# Microsoft 365 Copilot Integration

Connect Microsoft 365 Copilot to Capsule Security for complete visibility into Copilot usage across your organization, including user interactions, conversation history, and data sources accessed by Copilot.

## Overview

This integration connects to the Microsoft Graph API to automatically discover and sync Microsoft 365 Copilot activity across your tenant. Capsule identifies which users are using Copilot, what applications they're using it in, and captures interaction history for audit and compliance.

The integration syncs:

- **Agents** — Copilot instances per user and application (Teams, Word, Excel, Outlook, PowerPoint, and more)
- **Conversations** — User prompts and Copilot responses
- **Data Sources** — Files and resources referenced during Copilot interactions
- **Users** — Organization members with active Copilot usage


### Supported Copilot Applications

| Application |
|  --- |
| Copilot in Teams |
| Microsoft 365 Chat |
| Copilot in Excel |
| Copilot in Word |
| Copilot in PowerPoint |
| Copilot in Outlook |
| Copilot in OneNote |
| Copilot in Loop |
| Copilot in Planner |
| Copilot in Whiteboard |
| Copilot in Forms |
| Copilot in Stream |


## Prerequisites

Before you begin, ensure you have:

- **Microsoft 365 Copilot** licenses assigned to users in your tenant
- A **Microsoft Entra ID** account with **Global Administrator** or **Application Administrator** role (to grant admin consent)
- A **Capsule Security** account with admin access


## Step 1: Configure the Integration in Capsule

1. Log in to the **Capsule Security** portal
2. Click **Integrations** in the left sidebar
3. Find the **Microsoft 365 Copilot** card and click **Set up Integration**
4. Click **Connect with Microsoft**
5. You'll be redirected to Microsoft's sign-in page


## Step 2: Grant Admin Consent

Authorize the Capsule application to access your Microsoft 365 Copilot data.

### Steps

1. Sign in with your Microsoft Entra ID account that has the required administrator role (see Prerequisites)
2. Review the permissions requested by the Capsule application
3. Click **Accept** to grant admin consent for your organization


### Permissions

The Capsule application requires the following **application-level** permissions on the **Microsoft Graph** API. All permissions are read-only.

| Permission | Type | Description |
|  --- | --- | --- |
| `AiEnterpriseInteraction.Read.All` | Application | Read Copilot enterprise interaction history |
| `User.Read.All` | Application | Read user profiles and organizational data |


Admin consent must be granted by a Global Administrator or Application Administrator. Once granted, the permissions apply tenant-wide.

## Step 3: Automatic Discovery and Sync

After you grant consent, Capsule automatically begins discovering Copilot usage across your tenant.

### What happens

- Capsule identifies users with Microsoft 365 Copilot licenses assigned
- Copilot interaction history is fetched for each licensed user
- Agents are created per user and per Copilot application (e.g., a user's Copilot in Teams is tracked separately from their Copilot in Word)
- Conversation messages (user prompts and Copilot responses) are captured
- Data sources referenced in interactions are recorded
- Incremental sync runs on a recurring schedule, picking up new activity since the last sync


No manual configuration is needed.

## After Setup

Once the integration is configured:

- Initial sync begins automatically
- First sync may take several minutes depending on the number of licensed users and interaction volume
- View discovered Copilot agents in **Inventory > Agents**
- View conversation sessions in **Observability > Filter Activity Type - Session**
- View active Copilot users in the **Users** view


## Troubleshooting

### Common Issues

1. **Consent failed or permissions error**
  - Verify your account has **Global Administrator** or **Application Administrator** role in Microsoft Entra ID
  - Ensure `AiEnterpriseInteraction.Read.All` and `User.Read.All` permissions are granted and admin consent has been given
2. **No users or agents discovered**
  - Confirm Microsoft 365 Copilot licenses are assigned to users in your tenant
  - Verify users have actively used Copilot — only users with at least one interaction are synced
3. **Incomplete interaction data**
  - The initial sync covers the last 3 months of interaction history
  - Subsequent syncs are incremental, capturing new activity since the last sync
  - Allow several minutes for the sync to complete
4. **Connection test fails**
  - Ensure the Entra application has the required permissions granted with admin consent
  - Verify the Microsoft 365 Copilot service is enabled in your tenant


## Support

For help with this integration:

- **Email**: support@capsule.security
- **Include**: Your organization ID, Entra tenant ID, and any error messages


## References

- [Microsoft Graph API — Copilot interactions](https://learn.microsoft.com/en-us/graph/api/resources/copilot-admin-overview)
- [Microsoft Entra ID application permissions](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/grant-admin-consent)
- [Microsoft 365 Copilot documentation](https://learn.microsoft.com/en-us/copilot/microsoft-365/)