User Profile
johnjohn-Peter
Steel Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Questions about Copilot Agents created using copilot studio, that use SharePoint & data-verse
I have developed many copilot agents using copilot studio, which have SharePoint sites and datavesrse tables as their source.. but i have those questions that i can not find a clear answers on them:- 1- Is there an order to how knowledge sources are indexed by a copilot agent? and if the source is SharePoint does Copilot use the classic SharePoint search ? 2- Why do we sometimes get inconsistent answers when asking the same questions? 3-Is there a way to integrate a PowerBI list instead of a SharePoint list? 4- Can the agent learn through user interaction? does generative AI need to be turned on for this to occur? In other words, if we have the same source, should we expect the same Copilot agent to provide more clear answers in the future, due to improvement to the underlying AI algorithms? ThanksSharePoint Online REST API using Azure Function Managed Identity
I have created an Azure Function which uses .NET Core 8.0. and i enabled its managed identity:- also i accessed the azure function from "Enterprise Application", and i copied its AppID:- Then i run those commands as per this official documentation for Microsft @ https://learn.microsoft.com/en-us/sharepoint/dev/apis/webhooks/sharepoint-webhooks-using-azd-template#grant-the-function-app-access-to-sharepoint-online :- # This script requires the modules Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns, which can be installed with the cmdlet Install-Module below: # Install-Module Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Repository PSGallery -Force Connect-MgGraph -Scope "Application.Read.All", "AppRoleAssignment.ReadWrite.All" $managedIdentityObjectId = "******" # 'Object (principal) ID' of the managed identity $scopeName = "Sites.Selected" $resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # SPO $targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | ? Value -eq $scopeName $appRoleAssignment = @{ "principalId" = $managedIdentityObjectId "resourceId" = $resourceAppPrincipalObj.Id "appRoleId" = $targetAppPrincipalAppRole.Id } New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityObjectId -BodyParameter $appRoleAssignment | Format-List and this command, on the Analytics site:- Connect-PnPOnline -Url "https://YOUR_SHAREPOINT_TENANT_PREFIX.sharepoint.com/sites/analytics" -Interactive -ClientId "YOUR_PNP_APP_CLIENT_ID" Grant-PnPAzureADAppSitePermission -AppId "****" -DisplayName "YOUR_FUNC_APP_NAME" -Permissions Manage Everything went well, then I verify the above for the Analytics site, as follow:- here is my code inside Azure Function, to get the items inside a list named "Call Transfer Log Data":- accessToken = await GetJwtTokenUsingSystemManagedIdentity(); try { string siteUrl = "https://***.sharepoint.com/sites/analytics"; string listName = "Call Transfer Log Data"; string tenant = "****"; string site = "analytics"; string listTitle = "Call Transfer Log Data"; siteUrl = $"https://{tenant}.sharepoint.com/sites/{site}"; string apiBaseUrl = $"{siteUrl}/_api/web/lists/GetByTitle('{listTitle}')/items"; var httpClient = new HttpClient(); httpClient.DefaultRequestHeaders.Authorization = new AuthenticationHeaderValue("Bearer", accessToken); httpClient.DefaultRequestHeaders.Accept.ParseAdd("application/json;odata=verbose"); string filterDate = DateTime.UtcNow.AddDays(-120).ToString("yyyy-MM-ddTHH:mm:ssZ"); string requestUrl = $"{apiBaseUrl}?$filter=Modified ge datetime'{filterDate}'&$top=100&$orderby=Modified desc"; bool hasMore = true; int page = 1; List<CallTransferLogData> responseContent = new List<CallTransferLogData>(); while (hasMore) { Console.WriteLine($"Fetching page {page}..."); var request = new HttpRequestMessage(HttpMethod.Get, requestUrl); var response = await httpClient.SendAsync(request); Console.WriteLine("Raw response "); Console.WriteLine(response); string content = await response.Content.ReadAsStringAsync(); using JsonDocument doc = JsonDocument.Parse(content); Console.WriteLine($"Parse doc {page}..."); Console.WriteLine("Raw response content:"); Console.WriteLine(content); var root = doc.RootElement.GetProperty("d"); Console.WriteLine($"Building Root {page}..."); // Process results foreach (var item in root.GetProperty("results").EnumerateArray()) {//code goes here;; }//end of try private static async Task<string> GetJwtTokenUsingSystemManagedIdentity() { string resource = "https://****.sharepoint.com/.default"; var credential = new DefaultAzureCredential(); var tokenRequestContext = new TokenRequestContext(new[] { resource }); var token = await credential.GetTokenAsync(tokenRequestContext); Console.WriteLine("Toekn is " + token.Token) ; return token.Token; } but the content will be {"error_description":"ID3035: The request was not valid or is malformed."