One-click AI agents in SharePoint and Teams — focused on files you select (Microsoft 365 Copilot)
Streamline your workflow and enhance team collaboration with one-click AI agents in Microsoft 365 Copilot. Automate responses, generate detailed documents, and maintain up-to-date content without moving files outside Microsoft 365. Agents utilize your existing content to provide accurate and efficient outputs, saving you time and ensuring consistency. Integrate them into Microsoft Teams to facilitate real-time information sharing and collaboration. CJ Tan, Microsoft SharePoint and OneDrive GPM, shares the steps to get started building custom AI agents. Create AI agents in one click to handle projects and tasks. Ensure important questions are answered — even while you’re away. See it here. Save time with agents in SharePoint. Scoped to only select SharePoint files for your specific business needs. See how you can create AI agents in one click. Use and share agents in SharePoint in Teams chats. @mention your agent, get instant responses and precise information for team discussions. See it here. Watch our video here. QUICK LINKS: 00:00— Create specialist agents in one click 00:42— How to create an agent 02:12— Data security & version control 02:39— Customize your agent 04:14— Access and permissions 05:39— Test it out 06:23— Use agents in Teams 07:50— Agent files 08:25— Wrap up Link References For more ideas and details for building your own agents, check outhttps://aka.ms/SharePointAgentsAdoption Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube:https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community:https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast:https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter:https://twitter.com/MSFTMechanics Share knowledge on LinkedIn:https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram:https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok:https://www.tiktok.com/@msftmechanics Video Transcript: -Did you know that if you have Microsoft 365 Copilot, you can create specialist agents in just one click to help you and your team with your specified topics and tasks? For example, imagine if you are working in a different time zone to the rest of your team, so you often wake up to a bunch of their unanswered messages at the start of your day. Now, while you are asleep or away, your agent, grounded in the knowledge you give it, can answer specific questions from your team on your behalf, freeing you up. In fact, all you need to build your agent is your content in SharePoint and an idea for where an agent can help you in the course of your day. Let me show you how easy it is to create one. My team writes product specifications for Contoso Energy’s solar panel arrays. In SharePoint, all I have to do is select the folders or individual files that I want this agent to focus on. -Here, I have files that have already been uploaded. You can also upload new files, where SharePoint will index those files for you in a few moments. I’ll select all of these product specifications. On top of the screen, you can see the create an agent control. I’ll click that. And with just one click, the agent is ready and grounded with all my selected files. And I can try it right from here. So, I’ll prompt it with compare each solar panel array with details on the home range in square feet for the two types of materials offered. Add the average home square footage per array size and price ranges for each. And it gives me all the details across the files that I added as grounding information. So it’s generated a response by panel array type and home square footage. And I can let my agent reason over that information, too. For example, if I’m new to the team and am looking for a product recommendation based on the size of a house. I’ll use my customer has a 2900 square foot home and wants the most efficient solar panel type and the right size solar panel array. What do you recommend? And here, it recommends a specific panel array based on the home size and tells me what panel type is most efficient with more detail. So, let’s rewind what we saw because I want to point out a few things. -First, unlike other options you may have tried, you don’t have to move your files outside of Microsoft 365. You don’t need to worry about version control. Your files are always up-to-date as you and your team continue to edit them. And your agent is always working with the latest information. And all of your data security protections, such as file labels and encryption, remain in place to help prevent data loss. Now, let me walk through another example of this, and this time I’ll customize the agent to show you the options. Let’s say that you spend a lot of time building written project plans. Each has a similar structure and tone, but details will change based on each project-related tasks and other aspects. Wouldn’t it be great to use your existing files as baseline templates, and then just point to a small set of details to author new project plans? Let me show you how that would work. So I’m looking at another SharePoint site for project planning. There are two folders here. This one contains all the recent completed project plans, like you saw before. -Now, I’ll show you what’s in the other folder. It contains project intake forms. I’ll also open up one of these intake forms. And you’ll see that it just lists key details and differentiators for one specific project. So, this time I’m just going to select the Completed Installation Project Plans folder as the baseline knowledge for my agent. Then I just need to click Create an agent. And if I wanted to, I could start using it right away by hitting Try it. But in this case, I want to add a few more details to make it easy for anyone on my team to start using it, so I’m going to choose Edit. Here, I can choose to rename. I’ll do that. There’s an option to brand it with a different icon image, but I’ll skip that for now, and give it a more detailed description here. In the Sources tab, I can see that my SharePoint folder is already selected, and I can choose to add another SharePoint site or more libraries, folders, or files. I can select here up