Power Platform | Copilot environment strategy

A recent blog post on the Power Apps blog highlighted a new whitepaper and a Microsoft Learn resource dedicated to developing a tenant environment strategy. A successful platform approach begins with a well-conceived strategy that is not only scalable and flexible but also subject to continuous review and enhancement, or even complete reconsideration when necessary.

MyPOV Tenant Strategy visualization as it should look like

In my situation, this prompted a review of previous articles I’ve shared on environmental strategies in preparation for my upcoming customer discussions on this subject. You may think this appears quite different from what Microsoft has shared in the links above. And you are correct. I disagree with the visuals presented when reviewing business value, governance criticality, and the various capabilities offered to manage the current development experience. Let me provide you some examples so you can follow my idea behind above visual.

Git Repository

With the newly introduced capabilities of Power Apps Code View for canvas apps, the latest features available in PAC CLI, and the extended offerings of Pipelines, it’s advisable to host your code or the definitions of any artifacts being created in a Git code repository. This has always been the case for model-driven projects, and it is now considered best practice for Power Apps canvas apps, flows, websites, AI models, or copilots that are created.

Copilot Studio

The use of the same studio experience to modify existing Copilots, such as Copilot for Microsoft 365, Copilot for Sales, Copilot for Services, Copilot for Finance, or Copilot in SharePoint, presents both advantages and disadvantages. Adhering to responsible AI principles, and following zero trust and least privilege principles, it’s crucial to carefully manage both the Default environment and individual production environments. Currently, when using the latest ‚Add knowledge to a copilot‚ feature, one may notice the extensive list of Dataverse tables available for selection. Although only 15 can be chosen, it’s important to exercise caution when hosting this Copilot in the same environment as Dataverse tables that contain PII or other sensitive information.

Websites using Dataverse

The same rules apply to Power Pages and Dataverse. The environment that hosts your Power Pages and connects to Dataverse requires careful consideration. Website applications are typically shared with customers (commercial), partners (business-to-business), or are for internal use only. In any scenario, the data in Dataverse should be specific to those use cases and it should be scrutinized whether such data should be accessible, for example, to Copilots that might be created outside of this context.

Current Feature gaps

When integrating Power Apps with Dataverse data, developers can switch environments using the current connector to easily access tables in different environments. This is beneficial as it eliminates the need to duplicate tables with identical metadata in their own environment. Developers can simply reference an environment where the required metadata already exists, such as a shared development environment where data table designers have already established the metadata. However, when utilizing the ‚Add knowledge to a copilot‘ feature, there is no capability to switch environments. Copilot Makers are confined to the ‚current environment‘, leading to the practice of creating copilots directly in the target environment rather than developing them in a separate environment and then deploying them to production via Pipelines after conducting unit tests.

Conclusion

After reviewing the best practices outlined in the official documentation for building a tenant strategy, studying the whitepaper, and thoroughly evaluating the current governance, management, and security options, two distinct patterns have emerged to consider.

  • Close down the Default environment to the bare minimum to avoid a lot of headache and work effort on securing the mix ongoing in this shared environment
  • Consider dedicated environments to host specific solutions only, instead of falling short by unintentional overshared data

The strategy may evolve in the future with Copilot Studio adopting well-established best practices from Power Apps and Power Automate development. Given Power Automate’s advancements, Copilot Studio is likely to follow suit. In an age where AI simplifies data access for efficient process execution, even with AI agents working in the background, it’s crucial to review your environmental and tenant strategies.

Until then,…

Power Platform | EU AI Act enabler or mission impossible?

I?ve recently starting following the news around the upcoming EU AI Act. Analysts and others expect the Act to be published in the Official Journal of the European Union soon, likely by the end of May. But what implications does this have for your company and developers experimenting with AI capabilities on the Power Platform, such as AI Builder or Microsoft Copilot Studio? The EU AI Act could be categorized as being the first comprehensive binding legislation on AI systems, incorporating product safety legislation as part of its regulatory framework. This includes a new set of software security requirements previously not in place.

