How to Build a Custom Copilot with Copilot Studio

[Music] okay so this is the second episode of a series of episodes about how you can uh build custom copilot with copilot studio uh consuming SharePoint online or one drive uh files content and in this episode I'm going to show you how you can publish a custom copilot for example in teams in order to make possible for your end users to consume uh your content and your custom copilot easily so uh this is the context you have a custom copilot you want to consume SharePoint online data or one data and you want to have it as a chat bot available in teams with single sign on capabilities to give a better user experience to your end users so now I'll move to the uh demo environment and step by step we are going to configure everything that we need to accomplish this task so first of all let me go here and this is my uh copilot studio console here I have a bunch of custom copilot that I have already uh defined and I have one which is called HR copilot demo which is the one we are going to work with in this uh demo today and just to give you an idea of what the final goal will be uh it is to have the copilot chatbot inside the teams so that we can ask questions to Copilot uh to the custom pilot and get back answers based on the content of documents that we have in a SharePoint online site which in my scenario is an hypothetical HR website where we have a bunch of documents about HR related stuff okay that's the uh context and the goal that we want to achieve so in order to do that as like as we did in the previous episode and I would invite you to give an eye to that one as well to dig into the uh details I have a custom copilot that I have created but now and today we need to slightly change the registration process to enable this custom copilot to support the publishing in teams and the single sign on so first of all in order to properly configure your co-pilot you need to uh set up the authentication of the uh custom copilot so you need to choose if you want to consume uh SharePoint online or one drive data manual authentication and you will have to configure an application in a directory and we have seen already these steps in one of the uh previous episodes so let me go to uh Azure entra ID and let me create the registration of an application which can be for example HR uh copilot demo and will be the reader application that I'm going to create and while registering this application it could be a single or multi-tenant one I can copy the redirect URL from copilot Studio which I will use to configure a web application authentication for my entra ID application and once I've done that I can use the client ID of my application in the client ID settings of my custom copilot in copilot Studio then I can go and double check in the authentication section that I have the proper redirect URL and I can enable the access token and the ID tokens uh from an authentication flow point of view so that then in the certificate and secret I can create a client secret for my application I'm going quite fast here because it is something that we have already covered uh previously but we needed to go through all of the steps and to get to the Single seon part of the story so let me copy the share secret and I will paste the share secret in the settings in the uh authentication settings of my application and then I will need in Azure andent TR to configure for my application a set of of API permissions first of all from a security point of view I want to stress the information that we are going to configure mograph delegated permissions so every single user will be able to access only the document that they have access to and I will select the open ID and profile uh permissions plus I want to have sites. read. all because I want to being able to read the sites as well as the files and all of them will will be delegated permissions so once I've added them I can grant them so that the end users will not have to do an explicit Grant when there we start using our chat bot in teams and now that I have done that I can uh just save the settings in the custom authentication in copilot studio and so far we are exactly where we were last week when we created our custom uh copilot now that I have done that I can go to publish and publish my custom compilot so that this initial setup will be written in stones and made available through uh copilot Studio but now what I want to do is to publish this uh custom copilot in thems so it takes a while to do the initial publishing but once it will be done I will be able to uh go to the channel section that you see right here so go to channels and from here I can choose one or more of the available Channel that I want to use to make my custom copilot available and my target as I said is teams so if you click on Microsoft teams you can turn on the teams Channel which means that this custom compilot will become available and uh ready to be used in teams what does that mean well first of all we can properly configure a set of additional details for our bot which will be uh available in team so by clicking on edit details we can change the icon we can and change the uh reference color for the icon that will be used to represent our custom copilot we can provide a description a long description and so on so forth but by clicking on the more button right here and selecting more you can configure all the developer information if you have uh a a website a privacy page a terms of use page and stuff letter and you should do that if you are creating a solution for your own company or your customer and then there is a section right here in the lower part of this Advanced details section where you can configure additional settings which will become useful to enable single sonon in teams so how can we get those settings first of all again we need to copy a reference value which is the app ID for our Uh custom co-pilot application so let me copy this value in the clipboard we go back to enter ID and from here we can go to the expose napi section and