Creating custom copilot with Copilot Studio based on your files in SharePoint

00:00

[Music]

00:03

okay so this is the second episode of a

00:06

series of episodes about how you can uh

00:09

build custom copilot with copilot studio

00:12

uh consuming SharePoint online or one

00:15

drive uh files content and in this

00:18

episode I'm going to show you how you

00:20

can publish a custom copilot for example

00:24

in teams in order to make possible for

00:26

your end users to consume uh your

00:29

content and your custom copilot easily

00:32

so uh this is the context you have a

00:34

custom copilot you want to consume

00:36

SharePoint online data or one data and

00:39

you want to have it as a chat bot

00:41

available in teams with single sign on

00:46

capabilities to give a better user

00:48

experience to your end users so now I'll

00:51

move to the uh demo environment and step

00:54

by step we are going to configure

00:57

everything that we need to accomplish

00:59

this task so first of all let me go here

01:02

and this is my uh copilot studio console

01:05

here I have a bunch of custom copilot

01:08

that I have already uh defined and I

01:10

have one which is called HR copilot demo

01:13

which is the one we are going to work

01:15

with in this uh demo today and just to

01:19

give you an idea of what the final goal

01:21

will be uh it is to have the copilot

01:25

chatbot inside the teams so that we can

01:28

ask questions to Copilot

01:30

uh to the custom pilot and get back

01:32

answers based on the content of

01:35

documents that we have in a SharePoint

01:37

online site which in my scenario is an

01:39

hypothetical HR website where we have a

01:42

bunch of documents about HR related

01:46

stuff okay that's the uh context and the

01:49

goal that we want to achieve so in order

01:52

to do that as like as we did in the

01:54

previous episode and I would invite you

01:56

to give an eye to that one as well to

01:57

dig into the uh details I have a custom

02:01

copilot that I have created but now and

02:04

today we need to slightly change the

02:07

registration process to enable this

02:09

custom copilot to support the publishing

02:13

in teams and the single sign on so first

02:16

of all in order to properly configure

02:18

your co-pilot you need to uh set up the

02:21

authentication of the uh custom copilot

02:24

so you need to choose if you want to

02:26

consume uh SharePoint online or one

02:28

drive data manual authentication and you

02:32

will have to configure an application in

02:35

a directory and we have seen already

02:37

these steps in one of the uh previous

02:40

episodes so let me go to uh Azure entra

02:43

ID and let me create the registration of

02:45

an application which can be for example

02:48

HR uh copilot demo and will be the

02:52

reader application that I'm going to

02:54

create and while registering this

02:56

application it could be a single or

02:58

multi-tenant one I can copy the redirect

03:01

URL from copilot Studio which I will use

03:04

to configure a web application

03:06

authentication for my entra ID

03:09

application and once I've done that I

03:12

can use the client ID of my application

03:15

in the client ID settings of my custom

03:19

copilot in copilot Studio then I can go

03:22

and double check in the authentication

03:23

section that I have the proper redirect

03:25

URL and I can enable the access token

03:28

and the ID tokens uh from an

03:30

authentication flow point of view so

03:32

that then in the certificate and secret

03:34

I can create a client secret for my

03:36

application I'm going quite fast here

03:38

because it is something that we have

03:39

already covered uh previously but we

03:42

needed to go through all of the steps

03:44

and to get to the Single seon part of

03:47

the story so let me copy the share

03:49

secret and I will paste the share secret

03:52

in the settings in the uh authentication

03:55

settings of my application and then I

03:57

will need in Azure andent TR to

04:00

configure for my application a set of of

04:02

API permissions first of all from a

04:05

security point of view I want to stress

04:07

the information that we are going to

04:08

configure mograph delegated permissions

04:11

so every single user will be able to

04:13

access only the document that they have

04:15

access to and I will select the open ID

04:17

and profile uh permissions plus I want

04:21

to have sites. read. all because I want

04:24

to being able to read the sites as well

04:27

as the files and all of them will will

04:29

be delegated permissions so once I've

04:33

added them I can grant them so that the

04:35

end users will not have to do an

04:37

explicit Grant when there we start using

04:40

our chat bot in teams and now that I

04:43

have done that I can uh just save the

04:46

settings in the custom authentication in

04:48

copilot studio and so far we are exactly

04:51

where we were last week when we created

04:55

our custom uh copilot now that I have

04:57

done that I can go to publish and

05:00

publish my custom compilot so that this

05:03

initial setup will be written in stones

05:06

and made available through uh copilot

05:09

Studio but now what I want to do is to

05:11

publish this uh custom copilot in thems

05:14

so it takes a while to do the initial

05:17

publishing but once it will be done I

05:19

will be able to uh go to the channel

05:21

section that you see right here so go to

05:24

channels and from here I can choose one

05:27

or more of the available Channel that I

05:30

want to use to make my custom copilot

05:32

available and my target as I said is

05:34

teams so if you click on Microsoft teams

05:37

you can turn on the teams Channel which

05:41

means that this custom compilot will

05:43

become available and uh ready to be used

05:46

in teams what does that mean well first

05:48

of all we can properly configure a set

05:51

of additional details for our bot which

05:54

will be uh available in team so by

05:56

clicking on edit details we can change

05:58

the icon we can and change the uh

06:01

reference color for the icon that will

06:04

be used to represent our custom copilot

06:06

we can provide a description a long

06:08

description and so on so forth but by

06:10

clicking on the more button right here

06:13

and selecting more you can configure all

06:16

the developer information if you have uh

06:19

a a website a privacy page a terms of

06:22

use page and stuff letter and you should

06:24

do that if you are creating a solution

06:27

for your own company or your customer

06:30

and then there is a section right here

06:32

in the lower part of this Advanced

06:34

details section where you can configure

06:37

additional settings which will become

06:39

useful to enable single sonon in teams

06:43

so how can we get those settings first

06:46

of all again we need to copy a reference

06:48

value which is the app ID for our Uh

06:52

custom co-pilot application so let me

06:54

copy this value in the clipboard we go

06:58

back to enter ID and from here we can go

07:02

to the expose napi section and in the

07:05

expose n API section we are going to

07:08

configure a bunch of settings so that we

07:10

will make it possible for the app that

07:13

we just created to support single sign

07:15

on first of all we need to configure a

07:17

unique URI to expose a custom API in our

07:21

app so let me click on ADD and the uh

07:24

URI that we need to use it has to be

07:28

with the following format so if API

07:30

followed by both ID Dash and the unique

07:33

ID that we just copied from the copilot

07:37

studio so this will be my reference

07:40

value okay then once we have done that

07:44

we can create a custom scope so that we

07:47

will enable the consumers of our

07:49

application to consume the app providing

07:51

a specific access token with the scope

07:54

that we are going to create right now

07:56

the scope name can be whatever you want

07:58

in my scenario can be for example hr.

