Microsoft Copilot Studio enables the integration of various enterprise systems into your agents, with built-in security, governance, and unified validation experiences. It supports productivity data from Office applications, line-of-business data from sources such as Dataverse (Microsoft 365 Dynamics), Salesforce, ServiceNow, and local files. For a more detailed overview of supported knowledge sources and configuration, read the overview of different knowledge sources supported by Copilot Studio.

Enterprise data is used to ground your agents in your organization’s knowledge, ensuring accurate and relevant information. This process is known as Retrieval Augmented Generation (RAG). This document provides an in-depth look at how your data from enterprise systems is transformed into knowledge through RAG on the data sources mentioned below: 

• Files – Using built-in semantic index of Copilot Studio 
• Enterprise Systems – Dataverse Tables and Azure SQL, Azure AI Search index, Salesforce, ServiceNow, and more) through 1,400+ Power Platform connectors or leveraging Microsoft 365 semantic index created by Microsoft Graph connections. 

Files

Uploading files as knowledge helps makers enrich their agents with additional data, augmenting the LLM’s knowledge and grounding the agent in specific information provided by the maker. Makers can upload a variety of files (see types and limits here) which are semantically indexed as vector embeddings and then used as knowledge for agents. This knowledge used in agents can then be shared with authenticated and unauthenticated users of the agent.  

To improve agent’s responses, uploaded files are chunked into smaller pieces for faster processing and vector-indexed to provide semantic match with the user query. They are stored automatically in a built-in store for the agent. Indexing time depends on the file size. When a user queries through an agent, the Copilot Studio orchestrator uses the relevant chunks that match the query, and then the LLM summarizes the top chunks. 

Enterprise Systems

Ensuring secure access to knowledge sources is critical for managing and harnessing enterprise data effectively. The data in the enterprise systems are accessed in the context of the end user and the end user always get to view the current data in the tables, based on the security roles assigned to them. Also, when a modification is made to the underlying data in these tables, by any application, user or the agent, these changes are reflected in real time to the next query from the agent! 

Enterprise sources such as Dataverse tables contain data from Dynamics 365 business applications (i.e. Sales, Marketing, Finance) and custom business data useful for LOB agents. Makers can use existing Dataverse tables or create new tables via Data Workspace to provide knowledge for agents. Such new tables can be populated from Excel files, SharePoint lists and external systems using Dataflows built on Power Query. 

When Dataverse is used as Knowledge, the user’s query is translated into runtime query against Dataverse. The data and metadata in these tables are semantically indexed and vector embeddings help with linking the objects in the user query to schema elements and annotation of values. These annotations, along with synonyms and glossaries provided by the maker, determine the relevant columns to be used while generating a PowerFX query from the natural language. Synonyms and Glossaries are provided by the maker, inside Microsoft Copilot Studio while adding Dataverse tables to provide more business and organizational context to the models being used to fetch relevant knowledge. Thus, you can see why synonyms and glossaries play a big role in getting quality responses for queries from agent. At runtime, the rich Dataverse security model is enforced including table, row and column security. This means that the end-user will only be seeing the records which they have access to. The entire end to end process is illustrated below.

Other Enterprise sources

For other enterprise systems such as Salesforce, ServiceNow, Zendesk, and Azure SQL Server, the real-time RAG approach is implemented. In this approach, data from these enterprise sources are never ingested or indexed, but instead we leverage the metadata to generate a real-time query based on table and column names. Also in this model, customers do not have to worry about adding any additional layer of security within Copilot Studio. Copilot Studio uses only metadata, such as table and column names, when sources are selected, to create an index. The connectivity is established using the low code Power Platform connectors. When end-users use the agent, they are prompted to sign-in to establish a connection to the external system ensuring that they have the appropriate permissions to access the data, thereby establishing a secure link to access the knowledge needed, in real-time, for providing answers.

Security

When developing agents that are grounded on diverse knowledge sources, data security becomes a shared responsibility among the makers and administrators alike. 

When utilizing Copilot Studio to build agents, makers have the tooling available to implement robust security measures and adhere to best practices, creating intelligent solutions that are both powerful and secure while meeting the highest compliance standards. Adopting secure-by-default practices is essential; makers should ensure that agents are authenticated to restrict access exclusively to authorized users. Additionally, minimizing data exposure by connecting agents only to the necessary knowledge sources helps reduce risks and limits the overall attack surface. Implementing role-based access controls ensures that users receive only the permissions they require, preventing inadvertent overprivileged access to sensitive data. Continuous monitoring of access and usage aids in the prompt detection of any unusual or unauthorized activities, and regular security audits are vital to gain insight into discrepancies and anomalies that could indicate business concerns or suspected security violations. Before deploying to production environment, makers must conduct comprehensive compliance checks to ensure alignment with organizational policies and regulatory standards. 

Administrators play an equally crucial role in governing knowledge sources by leveraging managed security capabilities. These controls help protect data from threats, regulate access, prevent data exfiltration, and support custom encryption policies that reflect the organization’s requirements. By applying tailored data policies to systems such as SharePoint, public websites, or document repositories, administrators can ensure that connectors and API endpoints are used securely by developers building agents. Monitoring and analytics in the Power Platform admin center provide detailed insights into how resources—such as Dataverse—are accessed and utilized. Features like IP firewalls, IP cookie binding, and managed identities for Dataverse plug-ins further guarantee that only authorized users can access critical organizational resources. Moreover, robust compliance measures, including functionalities like Customer Lockbox and comprehensive auditing support for activities performed by makers, users, and administrators—further ensure that you get insights into organizational data events and streamline implementing industry regulations. 

