Creating custom copilot with Copilot Studio based on your files in SharePoint
Summary
TLDRThis tutorial series demonstrates how to build a custom copilot using Copilot Studio to integrate with SharePoint Online or OneDrive files. The focus is on publishing a custom copilot in Microsoft Teams, enabling end-users to access and interact with SharePoint data via a chatbot with single sign-on capabilities for an enhanced user experience. The script guides through authentication setup, application registration in Azure AD, API permissions configuration, and publishing steps to make the custom copilot available in Teams, highlighting both the manual login and single sign-on user experiences.
Takeaways
- π The video is a tutorial on building a custom copilot with CoPilot Studio to consume SharePoint Online or OneDrive files.
- π The goal is to publish a custom copilot in Microsoft Teams with single sign-on capabilities for a seamless user experience.
- π οΈ The process involves configuring authentication for the custom copilot, including setting up an application in Azure Active Directory.
- π The tutorial demonstrates how to create an application registration in Azure AD for the custom copilot, including the use of client secrets and redirect URLs.
- π― It's important to configure API permissions in Azure AD to allow the copilot to access SharePoint Online data with delegated permissions.
- π± The video shows how to publish the custom copilot to Teams, including configuring channel settings and developer information.
- πΌοΈ Customizing the bot's appearance in Teams involves setting an icon, reference color, and providing a description for the bot.
- π The tutorial covers the steps to enable single sign-on in Teams, which includes configuring a unique URI and custom scope in Azure AD.
- π For security, the video explains how to grant the necessary permissions to the Teams application to access the custom copilot without additional user consent.
- π The process requires publishing the custom copilot after making changes to the authentication settings to make them effective.
- π The video concludes with options for making the custom bot available to end users, either through direct links, sharing with specific users, or publishing in the Teams app catalog.
Q & A
What is the main topic of the video series?
-The main topic of the video series is about building custom copilots with CoPilot Studio that can consume SharePoint Online or OneDrive files content.
What is the purpose of the custom copilot discussed in the video?
-The purpose of the custom copilot is to allow end users to consume SharePoint Online data or OneDrive data through a chatbot available in Microsoft Teams with single sign-on capabilities for a better user experience.
What is the final goal of the custom copilot implementation?
-The final goal is to have the custom copilot chatbot inside Microsoft Teams, where users can ask questions and receive answers based on the content of documents in a SharePoint Online site.
What is the role of Azure AD in the registration process of the custom copilot?
-Azure AD is used to create an application registration which is necessary for setting up the authentication for the custom copilot, including the client ID and client secret.
Why is the redirect URL important in the authentication setup?
-The redirect URL is important as it is used to configure the web application authentication for the Azure AD application and is also used in the CoPilot Studio for the authentication settings.
What are the types of permissions that need to be configured in Azure AD for the custom copilot?
-Delegated permissions such as 'openid', 'profile', 'Sites.Read.All', and 'Files.Read.All' are configured to allow the custom copilot to access the necessary SharePoint Online data.
What is the significance of the 'publish' action in CoPilot Studio?
-Publishing the custom copilot in CoPilot Studio makes the initial setup available and ensures that all new settings are registered in the public registry of the custom copilot for the targeted environment.
What does it mean to enable the Microsoft Teams channel for the custom copilot?
-Enabling the Microsoft Teams channel means making the custom copilot available and ready to be used in Teams, allowing users to interact with it through the platform.
What is the difference between the single sign-on experience and the non-single sign-on experience for the end user?
-With single sign-on, the user is automatically authenticated without needing to click a login button, leveraging the 'on behalf of' flow with the necessary permission scopes. Without single sign-on, the user has to manually log in, which involves opening a new tab and waiting for the authentication process to complete.
How can the custom copilot be made available to end users in Teams?
-The custom copilot can be made available by providing a link for direct activation, sharing it with specific users, publishing it in the organization's Teams app catalog for everyone, or downloading a zip file for manual publishing in different tenants.