to 20 sources. Importantly, agents do not grant access to your selected content. Which means that for anyone using the agent, they will only get responses based on the files and locations that they already have access to. In my case, I’m going to keep what’s on the Sources tab. -Now, I’ll move to the Behavior tab. Here, I can add a message to help others understand how best to use this agent. And below that, I can add starter prompts. These are recommendations that you can make for anyone to quickly get value from what your agent can do. I’m going to add one here for creating a new project plan based on the defined knowledge from our folder of completed project plans. It also has an instruction to reference a specific project intake form using the paperclip or forward slash. I can add two more starter prompts, but in this case, I’ll remove the other two by deleting the text. That way my agent is focused on this one task. Below that are the instructions for the agent. Here, it’s best to be very specific about your expectations for what it should do. I’m going to paste in a command to output content very close to our completed project plans. I can test it from here, but I’ll hit Save instead, so I can use it full screen from our SharePoint site. So now the agent is ready and discoverable for anyone with access and permissions to this SharePoint site. -Let’s try it out. This agent file is my new agent, and I’ll open it. And I’m going to use the starter prompt that I configured earlier. I’ll use this paperclip button to attach the project intake form that I just opened with the new details and submit my prompt. And you’ll see the output as it’s getting generated is following the structure of the completed project document and adding the details from the project intake form that I referenced in my prompt. Now I have a completed project plan like I wanted. Again, I didn’t need to move files from their original location, and everything remained within my compliance boundary in Microsoft 365. -From here, I can copy the output and put it into Word or an email and make any additional edits. And something else I want to show you is how you will be able to use this agent in the context of Microsoft Teams. I’m going to use Share and Copy link to add this to my clipboard. Now, I’ll move over to Microsoft Teams in a group chat. Note that this also works in meeting chats. So I’ll paste in the link and send it to the group. There it is. I’ll confirm that I want to add it to this chat. And from there, I can just@mentionmy agent to work with it like a team member in this chat. -This time, instead of asking it to generate a project plan, I’ll prompt it for details about the completed project plans in the knowledge source folder. I’ll prompt the agent with which project plans have been created for locations in Sunnyvale? And I can see that four of them are completed for that location. Now, I’ll prompt it, how many weeks does it take to run the full project for an A400 solar panel array? And it gives me a detailed breakdown of the project phases. Others in this chat can ask follow-up questions, like you’re seeing now, whether smaller homes take less time. And there is another detailed response. So, we can use this information for future projects and customer inquiries. Of course, that is just one example, and you can use the same approach to help develop other types of documents and collaborate with your team. And by the way, your context documents don’t need to be as structured or complete. They can even reference notes or meeting transcripts for similar outputs. -Now, let’s dig into the .agent files that you might have noticed earlier in our SharePoint document library. You can use these files and click on them to open your agents. And the files themselves contain everything that you configured in your agent. Here’s the agent file I built before and this is the schema. And you’ll see the starter prompts here, the agent name, the description that was added, and the instructions, and below that are the selected grounding data sources. Additionally, these files use the same labeling and policy protections as other files stored in SharePoint and OneDrive, too. -So, that was an overview of the approaches you can use for building agents. As you saw, all you need to bring to this experience is your content and an idea for where your agent can help you in the course of your day. Beyond building your own agents, each SharePoint site will include a built-in agent focused on the content on the site, so you can get started right away. For more ideas and details for building your own agents, check out aka.ms/SharePointAgentsAdoption to see what’s possible. And be sure to subscribe to Microsoft Mechanics, and thanks for watching.Oversharing Control at Enterprise Scale | Updates for Microsoft 365 Copilot in Microsoft Purview
Minimize risks that come with oversharing and potential data loss. Use Microsoft Purview and its new Data Security Posture Management (DSPM) for AI insights, along with new Data Loss Prevention policies for Microsoft 365 Copilot, and SharePoint Advanced Management, which is now included with Microsoft 365 Copilot. Automate site access reviews at scale and add controls to restrict access to sites if they contain highly sensitive information. Erica Toelle, Microsoft Purview Senior PM, shows how to control data visibility, automate site access reviews, and fine-tune permissions with Pilot, Deploy, Optimize phases. Protect your data from unwanted exposure. Find and secure high-risk SharePoint sites with Microsoft Purview’s oversharing report.Start here. Secure Microsoft 365 Copilot adoption at scale. Check out the Pilot-Deploy-Optimize approach, to align AI use with your organization’s data governance.Watch here. Boost security, compliance, and governance. Scoped DLP policies enable Microsoft 365 Copilot to respect data labels.Take a look. Watch our video here. QUICK LINKS: 00:00— Minimize risk of oversharing 01:24— Oversharing scenarios 04:03— How oversharing can occur 05:38— Restrict discovery & limit access 06:36— Scope sites 07:15— Pilot phase 08:16— Deploy phase 09:17— Site access reviews 10:00— Optimize phase 10:54— Wrap up Link