We are continuously raising the bar on security and governance around data and knowledge that is being used by agents. To learn more about these features, see IT Governance Controls for Your Copilot agents – Microsoft Power Platform Blog 

Conclusion

Copilot Studio provides a robust and secure platform for building custom agents, using various RAG techniques for your enterprise systems. If you have not yet created an agent using Microsoft Copilot Studio, why wait? Start building your agents using Copilot Studio today, and experience how your enterprise data can be converted to knowledge for agents securely with a no-code seamless experience. Your data security is our top priority, allowing you to focus on creating exceptional, intelligent agents that meet your enterprise needs. 

Learn more about Microsoft Copilot Studio + Microsoft Dataverse:

• Breakout session recording: Get the most of your enterprise knowledge with Copilot Studio
• Breakout session recording: What’s new with Copilot Studio and agents 
• Documentation: Overview – Microsoft Copilot Studio | Microsoft Learn
• Documentation: What is Microsoft Dataverse? – Power Apps | Microsoft Learn  
• Podcast: Low Code Approach | Microsoft  
• Webpage: Customize Copilot and Create Agents | Microsoft Copilot Studio
• Webpage: Microsoft Dataverse | Microsoft Power Platform 
• Read about the latest news: Introducing deep reasoning and agent flows in Copilot Studio

The post Knowledge in Microsoft Copilot Studio appeared first on Microsoft Power Platform Blog.

• SharePoint Integration
• Document Templates
• Reports
• Server-side sync & Exchange Integration

SharePoint Integration

SharePoint integration with Common Data Service makes the richer document management and collaboration features available to citizen developers with just a few clicks. It empowers app users to manage common document types, such as Word, Excel, PowerPoint, OneNote, and create folders to save and manage those documents that are seamlessly stored in SharePoint from within Common Data Service apps.

Let us take an example of Contoso, a firm that provides legal consultation to large corporates. Each of these large corporate customers would be stored as Accounts within the Common Data Service. As Contoso adds new customers, they sign a contract with each of these customers. The contract document captures the terms of service, contractual obligations, and other conditions as needed. These documents can now be authored and stored securely and seamlessly from within Common Data Service.

A few clicks are required here to configure SharePoint connection, so that you can customize the location of site etc. before wiring it up with Common Data Service. You will need to create a SharePoint Team site which will act as the repository for documents, set up permissions and then configure the Common Data Service for document management by enabling server-based SharePoint integration. Step by Step instructions are provided here. Once server-based SharePoint integration is enabled you will need to enable the entities you want to make available for document management integration. More information: Enable document management on entities

Note: Once server-based SharePoint integration is enabled you can also enable integration with OneNote and OneDrive. More information: Set up OneNote integration and Enable OneDrive for Business (online)

For the scenario with Contoso, we will just focus on enabling document management for Account entity, which is used to store the customer information.

To enable this, you would launch the Document Management Settings wizard as shown in the picture below, from settings–> Document Management. See Settings for help with this navigation.

Specify the SharePoint site URL and continue with the wizard. Next screen, it would ask for confirmation on the folder structure and finally the screen confirming the successful creation of document library for the entity (Account).
You are now all set to start using the document management capabilities of Common Data Service. Navigate to any app where Accounts can be viewed, and you will see the option to upload or view previously uploaded documents.

If you observe in the grid, you will see the option to directly navigate to the SharePoint location, in case you wish to upload larger documents, or use advanced document collaboration features through SharePoint.

Document Templates

A large portion of contract agreement might be repetitive and here is where you wish you could have a template that dynamically picks up the corresponding account related information. Common Data Service enables you to use document templates, right from your accounts view, as shown here.

If you need more information, read more details about how you can configure a word template in this article.
Note: Common Data Service also supports other templates like Excel, Article and Email templates.

See these articles for more information.

Templates Overview

• • Word Template

  • Excel Template

  • Article Template

Reports

Common Data Service allows you to create reports out of the box. In the Contoso scenario, we discussed above, you could build reports like, VIP accounts based on certain criteria, for e.g. say accounts with more than $1M annual revenue.
On your Reports app, click new report and fill in the metadata before launching the “Report Wizard” button on this page. In case you do not have a reports app, you can create a new one or modify the sitemap of any app to add the “Report” entity, as per your business requirements.

Click through the wizard and here you will see the option to choose the entity – Accounts and the reporting or filtering criteria i.e. for the Contoso scenario it will be customers with annual revenue greater than $1M. More details on working with reports is provided here.

Server-side sync and Exchange Integration

While working with apps dealing with customer communication, scheduling, and other collaboration activities, you will realize the power of server-side sync and Exchange integration that Common Data Service provides as out of box feature. Once exchange integration is setup, Contoso will be able to synchronize appointments, tasks, and contacts etc. across different customers.

The configuration steps required to wire up Exchange integration is documented here.

Once the server-side sync is configured, you are all set to sync emails, appointments and tasks. For example, I received an email in my inbox, see snapshot of outlook web access (OWA) as shown

To keep a track of this email, I categorized this email as “Tracked to Dynamics 365” so that I can sync it as an activity within Common Data Service. Additionally, I decided to create a task in outlook, and an appointment as well to block some time.

All the 3 activities, Email, Task and Appointment were categorized as “Tracked to Dynamics 365” so that it would sync into Common Data Service.

Now, on the Common Data Service side, I created a model- driven app, with just the Activities entity in the sitemap to facilitate the view.

Once the app is published, I could see all the three activities that were categorized in outlook.

Additionally, you could also use App for Outlook, the model-driven app to extend Common Data Service experiences to Outlook. Please see this blog for more details.

To summarize, all these office integration features (SharePoint Integration, Document Templates, Reports, Server-side sync & Exchange Integration) are part of Common Data Service and available for you to leverage, with Power Apps license.

The post Office 365 Integration features in Common Data Service appeared first on Microsoft Power Platform Blog.