Ejaz Hussain
 HomeArchivesTagsCategories
From Zero-Code to Full Control: 3 Ways to Integrate Copilot Studio Agents with SPFx
|Microsoft 365 CopilotMicrosoft 365Power PlatformSharePoint

Introduction

Microsoft Copilot Studio is redefining how organizations build conversational AI experiences within the Microsoft 365 ecosystem.
While its built-in channels make it easy to deploy bots in Teams or websites, advanced developers often want custom integration — bringing Copilot directly into modern applications, portals, or SharePoint pages with a unified brand experience.

In this blog, we’ll explore three integration approaches:

  1. Out-of-the-Box (OOB) Publishing to SharePoint – The quickest, no-code way to embed a Copilot agent directly.
  2. Direct API Integration (Studio Client) – A programmatic approach using REST APIs for full UI control.
  3. Bot Framework WebChat Integration – The programmatic path for rich features and fast development using Microsoft’s WebChat component.

Approach 1: Out-of-the-Box Publishing to SharePoint Channel 🚀

Before diving into programmatic methods, it’s crucial to understand the most straightforward approach: publishing directly to a Microsoft 365 channel. Copilot Studio is designed to natively integrate with Microsoft Teams and SharePoint.

What This Approach Does

This method is the simplest way to get your agent running within your Microsoft 365 environment, including SharePoint. Instead of writing custom code, you configure the agent’s channel settings in Copilot Studio. The agent appears as a built-in, floating chat widget on SharePoint sites, pages, or even specific hub sites.

  • Zero-Code Deployment: No custom SPFx web part development is required.
  • Native Experience: The agent inherits the default look and feel of the Copilot Studio client widget.
  • Automatic Authentication: Seamlessly authenticates users based on their Microsoft 365 login.

High-Level Implementation

  1. Publish the Agent: Ensure your Copilot Studio agent is published.
  2. Configure Channels: Navigate to the Settings → Channels section in Copilot Studio.
  3. Enable SharePoint: Select the SharePoint channel and enable the option.
  4. Set Visibility: Configure whether the bot should appear on specific sites, a hub site, or the entire tenant.

This approach is highly effective for internal, non-branded SharePoint solutions and for quick proofs-of-concept.

Limitations and Considerations

  • Limited Customization: You have minimal control over the chat widget’s appearance, size, or placement.
  • Widget Overlap: The floating widget may overlap with custom UI elements on the page.
  • Context Loss: Less flexible for passing rich context from the custom application to the bot compared to programmatic methods.

Publishing agent to SharePoint Channel

Publishing agent to SharePoint Channel

Agent in SharePoint
Agent in SharePoint

Approach 2: Direct API Integration (Studio Client) 💻

The Direct API Integration approach offers the highest degree of flexibility, brand control, and fine-grained management of the conversation lifecycle. This method uses the core CopilotStudioClient from the Agent SDK for low-level API communication.

Architectural Philosophy: The Custom Client

This method involves your custom application (e.g., an SPFx web part) communicating directly with the Copilot Studio REST APIs via the CopilotStudioClient. You are responsible for every aspect: the UI, sending messages, receiving responses, handling different activity types (like adaptive cards), and managing the authentication token lifecycle. This is sometimes referred to as a headless integration.

Prerequisites and Security

Requirement Details Rationale
Azure AD App Registration Register an app and grant API permissions to Power Platform APIs: https://powervirtualagents.microsoft.com/.default Required to acquire an access token that grants your custom client permission to call the Copilot Studio agent’s APIs.
MSAL Configuration Implement Microsoft Authentication Library (MSAL) within SPFx to acquire the necessary token silently. Secures the communication and ensures the user context is passed securely.
Agent SDK Package Install @microsoft/agents-copilotstudio-client package. Contains the CopilotStudioClient for direct API communication.

High-Level Implementation Details

Step 1: Secure Token Acquisition with MSAL

Authentication is the cornerstone. Using MSAL, your SPFx solution secures a token scoped to the Power Virtual Agents API.

typescript
// Token acquisition for Power Platform within SPFx
public static async acquireToken(): Promise<string> {
  const request = {
    // This scope is essential for calling the PVA/Copilot Studio API.
    scopes: ['https://powervirtualagents.microsoft.com/.default'],
    account: this.msalInstance.getAllAccounts()[0]
  };
  
  // Acquire the token silently to maintain a seamless user experience.
  const response = await this.msalInstance.acquireTokenSilent(request);
  return response.accessToken;
}

Description: This TypeScript code snippet demonstrates using the MSAL library to request an access token silently. The crucial part is specifying the https://powervirtualagents.microsoft.com/.default scope, which grants delegated permission to communicate with the Copilot Studio API endpoints.

