phase, scope Copilot's SharePoint indexing to a defined list of approved sites that have completed data hygiene review. Prevents Copilot from indexing sensitive sites before remediation is complete. Expand the approved site list incrementally after each remediation wave is validated. This can be reversed or expanded at any time without disrupting the Copilot service.

SharePoint Admin Center›Policies›Access control → Copilot indexing scope

+ Add notes

Notes save automatically to your browser.

⚙️ Config

Day 90 Governance Checkpoint

✓

Deliver first quarterly AI governance report to leadership

Required audience: Collins Huish (Sr. Director Engineering), Landon Gibb (SVP Tech & Systems), Bill Mackey (VP Tech), and Internal Audit liaison. Report must include: agent inventory count + risk classification, DSPM findings summary, DLP policy match statistics (including violations blocked), Copilot usage baseline metrics, oversharing remediation status (% complete), and open items queued for Day 91–180. This document creates the governance audit trail for SOX and HIPAA defensibility.

Source data:M365 Copilot Usage ReportDSPM dashboardAgent 365 Registry export

+ Add notes

Notes save automatically to your browser.

🔍 Audit

✓

Obtain written BAA coverage confirmation from Microsoft — document and store with Privacy/Legal

Obtain written confirmation from your Microsoft account team that the PACS tenant is covered under the Microsoft HIPAA Business Associate Agreement for: M365 Copilot, M365 Copilot Chat (enterprise, work/school account), Security Copilot, and any Azure AI services in scope. Log the confirmation, the date, and the Microsoft contact name. Store the confirmation with the Privacy or Legal team. This is a required artifact for any OCR audit or HIPAA Security Rule assessment. Consumer Copilot and Microsoft 365 Family/Personal/Premium are NOT covered — reconfirm with your Microsoft rep if unclear.

Action: Contact Microsoft account team›Request written BAA confirmation email›File with Privacy/Legal

+ Add notes

Notes save automatically to your browser.

🔍 Audit

Sources: Microsoft Learn (Purview DSPM for AI, Agent 365 overview, AI Administrator role, Copilot agent settings, Conditional Access, Endpoint DLP onboarding), Microsoft Tech Community (Ignite 2025 AI admin capabilities, DSPM + Agent 365 security integration, March 2026 AI Administrator role update), Microsoft Copilot Blog (April 2026 release notes — Agent 365 GA, domain exclusion, high-usage users), Cloud Wars (March/April 2026 Copilot governance updates). All portal navigation paths verified against current Microsoft admin portal structure as of May 2026.

HIPAA flag: Consumer Microsoft Copilot (copilot.microsoft.com, M365 Family/Personal) is NOT covered by the Microsoft HIPAA BAA. Enterprise M365 Copilot (work/school account), M365 Copilot Chat (enterprise), and Security Copilot are BAA-covered. Confirm scope in writing with your Microsoft account team.

SOX flag: Any agent approval, knowledge-source change, or prompt configuration that touches financial reporting, Workday, or billing systems is an ITGC-relevant change and must go through the standard change management process with Internal Audit visibility.

Progress saves to browser localStorage. Use "Export Progress" to download a JSON snapshot for audit trail or transfer. Opening this file in a new browser or device will start fresh unless you import a saved snapshot.