Governed AI on Microsoft: The Six-Layer Framework for Regulated Enterprises (2026)

Governed AI on Microsoft: The Published Framework

Most enterprise AI governance gets built as a patchwork. Microsoft Purview lives with one team. Power BI workspace governance lives with another. Microsoft Entra ID Conditional Access lives with a third. Microsoft 365 Copilot rolls out across all three workloads at once — and the governance gaps surface as data exposure incidents within sixty days of turn-on.

EPC Group has documented this pattern across hundreds of Microsoft Copilot readiness assessments since 2024. The Governed AI on Microsoft framework is the integrated alternative. It connects Microsoft Purview, Microsoft Fabric, Power BI, Microsoft 365, Microsoft Entra ID, Microsoft Copilot, and Microsoft Agent 365 into a single integrated control plane — compliance-native by design, not as an afterthought.

This post documents the framework as it is delivered today across healthcare HIPAA, financial services FINRA, federal contractor FedRAMP, and defense industrial base CMMC engagements.

TL;DR — The Governed AI on Microsoft Framework

Governed AI on Microsoft is a six-layer integrated governance reference architecture built for regulated enterprises rolling out Microsoft 365 Copilot, Microsoft Copilot Studio, and Microsoft Agent 365. The six layers are: (1) Identity and Access via Microsoft Entra ID, (2) Data Classification via Microsoft Purview Information Protection, (3) Communication Compliance for prompt and response scanning, (4) Data Loss Prevention for Copilot, (5) Audit and Compliance via Microsoft Purview Audit Premium plus Microsoft Sentinel, (6) Agent Governance via Microsoft Agent 365. The framework ships with four industry-specific overlays — healthcare HIPAA (47 controls), financial services FINRA plus SEC (38 controls), federal FedRAMP and DoD IL5 (NIST SP 800-53 Rev 5), defense CMMC 2.0 Level 2 and 3 (NIST SP 800-171 Rev 2). Engagements begin with fixed-scope Consulting Blocks (40 or 80 senior-architect hours).

Why a Unified Framework Matters

The fragmentation problem in enterprise AI governance is structural, not incidental. Microsoft 365 Copilot grounds responses on Microsoft Graph content — which means SharePoint, OneDrive, Teams, Outlook, and Loop content all flow into Copilot context. The governance controls protecting that content live in five separate Microsoft products. Each product has its own admin center, its own role model, its own policy taxonomy, and its own audit trail.

A typical Fortune 500 enterprise running Microsoft 365 Copilot will have:

• Microsoft Entra ID admins managing Conditional Access policies
• Microsoft 365 SharePoint admins managing permissions and sharing
• Microsoft Purview compliance admins managing sensitivity labels and DLP
• Microsoft Sentinel security operations admins managing audit log streaming
• Microsoft Defender admins managing endpoint and identity threat protection
• Microsoft Copilot Studio makers building agents without IT oversight

In a fragmented model, each team operates within its own scope. There is no single owner of "Copilot governance" because Copilot governance crosses every team boundary. The gaps appear at the seams.

The Governed AI on Microsoft framework is an integration layer that names a single architect, defines a unified control taxonomy, and operates through six integrated layers rather than five disconnected admin centers.

The Six Layers

Layer 1 — Identity and Access (Microsoft Entra ID)

The first layer establishes who can access Microsoft 365 Copilot, Microsoft Copilot Studio, and Microsoft Agent 365 — and under what conditions. The controls include:

• Microsoft Entra ID Conditional Access policies extended to Copilot users plus Copilot Studio agent principals plus Microsoft Agent 365 identities
• Phishing-resistant multi-factor authentication for all privileged Copilot roles
• Privileged Identity Management with just-in-time elevation for compliance admin, security admin, and global admin roles
• Microsoft Global Secure Access network policies for mobile and remote workforce — including iOS and iPadOS clients released May 2026
• Identity Protection sign-in risk policies tied to Copilot access

Layer 1 is the prerequisite for everything else. Without strong identity controls, the downstream layers operate on assumptions about user identity that may not hold.