AI readiness
The other day, I spoke with CISOs and inquired about the preparations they had made to enable their developers for future generative AI use-cases in compliance with new regulations, and also how they could swiftly identify and assess risky use-cases. Surprisingly, many of their answers were rather weak, given the speed at which new rules could be implemented. It seemed as though everyone was waiting for someone else to take the lead, rather than taking immediate action themselves.

Snapshot from Microsoft?s AI Strategy Roadmap: Navigating the stages of value creation

Indeed, valuable insights can be gained by examining Microsoft’s AI Strategy Roadmap, which serves as a model for understanding the broader implications of AI readiness. It provides guidance on preparing your company and workforce. However, it is the CISO’s responsibility to align this with the company’s strategic objectives and desired outcomes in the application of generative AI. The rapid pace of AI development can be challenging to keep up with, particularly without a clear agenda and a defined path to follow.

Change Management at the speed of AI
Last week, for instance, I was preparing for an upcoming Microsoft Copilot Studio workshop. I was busy preparing and testing various steps, documenting, and capturing speaker notes to ensure I didn’t overlook any important stages. However, this morning, when I was performing the final tests in my demo tenant, things didn’t work out as expected. Naturally, this led me to wonder: If I hadn’t changed anything over the weekend, what caused it to break?

Figure 1: Power Platform Admin Center with data policies

Turns out, the release train hit my tenant and I am offered new option within Microsoft Copilot Studio data policies:

  • Application Insights in Copilot Studio
  • Knowledge source with SharePoint and OneDrive in Copilot Studio
  • Knowledge source with documents in Copilot Studio
  • Knowledge source with public websites and data in Copilot Studio

So I cross-checked documentation, but obviously this wasn?t yet showing any further information around these new option. Two of them – as you can see from the above image – even allowing for Endpoint configuration.

Well, this is just a short example of how overwhelming sometimes the speed of new opportunities can hit your business. Preparing for the upcoming EU AI Act is a wise move because the new regulations prohibit certain AI applications that could endanger citizens‘ rights.

Banned applications
Recognising the potential threat to citizens’ rights and democracy posed by certain applications of AI, the co-legislators agreed to prohibit:

  • biometric categorisation systems that use sensitive characteristics (e.g. political, religious, philosophical beliefs, sexual orientation, race);
  • untargeted scraping of facial images from the internet or CCTV footage to create facial recognition databases;
  • emotion recognition in the workplace and educational institutions;
  • social scoring based on social behaviour or personal characteristics;
  • AI systems that manipulate human behaviour to circumvent their free will;
  • AI used to exploit the vulnerabilities of people (due to their age, disability, social or economic situation).

Provide guidance
One method to guide your developers is by utilizing Microsoft’s Purview Labeling features for sensitive data. Consider your HR staff routinely gathering data on job applicants, compiling their resumes, and saving these files in a specific SharePoint or OneDrive directory. It would be prudent to establish a new sensitivity label rule that automatically scans and labels these documents accordingly. Think about, a developer might conceive an AI application designed to assist with job applicant information using generative AI. However, as indicated by the list above, social scoring based on social behavior or personal characteristics is a prohibited scenario under the EU AI Act.

Why act now?
By the first six months after publication rules around the prohibited use cases will be enforceable. Further enforcements to follow in stages, this is possibly even bigger than we?ve seen things applied with GDPR. According to information shared so far – Non-compliance with the rules can lead to fines ranging from 35 million euro or 7% of global turnover to 7.5 million or 1.5 % of turnover, depending on the infringement and size of the company.

Shadow AI – it?s already ongoing
You may have come across the recent Work Trend Index released by Microsoft in May 2024, which reveals that the use of generative AI has almost doubled in the past six months, with 75% of global knowledge workers now utilizing it. Moreover, employees, overwhelmed by the speed and amount of work, are increasingly introducing their own AI solutions into the workplace. The report unveils that, in the absence of guidance or approval from senior management, employees are independently utilizing AI and concealing its use.

  • 78%?of AI users are bringing their own AI tools to work (BYOAI)—it’s even more common at small and medium-sized companies (80%).?

What are your overall thoughts on this matter? Would you prefer to wait for Microsoft to incorporate more guidance and governance into their products like AI Builder or Microsoft Copilot Studio? Or would you rather adhere to best practices and approach it from a wider perspective, incorporating solutions such as Purview to offer useful guidance and tools that ensure compliance while still fostering innovation?