in the expose n API section we are going to configure a bunch of settings so that we will make it possible for the app that we just created to support single sign on first of all we need to configure a unique URI to expose a custom API in our app so let me click on ADD and the uh URI that we need to use it has to be with the following format so if API followed by both ID Dash and the unique ID that we just copied from the copilot studio so this will be my reference value okay then once we have done that we can create a custom scope so that we will enable the consumers of our application to consume the app providing a specific access token with the scope that we are going to create right now the scope name can be whatever you want in my scenario can be for example hr. read because I want to make it possible for consumers to have the permission to read my HR data but the name again can be whatever you like it will be a scope that can be consented by admins and users and here I'm just a lazy developer so I will simply copy and paste the same value in a real solution you should provide a good description and a good display name but as I said I'm a lazy developer and I will add my scope okay once I've done that this information about the uh scope will be uh useful because we are going to Grant the uh applications used by team so the desktop and web and mobile application of teams will be automatically granted to uh and authorized to use this permission scope for this application so by clicking on the add the client application we start with the desktop and mobile application this is the unique ID you will find it in the uh official documentation so you don't need to memorize it but if you want it's a good exercise up to you and we can reference the desktop and mobile application ID for teams and we authorized our custom permission scope for that application and then we do the same for the web application of teams so we click add a client again we provide the ID of the web app of teams and we still Grant the same we do the authorization of the same scope now that we are done with that we copy in the clipboard the uh either the uni urri or the uh permission scope and we go back here and in this UI we need to provide the uni URI right here so this information the client ID which we can get from the overview panel of our application right here and we save again the settings of our uh Team uh channel for our custom copilot once we've done that we need to go back to the security settings sorry there is a bit of a back and forth in the UI but it is what it is we go to the authentication section again and here we have a field which I intentionally left blank before which is the token Exchange URL now despite the name which looks like a URL that we are going to use or to consume as an API actually in this field we need to provide the permission scope the custom permission scope that we created for our application which means that we need to go back here in entra ID back to the Expos an API section we copy this value and we paste it here so this will be the custom permit Mission scope of our application which will be used by the uh backend infrastructure of copilot Studio during the single signon phase in order to Leverage The on behalf of flow and to get an access token on behalf of the currently connected user so the user who is consuming our bot our custom copilot for example in teams and that uh access token on behalf of the user will have the permission scope to consume our API but in our custom copilot we also want to consume SharePoint online content so when uh making a request for an on behalf of token we will also need to specify that we want to get a h on behalf of uh token not only for our custom permission scope but also for the permission Scopes which will make it possible to to consume the SharePoint online data so I'm adding the sites. read. all and the files. read. all permission Scopes to this list of permission Scopes and I can save again my application authentication setting sorry and once it's saved I can close this one oops don't leave and save again okay done now we can go to publish and we need to publish the custom copilot again because we need to make all of these new settings available again uh inside the uh public registry of the custom copilot and in the environment that we are targeting now that the publishing is done we can go back to the channels you can do from here or from here either way works and if you go back to the Microsoft teams Channel you can go to availability options and from here you can make your choice about how you want to make your custom boat available to the end users and here you have multiple options one is to just copy the link which will Target the custom bot and you will provide the link to the Target users and they will be able to start using your Bot I will show you uh shortly how you can do that or you can click on the show to my teammate and shared users so this one uh will be an option that will allow you to share the app to a specific set of users or show to everyone in my organization which will make your application registered and available as an app in the uh teams app catalog of your target tenant which is uh what I have done in my scenario for two other sample Uh custom copilot that I created in this demo environment once you choose for example they show to everyone in my organization the app will be uploaded to the uh apps of teams so if you go under admin. teams. my.com team apps manage apps there you will find your application and you will have to publish the application so I can do that for the sake of showing you what happens so let me do that let me submit for admin approval it means that in a matter of few seconds or minutes from now the app will show up in the apps of teams and we will be able to approve and publish the application in our uh store uh teams apps store the fourth option that you have in the previous UI allows you to download a zip file which will include the Manifest file uh the teams manifest file and the icons