What is the process for an admin to approve and publish a custom copilot in the Teams app catalog?
-The admin goes to the Teams admin center, navigates to 'Team apps' and 'Manage apps', finds the custom copilot, and then chooses to publish it, making it available to all users.
Outlines
π Introduction to Custom CoPilot Studio Integration
The script begins with an introduction to a series focused on building custom CoPilots using CoPilot Studio to interact with SharePoint Online or OneDrive files. The goal is to demonstrate how to publish a custom CoPilot in Microsoft Teams, allowing users to easily access and use SharePoint data through a chatbot with single sign-on capabilities. The presenter outlines the process of configuring authentication for the custom CoPilot and hints at a previous episode for more details.
π Setting Up Authentication for Custom CoPilot in Teams
This paragraph delves into the technical steps required to set up authentication for a custom CoPilot to be used in Teams. It involves creating an application in Azure AD, configuring the application's redirect URL, client ID, and client secret within CoPilot Studio. The presenter also discusses setting API permissions for the application, emphasizing the importance of delegated permissions to ensure users can only access documents they are entitled to view.
π Publishing Custom CoPilot and Configuring Single Sign-On
The script continues with the process of publishing the custom CoPilot and making it available in Teams. It covers configuring additional details for the bot in Teams, such as the icon and description, and setting up developer information. The presenter then explains how to enable single sign-on in Teams by creating a custom scope in Azure AD, granting permissions to Teams applications, and configuring the token exchange URL in CoPilot Studio to support the 'on behalf of' flow.
π Finalizing Custom CoPilot Availability and User Experience
The final paragraph discusses making the custom CoPilot available to end users in Teams. It outlines the options for sharing the app, including providing a direct link, sharing with specific users, or making it available to everyone in the organization through the Teams app catalog. The presenter also contrasts the user experience with and without single sign-on, demonstrating the streamlined access provided by the latter. The script concludes with a recap of the steps and useful links for further exploration.
Mindmap
Keywords
π‘Custom Copilot
π‘SharePoint Online
π‘OneDrive
π‘Single Sign-On (SSO)
π‘Azure AD
π‘Client ID
π‘API Permissions
π‘Manifest File
π‘On-Behalf-Of Flow
π‘Teams App Catalog
π‘Token Exchange URL
Highlights
Introduction to the series on building custom copilots with CoPilot Studio to consume SharePoint Online or OneDrive files.
Demonstration of publishing a custom copilot in Microsoft Teams for easy content consumption with single sign-on capabilities.
Overview of the final goal: having a chatbot in Teams that answers questions based on SharePoint Online documents.
Explanation of the need to change the registration process for custom copilots to support publishing in Teams and single sign-on.
Setting up authentication for the custom copilot, including manual authentication and application configuration in a directory.
Instructions on registering an application in Azure Entitlement ID for the custom copilot.
Details on configuring web application authentication using the client ID from CoPilot Studio.
Creation of a client secret for the application in the authentication settings of the custom copilot.
Configuring API permissions in Azure Entitlement ID for security and access control.
Granting delegated permissions to allow end users to access documents they have permissions for.
Process of saving settings in CoPilot Studio and preparing for publishing the custom copilot.
Steps to publish the custom copilot and make it available through CoPilot Studio.
Configuration of additional details for the bot in Teams, such as icon, reference color, and descriptions.
Enabling single sign-on in Teams by configuring unique URIs and custom scopes in Azure Entitlement ID.
Granting permissions for Teams applications to use the custom scope for single sign-on.
Details on setting the token exchange URL and custom permission scope for the single sign-on process.
Publishing the custom copilot again to apply new settings and make them available in the target environment.
Options for making the custom bot available to end users, including direct activation and sharing through Teams app catalog.
Demonstration of the user experience with and without single sign-on in Teams.
Recap of the steps required to register and publish a custom copilot in Teams with single sign-on.