} the full response will be:- 2025-04-22T16:31:38Z [Information] StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.HttpConnectionResponseContent, Headers: 2025-04-22T16:31:38Z [Information] { 2025-04-22T16:31:38Z [Information] Cache-Control: private 2025-04-22T16:31:38Z [Information] Server: Microsoft-IIS/10.0 2025-04-22T16:31:38Z [Information] X-NetworkStatistics: 0,********0 2025-04-22T16:31:38Z [Information] x-ms-diagnostics: 3001000;reason="There has been an error authenticating the request.";category="invalid_client" 2025-04-22T16:31:38Z [Information] IsOCDI: 0 2025-04-22T16:31:38Z [Information] X-DataBoundary: NONE 2025-04-22T16:31:38Z [Information] X-1DSCollectorUrl: https://mobile.events.data.microsoft.com/OneCollector/1.0/ 2025-04-22T16:31:38Z [Information] X-AriaCollectorURL: https://browser.pipe.aria.microsoft.com/Collector/3.0/ 2025-04-22T16:31:38Z [Information] SPRequestGuid: 4***2 2025-04-22T16:31:38Z [Information] request-id: 4***2 2025-04-22T16:31:38Z [Information] MS-CV: o****/Q8g.0 2025-04-22T16:31:38Z [Information] SPRequestDuration: 56 2025-04-22T16:31:38Z [Information] SPIisLatency: 2 2025-04-22T16:31:38Z [Information] X-Powered-By: ASP.NET 2025-04-22T16:31:38Z [Information] MicrosoftSharePointTeamServices: 16.0.0.26002 2025-04-22T16:31:38Z [Information] X-Content-Type-Options: nosniff 2025-04-22T16:31:38Z [Information] X-MS-InvokeApp: 1; RequireReadOnly 2025-04-22T16:31:38Z [Information] P3P: CP="ALL ****" 2025-04-22T16:31:38Z [Information] WWW-Authenticate: Bearer realm="e****20",client_id="00000003-******00-000000000000",trusted_issuers="00000001-0000-0000-c000-000000000000@*,D****@*,https://sts.windows.net/*/,https://login.microsoftonline.com/*/v2.0,00000003-0000-0ff1-ce00-000000000000@***b",authorization_uri="https://login.microsoftonline.com/common/oauth2/authorize" 2025-04-22T16:31:38Z [Information] Date: Tue, 22 Apr 2025 16:31:36 GMT 2025-04-22T16:31:38Z [Information] Content-Length: 74 2025-04-22T16:31:38Z [Information] } Also when i decode the token, i got those valid claims for all the properties.. So why the code is not working? ThanksAzure Function managed identity is raising this error "Access Denied"
We have an Azure Function on .NET 8.0. and we enabled the managed identity of the Azure Function. Then we run those commands as per this official MS link https://learn.microsoft.com/en-us/sharepoint/dev/apis/webhooks/sharepoint-webhooks-using-azd-template#grant-the-function-app-access-to-sharepoint-online:- Power shell command: # This script requires the modules Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns, which can be installed with the cmdlet Install-Module below: # Install-Module Microsoft.Graph.Authentication, Microsoft.Graph.Applications, Microsoft.Graph.Identity.SignIns -Scope CurrentUser -Repository PSGallery -Force Connect-MgGraph -Scope "Application.Read.All", "AppRoleAssignment.ReadWrite.All" $managedIdentityObjectId = "d3e8dc41-94f2-4b0f-82ff-ed03c363f0f8" # 'Object (principal) ID' of the managed identity $scopeName = "Sites.Selected" $resourceAppPrincipalObj = Get-MgServicePrincipal -Filter "displayName eq 'Office 365 SharePoint Online'" # SPO $targetAppPrincipalAppRole = $resourceAppPrincipalObj.AppRoles | ? Value -eq $scopeName $appRoleAssignment = @{ "principalId" = $managedIdentityObjectId "resourceId" = $resourceAppPrincipalObj.Id "appRoleId" = $targetAppPrincipalAppRole.Id } New-MgServicePrincipalAppRoleAssignment -ServicePrincipalId $managedIdentityObjectId -BodyParameter $appRoleAssignment | Format-List And this pnp command: Connect-PnPOnline -Url "https://YOUR_SHAREPOINT_TENANT_PREFIX.sharepoint.com/sites/YOUR_SHAREPOINT_SITE_NAME" -Interactive -ClientId "YOUR_PNP_APP_CLIENT_ID"` Grant-PnPAzureADAppSitePermission -AppId "3150363e-afbe-421f-9785-9d5404c5ae34" -DisplayName "YOUR_FUNC_APP_NAME" -Permissions Manage Here is the code for the Azure Function, which uses the login user credential if I am inside development machine and uses the Azure Function managed identity on the hosted app: if (Environment.GetEnvironmentVariable("AZURE_FUNCTIONS_ENVIRONMENT") == "Development")` { var credential = new InteractiveBrowserCredential(); // or AzureCliCredential graphClient = new GraphServiceClient(credential); } else { var credential = new DefaultAzureCredential(); // Managed Identity graphClient = new GraphServiceClient(credential); var token = await new DefaultAzureCredential().GetTokenAsync( new TokenRequestContext(new[] { "https://graph.microsoft.com/.default" }) ); _logger.LogInformation("Token acquired: " + token.Token.Substring(0, 20) + "..."); } //Call to get the "Call Transfer Log Data" sharepoint list data` try { var sitePath = "e**87"; var listId = "6*`*`*`*`"; var allItems = new List<ListItem>(); // Initial page request with Expand = fields var page = await graphClient .Sites[sitePath] .Lists[listId] .Items .GetAsync(config => { config.QueryParameters.Top = 100; config.QueryParameters.Expand = new string[]{ "fields($select=*)" }; }); allItems.AddRange(page?.Value ?? []); // code goes here... } Then I verified the setting, but running this command: Get-PnPAzureADAppSitePermission -Site "<Site URL>" I get this result: Id : ***...-.... Roles : {Manage} App : Microsoft.Azure.Functions – 3150363e-afbe-421f-9785-9d5404c5ae34 In the development environment, the code is working fine, while in the hosted Azure Function, the code raised an exception: Access Denied Any advice? It seems I use all the needed settings.Read-Only permission is able to create new list item using the list forms shared with them
