New workflow designer accessing environment variables
Hi, I really enjoy using the new workflow designer. I've a triggered workflow (Email arrives) that I added into a solution. I'd like to use environment variables from within the workflow. The variables and the workflow are in the same solution. Unfortunatly the environment variables are not visible like they were in the old designer. How can I access them ? Thanks in advance
Copilot studio Agents published on Sharepoint
Hi everyone, I'm hoping someone can confirm or correct my understanding of a limitation we're experiencing. We have a Copilot Studio agent published to a SharePoint site. When users interact with the agent, they are unable to see their previous chat history — unlike the built-in SharePoint AI agents (e.g. SharePoint Agents / Copilot for SharePoint), which do appear to retain and display conversation history. Is it correct that Copilot Studio agents published to SharePoint do NOT support persistent chat history visible to the end user, while native/built-in SharePoint AI agents do support this out of the box?The Employee Self-Service agent - how to find it
I see that Microsoft has put a lot of efforts to marketing the Copilot Employee Self-Service Agent but it seems it is not available for every tenant. I have already checked on several small and mid ones (5-2k users) and cannot find it in templates. As I understand from what I already red and saw, this is a template that should be available to you when you start building agents. Unfortunately when I enter Copilot Studio and enter in the search ESS (abbreviation from Employee Self-Service) I got only those two agents marked red filtered (see screenshot below). When I installed IT Helpdesk agent, I do not see topics related to HRSD in ServiceNow which I need. I found the Employee-Self-Service-Agent-Developer-Kit that contains same examples of the ServiceNow HRSD topics, but when I copy the YAML code of those topics to my agent I got some references to topics that I do not exists in my agents. Anyone has struggled with the same? Or maybe you have access to the Employee Self-Service agent and can share the basic solution/topics with me? Michal
New Agent experience - how to add Fabric data agent
When using the new (Agent) experience in Copilot studio how can you add Fabric Data agent as connected agent ? There does not seem to be an option. Also should adding it as an MCP server be supported (under Tools) ? https://learn.microsoft.com/en-us/fabric/data-science/data-agent-mcp-server says the following: Currently, you can use the Fabric data agent MCP server only in VS Code. If you're using your own MCP client, it can also work, as long as you set up authentication Has anyone tried this? If yes, by using with authentication? OAuth2? Thanks
Why Your Copilot Studio Agent Fails in Production (And How to Fix It)
Most Copilot Studio tutorials show you how to build a chatbot. This post is about something harder: building agents that actually work in production. I architect enterprise agents at a hospitality company — handling customer email triage, HR workflows, helpdesk automation, and reporting pipelines across multiple systems. One of those agents reduced human handling time per customer email from ~12 minutes to under 2 minutes (88% reduction) by orchestrating sentiment analysis, CRM lookups, SOP research via child agents, and response drafting — all before a human agent ever opens the email. Here is what I've learned building at that scale. The Four Layers Every Enterprise Agent Needs Most teams design only the top layer and treat everything else as "we'll figure it out later." By the time the other layers become urgent — usually after an incident — they're too expensive to retrofit. Layer Component Conversation Topics · Entities · Adaptive Cards · NLU Orchestration Agent routing · Context passing · State Integration Connectors · Power Automate · Azure Functions Governance DLP · Auth · ALM · Monitoring · Logging Build the governance layer first. Design the conversation layer last. The demo will be slightly less impressive. The production deployment will be significantly more stable. The Three Mistakes I See Most Often 1. Slot-filling designed for the happy path The default Copilot Studio pattern collects parameters one by one. It breaks the moment your flow has conditional branches — which every real enterprise workflow does. Use intent-first routing instead: identify what the user wants before collecting any parameters, then branch to a sub-flow that collects only what that variant needs. 