Useful links provided for further exploration of the topic.
Transcripts
[Music]
okay so this is the second episode of a
series of episodes about how you can uh
build custom copilot with copilot studio
uh consuming SharePoint online or one
drive uh files content and in this
episode I'm going to show you how you
can publish a custom copilot for example
in teams in order to make possible for
your end users to consume uh your
content and your custom copilot easily
so uh this is the context you have a
custom copilot you want to consume
SharePoint online data or one data and
you want to have it as a chat bot
available in teams with single sign on
capabilities to give a better user
experience to your end users so now I'll
move to the uh demo environment and step
by step we are going to configure
everything that we need to accomplish
this task so first of all let me go here
and this is my uh copilot studio console
here I have a bunch of custom copilot
that I have already uh defined and I
have one which is called HR copilot demo
which is the one we are going to work
with in this uh demo today and just to
give you an idea of what the final goal
will be uh it is to have the copilot
chatbot inside the teams so that we can
ask questions to Copilot
uh to the custom pilot and get back
answers based on the content of
documents that we have in a SharePoint
online site which in my scenario is an
hypothetical HR website where we have a
bunch of documents about HR related
stuff okay that's the uh context and the
goal that we want to achieve so in order
to do that as like as we did in the
previous episode and I would invite you
to give an eye to that one as well to
dig into the uh details I have a custom
copilot that I have created but now and
today we need to slightly change the
registration process to enable this
custom copilot to support the publishing
in teams and the single sign on so first
of all in order to properly configure
your co-pilot you need to uh set up the
authentication of the uh custom copilot
so you need to choose if you want to
consume uh SharePoint online or one
drive data manual authentication and you
will have to configure an application in
a directory and we have seen already
these steps in one of the uh previous
episodes so let me go to uh Azure entra
ID and let me create the registration of
an application which can be for example
HR uh copilot demo and will be the
reader application that I'm going to
create and while registering this
application it could be a single or
multi-tenant one I can copy the redirect
URL from copilot Studio which I will use
to configure a web application
authentication for my entra ID
application and once I've done that I
can use the client ID of my application
in the client ID settings of my custom
copilot in copilot Studio then I can go
and double check in the authentication
section that I have the proper redirect
URL and I can enable the access token
and the ID tokens uh from an
authentication flow point of view so
that then in the certificate and secret
I can create a client secret for my
application I'm going quite fast here
because it is something that we have
already covered uh previously but we
needed to go through all of the steps
and to get to the Single seon part of
the story so let me copy the share
secret and I will paste the share secret
in the settings in the uh authentication
settings of my application and then I
will need in Azure andent TR to
configure for my application a set of of
API permissions first of all from a
security point of view I want to stress
the information that we are going to
configure mograph delegated permissions
so every single user will be able to
access only the document that they have
access to and I will select the open ID
and profile uh permissions plus I want
to have sites. read. all because I want
to being able to read the sites as well
as the files and all of them will will
be delegated permissions so once I've
added them I can grant them so that the
end users will not have to do an
explicit Grant when there we start using
our chat bot in teams and now that I
have done that I can uh just save the
settings in the custom authentication in
copilot studio and so far we are exactly
where we were last week when we created
our custom uh copilot now that I have
done that I can go to publish and
publish my custom compilot so that this
initial setup will be written in stones
and made available through uh copilot
Studio but now what I want to do is to
publish this uh custom copilot in thems
so it takes a while to do the initial
publishing but once it will be done I
will be able to uh go to the channel
section that you see right here so go to
channels and from here I can choose one
or more of the available Channel that I
want to use to make my custom copilot
available and my target as I said is
teams so if you click on Microsoft teams
you can turn on the teams Channel which
means that this custom compilot will
become available and uh ready to be used
in teams what does that mean well first
of all we can properly configure a set
of additional details for our bot which
will be uh available in team so by
clicking on edit details we can change
the icon we can and change the uh
