Connect Microsoft 365 Copilot to Capsule Security for complete visibility into Copilot usage across your organization, including user interactions, conversation history, and data sources accessed by Copilot.
This integration connects to the Microsoft Graph API to automatically discover and sync Microsoft 365 Copilot activity across your tenant. Capsule identifies which users are using Copilot, what applications they're using it in, and captures interaction history for audit and compliance.
The integration syncs:
- Agents — Copilot instances per user and application (Teams, Word, Excel, Outlook, PowerPoint, and more)
- Conversations — User prompts and Copilot responses
- Data Sources — Files and resources referenced during Copilot interactions
- Users — Organization members with active Copilot usage
| Application |
|---|
| Copilot in Teams |
| Microsoft 365 Chat |
| Copilot in Excel |
| Copilot in Word |
| Copilot in PowerPoint |
| Copilot in Outlook |
| Copilot in OneNote |
| Copilot in Loop |
| Copilot in Planner |
| Copilot in Whiteboard |
| Copilot in Forms |
| Copilot in Stream |
Before you begin, ensure you have:
- Microsoft 365 Copilot licenses assigned to users in your tenant
- A Microsoft Entra ID account with Global Administrator or Application Administrator role (to grant admin consent)
- A Capsule Security account with admin access
- Log in to the Capsule Security portal
- Click Integrations in the left sidebar
- Find the Microsoft 365 Copilot card and click Set up Integration
- Click Connect with Microsoft
- You'll be redirected to Microsoft's sign-in page
Authorize the Capsule application to access your Microsoft 365 Copilot data.
- Sign in with your Microsoft Entra ID account that has the required administrator role (see Prerequisites)
- Review the permissions requested by the Capsule application
- Click Accept to grant admin consent for your organization
The Capsule application requires the following application-level permissions on the Microsoft Graph API. All permissions are read-only.
| Permission | Type | Description |
|---|---|---|
AiEnterpriseInteraction.Read.All | Application | Read Copilot enterprise interaction history |
User.Read.All | Application | Read user profiles and organizational data |
Admin consent must be granted by a Global Administrator or Application Administrator. Once granted, the permissions apply tenant-wide.
After you grant consent, Capsule automatically begins discovering Copilot usage across your tenant.
- Capsule identifies users with Microsoft 365 Copilot licenses assigned
- Copilot interaction history is fetched for each licensed user
- Agents are created per user and per Copilot application (e.g., a user's Copilot in Teams is tracked separately from their Copilot in Word)
- Conversation messages (user prompts and Copilot responses) are captured
- Data sources referenced in interactions are recorded
- Incremental sync runs on a recurring schedule, picking up new activity since the last sync
No manual configuration is needed.
Once the integration is configured:
- Initial sync begins automatically
- First sync may take several minutes depending on the number of licensed users and interaction volume
- View discovered Copilot agents in Inventory > Agents
- View conversation sessions in Observability > Filter Activity Type - Session
- View active Copilot users in the Users view
Consent failed or permissions error
- Verify your account has Global Administrator or Application Administrator role in Microsoft Entra ID
- Ensure
AiEnterpriseInteraction.Read.AllandUser.Read.Allpermissions are granted and admin consent has been given
No users or agents discovered
- Confirm Microsoft 365 Copilot licenses are assigned to users in your tenant
- Verify users have actively used Copilot — only users with at least one interaction are synced
Incomplete interaction data
- The initial sync covers the last 3 months of interaction history
- Subsequent syncs are incremental, capturing new activity since the last sync
- Allow several minutes for the sync to complete
Connection test fails
- Ensure the Entra application has the required permissions granted with admin consent
- Verify the Microsoft 365 Copilot service is enabled in your tenant
For help with this integration:
- Email: support@capsule.security
- Include: Your organization ID, Entra tenant ID, and any error messages