2. Multi-agent context that gets dropped When you delegate from a router agent to a capability agent, the receiving agent needs to know who the user is and what conversation state to preserve. Native session variables don't cross agent boundaries. Build an explicit context envelope — a JSON object passed at delegation time — that carries user identity, security scope, origin topic, and return context. Your agents become stateless with respect to each other. Context travels with the conversation. 3. No async pattern for slow integrations A synchronous request that works for a REST API returning in 200ms will silently fail for a legacy system query that takes 45 seconds. Design async from day one: submit to an Azure Service Bus queue, return a correlation ID, acknowledge the user, and use proactive messaging to deliver the result when it's ready. This is the single biggest gap between demos and production deployments. A Note on Authentication — Chatbots vs. Autonomous Agents This is a distinction most articles get wrong, so it's worth being explicit. Chatbots have a human on the other end of the conversation. Authentication options here include Entra ID SSO (works in Teams and SharePoint channels where the user's identity is delegated to the agent) or client ID + secret (validates against AD but without user delegation — the agent authenticates as itself, not as the user). Autonomous agents are different in a fundamental way: there is no human in the authentication loop. The agent authenticates using the identity of the account that owns and runs it. There is no SSO because there is no interactive user session. This distinction matters because the security model shifts entirely — you are no longer protecting a user session, you are protecting a service identity. This gets more interesting when your autonomous agent connects to non-Microsoft systems. There is no universal pattern here — it depends entirely on what the external system supports: - API Key / Secret — the most common pattern for SaaS integrations. The external system issues a scoped key specifically for this integration. Store it in Azure Key Vault or encrypted Power Platform environment variables, never hardcoded in a flow. The scoping question is critical: is this a full-admin key or a least-privilege key issued only for what this agent needs? - OAuth 2.0 Client Credentials (machine-to-machine) — the agent authenticates as itself using client ID + secret against the external system's auth server and receives a bearer token. No user involved, fully automated. - Basic Auth on legacy systems — still common in enterprise environments. Credentials must live in Key Vault, not in flow variables or connector configuration in plain text. - Custom connector with encrypted connection — Power Platform manages the auth at the connector level; credentials are stored encrypted and scoped to the environment. The governing principle across all of these: the identity the agent uses to call an external system should be issued specifically for that integration, scoped to only the permissions that agent needs, stored securely (Key Vault or encrypted environment variables), and auditable — meaning the external system's logs show the agent's calls as a distinct identity, not a shared admin account that 12 other things also use. Before You Go to Production — Quick Checklist [ ] Autonomous agent's owning account/service principal is scoped to least-privilege — access only to systems the agent needs, nothing broader [ ] Non-Microsoft system credentials stored in Azure Key Vault or encrypted environment variables — never hardcoded in flows [ ] Each external system integration uses a dedicated, scoped credential — not a shared admin account [ ] External system audit logs show the agent as a distinct, identifiable caller [ ] DLP policies configured per environment — production is strict, dev is permissive [ ] Dataverse schema finalized before topic design begins [ ] Error handling designed for every integration point with user-readable failure messages [ ] Async pattern in place for any integration that may take > 10 seconds [ ] ALM pipeline configured: Dev → Test → UAT → Prod with automated solution checker [ ] Application Insights connected with custom events for key agent actions [ ] Escalation rate baseline established with alert threshold configured The One Question to Ask Before Building Anything "What does success look like in six months, and what data does the agent need access to in order to achieve it?" That answer determines your Dataverse schema, your integration architecture, your authentication model, and your DLP policy — before a single topic is created. Agents designed from that question forward are maintainable and trusted by the business. Agents designed from the conversation layer down spend their first year in retrofitting mode. Happy to go deeper on any of these layers in the comments — particularly multi-agent context passing and the async pattern, which I find generate the most questions in enterprise deployments.Copilot, Microsoft 365 & Power Platform Community call
