# Copilot Studio ## Selecting the Connection Type Once you have [selected the Copilot Studio as your connection type](/ai-red-teaming/probe/target/add-target/integration-setup.md#selecting-a-connection-type), a configuration tab will appear on the next step, prompting you to input the required connection details. ## Integration Modes The Copilot Studio integration supports two modes of operation: 1. **Non-Auth Mode** - A lightweight integration mode that allows access without tokens, requiring only basic configuration with a focus on simplicity. Use this if your agent is relatively simple and does not require user authentication. Downside to this mode is that your agent can only access public information and resources, which limits the scope of capabilities we can test. If your agent is configured with tools which depend on the identity of the user (eg. read user emails), opt for the Auth mode instead. 2. **Auth Mode** - This mode is designed for users who require secure authentication using OAuth/SSO. It enables automated handling of access and refresh tokens for seamless interaction with the Microsoft API. The setup process and requirements for both workflows are defined below. ## Non-Auth Mode Setup ![Figure 1: Configure Copilot Studio Connection In Non-Auth Mode](/files/vPFWCWoScZkcmCARTru5) The **Non-Auth Mode** is a simpler configuration flow, where no refresh token or authentication steps are needed. Users are required to provide the following inputs in the user interface: * **Agent Secret** (API secret) - A secure, unique key used to authenticate the agent without requiring OAuth. This value is provided during your agent setup and securely stored to prevent unauthorized access. * **Direct Line Region** - The identifier for the geographic region where your Direct Line API is hosted. This ensures requests are routed to the appropriate Microsoft data center for processing. ### How to Obtain Required Fields Turn off Authentication for the Agent in Copilot Studio: 1. On the Copilot Studio page, click on the Agent you want to test 2. **Before turning off Authentication**, go to Settings -> Security -> Web channel security and toggle on “Require secured access”. This is to ensure no unwanted third parties can invoke your Agent. 3. Turn off Authentication 1. On the Agent page, click on Settings -> Security -> Authentication. 2. Under the Authentication options, choose “No authentication” and click on Save -> Save. 4. To obtain the Agent Secret, navigate to Settings -> Security -> Web channel security. Copy either of the two presented Secrets and paste them into the SPLX platform as **Agent Secret**. 5. Publish the Agent 1. On the Agent page, click on Publish -> Publish 2. Wait a couple of minutes for the changes to take effect 6. Choose the right Direct Line Region 1. On the Agent page in Copilot Studio, identify the Environment name in the top right corner of the page. 2. Go to [https://admin.powerplatform.microsoft.com](https://www.google.com/url?q=https://admin.powerplatform.microsoft.com\&sa=D\&source=editors\&ust=1769590516925090\&usg=AOvVaw3yEJx61ghGnSJqL50obyuK) 3. On the left-side navbar, click on Manage -> Environments 4. Locate the row in the table which corresponds to the environment from the Copilot Studio page 5. Look for the Region column 1. If it is Europe, set **Direct Line Region** in the SPLX platform to Europe 2. If it is India, set **Direct Line Region** in the SPLX platform to India 3. Otherwise, set **Direct Line Region** in the SPLX platform to Global ## Auth Mode Setup ![Figure 2: Configure Copilot Studio Connection In Auth Mode](/files/VQEsEmnLnOSk7UD3G8Zi) In the **Auth Mode**, users are required to input the following details in the user interface: * **Client ID** - A unique identifier assigned to your Microsoft Azure application. * **Tenant ID** - The identifier for your Microsoft Azure directory (tenant). * **Environment ID** - Identifies the Power Platform environment where your agent lives. * **Schema Name** - An unique identifier for an agent within a Dataverse environment. ### How to Obtain Required Fields Create an Application Registration in Entra ID: 1. Open [https://portal.azure.com](https://www.google.com/url?q=https://portal.azure.com\&sa=D\&source=editors\&ust=1769590516927942\&usg=AOvVaw2sarBwDJAHRW-e5_kEWVLb). 2. Navigate to App registrations. 3. Register an application 1. Click on New registration 2. Provide a name (eg. “Copilot Studio SPLX Integration”) 3. Under Supported account types, choose “Accounts in this organization directory only” 4. Under Redirect URI, choose Single-page application (SPA) as the platform. Set the URI to be: `{origin}/integrations/copilot-studio-redirect`\ Origin is the URL which you see in the browser for the SPLX platform. For example, if you are using the SaaS version, the origin will be [https://probe.splx.ai](https://www.google.com/url?q=https://probe.splx.ai\&sa=D\&source=editors\&ust=1769590516929522\&usg=AOvVaw3EpigRECvs2NpyrkmGqqqh), and the full redirect URI will be [https://probe.splx.ai/integrations/copilot-studio-redirect](https://www.google.com/url?q=https://probe.splx.ai/integrations/copilot-studio-redirect\&sa=D\&source=editors\&ust=1769590516929900\&usg=AOvVaw3DioFbEpbf2Wb1097Q-gYD) 4. Open your newly created application. 1. Search for your application under App registrations -> All applications 5. On the Overview page, copy and paste the following information into the SPLX platform: 1. *Application (client) ID* as the **Client ID** 2. *Directory (tenant)* *ID* as the **Tenant ID** 6. In the sidebar, click on Manage -> API permissions 1. Click on “Add a permission” 2. Click on the tab “APIs my organization uses” and search for “Power Platform API” 1. If you do not see the “Power Platform API”, you must first enable it inside your organization. 2. To enable Power Platform API, first click on the Cloud Shell icon in the top right corner. 3. Then, run the following command:\ `az ad sp create --id 8578e004-a5c6-46e7-913e-12f58912df43` 3. Choose “Delegated permissions”. Search for the “CopilotStudio” section and check the box next to “CopilotStudio.Copilots.Invoke”. Click “Add permissions”. 4. On the API permissions page, under “Configured permissions” click on “Grant admin consent for {your org}.”. When prompted to confirm, click “Yes”. Set up and Publish the Copilot Studio agent: 1. On the Copilot Studio page, click on the Agent you want to test 2. Set up Authentication 1. On the Agent page, click on Settings -> Security -> Authentication. 2. Under the Authentication options, choose “Authenticate with Microsoft” and click on Save. 3. Copy and paste Agent metadata into the SPLX platform 1. On the Agent page, click on Settings -> Advanced -> Metadata 2. Copy and paste the following information into the SPLX platform: 1. Environment ID as the **Environment ID** 2. Schema name as the **Schema Name** 4. Publish the Agent 1. On the Agent page, click on Publish -> Publish 2. Wait a couple of minutes for the changes to take effect --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.probe.splx.ai/ai-red-teaming/probe/target/index/copilot-studio.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.