Power Platform | Known Issues

Have you heard about the „Low Code Approach“ podcast hosted by the trio Sean Fiene, Ken Auguillard, and Wendy Haddad? I recently listened to their latest episode featuring Mansi Malik, who discussed Known issues. Indeed, you read that correctly – it’s a feature within the Power Platform Admin Center that has just entered public preview.

Have you ever encountered a situation where Creators face an issue within Power Apps Maker Studio, preventing them from performing a specific task? An internal operational model may exist where initially, a Power Apps champion assists the creator with the problem. However, there are instances where the complexity of the issue exceeds the employee’s knowledge, necessitating the exploration of external resources for a solution or the need to open a support ticket with Microsoft.

Screenshot of the Power Platform Admin Center with the Help + support section and Known issues tab

The Known issues (Preview) feature is particularly useful for verifying whether an issue is already recognized by Microsoft support teams. It may be an issue that is currently being addressed or one that has already been resolved. For further details about this feature, including access permissions and the types of information available, refer to the technical documentation.

The visual above indicates an active issue in Microsoft Dataverse concerning record creation within a virtual table via OData. This is an area you can certainly explore further for more details.

Screenshot of a drill-in to a specific Known issue

The excellent news is that every URL linked to a Known issue can be bookmarked for easy access. This is particularly useful for tracking the progress on an issue. The screenshot provided above also displays the potential impacts on the products you use. Occasionally, you may find that the Microsoft support team has offered a potential workaround.

Screenshot of a resolved ssue with a workaround provided

Whether or not a workaround is available often depends on its potential to be disruptive. Microsoft’s overarching mission when releasing fixes or new features is to avoid interrupting any production operations. This means that providing a workaround isn’t always the optimal choice, and in some cases, none may be offered. Instead, one may need to await a fix that will be released at a later time.

It’s rare to see a team being so open about discussing their known issues almost publicly. As a long-term customer of Power Platform, you may have noticed the openness to receiving both positive and negative product feedback, which helps elevate the product through continuous improvements. The new section in the Power Platform admin center is further testament to the enhancements made based on feedback from the remarkable community and, of course, the customers.

Let me wrap up by introducing another screenshot.

Screenshot of the product categories you can select of

This screenshot shows the range of product categories available for selection. It encompasses more than just Power Platform-related offerings. You can find Dynamics 365 and associated products, including Microsoft Copilot for Sales, in this selection, and it would not be surprising if this list continues to expand.

Explore the new capabilities and feel free to integrate them into your issue/support mitigation process. Let’s enhance this feature by providing feedback, either through a thumbs-up or thumbs-down on a known issue or by using the general Feedback button. Until then,…

Power Platform | ColorCloud or what?s your AI ambition?

Last Thursday and Friday, I had the honor of attending the inaugural edition of ColorCloud Hamburg, a conference dedicated to Microsoft Business Applications, held on April 18 and 19 in Hamburg, Germany. The event is compared to artists wielding a vast array of colors, intended to ignite creativity, inspiration, and learning. Participants were treated to two days of diverse content spanning six tracks, featuring a day of workshops followed by a day brimming with sessions. The conference was crafted for everyone, from novices to seasoned professionals, to learn, exchange ideas, and devise solutions. And I have to say: The organisation team put together an incredible inclusive and outstanding program for speakers, volunteers, Hackathon- and conference attendees as you might get from the following image collection.

Some impressions from the very first edition of ColorCloud, Hamburg 2024

Not only did I (also known as Will) had the chance to demonstrate the remarkable RAG (retrieval augmented generation) blackbox – a component of Copilot, with my friend Chris Huntingford (also known as Do-It), and steal the show as Will & Do-It, but I was also chosen to be part of the jury for the Hack the prism: The AI hackathon, a pre-day event hosted by William Dorrington, Chris Huntingford, Scott Durow, and Carl Cookson.