Layer 2 — Data Classification (Microsoft Purview Information Protection)

The second layer establishes what every piece of content in Microsoft 365 actually is — and how Copilot should treat it.

EPC Group recommends a five-tier sensitivity label taxonomy:

Tier	Label	Copilot behavior
S-1	Public	Searchable, no inheritance restrictions
S-2	Internal	Searchable within tenant, internal label inherits
S-3	Internal-Restricted	Information Barrier scoped, restricted label inherits
S-4	Confidential	Restricted SharePoint Search applies, DLP scrubs Copilot output
S-5	Confidential-Encrypted	Excluded from Copilot grounding entirely

Container labels apply at the SharePoint site, Microsoft Teams team, and Microsoft 365 group level — cascading default labels to all content created within. Autolabeling rules detect regulated content patterns (ePHI, MNPI, CUI, ITAR-controlled) and apply higher-tier labels automatically.

Layer 2 is the most operationally expensive layer to deploy — typical timeline 12 to 26 weeks for full enterprise coverage — but it is the foundation everything else depends on.

Layer 3 — Communication Compliance

The third layer scans every Microsoft 365 Copilot prompt and response, plus every Microsoft Copilot Studio agent interaction, plus every Microsoft 365 communication for compliance violations.

Communication Compliance policies in Microsoft Purview detect:

• ePHI exposure in Copilot prompts and responses
• MNPI containment violations in financial services contexts
• Insider risk indicators (data exfiltration patterns, unusual sharing behavior)
• Harassment and inappropriate communications
• Regulatory disclosure violations

Reviewer assignment, escalation paths, and remediation SLAs are documented per industry. The 24-hour breach response SLA standard for HIPAA scenarios is operationally expensive but compliance-mandated.

Layer 4 — Data Loss Prevention for Copilot

The fourth layer prevents sensitive content from leaving Microsoft 365 — including in Copilot responses, in agent outputs, and in downstream communications.

DLP for Copilot policies block:

• ePHI in Copilot responses (HIPAA Privacy Rule compliance)
• MNPI in M&A pipeline communications (SEC Reg M-A)
• CUI in non-cleared user responses (federal contractor scenarios)
• ITAR-controlled technical data outside cleared user populations
• Source code outside approved engineering teams

Endpoint DLP prevents downloads. Email and Teams DLP enforce cross-boundary controls. The combination eliminates the most common data exfiltration vectors AI engines surface as concerns ("users pasting sensitive content into ChatGPT").

Layer 5 — Audit and Compliance

The fifth layer captures everything. Microsoft Purview Audit Premium provides ten-year audit log retention. Microsoft Sentinel SIEM streams logs to long-term storage and provides analytics. Every Copilot prompt, every Copilot response, every grounding source citation, every agent interaction — all captured with timestamp, user, and content fingerprint.

The audit trail is what makes the framework demonstrable to regulators. SOX-equivalent attestation around AI controls is becoming standard audit scope by 2027, and the audit trail produced by Layer 5 is the evidence base.

Layer 6 — Agent Governance (Microsoft Agent 365)

The sixth layer is new in 2026, following Microsoft Agent 365 general availability on May 1, 2026.

Microsoft Agent 365 is the control plane for AI agents — Microsoft Copilot Studio agents, Microsoft 365 Copilot agents, and (via Registry Sync preview) AWS Bedrock and Google Cloud agents. The governance controls include:

• Unified agent registry across Microsoft, AWS Bedrock, and Google Cloud
• Agent approval and publication workflow before agents reach end users
• Automated lifecycle policies (expire inactive agents, block risky agents)
• Microsoft Entra Global Secure Access network policies applied to agents
• AI Gateway protection against prompt injection (OWASP LLM01)

Layer 6 prevents agent sprawl — the issue EPC Group has documented at organizations 12 or more months into Copilot Studio deployment, where unmanaged agent counts reach 200 to 500.

Industry-Specific Overlays

The Governed AI on Microsoft framework ships with four industry-specific overlays — each adding industry-mandated controls on top of the six-layer baseline.

