Hi all,
I'm very new to Copilot Studio / Power Platform / Dataverse and have spent the last couple of days trying to put some governance around Copilot agent development and deployment within our tenant. I wanted to sense-check whether what I experienced is expected behaviour, or whether I have misunderstood something fundamental.
Originally, I created a Copilot Studio agent in the Default environment and everything worked as expected. I was able to publish the agent, share it with users and they could install and interact with it successfully.
I then decided to create a more governed deployment model:
-
Created a dedicated Power Platform environment: "AI & Automation"
-
Enabled Dataverse
-
Assigned an Entra ID security group to restrict access
-
Created a Publisher
-
Created a Solution
-
Rebuilt the agent inside the Solution
-
Added SharePoint knowledge sources
-
Published to M365 Copilot / Teams
The idea was to move away from building everything in Default and instead create a controlled deployment environment for future AI and automation solutions.
However, after moving to the new environment, test users experienced very strange behaviour:
-
Users could see/install the agent (sometimes)
-
Updated prompts and agent changes propagated successfully
-
Users could not query SharePoint-grounded knowledge
-
Users did not appear in Copilot Studio Activity logs
-
Agent execution appeared to partially fail
-
I (creator/owner) could query successfully
Initially I assumed this was SharePoint permissions, knowledge indexing, propagation, Teams caching, etc.
After a lot of testing, what eventually got things working was:
-
Assign M365 Copilot licence
-
Add user to environment security group
-
Manually add/confirm user as an enabled Dataverse user within the environment
-
Assign Basic User role
-
Confirm access to SharePoint knowledge sources
-
Share agent
-
Wait for propagation
Once I did this, the user could successfully install and query the agent and sessions began appearing correctly.
My confusion is this:
I had assumed agent consumers simply needed the agent shared with them and permissions to the underlying knowledge source. I wasn't expecting users consuming an agent from a custom environment to require environment membership and Dataverse provisioning.
Is this normal/expected behaviour for Copilot Studio agents deployed from custom environments and Solutions, or have I configured something incorrectly? I appreciate I'm still very early in my understanding of Power Platform/Dataverse architecture, so I may well have made incorrect assumptions.
Thanks in advance.