I have 2 users; Admin & Test User. Now i created a new custom list >> and i granted the Test User Read permission on the list. as follow:- So when the Test user accesses the list >> they can not add/edit items which is logical.. Now using the admin user, i created a new list form >> and i copied the form link and send it to the test user :- then the test user was able to add a new list item through the form:- so how come a user with Read-Only permission, is able to do so??? i need a fix to this please? as this can break our business logic and security constraints. ThanksHow to get a user P.O. Box from Active directory using Graph API
Inside our Active Directory, we have this value for the P.O Box:- now i want to get this value based on the user's email address using graph api, i tried those endpoint, but never able to get the P.O. Box value, here what i tried:- 1) https://graph.microsoft.com/beta/users/<useremail>/profile/ I got this as part of the response, "company": { "displayName": "****", "pronunciation": null, "department": "***", "companyCode": null, "officeLocation": "****", "webUrl": null, "secondaryDepartment": null, "address": { "type": "business", "postOfficeBox": null, "street": "****", "city": "***", "state": "***", "countryOrRegion": "**", "postalCode": "***" } } } there there is postOfficeBox but it is null 2) https://graph.microsoft.com/v1.0/users/<email address> this does not include P.O. Box any advice?Get files from SharePoint, send the result to Copilot, show the documents as list inside Copilot
I am trying to create a copilot inside copilot studio, which do the following:- 1) Call a Power Automate Flow to return the documents from a SharePoint online document library. 2) I will select the File name and File URL only 3) Send the documents to Copilot. 4) then i need to build a list inside a Copilot Question, to select a Document, as i want to send the document to another power automate flow. Here what i have :- 1) Inside Copilot i am calling the flow:- 2) Here is the flow. Where i got the files, Select the Name & Url, initialize the variable with the output of the Select, and return the variable to Copilot, after converting the variable into json() :- here is sample of the response from the flow:- { "r": " [ {\"Name\":\"New Microsoft Word Document (4)\",\"Url\":\"https://**.sharepoint.com/sites/Copilot/New/New%20Microsoft%20Word%20Document%20(4).docx?d=w36a23c408c844a4ebf4d444f8777a975\"}, {\"Name\":\"VScompleted\",\"Url\":\"https://**.sharepoint.com/sites/Copilot/New/VScompleted.png\"}, {\"Name\":\"Salary\",\"Url\":\"https://***.sharepoint.com/sites/Copilot/New/Salary.docx?d=wcf24819ffdcf4616873cd50c24f1b1d0\"} ] " } but how i can convert this JSON to a table inside Copilot and show this table as a question to the user, to select a specific document? ThanksAsk Copilot Agent created using Copilot Studio about custom metadata
I created an Agent using Copilot Studio, and i define the source to be a SharePoint online site. The site contain a document library which contain custom column named "MCProjectLeadUse" of type People or Group, Now if i directly asked the agent about the MCProjectLeadUser for a document named "Salary.docx", i will get this reply that it can not find this custom column:- So the only way i find it to fix this, is to create a Power Automate, which accept the entered file name , and return the custom field as follow:- and call this power automate from the copilot, as follow:- but is there a more appropriate approach to do this? as doing this inside Power Automate, means that we are not fully benefiting from AI capabilities, but rather return the values inside structured power automate flows using the traditional none-AI approach. So what if we add new custom column? or remove existing columns? can not we force the Agent to understand those custom properties out of the box? instead of using power automate? ThanksWhat is the best place inside Office 365 to store MXF files which have sizes between 35-50 GB
We have many large MXF files which have sizes between 35-50 GB. currently we are storing those files inside SharePoint online document libraries:- but seems SharePoint online is not designed to handle such large files. so my question is what is the best place to store those large files inside Office 365?Moving Folder between sites stop progressing, but resume even after cancelling it