💡 Copilot, Microsoft 365 & Power Platform weekly community call focuses on different use cases and features within the Copilot, Microsoft 365 and Power Platform - across Microsoft 365 Copilot, Copilot Studio, SharePoint, Power Apps and more. 👏 Looking to catch up on the latest news and updates, including cool community demos, this call is for you! 📅 On 18th of June we'll have following agenda: Copilot prompt of the week CommunityDays.org update Microsoft 365 Maturity model Latest on PnP Framework and Core SDK extension Latest on PnP PowerShell Latest on script samples Latest Copilot pro dev samples Latest on Power Platform samples Picture time with the Together Mode! Reshmee Auckloo (Avanade) – Insurance Claims Assist using AI in SharePoint with Copilot Studio Garry Trinder (Microsoft) – No API, No Problem: Building Declarative Agents with Dev Proxy David Warner (Quisitive) – Powerful Animations - VS Code Extension Updates for M365 and Power Apps 📅 Download recurrent invite from https://aka.ms/community/m365-powerplat-dev-call-invite 📞 & 📺 Join the Microsoft Teams meeting live at https://aka.ms/community/m365-powerplat-dev-call-join 👋 See you in the call! 💡 Building something cool for Microsoft 365 or Power Platform (Copilot, SharePoint, Power Apps, etc)? We are always looking for presenters - Volunteer for a community call demo at https://aka.ms/community/request/demo 📖 Resources: Previous community call recordings and demos from the Microsoft Community Learning YouTube channel at https://aka.ms/community/youtube Microsoft 365 & Power Platform samples from Microsoft and community - https://aka.ms/community/samples Microsoft 365 & Power Platform community details - https://aka.ms/community/home 🧡 Sharing is caring!Microsoft Power Platform community call - June 2026
💡 Power Platform monthly community call focuses on different extensibility options for builders, makers and developers within the Power Platform. Typically demos are from our awesome community members who showcase the art of possible within the Power Platform capabilities. 👏 Looking to catch up on the latest news and updates, including cool community demos, this call is for you! 📅 On 17th of June we'll have following agenda: Power Platform Updates & Events Latest on Power Platform samples Elliot Margot (Witivio) - Process Mining + Copilot Studio: Stop Reading Dashboards, Start Asking Questions Sailaja Mantripragada (Low Code Power) - From Prompt to a Filled-In Word Template: Automating Deep Customer Research with Copilot Studio and Agent Flows John Liu (Rapid Circle) - Using Copilot Cowork with MCP to build Power Automate flows 📅 Download recurrent invite from https://aka.ms/powerplatformcommunitycall 📞 & 📺 Join the Microsoft Teams meeting live at https://aka.ms/PowerPlatformMonthlyCall 💡 Building something cool for Microsoft 365 or Power Platform (Copilot, SharePoint, Power Apps, etc)? We are always looking for presenters - Volunteer for a community call demo at https://aka.ms/community/request/demo 👋 See you in the call! 📖 Resources: Previous community call recordings and demos from the Microsoft 365 & Power Platform community YouTube channel at https://aka.ms/community/videos Microsoft 365 & Power Platform samples from Microsoft and community - https://aka.ms/community/samples Microsoft 365 & Power Platform community details - https://aka.ms/community/homeFile Uploads Not Passed to Custom Engine Agent in Microsoft 365 Copilot Chat
Hi all, I'm working with a custom agent built in Copilot Studio (full authoring experience — topics, knowledge sources, agent flows) published to both the Microsoft Teams channel and the Microsoft 365 channel. I've noticed a significant UX discrepancy when it comes to file and image attachments, and I want to confirm my understanding and check whether any workaround or roadmap item exists. What works: ✅ File/image uploads work as expected in the Copilot Studio test pane ✅ File/image uploads work in Teams chat when interacting with the agent What doesn't work: ❌ File/image uploads do not reach the agent when interacting via the Microsoft 365 Copilot app (both the desktop app and the web experience at microsoft365.com) The UX problem: The M365 Copilot app presents a "+" button in the chat input area with options including "Upload" and "Take screenshot." Users naturally assume these options work. The file even appears as an attachment in the sent message — but the agent never receives it. There's no warning, error, or indication to the user that the attachment was silently dropped. This creates a misleading experience, particularly for end users