for your application so that you can do the manual publishing in uh any of the target tenants where you want to reuse the application as I said it takes a while to do the publishing in the App Store and hopefully now it is almost done it is almost done and now we can see that it is waiting for approval so if I'm lucky enough I can go back here and I can refresh my list of apps and search for HR copilot again so let me do that let me change the view and let me search again and hopefully it will be already there yes it is so HR copilot demo is now here as you can see it is blocked right now but I can click on it and as an admin I can choose to uh reject or publish the application if I will publish the application it will become available to all of my users when they will go to teams and they will add an app from here but it will take minutes not one or two minutes maybe more than that so I'm not going to uh make you wait for that time right now and that's why I have already created in My Demo environment a couple of other HR copilot samples one with the single signon experience as like as I just showed you and another one without the single sonon experience so now I'm switching to a demo user that I have and I'm almost done then and I will first of all show you the user experience when you don't have the single sign on configured so this is the URL that you can use to directly activate a custom copilot in teams uh without going through the whole process of registering the app here I am with a user uh hypothetical user called Julie red and I can add the HR copilot with no single seon the no single seon experience will provide to the end user this experience so the user will have to click on the login button and by clicking on the login button there will be a kind of a dance there will be a new tab opened and then once it will be closed we will get back a welcome message from the copilot studio and the user is now authenticated on the contrary if you use the single sonon experience and let me do that and then I'm almost done again we open it we use the web experience we add the application and once it will be added to my uh user experience as you can see I don't have to click the login button but I'm right there ready to consume my custom copilot with single signon because I already have my access token with the on behalf of flow which has been created for me with all of the permission scops needed to consume my target Uh custom copilot so that said let me briefly switch back to the slide there this was a backup plan in case of any need I pre-recorded the uh running solution this is a recap that I leave just for your reference so all of these steps you need to go through in order to register and publish a custom co-pilot in teams with single signon and here you have a set of useful links if you want to dig uh much more into this topic that said I think that's all for me back to you Fabian thank [Music] you

[Music] okay so this is the second episode of a series of episodes about how you can uh build custom copilot with copilot studio uh consuming SharePoint online or one drive uh files content and in this episode I&#39;m going to show you how you can publish a custom copilot for example in teams in order to make possible for your end users to consume uh your content and your custom copilot easily so uh this is the context you have a custom copilot you want to consume SharePoint online data or one data and you want to have it as a chat bot available in teams with single sign on capabilities to give a better user experience to your end users so now I&#39;ll move to the uh demo environment and step by step we are going to configure everything that we need to accomplish this task so first of all let me go here and this is my uh copilot studio console here I have a bunch of custom copilot that I have already uh defined and I have one which is called HR copilot demo which is the one we are going to work with in this uh demo today and just to give you an idea of what the final goal will be uh it is to have the copilot chatbot inside the teams so that we can ask questions to Copilot uh to the custom pilot and get back answers based on the content of documents that we have in a SharePoint online site which in my scenario is an hypothetical HR website where we have a bunch of documents about HR related stuff okay that&#39;s the uh context and the goal that we want to achieve so in order to do that as like as we did in the previous episode and I would invite you to give an eye to that one as well to dig into the uh details I have a custom copilot that I have created but now and today we need to slightly change the registration process to enable this custom copilot to support the publishing in teams and the single sign on so first of all in order to properly configure your co-pilot you need to uh set up the authentication of the uh custom copilot so you need to choose if you want to consume uh SharePoint online or one drive data manual authentication and you will have to configure an application in a directory and we have seen already these steps in one of the uh previous episodes so let me go to uh Azure entra ID and let me create the registration of an application which can be for example HR uh copilot demo and will be the reader application that I&#39;m going to create and while registering this application it could be a single or multi-tenant one I can copy the redirect URL from copilot Studio which I will use to configure a web application authentication for my entra ID application and once I&#39;ve done that I can use the client ID of my application in the client ID settings of my custom copilot in copilot Studio then I can go and double check in the authentication section that I have the proper redirect URL and I can enable the access token and the ID tokens uh from an authentication flow point of view so that then in the certificate and secret I can create a client secret for my application I&#39;m going quite fast here because it is something that we have already covered uh previously but we