I wanted to move a folder which contain 4500 Files, of total size 60 GB. now i selected the folder and i define to Move it to another site. the process started , but hanged on 76% as follow:- it kept on the same progress for about 2 hours. and i have noted that it hangs on a source file which have total size of 37.5 GB where the file on the destination only got 16 GB:- so inside the Progress popup, i clicked on Cancel button. and i started to move the folders one by one , and i skip the above large file. but after i finished the manual work, i noted that the large file and its parent folder no longer exists inside the source site...and when checked the destination site i noted that the file had the full size on the destination.. so what had actually happened? why/how the large file consume the move even that i cancelled the move process? also as per this documentation about the SharePoint limitations:- https://learn.microsoft.com/en-us/office365/servicedescriptions/sharepoint-online-service-description/sharepoint-online-limits#moving-and-copying-across-sites that the max file size for the move is 15 GB .. so how the file got moved in our case, even that its size is 37.5 GB?? any advice?Sync the whole SharePoint online using OneDrive
We have a SharePoint online site named "DemoSite2023" that contains multiple libraries, such as: now the only option i found to sync those libraries using OneDrive, is to go to each library and click on the "Sync" icon:- and here what i get inside my windows 11 laptop:- where i got the tenant name on top, and 3 folders for the 3 libraries i synced inside the "DemoSite2023" site.. so my question, if we can organize this in a better way. to have a main folder named "DemoSite203" , then inside this main folder, to have 3 sub-folders representing the 3 libraries; Documents, Site Assets & tg ? is there a way to do this automatically or manually? Second question, instead of doing the sync for each library, can i define to sync the whole site at once? ThanksStill have files modified before more than 2 days inside "PreservationHoldLibrary"
I have defined this Retention Policy for a SharePoint site, to delete files after 2 days:- Now after 1 week, a new library named "PreservationHoldLibrary" was created inside the site, for example when i delete a file , it will be moved to the Recycle Bin + to the "PreservationHoldLibrary" library. but i have noted that inside the Recycle Bin +inside "PreservationHoldLibrary" there are files modified before more than 2 days.. so what is the reason?, i thought since the retention policy will delete files modified before 2 days, then all those files should get removed,, here is the recycle bin for 15 March:- and the "PreservationHoldLibrary" ,library for 15 March:- and the Documents library has files modified on 11 March:- any advice what is wrong with our retention policy? we want to remove any file modified before more than 2 days?Copilot Agent inside SharePoint site is not able to answer questions regarding the custom columns
I have a SharePoint online document library named Test. and it has those 3 custom columns inside a custom content type:- now using a username named Mohannad , i uploaded 2 documents, and for one document i defined a user named "Test User" as the "MC / Project Lead (Use)", as follow:- but when i asked the agent this question, about who is the Project Lead , i did not get the "Test User", instead i get the user Mohanand:- also when i ask the agent about the project team, i got this answer:- so how i can modify this behavior? Second question. when Copilot said that the document is authored by Mohannd, how it get the Author info? based on the created by field inside SharePoint? and can we create a custom column , so the copilot reads the author from it instead of relying on any built-in field?Tag documents with DocumentType field inside different sites
I have this question for our SharePoint sites which we are currently creating. Currently we need to create sites for our departments (10++), will take Commercial & HR as an example :- 1) HR 2) Commercial Now inside the 2 sites we need to have a field named "Document Type" of type managed metadata to tag documents inside the documents libraries that got uploaded inside the 2 sites. Now the issue is that the HR has different options compared to the Commercial site for the Document type field (some options might be the same such as the "Other" option) . so i am planning to follow this approach:- 1) Inside the HR site to create a managed metadata column with internal name = "DocumentType", and link it to this term set named "HR Document Type":- 2) Inside the Commercial site to create a managed metadata column with the same internal name = "DocumentType", and link it to this term set named "Commercial Document Type":- now this will work on paper for tagging documents with different options for each site. but we need to have an advance search page to allow to filter the documents from the 2 sites using the Document Type, for this i will use the PnP Modern Search web part, which