References Check outhttps://aka.ms/DeployM365Copilot Watch our show on the basics of oversharing athttps://aka.ms/SMBoversharing Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube:https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community:https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast:https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter:https://twitter.com/MSFTMechanics Share knowledge on LinkedIn:https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram:https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok:https://www.tiktok.com/@msftmechanics Video Transcript: -Are you looking to deploy Microsoft 365 Copilot at scale, but concerned that your information is overshared? Ultimately, you want to ensure that your users and teams can only get to the data required to do their jobs and nothing more. For example, while using Microsoft 365 Copilot and interacting with work data, you don’t want information surfaced that users should not have permissions to view. So, where do you even start to solve for this? You might have hundreds or thousands of SharePoint sites to assess and right-size information access. Additionally, knowing where your sensitive or high value information resides and making sure that the policies you set to protect information continuously and avoid returning to an oversharing state, can come with challenges. -The good news is there are a number of updated tools and resources available to help you get a handle on all this. In the next few minutes, I’ll unpack the approach you can take to help you minimize the risks that come with oversharing and potential data loss using Microsoft Purview and its new Data Security Posture Management for AI insights, along with new Data Loss Prevention policies for Microsoft 365 Copilot and more. And SharePoint Advance Management, which is now included with Microsoft 365 Copilot. This helps you automate site access reviews at scale and adds controls to restrict access to sites even if they contain highly sensitive information. First, let’s look at how information oversharing can inadvertently occur just as it would with everyday search when using Microsoft 365 Copilot. -I’ll explain how it works. When you submit a prompt before presenting that to a large language model, the prompt is interpreted by Copilot and using a process called Retrieval Augmented Generation it then finds and retrieves grounding information that you are allowed to access in places like SharePoint, OneDrive, Microsoft Teams, your email and calendar, and optionally the internet, as well as other connected data sources. The retrieved information is appended to your prompt as additional context. Then that larger prompt is presented to the large language model. With that added grounding information, the response is generated then formatted for the app that you’re using. For this to work well, that information retrieval step relies on accurate search. And what’s important here is as you use Copilot it can only retrieve information that you explicitly have access to and nothing else. This is how search works in Microsoft 365 and SharePoint. The controls you put in place to achieve just enough access will reduce data security risk, whether you intend to use Microsoft 365 Copilot or not. -So, let me show you a few examples you may have experienced where content is overshared. I’ll start in Business Chat. I’m logged in is Adele Vance from the sales team. Her customers are pressuring her for information about new products that haven’t been internally or externally announced. She submits a prompt for 2025 product plans and the response returns a few clearly sensitive documents that she shouldn’t have access to, and the links in the response and in the citations take Adele right to those files. -Now, I’m going to switch perspectives to someone on the product planning team building the confidential plan stored in a private SharePoint site. I’m working on the 2025 product plan on a small team. This is the same doc that Adele just found in Business Chat, and if you look at the top of the document right now, there was one other person who I expect in the document. Then suddenly a few more people appear to have the document open and I don’t know who these people are and they shouldn’t be here. So, this file is definitely overshared. -Now, I’m going to switch back to Adele’s perspective as beyond the product planning doc. The response also describes a new project with the code name Thunderbolt. So, I’ll choose the Copilot recommended prompt to provide more details about Project Thunderbolt, and we can see a couple of recent documents with information that I as Adele should not have access to as a member of the sales team. In fact, if I open the file, I can get right to the detailed specifications and pricing information. -Now, let’s dig into the potential reasons why this is happening, and then I’ll cover how you discover and correct these conditions at enterprise scale. First, privacy settings for SharePoint sites can be set to public or private. These settings are most commonly configured as sites are created. Often sites are set to public, which means anyone in your organization can find content contained within those sites, and by extension, so can Microsoft 365 Copilot. -Next, is setting the default sharing option to everyone in an organization. One common misperception here is just by creating the link, you’re enabling access to that file, folder, or site automatically. That’s not how these links work though. Once a sharing link is redeemed or clicked on by the recipient, that person will have access to and be able to search for the shared content. There are, however, sharing approaches, which auto-redeem sharing links, such as pasting the link into an email and sending that to lots of people. In that case, those recipients have access to the content and will be able to search for it immediately. -Related to this is granting permissions to the everyone except external users group, as you define membership for your SharePoint sites. This group gives everyone in your organization access and the ability to search for that information too. And you’ll also want to look into