>
    Strata Copilot
    Onboard Microsoft Copilot Studio to SaaS Agent Security
    Focus
    Download PDF
    Focus
    1. Home
    2. SaaS Agent Security
    3. Onboard Microsoft Copilot Studio to SaaS Agent Security
    Download PDF
    SaaS Agent Security

    Onboard Microsoft Copilot Studio to SaaS Agent Security

    Table of Contents

    Onboard Microsoft Copilot Studio to SaaS Agent Security

    Onboard Microsoft Copilot Studio to SaaS Agent Security to gain deep visibility and security for your AI-powered Microsoft copilots and apps.
    Onboard Microsoft Copilot Studio to SaaS Agent Security to gain deep visibility and security for your AI-powered copilots and apps.
    Prerequisites
    • Ensure you configure the Microsoft Copilot Studio SaaS Security Posture Management connector before onboarding Microsoft Copilot Studio to SaaS Agent Security.
    • Ensure you have Administrative privileges in the Microsoft Azure portal to register apps and grant API permissions.
    • Ensure you have System Administrator or Power Platform Administrator role to add app users to the relevant environment.
    Onboarding Microsoft Copilot Studio to SaaS Agent Security consists of the following two main steps:
    • Configure Permissions in Microsoft Azure—Create an app registration in your Microsoft Azure Portal to grant Palo Alto Networks® secure, read-only access to your Microsoft Copilot Studio environment.
    • Onboard Microsoft Copilot Studio to SaaS Agent Security—Use the credentials generated during the configuration process to establish the connection the Palo Alto Networks SaaS Agent Security platform and your Microsoft Copilot Studio environment.
    1. Register a new app in Microsoft Azure.
      1. Log in to Microsoft Azure Portal.
      2. Navigate to or search for App registrations.
      3. Click + New Registrations.
      4. Enter a descriptive Name for the app. For example, PaloAltoNetworks_Agent_Security_Connector.
      5. Register.
    2. Configure API permissions for the new app.
      1. From the new app details page, select ManageAPI permissions.
      2. Click + Add a permission.
      3. Add the following Microsoft Graph permissions:
        • Application.Read.All
        • AuditLog.Read.All
        • AuditLogsQuery-CRM.Read.All
        • AuditLogsQuery.Read.All
      4. Click Add permissions to save the app API permissions.
      5. The permissions you added require admin consent. On the Configured permissions page, Grant admin consent for <your-organization>.
      6. In the confirmation page, select Yes to grant admin consent for your organization.
    3. Create a Client Secret for the new app.
      1. From the new app details page, select Managecertificates & secrets.
      2. Add a + New client secret.
      3. Enter a description (for example, SaaS_Security_Key) and select an expiration period.
      4. Add the Client Secret.
      5. Copy the Client Secret Value and store it in a secure location.
    4. Grant the app access in the Microsoft Power Platform admin center.
      1. Log in to Microsoft Power Platform Admin Center.
      2. Select ManageEnvironments and select your Copilot Studio environment.
      3. Select SettingsUsers + permissionsApplication users and click + New app user.
      4. Click + Add an app and search for the app you created in the previous step.
      5. Select the correct Business unit from the drop-down.
      6. Click the pencil icon next to Security roles and then assign the Service Reader role.
      7. Click Create to save the app access privileges.
    5. Gather the required information to onboard Microsoft Copilot Studio to SaaS Agent Security.
    6. Onboard Microsoft Copilot Studio to SaaS Agent Security.
      1. Log in to Strata Cloud Manager.
      2. Select ConfigurationAgent Security.
      3. Select Agent Platform Onboarding and select Microsoft Copilot Studio.
        Click Next to continue.
      4. Click Get Started.
      5. Enter the required credentials for the Microsoft Copilot Studio app.
        • Tenant ID
        • Client ID
        • Client Secret
      6. Enter the Environment URL for Microsoft Copilot Studio app.
        Click Add Environment to add additional Environment URLs if you have multiple Microsoft Copilot Studio environments you want to monitor with SaaS Agent Security.
      7. Click Next to validate the Microsoft Copilot Studio credentials and environment and complete the onboarding to SaaS Agent Security.
        SaaS Agent Security notifies you when Microsoft Copilot Studio successfully onboards. SaaS Agent Security returns one of the following errors if Microsoft Copilot Studio fails to onboard:
        • Permission Errors during Scan— Verify you entered all credentials correctly and that you granted Admin Consent when you configured the Azure API Permissions.
        • Connection Test Fails— Confirm you assigned the Service Reader role in the Power Platform Admin Center.

    © 2026 Palo Alto Networks, Inc. All rights reserved.