Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Work IQ is a workplace intelligence layer that delivers a semantic understanding of everything happening across your business. It enables developers to build agents, applications, and workflows that securely reason over Microsoft 365 and connected business systems, with grounded, permission-aware context applied automatically. This approach eliminates the need to build custom retrieval pipelines, orchestration logic, or compliance enforcement for workplace intelligence.
This guide covers enabling Work IQ in your tenant.
Prerequisites
- A usage-based billing plan set up in Copilot Studio with an Azure subscription and resource group assigned. For more information about Work IQ billing, see Understand usage-based billing and cost management for Copilot Credits.
- The user assigned to the billing plan
- A user with Global Administrator role for the one-time Work IQ setup
Enable Work IQ API in your organization
⏱️ ~5 minutes, one-time per organization.
This section creates the Work IQ service principal in your organization, which provisions the Work IQ resource so your applications can request tokens for it. You (or your organization's Global Administrator) can use the Microsoft Entra admin center or the Azure CLI to complete the following steps.
Go to Graph Explorer and sign in with an admin account.
Set the method to POST and the URL to
https://graph.microsoft.com/v1.0/servicePrincipals. Graph Explorer surfaces relevant scopes based on the URL and method, so enter the URL before consenting in the next step.Select Modify permissions and consent to
Application.ReadWrite.All. This step is a one-time admin action and grants the scope only for your own Graph Explorer session. It doesn't change organization-wide permissions.Enter the following in the Request body.
{ "appId": "fdcc1f02-fc51-4226-8753-f668596af7f7" }Select Run query. A 201 Created response confirms success. A conflict error means the service principal already exists.
You should now have two values: APP_ID and TENANT_ID. Keep these values available as you'll use them when testing with the A2A sample code via --appid and --tenant parameters.
Your tenant is now ready to test. To test your configuration by using the provided sample code, see the A2A quickstart guide.