Skip to content
Claresia Docs

Microsoft Copilot M365 connector

Connect Claresia to Microsoft Copilot M365. End users invoke @claresia.<skill> from Copilot Chat in Microsoft 365 (Word, Excel, Outlook, Teams, the Copilot app). This is the most common path for European manufacturing / financial services customers (Dainese, etc.).

Prerequisites

Section titled “Prerequisites”
  • Microsoft 365 with Copilot M365 license
  • Power Platform admin rights in your tenant
  • An Azure AD global admin to consent to Claresia’s app registration
  • Microsoft Graph API access (default for M365 tenants)
  • Your tenant ID (Entra → Overview)

Part 1 — Register Claresia in your Azure AD

Section titled “Part 1 — Register Claresia in your Azure AD”

  1. In Claresia Onboarding Portal, click Connect LLM (Step 6) → pick the Microsoft Copilot M365 card. The portal shows you an Azure CLI command to run, which creates the Azure AD app + assigns the right scopes:

    Terminal window
    az ad sp create --id <claresia-multi-tenant-app-id>
    az role assignment create \
      --assignee <returned-sp-id> \
      --role "Power Platform Administrator" \
      --scope /providers/Microsoft.Management/managementGroups/<your-tenant-id>

  2. Run the command in your Azure Cloud Shell (or local Azure CLI logged in as global admin).

  3. The output includes a Service Principal Object ID — copy it.

  4. In the portal, paste the SP Object ID + your tenant ID. Click Test connection — Claresia calls GET https://api.powerplatform.com/admin/environments to confirm.

Part 2 — Skill publish flow (cc-065)

Section titled “Part 2 — Skill publish flow (cc-065)”

Claresia publishes each skill as a Copilot Studio agent + a Power Platform action:

  1. Reads the Skill IR JSON for every entitled skill
  2. Transpiles into Copilot Studio agent YAML (topics, system prompt, knowledge sources, Power Automate flow bindings)
  3. POSTs to Power Platform Admin API → creates the agent under the claresia-{tenant_slug}-{skill_id} namespace
  4. Sets agent ACLs to match your AAD group → archetype mapping
  5. Publishes the agent (agents are drafts by default; Claresia auto-publishes after validation passes)
  6. End users see the agent in Copilot Chat’s @ mention picker within ~60s (Copilot Studio’s publish lag is the longest of the four platforms — SLO <60s p99)

Agent shape per skill

Section titled “Agent shape per skill”
# Excerpt — auto-generated from Skill IR
displayName: "claresia-dainese-incident-postmortem"
description: "Generate a postmortem for a Gatespic-tracked incident."
systemPrompt: |
  You are Claresia's Incident Postmortem skill. Follow the cc-051 firmware-engineer
  cadence. Output sections: Summary, Timeline, Root Cause, Impact,
  Remediation, Lessons Learned. Cite incident ID + commit SHAs.
parameters:
  - name: incident_id
    type: string
    required: true
knowledgeSources:
  - type: dataverse
    table: claresia_dainese_incidents
actions:
  - type: power_automate_flow
    flow_id: emit_hub_record

Part 3 — Telemetry ingest via Microsoft Graph

Section titled “Part 3 — Telemetry ingest via Microsoft Graph”

Claresia polls Microsoft Graph audit log every 60s:

GET https://graph.microsoft.com/v1.0/auditLogs/directoryAudits
  ?$filter=category eq 'CopilotAgent' and contains(targetResources/displayName, 'claresia-{tenant_slug}-')
  &$orderby=activityDateTime desc

For each event, we normalize into fn_telemetry_event and write to the Hub.

End-user experience inside Copilot

Section titled “End-user experience inside Copilot”

The user opens Microsoft Copilot Chat (web, Teams, Outlook, Word, Excel) and types:

@claresia.gatespic.incident-postmortem

The Copilot picker shows the agents entitled to their archetype. They pick one, Copilot prompts for parameters via an Adaptive Card form, runs the agent, and returns the reply wrapped in Claresia’s Adaptive Card:

[skill output body]

Claresia · Incident Postmortem · $0.04 · 2.3s · View record

Adaptive Cards render natively in Teams, Outlook, and Copilot Chat — no additional install required.

Power Automate flows (Hub emission)

Section titled “Power Automate flows (Hub emission)”

Claresia ships a Hub Emission Flow in your Power Platform tenant. Every agent invocation triggers this flow, which:

  1. Receives the agent output payload
  2. Computes the SHA-256 provenance hash
  3. POSTs to Claresia’s Hub ingest endpoint (Mode A/B) OR writes directly to your customer-cloud Hub (Mode C)
  4. Returns the Hub record ID to the agent for the footer link

This flow lives in the claresia-{tenant_slug} Power Platform environment and is owned by the Claresia AAD service principal — you don’t need to manage it.

Common gotchas

Section titled “Common gotchas”
SymptomCauseFix
Agents don’t appear in Copilot pickerCopilot Studio publish lagWait 90s; or hit Republish all in Command Center
403 on publishSP missing Power Platform Admin roleRe-run the az role assignment command
Telemetry missingAudit Logs not enabled in Microsoft PurviewEnable Audit Log Search in compliance.microsoft.com
Hub records missingPower Automate flow disabledRe-enable the claresia-hub-emission flow in Power Automate UI
AAD consent screen blocks installTenant requires admin consent for new appsHave your global admin pre-consent in Azure → Enterprise Applications → User Settings

Reference

Section titled “Reference”