who have no visibility into the channel behavior differences. What I've found so far: I'm aware this is documented as a known issue for custom engine agents in the Microsoft 365 Copilot Extensibility Known Issues page: "File attachments — Users can't upload files in agent chats and the agent can't return files for download." I also found a related GitHub issue (OfficeDev/microsoft-365-agents-toolkit #15325) where a Microsoft team member confirmed this is a "Copilot platform shortage" — not an Agents Toolkit issue — with no published ETA. My questions for the community and any Microsoft product team members: Is there any currently supported workaround to enable file/image input for a Copilot Studio agent running in the M365 Copilot app (desktop or web)? For example, any manifest configuration, agent settings, or alternate approach? Is this limitation being actively worked on? Is there a roadmap item or Microsoft 365 feature ID that can be tracked for when file attachment support is extended to custom engine agents in the M365 Copilot chat experience? Is the UI behavior (showing upload options that don't work) being addressed separately? Even if full file processing isn't ready, a visible warning or disabled state in the UI would significantly reduce user confusion. Any insight from others who have hit this — or from Microsoft PMs — is appreciated. Happy to share more configuration details if helpful. Thanks! Brian
Platform Issue: Agent-Level MCP Initialization Blocks All Topics for Users Without Connection Access
I’m writing to report a significant platform behavior issue we’ve encountered with MCP (Model Context Protocol) server initialization in Copilot Studio that is severely impacting end-user experience. ENVIRONMENT • Platform: Microsoft Copilot Studio • Deployment Channel: Microsoft Teams • Agent Type: Custom Agent (EdiSENSE DEV) • MCP Server: Atlassian Confluence-Jira MCP • Affected Users: Users without Confluence/Jira access entitlements PROBLEM SUMMARY When an MCP server is registered at the agent level in Copilot Studio, it appears to be initialized globally before any topic routing occurs. If a user’s MCP connection is in a Not Connected state — even if their query has absolutely nothing to do with that MCP server - the agent gets stuck in an authentication loop, repeatedly prompting: “Let’s get you connected first. Open connection manager to verify your credentials. Once the connection is ready, retry your request.” The user is shown Retry / Cancel buttons, and the agent never proceeds to route the query to the appropriate topic. STEPS TO REPRODUCE 1. Register an MCP server (e.g., Confluence-Jira) at the agent level in Copilot Studio 2. Deploy the agent to Microsoft Teams 3. Log in as a user who does NOT have access to the MCP-connected service (e.g., no Confluence license) 4. Ask the agent any question completely unrelated to the MCP service 5. Observe: Agent does not route to any topic. Instead, it loops on MCP connection prompt indefinitely EXPECTED BEHAVIOR • MCP initialization failure for a specific service should NOT block unrelated topic routing • The agent should gracefully degrade - if an MCP connection is unavailable for a user, it should skip that MCP and continue routing the query to relevant topics • There should be a way to scope MCP connections to specific topics, or at minimum, mark them as optional/non-blocking ACTUAL BEHAVIOR • Agent-level MCP initialization blocks the entire conversation flow • Users without MCP access cannot use ANY functionality of the agent, even features completely unrelated to the MCP service • There is no graceful fallback or bypass mechanism available to agent builders BUSINESS IMPACT This is a critical gap for enterprise deployments where: • Not all users have access to every integrated service • Agents serve a broad user base with varying entitlements • Admins have no control over MCP initialization order or failure handling In our case, a large portion of our Teams users are completely locked out of the agent’s core functionality simply because they don’t have a Confluence license - even though they never intended to use Confluence-related features. FEATURE REQUEST / SUGGESTED RESOLUTION 1. Allow MCP servers to be scoped at the topic level, not just agent level 2. Introduce an optional flag for MCP connections so initialization failure is non-blocking 3. Provide agent builders with a connection status condition node in the topic flow to handle MCP failures gracefully 4. At minimum, allow the Cancel button in the auth prompt to fall through to normal topic routing I’d appreciate any guidance on whether there is a current workaround, or if this is a known limitation on the roadmap for resolution. Thank you for your time and support.