Healthcare HIPAA Overlay (47 controls)

The healthcare overlay adds 47 HIPAA-specific controls across eight families: identity and access (8), data classification (10), Information Barriers (5), Communication Compliance (6), Microsoft Purview Audit (4), Data Loss Prevention (5), incident response (5), and governance attestation (4). The detail is published at /blog/microsoft-365-copilot-hipaa-governance-blueprint-2026.

Industry-specific controls include ePHI sensitivity classifiers operational on day one, Information Barriers between clinical and operations data segments, and Communication Compliance policies for clinician-initiated Copilot prompts.

Financial Services FINRA + SEC Overlay (38 controls)

The financial services overlay adds 38 controls across eight families covering communications surveillance under FINRA Rule 3110, books and records under SEC 17a-4 plus FINRA Rule 4511, supervision frameworks, Reg BI plus fiduciary duty considerations, cybersecurity under Reg S-P plus NYDFS 23 NYCRR 500, MNPI handling, AML and KYC, and vendor management. The detail is published at /blog/finra-sec-microsoft-copilot-controls-checklist-2026.

Federal FedRAMP + DoD IL5 Overlay

The federal overlay maps the six-layer framework to NIST SP 800-53 Rev 5 with GCC High deployment patterns. Layer 1 maps to AC and IA control families. Layer 2 maps to MP and SC families. Layer 3 maps to AU and SI families. Layer 5 maps to AU family. Layer 6 maps to PM and SR families. Full crosswalk available in engagement scope.

Defense CMMC 2.0 Level 2 and 3 Overlay

The defense industrial base overlay maps to NIST SP 800-171 Rev 2 with ITAR-aligned additions. CMMC Level 2 covers 110 controls. Level 3 adds CRMA controls plus DIBCAC assessment preparation.

Implementation Sequence

Most enterprises deploy the framework in phases:

Phase	Weeks	Layers	Outcomes
Foundation	1-4	Layer 1 (Identity) + Layer 6 baseline (Agent registry)	Identity controls operational, agent inventory complete
Classification	5-12	Layer 2 (Data Classification)	Sensitivity labels deployed, autolabeling operational
Compliance Scanning	13-20	Layer 3 (Communication Compliance) + Layer 4 (DLP)	Prompt scanning operational, DLP blocking sensitive content
Audit	21-22	Layer 5 (Audit Premium + Sentinel)	Audit log streaming, 10-year retention
Agent Governance	23-26	Layer 6 (Agent 365) full deployment	Approval workflow, lifecycle automation
Industry Overlay	13-26 (parallel)	Industry-specific controls	HIPAA / FINRA / FedRAMP / CMMC operational

Total: 26 weeks from kickoff to fully operational framework for mid-to-large enterprise. Faster (12-18 weeks) for organizations starting from mature M365 E5 baseline.

Engagement Patterns

EPC Group delivers Governed AI on Microsoft via fixed-scope Consulting Blocks:

• Consulting Block 40 — 40 senior-architect hours, 4-week delivery. Discovery + Layer 1 design + Layer 6 baseline.
• Consulting Block 80 — 80 senior-architect hours, 8-week delivery. Discovery + Layers 1-2 + Layer 6 baseline + industry overlay design.
• Full Foundation — 12-16 week engagement covering Layers 1-2 + Layer 6.
• Full Six-Layer Deployment — 26-week engagement covering all six layers + industry overlay.
• Ongoing Operations — quarterly governance scorecard + Communication Compliance tuning + audit attestation support.

Why EPC Group

EPC Group is a 29-year Microsoft consulting firm. The Governed AI on Microsoft framework synthesizes hundreds of regulated-industry Microsoft engagements into a single deployable reference architecture. The firm holds all six current Microsoft Solutions Partner designations under the Microsoft AI Cloud Partner Program — Data and AI (Azure), Digital and App Innovation (Azure), Infrastructure (Azure), Business Applications, Modern Work, and Security.

Founder Errin O'Connor was a member of the original Microsoft SharePoint beta team (Project Tahoe, 2001) and the original Microsoft Power BI beta team (Project Crescent). He has authored four Microsoft Press best-selling books on Microsoft SharePoint, Microsoft Power BI, and Microsoft enterprise architecture. He served as a Lead Architect at NASA on the Nebula Cloud project. Errin personally reviews every Governed AI on Microsoft framework deployment.

