Understanding Microsoft Copilot integration with Entra ID and connectors

Question

Hi Team,

I am currently exploring Microsoft Copilot integration with Microsoft Entra ID and had a few questions:

1. How can we retrieve Microsoft Entra ID user details (such as users, groups, or sign-in logs) using Microsoft Copilot?
   • Is there any specific setup or prerequisite required for this?
   1. Is there any default or built-in connector available in Microsoft 365 Copilot for Microsoft Entra ID?
      • Or do we need to use Microsoft Graph API or create a custom connector for accessing Entra data?
      1. How does Microsoft 365 Copilot support Microsoft Entra ID internally?
         • Does it directly use Microsoft Graph, or is there any intermediate service or plugin involved?

Any guidance, documentation, or best practices would be really helpful.

Thanks in advance!

Answer 1

1. Retrieving Microsoft Entra ID user details with Microsoft 365 Copilot

The provided information only covers how Copilot connectors integrate external data sources into Microsoft 365 and how Entra identities are mapped for permissions. It does not describe any Copilot experience that lets users query Entra ID objects (users, groups, sign-in logs) directly via Copilot.

From the available information, Copilot uses Microsoft Entra ID identities primarily to:

• Control access to external data indexed via Copilot connectors.
• Map external identities (for example, from iManage, Tableau, Unily) to Entra users so that ACLs are enforced correctly.

Examples:

• For Unily, the connector maps the user’s email in Unily to the userPrincipalName or mail attribute in Entra ID, or uses a custom non-Entra mapping if needed.
• For Tableau Cloud, the connector can treat users as Entra or non-AAD and uses email/UPN alignment to enforce “Only people with access to this data source.”
• For iManage Cloud, the connector supports identity mapping based on userPrincipalName or mail only.

There is no description in the context of Copilot exposing Entra user, group, or sign-in log data as a queryable domain through a Copilot “connector” or built-in skill.

2. Built-in connector for Microsoft Entra ID vs Graph/custom connector

The context lists:

• Prebuilt connectors for many external systems (Box, Salesforce, ServiceNow, Tableau, Unily, iManage, Azure DevOps Wiki, etc.).
• The option to build custom connectors using the Microsoft Graph connectors APIs or Microsoft 365 Agents Toolkit.

It does not list a prebuilt “Microsoft Entra ID” Copilot connector. Instead, Entra is used as the identity system that:

• Authenticates users.
• Provides attributes (UPN, mail, etc.) for mapping to external identities.

For custom data sources, a developer can:

• Use the Microsoft Graph connectors APIs to define a schema, register a connection, and ingest external data into Microsoft Graph for Copilot and Microsoft Search.

However, the context does not describe using a Graph connector to surface Entra directory data itself into Copilot, nor does it describe a dedicated Entra connector.

3. Internal use of Microsoft Entra ID and Microsoft Graph by Microsoft 365 Copilot

From the available information:

• Copilot connectors ingest external content into Microsoft Graph so that Copilot can access and summarize it.
• Security and data access controls are preserved by mapping external ACLs to Entra identities.
• Data is stored in the Microsoft 365 tenant’s region when ingested via connectors.
• To build custom Graph connectors, an app must be registered in Entra ID and granted the required Microsoft Graph permissions.

This shows that:

• Microsoft 365 Copilot relies on Microsoft Graph as the platform where external content is indexed.
• Microsoft Entra ID is the identity provider used for authentication, authorization, and ACL mapping.

The context does not describe any additional intermediate “plugin” layer between Copilot and Microsoft Graph beyond the documented Graph connectors platform and Copilot connectors service.

4. Setup and prerequisites (from the connector/identity perspective)

For integrating external systems with Copilot while respecting Entra identities:

• Use prebuilt Copilot connectors where available (for example, Unily, Tableau Cloud, iManage Cloud, Azure DevOps Wiki). In the Microsoft 365 admin center, go to Copilot → Data connections → Gallery, choose a connector, and configure it.
• When configuring a connector, choose the access model:
  • “Only people with access to this data source” (recommended) or
  • “Everyone” (for some connectors).
• If “Only people with access to this data source” is selected and identity systems differ, configure identity mapping:
  • Map external identities to Entra attributes such as userPrincipalName or mail.
  • For some connectors (for example, iManage Cloud), only specific attributes (UPN, mail) are supported and regex patterns must fully match the attribute value.
• For custom data sources, build a custom Microsoft Graph connection:
  • A search administrator must register an application in Entra ID and grant the required Microsoft Graph permissions.
  • Enable the connection for inline results in the Search & intelligence section of the Microsoft 365 admin center.

These steps ensure Copilot can use Entra identities to enforce permissions on external content, but they do not turn Copilot into a general Entra directory or sign-in log query interface.

---

References:

• Microsoft 365 Copilot connectors FAQ
• Map Microsoft Entra identities
• Microsoft 365 Copilot connectors overview
• iManage Cloud Microsoft 365 Copilot connector (preview)
• Tableau Cloud Microsoft 365 Copilot connector (preview)
• Unily Microsoft 365 Copilot connector
• Azure DevOps Wiki Microsoft 365 Copilot connector
• Microsoft Graph connectors for Microsoft 365 Copilot