I had the privilege of observing the convergence of humans and artificial intelligence. Attendees were reminded that the crux of the work lies in representing the ‚why‘ and ‚how‘ — convincing a group of C-level (the wonderful judges: Sara Lagerquist, Scott Durow, Christiane Stieler and myself) that AI can play a crucial role in addressing the greatest challenge for company leaders: demonstrating and proving the business impact of their use-case, which is basically proving out ROI and getting support of such initiatives internally afterwards.

While the competition among the various use-cases presented was close, it served as a reminder that every company leader should be able to articulate their AI ambitions. Following analysts like Forrester, their research indicates that only 15% of companies report being very effective at demonstrating the business impact of an AI solution. Conversely, 58% acknowledge that they are not effective in this regard.

Gartner?s Analyst Mary Mesaglio, recently sharing at their ThinkCast Podcast series insights about how we both trust and distrust digital technology through what she calls digital disinhibition and algorithmic aversion. Interestingly enough, the example she brought up for digital disinhibition relates to the winning team use case of the Hack the Prism AI challenge – a human feels more comfortable telling their deepest, sometimes darkest truths to a machine, rather than to a human. The use of AI in mental health is a trending topic. Although it may not have been the original intention of the innovators, it’s clear that with the aid of generative AI, we are on the brink of something significant, tasked to transform our personal lifestyles.

As we conclude this fantastic conference, I would like to present the components of Retrieval Augmented Generation that Chris (also known as Do-It) and I (also known as Will) have showcased in a non-technical manner.

Visual of the ingredients

When playing around with those ingredients, it is also important to understand the workflow behind this, or what would be practically known as a good recipe to mix those ingredients for best results.

The RAG workflow and some typical comments we see

The best method to discover great recipes is to either experiment independently or learn from the community, similar to how we prepared for this unique explanation of RAG. If you’ve been part of this, I hope you appreciated the alternative approach by Will and Do-It. For those who missed it, our session deck is available for download.

Hope to see yours soon at one of the upcoming community events. Until then,…

Power Platform | UPD: Copilot Governance

As the imminent Release Wave 1, 2024 approaches rollout to customer regions in the EU, it’s time to provide an update on Power Platform Copilot Governance options. I have previously discussed conducting a risk assessment without the prolonged commitment of a long-term project, and beginning to utilize the latest generative AI capabilities to allow employees to reap the benefits.

Microsoft equips Power Platform admin teams with two key areas within the Power Platform Admin Center to monitor and control the usage and behavior of Copilot in Power Platform. These two areas are the tenant settings and the individual environment feature settings.

Tenant settings

Let?s start on the tenant side first and take a look at this updated visual on options for controlling the behavior of Copilot.

Visual outlining tenant level Copilot governance options

There are three significant updates at the tenant level. The first is the announcement MC724165 on March 5th, 2024, where Microsoft declared that setting #1 mentioned in the above visual is no longer applicable to Copilot in Power Apps broadly. Instead, this setting will now only pertain to preview features. Consequently, the control level for generally available Copilot features in Power Apps has shifted to the environment level.

Secondly, there is a new tenant-wide opt-in switch that allows users to provide feedback on their product experience, specifically related to Copilot. Additionally, you will find a general product feedback switch at the tenant level. Thirdly, a new Copilot data collection switch has been introduced, which governs the permission for users to share their prompts, questions, and requests with Microsoft. When we talk about these sharing experiences keep in mind that data could leave the EU data boundary.

Environment level

Next, let’s examine the environmental level to see which control capabilities have recently emerged.

Visual outlining environmental level Copilot governance options

You may notice new settings in your environment for controlling the Copilot experience within the editor, as well as for data analysis using a chat interface in canvas and model-driven applications. Additionally, a new feature setting should appear to control the recently announced AI form fill assistance.

Wrap up

The recently introduced controls should make an administrator’s life easier by allowing them to grant just-enough-access to Copilot experiences within the Power Platform. User-driven innovation can now be enhanced with generative AI features within the Power Platform, and there’s more on the horizon. For those still skeptical about the overall use of Copilot, I strongly advise reading my suggested approach for conducting a risk assessment and documenting current capabilities to obtain approval from the entities that should be part of a comprehensive company AI companion strategy. I?ve recently talked about this during the Power Platform 24 hours community event. Please find the deck here. Until then,…

Power Platform | #CommunityRocks

This week, I engaged in community activities, such as attending Microsoft’s AI Tour in Berlin and conducting a Power Hour at Power Platform 24, where I discussed the risk assessment of Copilots. During my interaction with the developer community in Berlin, one question was particularly prominent: Which tool should be used for developing applications powered by generative AI in this era of AI? I had already offered some insights on this topic in my previous post.