08:01

read because I want to make it possible

08:04

for consumers to have the permission to

08:07

read my HR data but the name again can

08:10

be whatever you like it will be a scope

08:14

that can be consented by admins and

08:16

users and here I'm just a lazy developer

08:19

so I will simply copy and paste the same

08:21

value in a real solution you should

08:23

provide a good description and a good

08:26

display name but as I said I'm a lazy

08:28

developer and I will add my scope okay

08:32

once I've done

08:33

that this information about the uh scope

08:38

will be uh useful because we are going

08:40

to Grant the uh applications used by

08:44

team so the desktop and web and mobile

08:48

application of teams will be

08:50

automatically granted to uh and

08:53

authorized to use this permission scope

08:55

for this application so by clicking on

08:57

the add the client application we start

09:00

with the desktop and mobile application

09:03

this is the unique ID you will find it

09:06

in the uh official documentation so you

09:08

don't need to memorize it but if you

09:10

want it's a good exercise up to you and

09:13

we can reference the desktop and mobile

09:16

application ID for teams and we

09:19

authorized our custom permission scope

09:21

for that application and then we do the

09:23

same for the web application of teams so

09:28

we click add a client again we provide

09:30

the ID of the web app of teams and we

09:33

still Grant the same we do the

09:35

authorization of the same scope now that

09:37

we are done with that we copy in the

09:41

clipboard the uh either the uni urri or

09:45

the uh permission scope and we go back

09:48

here and in this UI we need to provide

09:51

the uni URI right here so this

09:54

information the client ID which we can

09:57

get from the overview panel of our

10:00

application right here and we save again

10:04

the settings of our uh Team uh channel

10:08

for our custom copilot once we've done

10:12

that we need to go back to the security

10:14

settings sorry there is a bit of a back

10:16

and forth in the UI but it is what it is

10:19

we go to the authentication section

10:21

again and here we have a field which I

10:25

intentionally left blank before which is

10:27

the token Exchange URL now despite the

10:31

name which looks like a URL that we are

10:34

going to use or to consume as an API

10:36

actually in this field we need to

10:38

provide the permission scope the custom

10:42

permission scope that we created for our

10:45

application which means that we need to

10:47

go back here in entra ID back to the

10:50

Expos an API section we copy this value

10:54

and we paste it here so this will be the

10:58

custom permit Mission scope of our

11:01

application which will be used by the uh

11:04

backend infrastructure of copilot Studio

11:07

during the single signon phase in order

11:10

to Leverage The on behalf of flow and to

11:14

get an access token on behalf of the

11:17

currently connected user so the user who

11:20

is consuming our bot our custom copilot

11:24

for example in teams and that uh access

11:27

token on behalf of the user will have

11:30

the permission scope to consume our API

11:34

but in our custom copilot we also want

11:37

to consume SharePoint online content so

11:40

when uh making a request for an on

11:42

behalf of token we will also need to

11:45

specify that we want to get a h on

11:50

behalf of uh token not only for our

11:53

custom permission scope but also for the

11:55

permission

11:56

Scopes which will make it possible to to

11:59

consume the SharePoint online data so

12:02

I'm adding the sites. read. all and the

12:04

files. read. all permission Scopes to

12:08

this list of permission Scopes and I can

12:11

save again my

12:13

application authentication setting sorry

12:16

and once it's saved I can close this one

12:19

oops don't leave and save

12:23

again okay done now we can go to publish

12:27

and we need to publish the custom

12:29

copilot again because we need to make

12:31

all of these new settings available

12:33

again uh inside the uh public registry

12:37

of the custom copilot and in the

12:39

environment that we are targeting now

12:41

that the publishing is done we can go

12:45

back to the channels you can do from

12:47

here or from here either way works and

12:51

if you go back to the Microsoft teams

12:54

Channel you can go to availability

12:57

options and from here you can make your

13:00

choice about how you want to make your

13:03

custom boat available to the end users

13:05

and here you have multiple options one

13:07

is to just copy the link which will

13:10

Target the custom bot and you will

13:14

provide the link to the Target users and

13:16

they will be able to start using your

13:18

Bot I will show you uh shortly how you