permissions granted to other large and inclusive groups, which are often maintained using dynamic group membership. And if you’re using Data Loss Prevention, information protection, or other classification controls from Microsoft Purview, labeled content can also trigger sharing restrictions. -So, let’s move on to addressing these common issues and the controls you will use in Microsoft 365, Microsoft Purview, and SharePoint Advance Management. At a high level, there are two primary ways to implement protections. The first approach is to restrict content discovery so that information doesn’t appear in search. Restricting discovery still allows users to access content they’ve previously accessed as well as the content shared with them. The downsides are that content people should not have access to is still accessible, and importantly, Copilot cannot work with restricted content even if it’s core to a person’s job. So, we recommend restricting content discovery as a short-term solution. -The second approach is to limit information access by tightening permissions on sites, folders, and individual files. This option has stronger protections against data loss and users can still request access, if they need it to do their jobs. Meaning only people who need access have access. We recommend limiting access as an ongoing best practice. Then to scope the sites that you want to allow and protect, we provide a few options to help you know where to start. First, you can use the SharePoint Active sites list where you can sort by activity to discover which SharePoint sites should be universally accessible for all employees in your organization. Then as part of the new Data Security Posture Management for AI reporting in Microsoft Purview, the oversharing report lets you easily find the sites with higher risk containing the most sensitive information that you want to protect. The sites you define to allow access and limit access will be used in later steps. Now, let’s move on to the steps for repairing your data from Microsoft 365 Copilot. We’ve mapped best practices and tools for Copilot adoption across Pilot, Deploy, and Optimize phases. -First, in the Pilot phase, we recommend organization-wide controls to easily restrict discovery when using Copilot. This means taking your list of universally accessible sites previously mentioned, then using a capability called Restricted SharePoint search, where you can create and allow list of up to 100 sites, then allow just those sites to be used with search in Copilot. Then in parallel in Microsoft Purview, we’ll configure ways to get visibility into Copilot usage patterns where you can enable audit mode using Data Loss Prevention policies to detect sharing of labeled or unlabeled sensitive content. And likewise, you’ll enable analysis of Copilot interactions as a part of communication compliance. Again, these approaches do not impact information access only discoverability via Copilot and search. -Now, let’s move on to the broader Deploy phase where you will enable Copilot for more users. Here you’ll use the list of identified sites from Microsoft Purview’s oversharing report to identify sites with the most sensitive information. Controls in Microsoft Purview provide proactive information protection with sensitivity labels for your files, emails, meetings, groups, and sites. For each item, you can use more targeted controls to right-size site access by assigning permissions to specific users and groups. And when applied, these controls on the backend will move public sites to private and control access to defined site members based on the permissions you set. Next, you can enable new Data Loss Prevention from Microsoft 365 Copilot policies to exclude specific labels from Copilot prompts and responses. And you can change your DLP policies from the audit mode that you set during the Pilot phase to start blocking unnecessary sharing of labeled content where you’ll now turn on the policies in order to enforce them. -Then, two options from SharePoint Advance Management are to use restricted access control to limit access to individual sites. That way only members in defined security groups will have access, and to limit site access by operationalizing site owner access reviews. Then as an additional fine-tuning option, you can target restricted content discovery on individual sites, like you see here with our leadership site to prevent Copilot from using their content as you continue to work through access management controls. And as part of the Deploy phase, you’ll disable restricted SharePoint search once you have the right controls in place. Together, these options will impact both access permissions, as well as discovery via Copilot and search. -Next, the final Optimize phase is about setting your organization up for the long term. This includes permissioning, information classifications, and data lifecycle management. Here you’ll continually monitor your data security risks using oversharing reports. Then implement auto-labeling and classification strategies using Microsoft Purview, and ensure that as new sites are created, site owners and automated provisioning respect access management principles. These processes help ensure that your organization doesn’t drift back into an oversharing state to keep your data protected and ongoing permissions in check. Now, if we switch back to our initial user examples in Business Chat with our controls in place, if we try the same prompts as before, you’ll see that Adele can no longer access sensitive information, even if she knows exactly what to look for in her prompts. The data is now protected and access has been right-sized for everyone in the organization. -So, those are the steps and tools to prepare your information from Microsoft 365 Copilot at enterprise scale, and help ensure that your data is protected and that everyone has just enough access to do their jobs. To learn more, check out aka.ms/DeployM365Copilot. Also, watch our recent show on the basics of oversharing at aka.ms/SMBoversharing for more tips to rightsize permissions for SharePoint site owners. Keep watching Microsoft Mechanics for the latest updates and thanks for watching.