Community Hub at Microsoft AI Tour – Berlin

Undoubtedly, it is crucial to share more information about the Microsoft Technology stack available and how developers can tailor it to meet their unique requirements. Equally important is ensuring that everyone is informed about the Responsible AI principles Microsoft implements in their Copilot experiences. Take for example the Copilot experiences that can be found in Power Platform:

Simplified overview of the Copilot architecture found in Power Platform

I’ve been utilizing the above visual as an example during my risk assessment presentation at Power Platform 24, emphasizing that exploring and assessing current and future capabilities is crucial for fostering a robust, secure, and adaptable ecosystem when employing a Copilot as a companion. Developers should be empowered to use the tool to create next-generation, AI-enhanced use cases to ensure their company’s success with AI tools. What are the opportunities?

The four buckets of AI transformation opportunities

Opportunities can be categorized into four groups: employee-centric, customer-focused, next-generation business processes, and innovation acceleration. A use case that might come up for you can be in one or multiple of these categories. The importance is to innovate confidently with a responsible AI platform. That means:

  • Safeguard your organization, employees, and data with a cloud that runs on trust.
  • Build on security and privacy-compliant infrastructure that is purpose-built for AI at scale.
  • Grow with a commitment of putting responsible AI into action with principles, practices, and tools.

With that in mind, I am quite confident that through keynotes, such as those by Seth Juarez, we will broaden our understanding of responsible AI principles and collaboratively create innovations that offer more than just short-term business value.

If you?re interested in extending your knowledge, check out my slides I shared during my Power 24 session. I am looking forward to meet with yours in one of the next community events. It?s only a couple of weeks left, until Color Cloud Hamburg is going to kick off.

Advertisement of Color Cloud Hamburg session

Check out the program, get your tickets and don?t miss the chance to become part of the AI hackathon. A little bird shared with me there?re still some tickets available for the workshops. Consider joining my good friend Chris Huntingford and me for a unique lightning talk on Copilot for Power Platform. If you’re familiar with the „Will it Blend?“ series on YouTube, you might have an inkling of what to expect.

Until then,…

Power Platform | Copilot Studio, Azure AI Studio or both?

In today’s episode, I want to address a recurring myth: the division of developers into ‚low-code‘ and ‚pro-code‘ categories. When will we stop pigeonholing people based on assumptions? Didn’t study computer science? That doesn’t mean you can’t be a developer. Never used Visual Studio Code or other coding IDEs? That doesn’t preclude you from being a professional developer.

Visual of a slider between Low-code vs. Pro-code

The sight of visuals categorizing products can be frustrating, as they often make assumptions about the tools a developer from each category would or should choose. However, isn’t the beauty of today’s vast selection of tools that each developer has the freedom to make their own choice?

Envision this scenario: It’s morning in the office, and you’ve just entered the catering area. Following your daily ritual, you pick up a large mug and request your technical barista to prepare an ideal coffee variant to kickstart your day. Meanwhile, a colleague approaches and begins to share details about a use case idea that has been in discussion for some time. Wouldn’t it be great to have a solution for this that enhances productivity for all employees?

Visual outlining a generative AI (answers) use case with a large language model involved

The essence of the dialogue between a business technologist and an IT professional lies in ideation and a focus on innovation. This involves beginning with a sketch of potential architecture derived from the user story and brainstorming to identify the most suitable technology stack for the use case. Ideally, this would also account for variations of the use case in the future.

Visual of your copilot technology stack

Fortunately, you attended a recent Microsoft event where you photographed a presentation slide detailing key components of an AI safety and security framework. Considering building upon this, you noted that the event was divided into two discussion tracks: one focused on low-code solutions, the other on pro-code approaches.

