Connect your Microsoft Power Platform environment to Capsule Security for complete visibility into your AI agents, workflows, and conversation history across Copilot Studio and Power Automate.
This integration uses Microsoft Entra ID (Azure AD) authentication to sync:
- Agents — Copilots built in Copilot Studio
- Tools — Actions, plugins, Power Automate flows, and connectors
- Knowledge Bases — Data sources and knowledge articles attached to copilots
- Conversations — Chat sessions and conversation history
- Audit — Activity logs with action invocations and session tracking
Before you begin, ensure you have:
- An active Microsoft Power Platform environment with Copilot Studio and/or Power Automate
- An Azure Entra ID account with one of the following permissions:
- Environment Admin role in Power Platform, OR
- System Administrator role in the environment
- Access to the Capsule Security portal
For more information about Power Platform roles, see Administering Power Platform.
Start the integration setup from the Capsule Security portal.
Log in to the Capsule Security portal
Click Integrations in the left sidebar
Find the Microsoft Power Platform card and click Set up Integration
Click Connect with Microsoft
You'll be redirected to Microsoft's sign-in page
Grant Capsule the necessary permissions to access your Power Platform resources.
Sign in with your Microsoft account that has the required permissions (see Prerequisites)
Review the permissions requested by the Capsule application
Click Accept to grant consent
| Permission | Purpose |
|---|---|
| Read Power Platform environments | Discover environments and resources |
| Read Copilot Studio data | Access copilot definitions, conversations, and topics |
| Read Power Automate flows | Access flow definitions and run history |
| Manage role assignments | Configure access for ongoing data synchronization |
For more information about the consent experience, see User and admin consent in Azure.
After you grant consent, Capsule automatically configures the integration.
- All Power Platform environments you have access to are discovered
- Copilot Studio bots and Power Automate flows within those environments are detected
- Required access permissions are configured automatically
No manual environment configuration is needed.
Capsule ingests data from both Copilot Studio and Power Automate through a unified Power Platform integration. Both services share the same Entra ID app and are discovered automatically from each environment.
During setup, Capsule uses the Microsoft Discovery Service to automatically detect all Power Platform environments accessible by the authorizing user. Each environment is registered with:
| Field | Description |
|---|---|
| Name | The environment's friendly name in Power Platform |
| URL | The Dataverse instance URL |
| Environment Type | Production, Sandbox, or Development — classified from the Microsoft organization type |
All Copilot Studio agents, Power Automate flows, and users within each discovered environment are then synced automatically.
Copilot Studio bots are ingested as Agents in Capsule. Each agent includes:
| Field | Description |
|---|---|
| Name | The copilot name as defined in Copilot Studio |
| Type | Conversational |
| Accessibility | Public, Tenant, or Limited — derived from the bot's authentication mode and access control policy |
| Owner | The platform user who owns the copilot |
Each copilot's components are parsed and categorized:
| Component | Category | Description |
|---|---|---|
| Model Agent | Model | The foundational LLM powering the copilot (e.g., GPT-4o). Includes system instructions. |
| Skills | Tool | Actions and plugins the copilot can invoke, including connector-based tools |
| Knowledge Sources | Data Source | Knowledge bases attached to the copilot (e.g., Dataverse, SharePoint, external websites) |
| File Attachments | Data Source | Uploaded files used as data sources, categorized by MIME type |
| Access Channels | Access Channel | Deployment channels such as Copilot Chat and Microsoft Teams |
| External Triggers | Access Channel | External trigger integrations and their connection types |
| Connected Agents | Connected Agent | Other AI agent plugins linked to the copilot |
Capsule fetches conversation transcripts for each copilot and extracts individual activity events:
| Activity Type | Description |
|---|---|
| Tool Invocation | A tool or action was called during the conversation |
| Error | An error occurred during the session |
| Session Started | A new conversation session was initiated |
| Agent Reasoning | The copilot's internal reasoning trace |
| Data Source Accessed | A knowledge source or file was accessed |
| Channel Accessed | An access channel interaction was recorded |
| User Message | A message sent by the user |
| Agent Message | A response generated by the copilot |
Power Automate workflows are ingested as Flows in Capsule. Only modern automation flows (non-managed) are collected.
| Field | Description |
|---|---|
| Name | The flow name as defined in Power Automate |
| Type | DAG (directed acyclic graph) |
| Status | Active, Inactive, or Draft — mapped from the workflow state code |
| Description | Optional flow description |
Each flow's definition is parsed to extract its individual steps:
| Step Type | Description |
|---|---|
| Input | Trigger steps that start the flow (e.g., scheduled, manual, event-based) |
| Output | Response steps that return data |
| Condition | Branching logic (If, Switch) |
| Loop | Iteration steps (Foreach, Until) |
| Subflow | Nested scopes or child workflow invocations |
| External Call | HTTP requests, API connections, and OpenAPI connector calls |
| LLM | AI Builder model invocations |
| Data Operation | Variable manipulation, data transformation (Compose, Filter, Select, etc.) |
Connections between steps represent the execution graph:
| Connection Type | Description |
|---|---|
| Data | Standard sequential execution |
| Conditional | Branch taken when a condition evaluates to true, or a specific switch case |
| Default | Fallback branch (else / default case) |
| Error | Branch taken when a preceding step fails |
Capsule collects flow run history from the last 30 days:
| Field | Description |
|---|---|
| Status | The run outcome (e.g., Succeeded, Failed, Cancelled) |
| Duration | Total run time |
| Trigger Type | What initiated the run |
| Error Code / Message | Error details if the run failed |
Power Platform connectors are captured across both Copilot Studio and Power Automate:
- In Copilot Studio — connector references are extracted from bot component actions. Each skill's connector type is identified from its connection reference (e.g., SharePoint, Outlook, Dataverse).
- In Power Automate — connector references are extracted from the flow definition. Each step that uses an API connection (OpenApiConnection, ApiConnection, Http) captures the connector's API ID, operation ID, and connection name.
Connectors provide visibility into which external services and data sources your AI agents and automation flows are interacting with.
Capsule extends the Power Platform integration to cover Power Apps, providing visibility into canvas and model-driven apps within each discovered environment.
Platform users are collected from each Power Platform environment and deduplicated across Copilot Studio and Power Automate. Each user includes their name, email, and job title from the Dataverse system user record.
Once the integration is configured:
- Initial sync begins automatically
- First sync may take several minutes depending on data volume
- View synced agents in Inventory → Agents
- View conversations in Observability → Filter Activity Type - Session
Consent failed or permissions error
- Verify you have Environment Admin or System Administrator permissions
- Ensure your account has access to the Power Platform environments
No environments discovered
- Confirm Copilot Studio or Power Automate resources exist in your environments
- Check that you have the necessary permissions to access these resources
Sync not completing
- Allow several minutes for the initial sync to complete
- Contact support if the issue persists
For help with this integration:
- Email: support@capsule.security
- Include: Your organization ID, integration status, and any error messages
For Power Platform-specific issues: