>
    Strata Copilot
    (For Agent Only) Microsoft Copilot Studio Connection Method
    Focus
    Download PDF
    Focus
    1. Home
    2. Prisma AIRS
    3. AI Red Teaming
    4. Identify AI System Risks with AI Red Teaming
    5. Get Started with Prisma AIRS AI Red Teaming
    6. Targets
    7. (For Agent Only) Microsoft Copilot Studio Connection Method
    Download PDF
    Prisma AIRS

    (For Agent Only) Microsoft Copilot Studio Connection Method

    Table of Contents

    (For Agent Only) Microsoft Copilot Studio Connection Method

    This topic introduces Microsoft Copilot Studio agents and the components needed to configure red teaming assessments.
    Microsoft Copilot Studio is a low-code development platform that enables you to build conversational AI agents for your enterprise. These agents can interact with users through natural language, execute business workflows, and integrate with various Microsoft services and third-party applications. When you deploy Copilot Studio agents in your environment, they often have access to sensitive internal tools, data sources, and automation capabilities through Power Automate flows, making them potential targets for security vulnerabilities that require thorough assessment.
    When you configure a Microsoft Copilot Studio agent as a target in AI Red Teaming, the system establishes a native connection to your Copilot deployment through the Power Platform APIs. This connection enables the AI Red Teaming engine to interact with your agent in the same manner that end users would, sending conversational inputs and observing the agent's responses and tool invocations.
    When you connect to Microsoft Copilot Studio agents through AI Red Teaming, you must authenticate using delegated permissions as required by the Power Platform APIs. This authentication flow necessitates that you physically log in through Microsoft's login page to verify your identity and provide consent for the application to act on your behalf. Service-to-service authentication is not available for this integration, as support for this capability depends on Microsoft's own implementation roadmap and timeline for enabling application permissions in the Power Platform APIs. When adding a MS Copilot Studio agent as your target, you can use either No Authentication or Authenticate using Microsoft.
    Prerequisites
    Register your application in Microsoft Entra ID and configure Microsoft Copilot Studio authentication to enable AI Red Teaming to access and test protected resources.
    1. After specifying Target Details, set the Connection Method to Microsoft Copilot Studio.
    2. Get the Agent information.
      1. Login to https://copilotstudio.microsoft.com/.
      2. On the left panel, click on Agents.
      3. Search for your agent.
      4. Select your agent and then Settings.
      5. Navigate to AdvancedMetadata.
      6. Make a note of the Environment ID and Schema Name for future reference.
      7. Keep a record of the Tenant ID.
        The agent and application registration that you will create should be in the same tenant.
    3. Configure Endpoint Accessibility. This field indicates if your endpoint is Public or Private (secured within a private network).
    4. Select Add/Verify Parameters.
      Microsoft Copilot Studio agents currently utilize Power Platform APIs that exclusively support delegated permissions, requiring you to authenticate through Microsoft's login page to verify their identity and grant consent for the app to act on their behalf. Service-to-Service authentication is not currently supported and depends on Microsoft's future implementation roadmap.
      1. Configure Access Credentials.
        1. Client ID—The application identifier assigned to your registered application in Azure Active Directory. This ID uniquely identifies the AI Red Teaming application when it requests access to your Copilot Studio agent on your behalf. You obtain the Client ID when you register an application in the Azure Portal to enable API access.
        2. Secret—The confidential credential associated with your registered application that proves the application's identity during the authentication process. This secret works in combination with the Client ID to securely authenticate API requests to your Copilot Studio agent through the Power Platform APIs. You generate the Client Secret in the Azure Portal when configuring your application registration, and you should treat it as a password that must be kept secure.
        3. Tenant ID—The unique identifier for your Microsoft Azure Active Directory tenant. This ID specifies which organizational directory contains your Copilot Studio resources and determines the authentication boundary for accessing your agents. You can find your Tenant ID in the Azure Portal under Azure Active Directory properties.
      2. Add Agent Configuration.
        1. Schema Name—The unique identifier for your specific Copilot Studio agent within your Microsoft environment. This name corresponds to the schema name assigned to your copilot when it was created in Copilot Studio and is used to route API requests to the correct agent instance.
        2. Environment ID—The unique identifier for the Power Platform environment where your Copilot Studio agent is deployed. This ID specifies which organizational environment contains your copilot resources and ensures that Prisma AIRS connects to the correct deployment instance.
      Following message is displayed when the authentication is successful.
    5. Click Next: Advanced Configurations.
      In the Advanced Configurations page you'll configure Rate Limits and set Guardrails/Content Filters.
    6. (Optional) Enable Rate Limits for applications on the target endpoint.
      1. Specify the Endpoint Rate Limit. This value represents the maximum number of allowed requests per minute for the specified endpoint.
      2. Specify the Endpoint Rate Limit Error Code. This field represents the error code your system uses for rate limiting violations.
      3. Provide a Sample Exception JSON.
    7. (Optional) Enable Guardrails/Content Filters. These fields are used for output guardrails or content filters applicable on the target endpoint.
      1. Specify the Error code for Guardrails or Content Filters. This field represents the error code your system uses when a response is prevented by filters or safeguards.
      2. Provide a Sample Exception JSON.
      3. Select
        .
        Only after a target is successfully validated, you can add target background information.
    8. (Mandatory) Configure Target Background.
      AI Red Teaming collects and organizes the Target background information about your target endpoint. Target background encompasses mandatory elements such as, industry classification, use case definition, and competitive landscape analysis, along with optional documentation uploads including company policy documents and other relevant materials.
      Target background information is mandatory for all the target types.
      1. Add Industry information.
      2. Add Use Case, that is specific role of the target such as customer service or additional comments.
      3. (Optional) Select Add Competitor to add the list of Competitors.
      4. Enable Agentic Profiling.
        Agentic Profiling in AI Red Teaming helps gather all relevant context about a target endpoint such as its business use case, background, key capabilities, technical architecture and other critical information. This is carried out by an autonomous agent probing the target endpoint with the right prompts. All information gathered through this exercise is presented as the Target's profile and is used downstream in AI Red Teaming Scans using the Agent.
    9. Select Submit.
      Once the target is created you can start a scan, or view previously created targets:

    © 2026 Palo Alto Networks, Inc. All rights reserved.