Skip to main content
Feedback

Adding a Microsoft Copilot provider

Before adding a Microsoft Copilot account into the Agent Control Tower, ensure the prerequistes are met. You can obtain the Tenant ID, Client ID, and Client Secret from the applicable environment using Azure AD in Step 3. To obtain the Scope, refer to Step 5.

Agents

Step 1: Log in to the Microsoft Copilot Studio Dashboard

  1. Navigate to Microsoft Copilot Studio Dashboard.
  2. Log in to your account.

The system logs your account into the Default Directory (default) environment by default. The "default environment" is a pre-configured environment designed for initial exploration and development and is not intended for long-term production use. To log into a Copilot provider account on the Agent Control tower, you will need a Dataverse environment.

To view your environments, click Environment Default Directory (default) in the upper right corner of your screen. A drop-down menu will list your supported environments. Your default environment will have "(default)" attached to your account name. If you do not have a Dataverse environment, you can create one by referring to “Creating a Dataverse Environment" in Step 2.

Step 2: Creating a Dataverse environment

If you have an existing Dataverse environment, ensure Add a Dataverse data store is enabled.

You can create a fresh Copilot Studio-enabled Dataverse environment if you are new to Microsoft Copilot and do not have a working environment to connect to the Agent control tower.

  1. Log in to Power Platform Admin Center.
  2. Navigate to Manage from the left-hand menu and click on Environments.
  3. Click +New and fill in the following in the Add Dataverse sidebar:
    • Name: e.g., "Copilot Dev"
    • Region: Your region
    • Type: Sandbox or Production
    • Add a Dataverse data store: Yes (Mandatory to log into Agent Control Tower)
  4. Click Next.
  5. Keep all the selected information as default and select None under Security group unless needed otherwise. For more information on security groups, refer to Environment Security groups.
  6. (Optional)Under Enable Dynamics 365 apps? Toggle on Yes.
info

Enabling Dynamics 365 apps will allow system generated agents to appear. Keeping the toggle switched to No will only list agents that you have generated. It is important to note that this is a one time setting and cannot be switched later on.

  1. Click Save.

Step 3: Register an application in Azure AD

To obtain the Tenant ID, Client ID, and Client Secret:

  1. Navigate to the Azure Portal.
  2. You can access the Azure Active Directory / Microsoft Entra ID by using the search bar or the menu in the upper left corner.
  3. A Company Overview screen will open. Click +Add.
  4. Click App registration.
  5. Enter the following details:
    • Name: For example, "Copilot API Access".
    • Supported account types: Accounts in this organizational directory only (- Single tenant).
    • Redirect URI: Leave blank or set if needed.
  6. Click Register.
  7. Copy the Application (client) ID and Directory (tenant) ID.

For the Client Secret, from the left menu,

  1. Navigate to Manage > Certificates & secrets.
  2. Click +New client secret.
  3. Enter a description (eg, ACT copilot).
  4. Set an expiry timeline or leave as default.
  5. Click Add.
  6. Copy the Value to your local device. The Value is the Client Secret and is a one-time view only.

Step 4: Add API Permissions

  1. Navigate to Manage > App Permissions.
  2. Under Configured permissions, click Add a permission.
  3. Switch to the APIs my organization uses tab in the Request API permissions sidebar.
  4. Search for Dataverse and select it.
  5. Select Delegated permissions under What type of permissions does your application require?
  6. Select the checkbox for user_impersonation permission.
  7. Click Add permissions.

Step 5: Obtain the Scope

For the scope:

  1. Navigate to the Power Apps dashboard.
  2. You can switch to your environment from the Environment Default Directory (default) in the upper right corner of your screen.
  3. Navigate to Settings > Developer resources.
  4. Copy your WebAPI endpoint to your clipboard(For example: https://<yourenv>.api.crm.dynamics.com/.default or https://<yourenv>.api.crm.dynamics.com/api/data/v9.2).

Step 6: Create an Application User in Power Platform

  1. Navigate to the Power Platform admin center.
  2. Select Manage > your environment.
  3. Select Settings.
  4. Expand Users + permissions and select Application users.
  5. Click +New app user.
  6. Select the App that you created in Azure AD in step 3.
  7. Choose the Business Unit (eg, orgXXXXXXX: type "org" and select the suggestion that pops up)
  8. (Optional) Under Security Roles, select the permissions you require and click Save.
    info

    For ACT, the bare minimum requirement is Read-only access.

  9. Click Create.

Step 7: Adding a provider account on Agent Control Tower

After you obtain all the prerequisites, log in to your Agent Control Tower and perform the following steps:

  1. Navigate to Manage providers.
  2. Click on Account.
  3. Click on +Add Account.
  4. Enter an Account Name for your provider account on the Add Account screen.
  5. Enter your organisation's Co-pilot URL: https://login.microsoftonline.com can be used as default.
  6. Enter the Scope you obtained from Step 5.
  7. Enter your Tenant ID, Client ID, and Client Secret obtained from Step 3.
  8. Click Add Account.

The account takes a couple of minutes to sync. After syncing, you will see your agents on the Agents screen. The Client ID and Client Secret are editable fields if you need to update expired credentials.

You can edit tags and trust levels of your copilot agents.

Next steps: Managing Microsoft Copilot agents

On this Page