reference color for the icon that will
be used to represent our custom copilot
we can provide a description a long
description and so on so forth but by
clicking on the more button right here
and selecting more you can configure all
the developer information if you have uh
a a website a privacy page a terms of
use page and stuff letter and you should
do that if you are creating a solution
for your own company or your customer
and then there is a section right here
in the lower part of this Advanced
details section where you can configure
additional settings which will become
useful to enable single sonon in teams
so how can we get those settings first
of all again we need to copy a reference
value which is the app ID for our Uh
custom co-pilot application so let me
copy this value in the clipboard we go
back to enter ID and from here we can go
to the expose napi section and in the
expose n API section we are going to
configure a bunch of settings so that we
will make it possible for the app that
we just created to support single sign
on first of all we need to configure a
unique URI to expose a custom API in our
app so let me click on ADD and the uh
URI that we need to use it has to be
with the following format so if API
followed by both ID Dash and the unique
ID that we just copied from the copilot
studio so this will be my reference
value okay then once we have done that
we can create a custom scope so that we
will enable the consumers of our
application to consume the app providing
a specific access token with the scope
that we are going to create right now
the scope name can be whatever you want
in my scenario can be for example hr.
read because I want to make it possible
for consumers to have the permission to
read my HR data but the name again can
be whatever you like it will be a scope
that can be consented by admins and
users and here I'm just a lazy developer
so I will simply copy and paste the same
value in a real solution you should
provide a good description and a good
display name but as I said I'm a lazy
developer and I will add my scope okay
once I've done
that this information about the uh scope
will be uh useful because we are going
to Grant the uh applications used by
team so the desktop and web and mobile
application of teams will be
automatically granted to uh and
authorized to use this permission scope
for this application so by clicking on
the add the client application we start
with the desktop and mobile application
this is the unique ID you will find it
in the uh official documentation so you
don't need to memorize it but if you
want it's a good exercise up to you and
we can reference the desktop and mobile
application ID for teams and we
authorized our custom permission scope
for that application and then we do the
same for the web application of teams so
we click add a client again we provide
the ID of the web app of teams and we
still Grant the same we do the
authorization of the same scope now that
we are done with that we copy in the
clipboard the uh either the uni urri or
the uh permission scope and we go back
here and in this UI we need to provide
the uni URI right here so this
information the client ID which we can
get from the overview panel of our
application right here and we save again
the settings of our uh Team uh channel
for our custom copilot once we've done
that we need to go back to the security
settings sorry there is a bit of a back
and forth in the UI but it is what it is
we go to the authentication section
again and here we have a field which I
intentionally left blank before which is
the token Exchange URL now despite the
name which looks like a URL that we are
going to use or to consume as an API
actually in this field we need to
provide the permission scope the custom
permission scope that we created for our
application which means that we need to
go back here in entra ID back to the
Expos an API section we copy this value
and we paste it here so this will be the
custom permit Mission scope of our
application which will be used by the uh
backend infrastructure of copilot Studio
during the single signon phase in order
to Leverage The on behalf of flow and to
get an access token on behalf of the
currently connected user so the user who
is consuming our bot our custom copilot
for example in teams and that uh access
token on behalf of the user will have
the permission scope to consume our API
but in our custom copilot we also want
to consume SharePoint online content so
when uh making a request for an on
behalf of token we will also need to
specify that we want to get a h on
behalf of uh token not only for our
custom permission scope but also for the
permission
Scopes which will make it possible to to
consume the SharePoint online data so
I'm adding the sites. read. all and the
files. read. all permission Scopes to
this list of permission Scopes and I can
save again my
application authentication setting sorry
and once it's saved I can close this one
oops don't leave and save
again okay done now we can go to publish
and we need to publish the custom
copilot again because we need to make
all of these new settings available
again uh inside the uh public registry
