Microsoft 365 Copilot uses OAuth 2.0 client credentials via the Microsoft Graph API. You will need to register an Azure application, generate a client secret, and grant the required Application permissions with admin consent. License Prerequisite The underlying [`getAllEnterpriseInteractions`](https://learn.microsoft.com/en-us/microsoft-365/copilot/extensibility/api/ai-services/interaction-export/aiinteractionhistory-getallenterpriseinteractions?view=graph-rest-1.0&pivots=graph-v1) API requires a valid Microsoft 365 Copilot license with the **Microsoft Copilot with Graph-grounded chat** service plan. Without this license, calls will fail regardless of how the app registration is configured. ## 1. Register an Azure Application In the [Azure portal](https://portal.azure.com), search for **App registrations** and select it. Click **+ New registration** -> enter a name -> select the appropriate supported account types -> leave **Redirect URI** blank -> click **Register**. On the **Overview** page, copy the **Application (client) ID** and **Directory (tenant) ID** to a safe location. ## 2. Create a Client Secret Navigate to **Manage** -> **Certificates & secrets** -> **+ New client secret**. Enter a description, choose an expiration period, and click **Add**. Copy the secret **Value** immediately — it will not be shown again. ## 3. Add API Permissions In the app registration, navigate to **Manage** -> **API permissions** -> **+ Add a permission** -> **Microsoft Graph** -> **Application permissions**. Add each of the following: | Permission | Purpose | | --- | --- | | `AiEnterpriseInteraction.Read.All` | Read enterprise Copilot interaction history for users in the tenant. | | `User.Read.All` | List users in the tenant and resolve interaction owners. | All permissions must be **Application** type, not **Delegated**. Once added, click **Grant admin consent for [your tenant]** and confirm. This requires a Global Administrator or Privileged Role Administrator and is a one-time action. ## 4. Configure the Integration **Tenant ID**: The **Directory (tenant) ID** from step 1. **Client ID**: The **Application (client) ID** from step 1. **Client Secret**: The secret **Value** from step 2.