Microsoft 365 Copilot uses OAuth 2.0 client credentials via the Microsoft Graph API. You will need to register an Azure application, generate a client secret, and grant the required Application permissions with admin consent.
The underlying getAllEnterpriseInteractions API requires a valid Microsoft 365 Copilot license with the Microsoft Copilot with Graph-grounded chat service plan. Without this license, calls will fail regardless of how the app registration is configured.
In the Azure portal, search for App registrations and select it. Click + New registration -> enter a name -> select the appropriate supported account types -> leave Redirect URI blank -> click Register.
On the Overview page, copy the Application (client) ID and Directory (tenant) ID to a safe location.
Navigate to Manage -> Certificates & secrets -> + New client secret. Enter a description, choose an expiration period, and click Add.
Copy the secret Value immediately — it will not be shown again.
In the app registration, navigate to Manage -> API permissions -> + Add a permission -> Microsoft Graph -> Application permissions. Add each of the following:
| Permission | Purpose |
|---|---|
AiEnterpriseInteraction.Read.All | Read enterprise Copilot interaction history for users in the tenant. |
User.Read.All | List users in the tenant and resolve interaction owners. |
All permissions must be Application type, not Delegated.
Once added, click Grant admin consent for [your tenant] and confirm. This requires a Global Administrator or Privileged Role Administrator and is a one-time action.
Tenant ID: The Directory (tenant) ID from step 1.
Client ID: The Application (client) ID from step 1.
Client Secret: The secret Value from step 2.