Platform
The Gatepost
Governance Platform
Five integrated modules that enforce, log, and prove AI data governance across your entire Microsoft 365 environment.
01
Permission Intelligence
Know what your agents can reach before they do.
Gatepost continuously maps every SharePoint, OneDrive, and Teams resource against Microsoft Purview sensitivity labels. It surfaces all service accounts, managed identities, and Entra service principals that have access to sensitive content — before an AI agent inherits that access.
Capabilities
- Full permission graph across SharePoint Online, OneDrive for Business, and Teams
- Sensitivity label coverage analysis — unlabeled content flagged as risk
- Service account and managed identity enumeration
- Overprivilege scoring against least-privilege AI access baselines
- Drift detection: alert when new service accounts gain sensitive-data access
Enforcement Sequence
The Seven-Step
Retrieval Gateway
Every query passes through a deterministic enforcement chain. No retrieval escapes the sequence.
Identity Resolution
Resolve agent Entra service principal
Policy Lookup
Fetch active policy version for agent
Request Validation
Validate query format and scope
Classification Check
Evaluate chunk sensitivity labels
Ceiling Enforcement
Block chunks above agent ceiling
Audit Log Write
Write tamper-evident retrieval record
Response Release
Return compliant chunks to agent
2026-06-21T09:14:03.221Z retrieval-gateway INFO
► agent_id: svc-copilot-finance@contoso.onmicrosoft.com
query: "Q3 board pack sensitivity analysis"
policy_version: v2.4.1 · log_ref: #82941
Architecture
Deployed inside
your Azure tenant
Gatepost is not a SaaS intermediary. It deploys as Azure resources entirely within your subscription. No data transits Gatepost infrastructure.
- Gatepost control plane runs in your Azure subscription
- Audit logs written to your Log Analytics workspace
- Keys managed in your Azure Key Vault — not ours
- Identity enforcement via your Entra ID tenant
- No outbound data paths to Gatepost infrastructure