Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Copilot Studio users can implement skills in Copilot Studio.
Note
For additional details, see Same-tenant restriction.
These skills have the following artifacts which refer to multitenant and single-tenant implementations:
- an Entra ID app registration
- a deployment (also referred to as a descriptor)
- the source code
The Copilot Studio agent calls the skill based on the Bot Framework SDK, as shown in the following illustration:
In this scenario, the following actions occur:
- Copilot Studio creates the token as per the app registration setting. For newly created Copilot Studio agents, this is single-tenant, which means that the token audience is set to the same tenant ID as the agent.
- Copilot Studio only accepts tokens for the tenant ID the agent is in, or for the Bot Framework tenant.
- Entra ID only issues tokens for the Bot Framework tenant if the skill is multitenant.
For skills already deployed to the same tenant as the Copilot Studio agent, but the skill is used by an existing multitenant agent, you must update the multitenant skill to also accept a single-tenant skill token.
Update the skill's validation configuration to include the tenant ID of the agent. For example start by adding this code to the Startup.cs of your skill. Update line 38 of the code snippet to specify the tenant ID string inline.
In the configuration of your skill, do not set
MicrosoftAppTenantId.Keep the value of
MicrosoftAppTypein the configuration set toMultiTenant.Build the skill and deploy it again.
The skill's application registration must be in the same tenant as your agent for the skill to work with a single-tenant agent.
You can now add the updated skill into a single-tenant or multitenant agent. For each Copilot Studio agent, the skill must be deployed with its application registration in the tenant where the agent using the skill was created.