13:20

can do that or you can click on the show

13:24

to my teammate and shared users so this

13:27

one uh will be an option that will allow

13:30

you to share the app to a specific set

13:34

of users or show to everyone in my

13:37

organization which will make your

13:39

application registered and available as

13:42

an app in the uh teams app catalog of

13:46

your target tenant which is uh what I

13:48

have done in my scenario for two other

13:52

sample Uh custom copilot that I created

13:55

in this demo environment once you choose

13:59

for example they show to everyone in my

14:02

organization the app will be uploaded to

14:06

the uh apps of teams so if you go under

14:09

admin. teams. my.com team apps manage

14:13

apps there you will find your

14:14

application and you will have to publish

14:17

the application so I can do that for the

14:20

sake of showing you what happens so let

14:22

me do that let me submit for admin

14:25

approval it means that in a matter of

14:29

few seconds or minutes from now the app

14:32

will show up in the apps of teams and we

14:35

will be able to approve and publish the

14:38

application in our uh store uh teams

14:41

apps store the fourth option that you

14:44

have in the previous UI allows you to

14:47

download a zip file which will include

14:50

the Manifest file uh the teams manifest

14:52

file and the icons for your application

14:55

so that you can do the manual publishing

14:58

in uh any of the target tenants where

15:01

you want to reuse the application as I

15:04

said it takes a while to do the

15:06

publishing in the App Store and

15:08

hopefully now it is almost done it is

15:10

almost done and now we can see that it

15:12

is waiting for approval so if I'm lucky

15:15

enough I can go back here and I can

15:17

refresh my list of apps and search

15:22

for HR copilot again so let me do that

15:26

let me change the view and let me search

15:29

again and hopefully it will be already

15:31

there yes it is so HR copilot demo is

15:34

now here as you can see it is blocked

15:36

right now but I can click on it and as

15:38

an admin I can choose to uh reject or

15:42

publish the application if I will

15:44

publish the application it will become

15:47

available to all of my users when they

15:50

will go to teams and they will add an

15:52

app from here but it will take minutes

15:56

not one or two minutes maybe more than

15:58

that so I'm not going to uh make you

16:01

wait for that time right now and that's

16:03

why I have already created in My Demo

16:07

environment a couple of other HR copilot

16:12

samples one with the single signon

16:15

experience as like as I just showed you

16:17

and another one without the single sonon

16:19

experience so now I'm switching to a

16:23

demo user that I have and I'm almost

16:25

done then and I will first of all show

16:27

you the user experience when you don't

16:30

have the single sign on configured so

16:33

this is the URL that you can use to

16:36

directly activate a custom copilot in

16:39

teams uh without going through the whole

16:43

process of registering the app here I am

16:45

with a user uh hypothetical user called

16:49

Julie red and I can add the HR copilot

16:52

with no single seon the no single seon

16:55

experience will provide to the end user

16:57

this experience so the user will have to

16:59

click on the login button and by

17:02

clicking on the login button there will

17:04

be a kind of a dance there will be a new

17:06

tab opened and then once it will be

17:08

closed we will get back a welcome

17:11

message from the copilot studio and the

17:13

user is now authenticated on the

17:15

contrary if you use the single sonon

17:18

experience and let me do that and then

17:20

I'm almost

17:22

done again we open it we use the web

17:26

experience we add the application

17:30

and once it will be added to my uh user

17:34

experience as you can see I don't have

17:36

to click the login button but I'm right

17:39

there ready to consume my custom copilot

17:41

with single signon because I already

17:43

have my access token with the on behalf

17:45

of flow which has been created for me

17:48

with all of the permission scops needed

17:49

to consume my target Uh custom copilot

17:54

so that said let me briefly switch back

17:57

to the slide there this was a backup

17:59

plan in case of any need I pre-recorded

18:03

the uh running solution this is a recap

18:05

that I leave just for your reference so

18:07

all of these steps you need to go

18:09

through in order to register and publish

18:12

a custom co-pilot in teams with single

18:14

signon and here you have a set of useful

18:16

links if you want to dig uh much more

18:19

into this topic that said I think that's

18:22

all for me back to you Fabian thank

18:24

[Music]

18:26

you