Trust model

Tenant data stays local unless you choose otherwise.

How OpenAdminOS keeps Microsoft 365 tenant work local by default, labels hosted model egress, and gates every write agent behind human approval.

Local provider selected

Tenant data, prompts, answer packs, run history, and local model responses stay on the admin workstation.

Hosted provider selected

The app labels the provider before a prompt containing tenant context is sent to OpenAI, Anthropic, or Azure OpenAI.

Write agent selected

The agent prepares a diff first. Destructive changes require typed confirmation every time.

Tenant context missing

No agent run starts until an active tenant is connected and visible in the app status strip.

Write safety

There is no trust-this-agent bypass.

Read-only agents can run autonomously against the active tenant. Write agents cannot. They produce a proposed change set, show the before/after diff, and wait for approval. Destructive operations require the exact typed phrase shown in the confirmation panel.

This rule applies to community agents and private registry agents. It also applies when chat suggests an installed write agent for a repeated task.

Review the agent registry contract