web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
šŸš€ Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Copilot Studio + Share...
Copilot Studio
Unanswered

Copilot Studio + SharePoint: Guest users (B2B) cannot retrieve content via Graph

(0) ShareShare
ReportReport
Posted on by frankAsphaug

Hi,

 

Iā€™m running into what looks like a fundamental limitation (or bug) in how Copilot Studio agents use SharePoint as a knowledge source with B2B users, and I would like to understand if this is expected behavior or something that can be improved.

 

Scenario

 

  • Copilot Studio agent with SharePoint Online as knowledge source

  • Authentication: Authenticate with Microsoft (Entra ID / SSO)

  • Users:

    • Internal users ā†’ work as expected

    • External users ā†’ invited via B2B (guest users)


      •  


    •  
 

Observed behavior

 

  • Guest users:

    • āœ… Can access SharePoint sites/files directly (permissions are correct)

    • āŒ Do NOT get results from Copilot Studio agent (empty or irrelevant answers)


      •  

  • Same user, if converted to userType = Member in Entra ID:

    • āœ… Copilot Studio returns correct results

    • āœ… SharePoint grounding works as expected


      •  


    •  
 

Technical understanding

 

It appears that:

 

  • Copilot Studio queries SharePoint via Graph using delegated permissions

  • For guest users:

    • Graph search (or security trimming via Graph) does NOT return results


      •  

  • For member users:

    • Works correctly


      •  


    •  
 

So the issue seems to be:
👉 Delegated Graph access for guest users does not behave the same as for members in Copilot Studio scenarios

 
 

Impact

 

This creates a significant limitation:

 

  • We cannot use proper B2B guest model with Copilot Studio + SharePoint

  • The only working workaround is to:

    • Convert users to Member

    • Or create internal accounts


      •  


    •  
 

This breaks:

 

  • Clean identity architecture

  • Cross-tenant collaboration model


    •  
 
 

Questions

 

  1. Is this a known limitation of Copilot Studio / Graph / SharePoint integration?

  2. Is there any recommended approach to support:

    • B2B users

    • while still respecting SharePoint file-level permissions?


      •  

  3. Is Microsoft planning improvements in:

    • Graph search for guest users

    • or Copilot Studio multi-tenant support?


      •  


    4.  
 
 

Important requirement

 

We need to:

 

  • Preserve user-based access control

  • Respect file-level permissions in SharePoint

  • Avoid using app-only/service principals or copying data
Categories:
General topics
I have the same question (0)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities
šŸš€ Season of Sharing Community Challenge Launch!
Ask A Community Pro - Series II

Quick Links

Season of Sharing Community Challenge Launch!

Jump in, show your community spirit, and win prizes!

Kudos to our 2025 Community Spotlight Honorees

Expanding mentorship, skilling, and AI innovation

Congratulations to the May Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 267

#2
Vish WR Profile Picture

Vish WR 163

#3
Romain The Low-Code Bearded Bear Profile Picture

Romain The Low-Code... 153 Super User 2026 Season 1

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ā¤ļø MCP" lab
Block PII/PCI in Copilot Studio agent user prompt

Product updates

Microsoft Power Platform Community release plans