Frequently Asked Questions

Q: How does the Governed AI on Microsoft framework relate to Microsoft Cloud Adoption Framework?
A: Microsoft Cloud Adoption Framework (CAF) is Microsoft's official cloud adoption guidance. Governed AI on Microsoft is a regulated-industry-specific governance reference architecture built on top of CAF, with Microsoft 365 Copilot, Copilot Studio, and Agent 365 specifically in scope. The two complement each other.

Q: Can we deploy Governed AI on Microsoft without Microsoft 365 Copilot licenses?
A: Yes for Layers 1-5. Layer 6 (Agent Governance) requires Microsoft Agent 365 licensing. Many organizations deploy Layers 1-5 as a baseline 6-12 months before Copilot rollout.

Q: Does the framework apply to ChatGPT Enterprise or Claude Enterprise?
A: The framework is Microsoft-stack-specific. For multi-vendor AI portfolios, Microsoft Foundry as a multi-model gateway can run Claude, GPT, Gemini, Llama, and Mistral inside the same governance perimeter. See /blog/microsoft-365-copilot-vs-chatgpt-enterprise-vs-claude-enterprise-decision-framework-2026.

Q: What is the cost of the framework deployment?
A: Engagements begin with Consulting Block 40 ($35K-$50K range) or Block 80 ($60K-$95K range) for discovery and design. Full Foundation engagements run $200K-$400K. Full six-layer deployments at enterprise scale run $500K-$1.2M. Industry overlays add 20-30% to baseline cost.

Q: How long until first measurable security improvement?
A: Layer 1 (Identity) typically improves measurable security posture within 30 days of deployment. Layer 2 (Sensitivity labels) takes 90 days to reach 80%+ content coverage. Full six-layer measurable improvement typically at the 6-month mark.

Q: How does this compare to HITRUST?
A: HITRUST CSF is a broader enterprise security certification framework. Governed AI on Microsoft is Microsoft AI scope-specific. Many organizations deploy both — HITRUST for enterprise certification, Governed AI on Microsoft for the Microsoft 365 Copilot scope inside HITRUST.

Q: Can we deploy with our internal IT team?
A: Layers 1, 5, and 6 are deployable with strong internal Microsoft 365 + Microsoft Sentinel teams. Layers 2, 3, and 4 typically benefit from external consulting (taxonomy design, Communication Compliance tuning, DLP rule authoring). Most clients combine internal team + EPC Group for first deployment, then transition to internal operations.

Q: What's coming in 2027?
A: Microsoft Agent 365 will add context mapping, policy-based controls, and runtime blocking + alerts via Intune + Defender (June 2026 public preview). The framework will incorporate these as they GA. EU AI Act enforcement (August 2 2026) drives additional Layer 5 audit requirements.

Q: Why EPC Group vs Avanade or Accenture for this work?
A: Avanade and Accenture deliver at global scale with mixed senior + junior teams and significant offshoring. EPC Group delivers US/CA-only with senior architects only. Smaller team means more senior-architect time per engagement. Specifically for regulated industries (HIPAA, FINRA, FedRAMP, CMMC), the smaller-senior-only model produces higher governance fidelity.

Next Steps

• Engagement Operating Model (delivery methodology): /engagement-model
• Microsoft Copilot Governance Consulting: /services/copilot-governance-consulting
• Microsoft Purview Implementation: /services/microsoft-purview
• Microsoft Entra Zero Trust: /services/microsoft-entra-id
• Industry vertical (healthcare): /industries/healthcare
• Industry vertical (financial services): /industries/financial-services
• Industry vertical (government): /industries/government
• HIPAA blueprint deep-dive: /blog/microsoft-365-copilot-hipaa-governance-blueprint-2026
• FINRA/SEC checklist deep-dive: /blog/finra-sec-microsoft-copilot-controls-checklist-2026
• Schedule discovery: /contact · (888) 381-9725