Step 2: Copilot Studio Client Initialization

The CopilotStudioClient handles connection and session management.

typescript
// Initialize Copilot Studio client instance
import { CopilotStudioClient } from '@microsoft/agents-copilotstudio-client';

const initializeClient = async () => {
  const token = await acquireToken();
  
  // Create a client instance with the required configuration and acquired token.
  const client = new CopilotStudioClient({
    botId: 'your-bot-id',
    tenantId: 'your-tenant-id', // Tenant ID is necessary for authentication context
    accessToken: token
  });
  
  // Connect and return the fully initialized client.
  await client.connect(); 
  return client;
};

Step 3: Message Handling and Custom UI Rendering

Every user input is sent via the client, and the raw response must be processed to render a custom message UI.

typescript
// Send message and process different response types
const sendMessage = async (client: CopilotStudioClient, userInput: string) => {
  try {
    const response = await client.sendMessage(userInput);
    
    // **Full Control:** Your code dictates how the response is displayed.
    if (response.type === 'message' && response.text) {
      updateChatHistory({ 
        content: response.text, 
        sender: 'bot' 
      });
    }
    
    // Custom logic to parse and render rich content like Adaptive Cards manually
    if (response.attachments && response.attachments.length > 0) {
      // You must handle the rendering logic for Adaptive Cards here.
      processAttachments(response.attachments); 
    }
  } catch (error) {
    handleErrorGracefully(error);
  }
};

Description: The sendMessage function sends user input through the CopilotStudioClient and then manually checks the response type. It’s the developer’s responsibility to handle text messages, and critically, to implement custom rendering logic for rich content like attachments (e.g., Adaptive Cards).

Key Advantages and Disadvantages

Benefits (High Control) Limitations (High Effort)
Complete UI Control for pixel-perfect branding and custom UX. Higher Development Effort in building the chat UI from scratch.
Fine-Grained Flow Control over conversation state and business logic. Maintenance Overhead for implementing all conversation features (scrolling, typing indicators, attachments, etc.).
Optimized Performance by only implementing required features. Requires robust Token Management for silent refresh and expiration handling.

Copilot Studio Client - Direct API

Copilot Studio Client - Direct API

Approach 3: Copilot Studio WebChat Integration (Modern Agent SDK) 💬

This third approach is the modern, recommended way to integrate the Bot Framework WebChat component with a Copilot Studio agent. It uses the Agent SDK’s CopilotStudioWebChat utility class to create a DirectLine-compatible bridge, circumventing the older Azure Bot/DirectLine secret-based configuration and simplifying the setup.

Architectural Philosophy: The DirectLine Bridge

This method still renders the familiar Bot Framework WebChat component, but its underlying connection mechanism is abstracted by the Agent SDK.

  • The SPFx web part authenticates and initializes the CopilotStudioClient (same as Approach 2).
  • The utility class, CopilotStudioWebChat, takes the authenticated CopilotStudioClient and produces a connection object that adheres to the DirectLine protocol.
  • This DirectLine-compatible object is passed directly to the standard ReactWebChat component.

This is superior to the legacy DirectLine approach because it uses the modern, authenticated Agent SDK flow, making it more secure and easier to manage, while preserving the WebChat component’s rich features.

Prerequisites and Security

Requirement Details Rationale
Authentication Same Azure AD App Registration and MSAL configuration as Approach 2. The bridge class still requires an authenticated CopilotStudioClient as input.
Agent SDK Packages Install both @microsoft/agents-copilotstudio-client and botframework-webchat. The former provides the bridge class; the latter provides the UI component.
No DirectLine Secret Crucially, no Azure Bot or DirectLine secret is needed. The connection is established directly using the authenticated CopilotStudioClient, which handles the security handshake internally.

High-Level Implementation Details

Step 1: Initialize Copilot Studio Client

This step is identical to Step 2 in Approach 2. The foundation is the authenticated client.

typescript
// Step 1: Initialize the CopilotStudioClient (as per Approach 2)
import { CopilotStudioClient } from '@microsoft/agents-copilotstudio-client';

const client: CopilotStudioClient = await initializeClient();

Step 2: Create WebChat Connection Bridge

The key difference is using CopilotStudioWebChat to bridge the client to the WebChat component.

typescript
// Step 2: Create a WebChat-compatible connection
import { CopilotStudioWebChat } from '@microsoft/agents-copilotstudio-client';

const directLineConnection = CopilotStudioWebChat.createConnection(client, {
  // Optional settings for WebChat features
  showTyping: true 
});

Description: The CopilotStudioWebChat.createConnection method is the modern bridge. It consumes the authenticated CopilotStudioClient and generates a connection object that is compliant with the Bot Framework’s DirectLine API, ready to be passed to the WebChat UI component.

Step 3: WebChat Component Integration

The final step is to pass this connection object to the WebChat component.

typescript
// Step 3: Integrate with the standard Bot Framework WebChat component
import ReactWebChat from 'botframework-webchat';

const ChatInterface = ({ clientConnection, userId }) => {
  return (
    <div style={{ height: '600px', width: '100%' }}>
      <ReactWebChat
        directLine={clientConnection} // Pass the bridged connection here
        // Optional: Custom styling or middleware
        styleOptions={styleOptions} 
        userID={userId}
      />
    </div>
  );
};

Description: This React component embeds the standard ReactWebChat component. Instead of a DirectLine secret, it securely receives the clientConnection object created by the CopilotStudioWebChat utility, instantly providing a rich, functional chat interface.

