Copilot QuickScan • Connectors & extensions
Connectors & extensions controls.
Connector and extension posture can change data egress and control boundaries. This review focuses on allowed vs restricted posture, change control, and exceptions.
Note: Connector/extension scope is tenant-dependent. Where not present, D5 records “not applicable.”
What is reviewed
Controls and operational guardrails.
Allowed vs restricted posture
- Which connectors/extensions are allowed (if applicable) and under what restrictions.
- Default posture: allow-by-default vs allow-by-exception.
Change control
- Who can enable/disable connectors/extensions.
- How changes are approved and recorded.
- Minimum evidence for “who changed what and when.”
Exception handling
- Exception register: rationale, owner, expiry, review cadence.
- Break-glass rules for high-risk actions.
What D5 contains
- Connector/extension control register (allowed/restricted posture)
- Change control summary + ownership
- Exception model and evidence notes