Lucky you, a colleague of yours attended the same event, allowing you to divide and gather information from both discussion tracks. Here’s what was shared from the pro-code perspective:

Overview visual of Azure AI Studio and its main benefits and capabilities

During a networking break, you gathered to discuss the results of both tracks. Your colleague presented the visual above as a result. You begin browsing through your photo library on your phone and select one from your visit to the low-code perspective:

Overview visual of Microsoft Copilot Studio and its main benefits and capabilities

Indeed, it appears quite similar. What are the benefits for us developers, our company, and our business technologists as we create the next era of collaboration using tools that enhance our productivity and enable us to swiftly meet our customers‘ needs?

Back in the office, you and your colleague are assigned to summarize the event, the impressions, and the key takeaways, as well as its potential impact on the future of technology. Rather than making assumptions, you opt for a cohesive and engaging perspective that empowers every developer, whether in IT or business, to form their own conclusions.

Generating a summary slide of best of what has been presented

A fruitful discussion starts based on all the valuable content your colleague and yours have been collecting over the course of the event. Both of you extended your „no-brainer“ by adding further information on what would be beneficial when combining the technology stacks and it looked like this:

Optimal worlds to establish for present, forthcoming, and future challenges.

Returning to the earlier coffee break discussion with your business associate, you are now armed with a technology stack that seems apt for addressing the current and upcoming challenges of the described use case. Feeling empowered, you decide to divide the work on this project to create a rapid MVP that can be showcased to executive sponsors, aiding in the deployment of this solution in production. It’s gratifying to know that you’ve gathered an abundance of information from the Microsoft event you attended with your colleague, enhancing your developer toolchain with more robust tools.

Does the above short story seem familiar? You may have already assumed that I attended such an event, which allowed me to network and share knowledge within a larger developer community on topics like the one mentioned. Decide now—stop making assumptions. Delve into the rapidly evolving world of software development tools. Low-code has revolutionized the tool landscape and is here to stay. The same is becoming true for new generative AI tools. Embrace change and make a difference. Until then,…

Power Platform | Boost developer productivity

Low-code platforms like Power Platform are a revolutionary approach to software development that reduce the need for extensive coding knowledge and enable users to build applications using drag-and-drop components and data model-driven logic. These platforms offer several advantages for developers and businesses, such as

  • faster development speed,
  • simpler creation process,
  • and wider accessibility.

However, low-code platforms also face some challenges or reservation in the developer community, such as limited customization, scalability issues, and vendor lock-in.

What AI does for Power Platform

In this episode, we will discover how Power Platform can solve these problems using AI technologies, and why CIOs should encourage their developers to adopt Power Platform low-code tools in their development process.

Why CIOs should motivate developers to use Power Platform

Low-code platforms like Power Platform can boost developer productivity and innovation by offering the following benefits:

  • Speed and Simplicity: Power Platform enable developers to create applications faster and easier than traditional coding methods, reducing the time-to-market and the backlog of IT departments. Developers can focus on the core functionality and value proposition of their applications, rather than spending time on tedious and repetitive coding tasks.
  • Flexibility and Customization: Power Platform is enhanced with AI technologies that offer intelligent code generation, code assistance, and integration capabilities. These AI tools can help developers to customize their applications to meet specific business or user needs, and to optimize their performance and scalability. Developers can also access and manipulate the underlying code when needed, giving them more Control and flexibility over their applications.
  • Collaboration and Democratization: Power Platform enable non-technical users, or „citizen developers,“ to participate in ALM development process, fostering cross-functional collaboration and innovation within organizations. Developers can work with business analysts, domain experts, and end-users to gather feedback, iterate on ideas, and refine their solutions. Power Platform also democratize development, allowing more people to create and use applications without depending on IT departments. See the raise of Business Technologists, I was talking about previously.
  • Quality and Maintainability: Power Platform can reduce the risk of technical debt, which can slow down innovation and hinder long-term success. By using visual development tools, automated testing, and built-in best practices, Power Platform can help developers to deliver high-quality software solutions with fewer defects and lower maintenance costs. Power Platform can also leverage AI to detect and correct errors, suggest improvements, and learn from developers‘ coding styles.
  • Competitiveness and Future-Proofing: Power Platform can help developers and businesses to stay ahead of the competition and adapt to changing market conditions. By using Power Platform, developers can deliver sophisticated, scalable, and highly customized solutions more efficiently than ever before, creating a competitive edge and driving growth. Power Platform can also help developers and businesses to future-proof their solutions, by enabling them to integrate with new external systems, scale dynamically, and leverage the latest AI technologies.
How developers would benefit from democratized experience

By using the best of two tools, developers can leverage their experience, capabilities, and speed to create a conversational user experience with their data. Microsoft provides an implementation guide with best practices that can be downloaded and followed by each development team.