needed to go through all of the steps and to get to the Single seon part of the story so let me copy the share secret and I will paste the share secret in the settings in the uh authentication settings of my application and then I will need in Azure andent TR to configure for my application a set of of API permissions first of all from a security point of view I want to stress the information that we are going to configure mograph delegated permissions so every single user will be able to access only the document that they have access to and I will select the open ID and profile uh permissions plus I want to have sites. read. all because I want to being able to read the sites as well as the files and all of them will will be delegated permissions so once I&#39;ve added them I can grant them so that the end users will not have to do an explicit Grant when there we start using our chat bot in teams and now that I have done that I can uh just save the settings in the custom authentication in copilot studio and so far we are exactly where we were last week when we created our custom uh copilot now that I have done that I can go to publish and publish my custom compilot so that this initial setup will be written in stones and made available through uh copilot Studio but now what I want to do is to publish this uh custom copilot in thems so it takes a while to do the initial publishing but once it will be done I will be able to uh go to the channel section that you see right here so go to channels and from here I can choose one or more of the available Channel that I want to use to make my custom copilot available and my target as I said is teams so if you click on Microsoft teams you can turn on the teams Channel which means that this custom compilot will become available and uh ready to be used in teams what does that mean well first of all we can properly configure a set of additional details for our bot which will be uh available in team so by clicking on edit details we can change the icon we can and change the uh reference color for the icon that will be used to represent our custom copilot we can provide a description a long description and so on so forth but by clicking on the more button right here and selecting more you can configure all the developer information if you have uh a a website a privacy page a terms of use page and stuff letter and you should do that if you are creating a solution for your own company or your customer and then there is a section right here in the lower part of this Advanced details section where you can configure additional settings which will become useful to enable single sonon in teams so how can we get those settings first of all again we need to copy a reference value which is the app ID for our Uh custom co-pilot application so let me copy this value in the clipboard we go back to enter ID and from here we can go to the expose napi section and in the expose n API section we are going to configure a bunch of settings so that we will make it possible for the app that we just created to support single sign on first of all we need to configure a unique URI to expose a custom API in our app so let me click on ADD and the uh URI that we need to use it has to be with the following format so if API followed by both ID Dash and the unique ID that we just copied from the copilot studio so this will be my reference value okay then once we have done that we can create a custom scope so that we will enable the consumers of our application to consume the app providing a specific access token with the scope that we are going to create right now the scope name can be whatever you want in my scenario can be for example hr. read because I want to make it possible for consumers to have the permission to read my HR data but the name again can be whatever you like it will be a scope that can be consented by admins and users and here I&#39;m just a lazy developer so I will simply copy and paste the same value in a real solution you should provide a good description and a good display name but as I said I&#39;m a lazy developer and I will add my scope okay once I&#39;ve done that this information about the uh scope will be uh useful because we are going to Grant the uh applications used by team so the desktop and web and mobile application of teams will be automatically granted to uh and authorized to use this permission scope for this application so by clicking on the add the client application we start with the desktop and mobile application this is the unique ID you will find it in the uh official documentation so you don&#39;t need to memorize it but if you want it&#39;s a good exercise up to you and we can reference the desktop and mobile application ID for teams and we authorized our custom permission scope for that application and then we do the same for the web application of teams so we click add a client again we provide the ID of the web app of teams and we still Grant the same we do the authorization of the same scope now that we are done with that we copy in the clipboard the uh either the uni urri or the uh permission scope and we go back here and in this UI we need to provide the uni URI right here so this information the client ID which we can get from the overview panel of our application right here and we save again the settings of our uh Team uh channel for our custom copilot once we&#39;ve done that we need to go back to the security settings sorry there is a bit of a back and forth in the UI but it is what it is we go to the authentication section again and here we have a field which I intentionally left blank before which is the token Exchange URL now despite the name which looks like a URL that we are going to use or to consume as an API actually in this field we need to provide the permission scope the custom permission scope that we created for our application which means that we need to go back here in entra ID back to the Expos an API section we copy this value and we paste it here so this will be the custom permit Mission scope of our application