Triggering a Power Automate HTTP Trigger from External Applications For production environments, manually triggering a Power Automate flow via an HTTP trigger from external applications (.NET, React, or Agents Toolkit) requires Entra ID authentication if only users within the tenant can trigger it. If set to ‘anyone’ the Url of the workflow contains a sig parameter which is required to call the flow. This guide walks through the setup and testing process for only ‘any user in my tenant’.

Summary Autonomous agents run in the background without user prompts, so they cannot ask users to sign in during execution. Use maker-provided credentials for tools; user credentials are not appropriate for autonomous scenarios. Apply least privilege and restrict tool actions to reduce data exposure and abuse. Communicate the “runs under author’s identity” warning and govern access like any service account. Table of Contents Why Authentication Matters Autonomous Agents: What Changes Authentication Models Configure Tool Authentication Restrict Tool Actions Publishing, Warnings, and Governance Best Practices Checklist Why Authentication Matters As organizations adopt autonomous agents to perform tasks and make decisions, authentication becomes a core control.

Certificate-based authentication is a secure method for connecting to SharePoint Online and Microsoft 365 services using service principals and automated scripts. This guide demonstrates two methods for generating self-signed certificates using PowerShell and how to use them with PnP PowerShell for SharePoint authentication. Table of Contents Why Use Certificate-Based Authentication? Prerequisites Method 1: Using New-SelfSignedCertificate Method 2: Using New-PnPAzureCertificate Locating Your Certificate Exporting Certificates Registering Certificate with Entra ID App Connecting to SharePoint with Certificate Best Practices Troubleshooting Conclusion References Why Use Certificate-Based Authentication?

Introduction PnP PowerShell authentication for Microsoft 365 has evolved significantly over the years. The multi-tenant app registration approach was decommissioned for security reasons, requiring each tenant to set up its own app registration. Fortunately, the PnP team has simplified this process with automated cmdlets that streamline app registration and authentication setup. This guide covers modern PnP PowerShell authentication methods, including interactive login setup, multi-tenant management, and certificate-based authentication. The Evolution of PnP PowerShell Authentication Before: Multi-Tenant App Registration Single shared app registration across all tenants Simplified initial setup but created security concerns Decommissioned for enhanced security Now: Tenant-Specific App Registrations Each tenant needs to create and maintain its own app registration(s) Enhanced security and control Automated setup through PnP cmdlets Method 1: Interactive Login Setup Step 1: Create App Registration Automatically The Register-PnPEntraIDAppForInteractiveLogin cmdlet automatically creates an app registration with default permissions:

Introduction After encountering issues with creating a To-Do task action in my previous attempt Building a Copilot Agent with Microsoft 365 Agents Toolkit and Microsoft Graph Plugin to list my ToDo Tasks, I explored various methods to generate an OpenAPI specification for M365 Copilot Declarative Agents using the Ms Graph OpenAPI spec. This post outlines the different approaches I tried, the challenges I faced, and the lessons learned. Methods for Generating OpenAPI Specs 1.

Introduction In this post, I’ll walk you through how to call Azure AI Search APIs from a M365 Copilot declarative agent without writing any code by using Microsoft 365 Agents Toolkit. Leveraging OpenAPI specifications, Microsoft 365 Agents Toolkit (previously known as Teams Toolkit) enables seamless integration with Azure AI Search, streamlining the development process for Copilot extensibility. Waldek Mastykarz wrote an insightful post on when Azure AI Search can be used, highlighting its ability to provide a more controlled approach to indexing and relevance without the complexity of building a custom engine agent.

Introduction In this post, I’ll walk you through how to call Azure OpenAI APIs from a Copilot declarative agent—without writing any code—by using Microsoft 365 Agents Toolkit. Leveraging OpenAPI specifications, Microsoft 365 Agents Toolkit enables seamless integration with Azure OpenAI, streamlining the development process for Copilot extensibility. Step 1: Create and Import an OpenAPI Specification Microsoft provides a pre-built OpenAPI specification for Azure OpenAI, but it’s often broader than needed. To simplify, I generated a targeted OpenAPI spec with Copilot by using the endpoint URL and a sample request body as a prompt.