Governance solution scaffolds and documentation patterns for the FSI-CopilotGov framework.
This repository translates the framework's 54 controls and 216 playbooks into solution scaffolds, reusable modules, policy templates, and evidence-export patterns for Microsoft 365 Copilot governance in financial services.
- A shared contract layer for governance tiers, solution naming, evidence export, and dashboard integration
- Root deployment utilities, documentation-build automation, and validation workflows
- Eighteen solution folders aligned to the solution backlog identified in the planning report
- Machine-readable mappings that connect solutions back to FSI-CopilotGov controls, playbooks, and regulations
⚠️ This is a documentation-first repository. All solutions provide governance scaffolds, templates, and scripts using representative sample data. No solution connects to live Microsoft 365 services in its repository form. See Disclaimer and Documentation vs Runnable Assets Guide.
| ID | Solution | Scripts | Live API Calls | Data Source | Tenant Binding Required |
|---|---|---|---|---|---|
| 01 | Copilot Readiness Scanner | ✅ | ❌ | Representative sample scores | Graph, Purview |
| 02 | Oversharing Risk Assessment | ✅ | ❌ | Representative sample data | Graph, SharePoint |
| 03 | Sensitivity Label Auditor | ✅ | ❌ | Representative sample data | Purview |
| 04 | FINRA Supervision Workflow | ✅ | ❌ | Representative sample data | Purview Communication Compliance |
| 05 | DLP Policy Governance | ✅ | ❌ | Local config baseline comparison | Purview DLP |
| 06 | Audit Trail Manager | ✅ | ❌ | Tier configuration validation | UAL, Purview, eDiscovery |
| 07 | Conditional Access Automation | ✅ | ❌ | Generated policy templates | Entra ID, Graph |
| 08 | License Governance ROI | ✅ | ❌ | Representative sample usage data | Graph, Viva Insights |
| 09 | Feature Management Controller | ✅ | ❌ | Tier-defined feature templates | M365 Admin, Graph, Teams Admin |
| 10 | Connector Plugin Governance | ✅ | ❌ | Config-defined connector lists | Power Platform Admin |
| 11 | Risk-Tiered Rollout | ✅ | ❌ | Wave manifest generation | Graph (license assignment) |
| 12 | Regulatory Compliance Dashboard | ✅ | ❌ | Seeded reference data | Dataverse, Power BI |
| 13 | DORA Resilience Monitor | ✅ | ❌ | Local stub sample data | Graph (service health), Sentinel |
| 14 | Communication Compliance Config | ✅ | ❌ | Policy template generation | Purview Communication Compliance |
| 15 | Pages Notebooks Gap Monitor | ✅ | ❌ | Representative sample data | Audit, eDiscovery |
| 16 | Item-Level Oversharing Scanner | ✅ | ❌ | Representative sample data | PnP PowerShell, SharePoint |
| 17 | SharePoint Permissions Drift | ✅ | ❌ | Representative sample data | PnP PowerShell, Graph |
| 18 | Entra Access Reviews Automation | ✅ | ❌ | Representative sample data | Graph, Entra ID |
This table summarizes which Microsoft 365 and Azure services each solution requires for production use.
| ID | Graph API | Dataverse | Power BI | Power Automate | Purview | Entra ID | Other |
|---|---|---|---|---|---|---|---|
| 01 | ✅ | ✅ | ✅ | ✅ | ✅ | — | SharePoint |
| 02 | ✅ | ✅ | ✅ | ✅ | — | — | SharePoint |
| 03 | — | ✅ | ✅ | ✅ | ✅ | — | — |
| 04 | — | ✅ | — | ✅ | ✅ | — | — |
| 05 | — | ✅ | ✅ | ✅ | ✅ | — | Exchange |
| 06 | — | ✅ | ✅ | ✅ | ✅ | — | eDiscovery |
| 07 | ✅ | ✅ | ✅ | ✅ | — | ✅ | — |
| 08 | ✅ | ✅ | ✅ | ✅ | — | — | Viva Insights |
| 09 | ✅ | ✅ | ✅ | ✅ | — | — | Teams Admin |
| 10 | — | ✅ | ✅ | ✅ | — | — | Power Platform |
| 11 | ✅ | ✅ | — | ✅ | — | — | — |
| 12 | — | ✅ | ✅ | ✅ | — | — | — |
| 13 | ✅ | ✅ | ✅ | ✅ | — | — | Sentinel |
| 14 | — | ✅ | ✅ | ✅ | ✅ | — | — |
| 15 | — | ✅ | ✅ | ✅ | ✅ | — | eDiscovery |
| 16 | ✅ | — | — | — | — | — | SharePoint (PnP) |
| 17 | ✅ | — | — | — | — | — | SharePoint (PnP) |
| 18 | ✅ | — | — | — | — | ✅ | SharePoint |
- Preflight contract gate — freeze templates, shared contracts, mappings, and validation rules.
- Repository foundation — bootstrap docs, site generation, workflows, and reusable modules.
- Full solution scaffold — create all 18 solution folders with consistent placeholders and delivery checklists.
- Fleet execution — implement track-specific logic only after the shared contracts are stable.
- Integration and publication — aggregate evidence, validate docs, and publish the site.
- Solutions provide documentation, scripts, templates, and evidence packaging guidance.
- Exported Power Automate runtime artifacts are intentionally excluded; the repository documents how to build flows and apps safely in each tenant.
- Documentation should use precise FSI language such as "supports compliance with" or "helps meet" rather than absolute claims.
- Start with Common Prerequisites and Identity and Secrets Prep.
- Use DEPLOYMENT-GUIDE.md for wave sequencing, Operational Handbook for ownership and support expectations, and Documentation vs Runnable Assets Guide to keep the documentation-first boundary clear.
- Run
pwsh -File scripts\deployment\Validate-Prerequisites.ps1and capture the result inDELIVERY-CHECKLIST-TEMPLATE.mdbefore customer handoff or production execution.
python scripts/build-docs.py
python scripts/validate-contracts.py
python scripts/validate-solutions.py
python scripts/validate-documentation.pyThis project is licensed under the MIT License.