Couldn?t it be done with a single tool instead?

Azure OpenAI On Your Data is a powerful capability that transforms the way you connect, interact, and ground your data. When combined with Microsoft Copilot Studio, it offers several benefits:

  1. Enhanced User Comprehension: By leveraging Azure OpenAI On Your Data, you can create personalized copilots that provide a user-friendly conversational experience. These copilots help users better understand information and context.
  2. Faster Task Completion: The integration of Azure OpenAI On Your Data with Copilot Studio expedites task completion. Users can quickly obtain relevant insights, answers, and recommendations from their own enterprise data.
  3. Operational Efficiency: Copilot Studio, powered by Azure OpenAI Service, streamlines workflows. It automates tasks that require natural language understanding or code generation, saving time and reducing costs.
  4. Improved Decision-Making: With access to advanced AI models such as GPT-35-Turbo and GPT-4, you can make informed decisions based on accurate analyses of your data. Azure OpenAI On Your Data enables you to chat on top of and analyze your data with precision.
  5. Customization: Fine-tune AI models using your own data and hyperparameters. This customization ensures that the copilots align with your specific needs and domain expertise.
  6. Security and Privacy: Copilot Studio inherits your organization’s security, compliance, and privacy policies for Microsoft 365.

To get started, connect your data source using Azure OpenAI Studio and begin asking questions and chatting on your data. Now it?s your turn to explore these capabilities and decide on making a significant difference on reducing the time-to-market. Still need more information than just this?

Take a look at this nice prep?d and orchestrated video by Lisa Crosbie and another one by Scott Durow who narrows down on Dynamic Chaining and Plugin actions. Happy watching. Until then,…

Power Platform | Securing copilot development

In my previous article, I proposed the idea of creating a copilot developer experience that allows developers to work together on designing and building copilots, specifically when using generative AI and using company data sources for grounding. I also mentioned the documentation that I found, which had this statement: To share a bot with others in the environment, users must have the Environment maker security role.

Share copilot dialog

I wanted to test it in one of my development environments where my Power Admin (who has the Environment Maker and System Administrator roles) created a copilot. To collaborate with user Carl (who only has the Basic User role), I shared the copilot with him. However, since he doesn’t have enough environment permissions, the dialog above shows that the Environment maker role is automatically selected when sharing.

I wonder if there are other options besides assigning the Environment maker security role to all developers in an environment. This might be suitable for some developer collaboration scenarios, but it seems to violate the principle of least privilege. The Environment maker role grants access to 164 tables and 8 miscellaneous privileges. Are these all necessary for copilot development?

Design a Custom Copilot Author security role

I created a custom security role and set the table permissions that a user would need to use this role. The visual above shows that my role only contains 65 tables and 5 miscellaneous privileges, which are not visible in the image. I assigned this role to one of my developers, Sanjay, in this environment. Here is the outcome.

Share copilot dialog – showing a difference in Environment security roles section

As you can see, the Environment maker security role is no longer pre-selected. So, I completed the sharing process and logged in as Sanjay to examine the outcome of sharing the copilot.

A shared copilot in edit mode experience

My user can interact and collaborate with the original copilot author seamlessly and enhance the copilot experience. This was a successful outcome of creating a custom security role and assigning this role to my developer before starting the sharing process. For daily use, I can now make sure that my copilot developers get the new security role automatically – for example, by creating a security group that assigns this role to every member.