which will be used by the uh backend infrastructure of copilot Studio during the single signon phase in order to Leverage The on behalf of flow and to get an access token on behalf of the currently connected user so the user who is consuming our bot our custom copilot for example in teams and that uh access token on behalf of the user will have the permission scope to consume our API but in our custom copilot we also want to consume SharePoint online content so when uh making a request for an on behalf of token we will also need to specify that we want to get a h on behalf of uh token not only for our custom permission scope but also for the permission Scopes which will make it possible to to consume the SharePoint online data so I&#39;m adding the sites. read. all and the files. read. all permission Scopes to this list of permission Scopes and I can save again my application authentication setting sorry and once it&#39;s saved I can close this one oops don&#39;t leave and save again okay done now we can go to publish and we need to publish the custom copilot again because we need to make all of these new settings available again uh inside the uh public registry of the custom copilot and in the environment that we are targeting now that the publishing is done we can go back to the channels you can do from here or from here either way works and if you go back to the Microsoft teams Channel you can go to availability options and from here you can make your choice about how you want to make your custom boat available to the end users and here you have multiple options one is to just copy the link which will Target the custom bot and you will provide the link to the Target users and they will be able to start using your Bot I will show you uh shortly how you can do that or you can click on the show to my teammate and shared users so this one uh will be an option that will allow you to share the app to a specific set of users or show to everyone in my organization which will make your application registered and available as an app in the uh teams app catalog of your target tenant which is uh what I have done in my scenario for two other sample Uh custom copilot that I created in this demo environment once you choose for example they show to everyone in my organization the app will be uploaded to the uh apps of teams so if you go under admin. teams. my.com team apps manage apps there you will find your application and you will have to publish the application so I can do that for the sake of showing you what happens so let me do that let me submit for admin approval it means that in a matter of few seconds or minutes from now the app will show up in the apps of teams and we will be able to approve and publish the application in our uh store uh teams apps store the fourth option that you have in the previous UI allows you to download a zip file which will include the Manifest file uh the teams manifest file and the icons for your application so that you can do the manual publishing in uh any of the target tenants where you want to reuse the application as I said it takes a while to do the publishing in the App Store and hopefully now it is almost done it is almost done and now we can see that it is waiting for approval so if I&#39;m lucky enough I can go back here and I can refresh my list of apps and search for HR copilot again so let me do that let me change the view and let me search again and hopefully it will be already there yes it is so HR copilot demo is now here as you can see it is blocked right now but I can click on it and as an admin I can choose to uh reject or publish the application if I will publish the application it will become available to all of my users when they will go to teams and they will add an app from here but it will take minutes not one or two minutes maybe more than that so I&#39;m not going to uh make you wait for that time right now and that&#39;s why I have already created in My Demo environment a couple of other HR copilot samples one with the single signon experience as like as I just showed you and another one without the single sonon experience so now I&#39;m switching to a demo user that I have and I&#39;m almost done then and I will first of all show you the user experience when you don&#39;t have the single sign on configured so this is the URL that you can use to directly activate a custom copilot in teams uh without going through the whole process of registering the app here I am with a user uh hypothetical user called Julie red and I can add the HR copilot with no single seon the no single seon experience will provide to the end user this experience so the user will have to click on the login button and by clicking on the login button there will be a kind of a dance there will be a new tab opened and then once it will be closed we will get back a welcome message from the copilot studio and the user is now authenticated on the contrary if you use the single sonon experience and let me do that and then I&#39;m almost done again we open it we use the web experience we add the application and once it will be added to my uh user experience as you can see I don&#39;t have to click the login button but I&#39;m right there ready to consume my custom copilot with single signon because I already have my access token with the on behalf of flow which has been created for me with all of the permission scops needed to consume my target Uh custom copilot so that said let me briefly switch back to the slide there this was a backup plan in case of any need I pre-recorded the uh running solution this is a recap that I leave just for your reference so all of these steps you need to go through in order to register and publish a custom co-pilot in teams with single signon and here you have a set of useful links if you want to dig uh much more into this topic that said I think that&#39;s all for me back to you Fabian thank [Music] you

Transcript for:How to Build a Custom Copilot with Copilot Studio

Transcript for:
How to Build a Custom Copilot with Copilot Studio