depend on the search managed metadata & the search Refinables. So now i got one managed metadata for the DocumentType columns:- and i linked it to a RefillableString as follow:- then i am planning to configure the PnP modern search web part to filter the documents from all the sites based on the above refinable. but i have the following 2 main questions, if anyone can help me in making decision on them:- Question-1) is the approach of having 2 site columns with the same internal name inside the 2 sites, but linked to 2 different term sets, with the intention to be able to filter documents from the 2 sites using the same Refinable, a valid approach? Question-2) now for the Document Type inside the Term Store, we can create 2 separate term sets; "HR Document Type" term set & "Commercial Document Type" term set as shown above , as follow:- OR we can have one parent term set named "Document Type", and under it to create 2 sub terms (HR & Commercial), as follow, and link the site columns to the sub-terms instead of a term set:- so which approach we should use ? 2 term sets? or one term set with 2 sub terms? and why? Can anyone advice on the above 2 questions? Thanks and i really appreciate any help in advanceCopilot license for creating AI Agents for SharePoint & Copilot Studio
I have users with E3 license, but they are not able to create AI Agents for SharePoint sites & AI agent using Copilot studio. so what is the best license for those users? Here are the licenses those users have:- And where are the options i got when i access Copilot license inside our Office 365 admin center:- Any advice? which license i need to buy to allow E3 users to create AI agents for SharePoint and AI using Copilot studio? ThanksCopilot license for creating AI Agents for SharePoint & Copilot Studio
I have users with E3 license, but they are not able to create AI Agents for SharePoint sites & AI agent using Copilot studio. so what is the best license for those users? Here are the licenses those users have:- And where are the options i got when i access Copilot license inside our Office 365 admin center:- Any advice? which license i need to buy to allow E3 users to create AI agents for SharePoint and AI using Copilot studio? ThanksOnly allow the creator of the item and the user direct manager to view the submitted item
I am facing this challenge , where we want to create a custom list, with the following logic;- 1) User submit a request asking for example for for salary increase. mentioning the amount. 2) The request need to be approved by the user direct manager 3) then the manager of the user's direct manager, need to do a second approval. Now we need to force those permissions:- 1) once the form is submitted others users should not view this item, even for 1 minute, 2) so the item once submitted should only be viewed by the creator, without the ability to edit it 3) only the direct manager and later the manager of the direct manager can view it. Here what i tried and what i faced:- 1) i created a custom list, define all the columns 2) create a power apps form to submit the form. 3) create a custom permission level, to allow the user to create but without edit/delete, which is mainly a copy of the contribute, without those check-boxes:- 4) then i define a power automate flow so once the item is submitted ,to send approval email to the direct manager + grant the approval manager & submitter read on the item. where i am storing the approval status inside another list that can only be edited by the service account. this worked partially, as the item will still be visible to all users until the workflow runs. also incase the workflow fails to run the item will stay visible forever. so i tried this second approach, benefiting from Item-Level Permissions:- this will always force the item to be visible to the creator only, without the need to have a workflow. but we faced an issue , when we want the submitter's direct manager to view this item, to be able to approve or reject it. where even if we grant the direct manager full control on the item, the item will not be visible to the direct manager, since we define the above Item-Level permission. the only way to to fix this is to grant the direct manager's full control on the list, but in this case the direct manager will be able to view all items, not just the ones submitted by his team ! can we do this for example:- 1) create a custom permission level to only allow the user to submit without the ability to edit, delete, view? 2) then using a workflow to force the item permissions as we go. 3) in this case the item from the beginning will not be visible to anyone, then the workflow will do the permission modification. so if the workflow fails atleast the item will not be exposed to any one, so not sure what u need to do, and if SharePoint support a way to create a custom permission level that allow the user to create without the ability to edit,delete and even view? any advice?