Share copilot dialog – sharing a shared copilot with a user with insufficient permissions

The final step was to test what happens when Sanjay shares the copilot with other users. The image above shows the outcome of his attempt to share it with Carl, who is not a developer in this environment and only has the Basic user role. This is an excellent result, because Sanjay does not have the permission to „promote“ Carl to an Environment maker. This way, I can ensure that I have control over the access level for my developer environment(s).

Share copilot dialog – sharing a shared copilot with a user assigned the custom copilot security role

Suppose this project requires another developer and Julian needs to work on this copilot. The share dialog visual above shows the result of Sanjay sharing the copilot with Julian. Copilot permissions are already set, and there is no Environment security section to avoid unnecessary access. Julian can then interact and collaborate with the other copilot developers on this project.

This brief exercise demonstrates that it is sometimes valuable to understand the underlying mechanisms and explore the custom options to enhance the security of your Power Platform environments and to monitor the developers who are granted privileges. I hope this exercise encourages you to invest your time in a Power Platform environment strategy that includes the security role assignment process. I am confident that there is more to discover when we discuss using „Managed environment“ and features such as Environment groups. Until then,…

Update: As I received a lot of requests around how such custom security role could look like, please find my composed security role here.

Power Platform | Bot Authoring role

The other day, I received a request about „What happened to the Bot Author role?“. Do you recall that role from the old Power Virtual Agent days? If not, here’s a brief explanation. Previously, a Power Virtual Agent license enabled global admins to designate certain users who could use Power Virtual Agents in your tenant. System administrators for each environment could restrict who could create bots in that environment. This was done by following these steps:

  1. Create a new environment that you want users to create bots in (make sure Dataverse created)
  2. Launch Power Virtual Agents and create a bot in the environment
  3. Go to Power Platform admin portal to assign security roles
  4. Assign ‚bot author‘ role to users that you would allow creating bot in that environment

Bots and Power Virtual Agents are things of the past. Nowadays, we use Microsoft Copilot Studio to customize and build our own copilots or enhance the one for Microsoft 365, right? Therefore, no longer we need to assign users to „Bot Author“ role. Neither, we need to assign them the following license part shown in visual below, if you got Office 365 E5 licenses purchased for your tenant.

Microsoft 365 Admin Center – User assigned licenses and options for Office 365

I keep saying this because I ran a test with the user Sanjay, who is shown in the image above, to access Microsoft Copilot Studio.

Microsoft Copilot Studio – showing a prompt to start a free trial

This user expected to get access to Microsoft Copilot Studio and begin creating their own copilots, but they received a message to sign up for a free trial instead. In my test environment, I did not restrict users from signing up for free trials. However, if one of your admins has applied this restriction to your tenant, you may see a different message here.

It seems obvious that with the change to Microsoft Copilot Studio, you now need to assign the user a Microsoft Copilot Studio license instead now. Once this has been assigned to above user Sanjay in my case, this user successfully enters the Copilot Studio experience.

Microsoft Copilot Studio – first time entering after a license being assigned

As shown in the image above, the user is directed to their default environment and prompted to verify their country/region information, which is obtained from their Microsoft Entra information. After confirmation, if this user is trying to switch the environment, this is what?s shown.

Microsoft Copilot Studio – Environment selector

This user only has access to the Default environment, and no other „supported environments“ are displayed for this user. This is because the user has the Environment Maker role for the Default environment, which is unavoidable. However, the user does not have this role for any other environments. You may wonder why this could be a problem?

What if you want to prevent your users in the Default environment from creating new copilots, especially those that use generative AI and other features such as Plugin actions and connectors, you can do the following:

  • If your environment is eligible for an opt-in to Generative AI features, you could opt-out for moving data across regions – though this would cause all other Power Platform Generative AI to stop working as well
  • Setup a data policy for the default environment that blocks Copilot Studio Connectors

Instead of disabling the Generative AI features for the entire Default environment, I suggest choosing the second option. You may also need to adjust some of the data policies later when you customize Copilot for Microsoft 365.

How about setting up a copilot developer experience where developers can collaborate on the design and creation process of copilots? When I followed this link, one thing caught my attention: Users in the environment need the Environment maker security role to share a bot with others.

Let?s explore this in my next episode and see why would consider least privilege a best principle, even though we should trust developers for being skilled to understand about their opportunities given. Until then,…