Roles and privileges
Microsoft 365 Copilot for Service uses your organization's existing access controls and user permissions set for your customer relationship management (CRM) system. Make sure that your admins have the permissions they need to customize the CRM, and that your users have the permissions they need to view, update, and create records in the CRM from Copilot for Service.
If you change a user's permissions or security roles in your CRM, the user must sign out of Copilot for Service in Outlook and then sign in again for the changes to be reflected. It might take up to 15 minutes for changes in user permissions or security roles in the CRM to show up in the Copilot for Service app in Teams.
Permissions for Salesforce administrators
To customize Copilot for Service, Salesforce admins need to be assigned a user profile that has Modify All Data or Manage Data Integrations permission. The permission must be assigned to the user profile, not in a permission set that's assigned to the user.
Additionally, Salesforce admins need to configure knowledge fields manually. More information: Environment-level settings
Permissions for Salesforce users
To use Copilot for Service, Salesforce users must have Lightning Knowledge enabled and assigned to a user profile that has Read permission to the knowledge object.
Permissions for Dynamics 365 administrators
The System Administrator or System Customizer role, or their custom equivalents, must have the Copilot for Service Administrator security role and Read privileges on the User
table.
Permissions for Dynamics 365 agents
The Supervisor and agent roles, or their custom equivalents, must have the Copilot for Service Agent security role and Read privileges on the User
table.
The Copilot for Service Agent security role adds to the custom security roles. It doesn't replace them. If a custom security role that's assigned to agents doesn't have any of the privileges in the Supervisor or agent security role, agents might see errors related to their permissions.
See also
Assign a security role to a user
Create or edit a security role to manage access
Security roles and privileges.