of the custom copilot and in the
environment that we are targeting now
that the publishing is done we can go
back to the channels you can do from
here or from here either way works and
if you go back to the Microsoft teams
Channel you can go to availability
options and from here you can make your
choice about how you want to make your
custom boat available to the end users
and here you have multiple options one
is to just copy the link which will
Target the custom bot and you will
provide the link to the Target users and
they will be able to start using your
Bot I will show you uh shortly how you
can do that or you can click on the show
to my teammate and shared users so this
one uh will be an option that will allow
you to share the app to a specific set
of users or show to everyone in my
organization which will make your
application registered and available as
an app in the uh teams app catalog of
your target tenant which is uh what I
have done in my scenario for two other
sample Uh custom copilot that I created
in this demo environment once you choose
for example they show to everyone in my
organization the app will be uploaded to
the uh apps of teams so if you go under
admin. teams. my.com team apps manage
apps there you will find your
application and you will have to publish
the application so I can do that for the
sake of showing you what happens so let
me do that let me submit for admin
approval it means that in a matter of
few seconds or minutes from now the app
will show up in the apps of teams and we
will be able to approve and publish the
application in our uh store uh teams
apps store the fourth option that you
have in the previous UI allows you to
download a zip file which will include
the Manifest file uh the teams manifest
file and the icons for your application
so that you can do the manual publishing
in uh any of the target tenants where
you want to reuse the application as I
said it takes a while to do the
publishing in the App Store and
hopefully now it is almost done it is
almost done and now we can see that it
is waiting for approval so if I'm lucky
enough I can go back here and I can
refresh my list of apps and search
for HR copilot again so let me do that
let me change the view and let me search
again and hopefully it will be already
there yes it is so HR copilot demo is
now here as you can see it is blocked
right now but I can click on it and as
an admin I can choose to uh reject or
publish the application if I will
publish the application it will become
available to all of my users when they
will go to teams and they will add an
app from here but it will take minutes
not one or two minutes maybe more than
that so I'm not going to uh make you
wait for that time right now and that's
why I have already created in My Demo
environment a couple of other HR copilot
samples one with the single signon
experience as like as I just showed you
and another one without the single sonon
experience so now I'm switching to a
demo user that I have and I'm almost
done then and I will first of all show
you the user experience when you don't
have the single sign on configured so
this is the URL that you can use to
directly activate a custom copilot in
teams uh without going through the whole
process of registering the app here I am
with a user uh hypothetical user called
Julie red and I can add the HR copilot
with no single seon the no single seon
experience will provide to the end user
this experience so the user will have to
click on the login button and by
clicking on the login button there will
be a kind of a dance there will be a new
tab opened and then once it will be
closed we will get back a welcome
message from the copilot studio and the
user is now authenticated on the
contrary if you use the single sonon
experience and let me do that and then
I'm almost
done again we open it we use the web
experience we add the application
and once it will be added to my uh user
experience as you can see I don't have
to click the login button but I'm right
there ready to consume my custom copilot
with single signon because I already
have my access token with the on behalf
of flow which has been created for me
with all of the permission scops needed
to consume my target Uh custom copilot
so that said let me briefly switch back
to the slide there this was a backup
plan in case of any need I pre-recorded
the uh running solution this is a recap
that I leave just for your reference so
all of these steps you need to go
through in order to register and publish
a custom co-pilot in teams with single
signon and here you have a set of useful
links if you want to dig uh much more
into this topic that said I think that's
all for me back to you Fabian thank
[Music]
you
Browse More Related Video
How Copilot for Microsoft 365 can work with your external data
Understanding Resource Specific Consent for Microsoft Graph and SharePoint Online
90-Second Recap: Satya Nadella's Keynote at Microsoft Build 2024
Top 10 Microsoft Copilot Tips and Tricks to Boost Your Productivity
Microsoft Entra ID Beginner's Tutorial (Azure Active Directory)
Angular Login and Signup Page | Local-Storage | angular tutorial | angular tutorial for beginners
5.0 / 5 (0 votes)