web
You’re offline. This is a read only version of the page.
close
Skip to main content

Announcements

Welcome to the Power Platform Communities
News and Announcements icon
Community site session details

Community site session details

Session Id :
Power Platform Community / Forums / Copilot Studio / Copilot Studio and Ent...
Copilot Studio
Answered

Copilot Studio and Entra Agent ID: Agent could create responses without document access?

(2) ShareShare
ReportReport
Posted on by Romain The Low-Code... 2,562 Super User 2026 Season 1
Hi everyone, quick question for those already playing with Entra Agent ID and Copilot Studio.
I have a customer scenario where an agent must use documents stored in SharePoint to answer questions, but users must never have access to those documents themselves.
With SharePoint configured as a Knowledge source, Copilot Studio enforces user-based security trimming, so the agent can only use documents that the user can read. This makes the scenario impossible in this mode.
We are currently looking at Azure AI Search as a workaround (index the documents and let the agent query the index instead).
My question is:
With the new Entra Agent ID feature (in preview state), do you see any supported way for a Copilot Studio agent to access SharePoint content using its own technical identity (not the user’s) and use it as knowledge? Or is Agent ID strictly limited to tools and API calls, not to SharePoint knowledge sources?
I want to make sure we are not missing something before committing to the Azure AI Search architecture.
Thanks a lot for your insights 🙏
Categories:
General topics
Building Copilot Studio chatbots in Microsoft Teams
I have the same question (0)
  • Verified answer
    Valantis Profile Picture
    Valantis 2,535 on at
     
    You are absolutely right Entra Agent ID will not solve this.
    The standard SharePoint connection in Copilot Studio is hard-wired to check user permissions (security trimming). Even with an Agent ID, if the user chatting with the bot doesn't have access to the file, the bot will pretend it doesn't exist.
    Your plan to use Azure AI Search is the correct fix. It allows you to index those restricted documents using a system account, so the bot can "read" them and answer questions without giving the user direct access to the files themselves.
    Sources
  • Romain The Low-Code Bearded Bear Profile Picture
    Romain The Low-Code... 2,562 Super User 2026 Season 1 on at
    @Valantis thanks :) some one suggested me to use the microsoft power cat team tool to load document from sharePoint library to the list of document inside the agent. Could be an interesting workaround too but not in my case for some reason tide to the customer :)
     
    Thanks for confirming what i was thinking too.
     
    I asked the question too, to entra ID experts to have another point of view. they confirme the same :)

Under review

Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.

Helpful resources

News and Announcements

Welcome to the Power Platform Communities

Quick Links

Introducing the 2026 Season 1 community Super Users

Congratulations to our 2026 Super Users!

Kudos to our 2025 Community Spotlight Honorees

Congratulations to our 2025 community superstars!

Congratulations to the March Top 10 Community Leaders!

These are the community rock stars!

Leaderboard > Copilot Studio

#1
Valantis Profile Picture

Valantis 586

#2
chiaraalina Profile Picture

chiaraalina 170 Super User 2026 Season 1

#3
deepakmehta13a Profile Picture

deepakmehta13a 118

Last 30 days Overall leaderboard

Featured topics

Announcing the "Microsoft Copilot Studio ❤️ MCP" lab
Block PII/PCI in Copilot Studio agent user prompt
Welcome to the Copilot Studio forum!

Product updates

Microsoft Power Platform Community release plans