Key Advantages and Disadvantages

Benefits (Fast Development/Secure) Limitations (Limited UI Control)
Rapid Development with a feature-rich chat interface. Limited UI Customization constrained by the WebChat component’s structure.
Uses Modern SDK/Authentication for a more secure and robust connection. Significant Bundle Size due to the botframework-webchat library.
Rich Features (Adaptive Cards, typing indicators) handled automatically. Branding Constraints make it difficult to achieve a completely unique, branded look and feel.
Simplified Setup (No Azure Bot/DirectLine Secret required). Custom rendering still requires deep knowledge of WebChat’s middleware structure.

Copilot Studio Client - WebChat

Copilot Studio Client - WebChat

Comparison Matrix

Feature Out-of-the-Box SharePoint Channel Direct API Integration Copilot Studio WebChat Integration
Underlying Mechanism M365 Channel Service Agent SDK (CopilotStudioClient) Agent SDK (CopilotStudioWebChat)
UI/UX Control Minimal/None (Fixed Widget) Full Control (Custom UI) Limited (Style Options/Middleware)
Development Effort Zero-Code Highest (Build UI/features) Low (Component Integration)
Authentication Flow Native M365 Auth Custom MSAL/Token Mgt. Custom MSAL/Token Mgt. (via Client)
Security High (Native M365) High (Custom MSAL) High (Modern SDK-based)
Best For Internal PoCs, standard SharePoint sites. Applications where Brand and UX are paramount. Applications prioritizing Speed and Rich Functionality with modern security.

Connector Permissions Handling: A Critical Consideration 🔐

When your Copilot Studio agent uses connectors (such as SharePoint, Dataverse, or other data sources) that require specific permissions, the way these permissions are handled varies significantly between the WebChat and Direct API approaches.

The Permission Challenge

When an agent needs to access data through connectors, users must grant consent for the connection. This typically manifests as a “Connect to continue” dialog that prompts the user to allow the agent to use their credentials to connect and retrieve information.

For example, when using a SharePoint connector, users see a permission dialog requesting access to SharePoint data:

Connector Permission Dialog Example

Connector Permission Dialog Example

How Each Approach Handles Permissions

WebChat Approach (Approach 3): Automatic Permission Handling ✅

The Bot Framework WebChat component provides built-in support for handling connector permissions seamlessly:

  • Interactive Consent Flow: When a connector (SharePoint, Dataverse, etc.) requires permissions, the WebChat UI automatically displays the consent dialog.
  • User-Friendly Experience: Users can click “Allow” directly within the chat interface.
  • Permission Persistence: Once granted, the permissions are remembered for future interactions, providing a smooth user experience.
  • Automatic Resolution: After consent is granted, the agent automatically continues with the conversation and provides the requested information.

This makes the WebChat approach ideal for scenarios where your agent relies heavily on data sources that require user consent.

Direct API Approach (Approach 2): Current Limitations ⚠️

The Direct API integration currently presents challenges with connector permission handling:

  • No Built-in UI: There is no automatic mechanism to display permission consent dialogs to users.
  • Manual Implementation Required: Developers would need to implement custom UI and logic to handle permission requests.
  • Ongoing Investigation: This is an area that requires further exploration to determine if there are undocumented APIs or workarounds.

Important Note: This limitation may impact your approach selection if your Copilot Studio agent heavily depends on connectors (SharePoint, Dataverse, or other data sources) that require runtime user consent.

Recommendation

If your Copilot Studio agent uses connectors (SharePoint, Dataverse, etc.) that require dynamic permission grants from users:

  1. Prefer Approach 3 (WebChat): The automatic permission handling provides the best user experience.
  2. Consider Approach 1 (OOB SharePoint Channel): Also handles permissions natively if customization is not critical.
  3. Evaluate Approach 2 carefully: Only choose Direct API integration if you don’t require connectors with user consent or if you’re prepared to implement custom permission handling mechanisms.

This distinction is a crucial factor in your architectural decision-making process and directly impacts the end-user experience when interacting with your Copilot Studio agent.

Conclusion

The evolution of the Microsoft Agent SDK, particularly the utility for Copilot Studio WebChat Integration, provides a clear, modern alternative for integrating your Copilot Studio agent into custom applications.

By understanding these three distinct paths—the zero-code SharePoint channel (Approach 1), the high-control Direct API integration (Approach 2), and the feature-rich, SDK-bridged Copilot Studio WebChat integration (Approach 3)—you can select the approach that perfectly aligns your Copilot Studio agent’s capabilities with your custom application’s requirements for security, features, and brand consistency.

The full source code and detailed setup instructions for these approaches can be found in the official accompanying GitHub repository.

Resources

Source code

This blog post demonstrates practical implementation patterns for integrating Copilot Studio agents into custom applications. The complete source code and additional examples are available in the following GitHub repository.

Note

You can find the complete source code from GitHub.

Author: Ejaz Hussain
Link: https://office365clinic.com/2025/10/08/zero-code-to-full-control-copilot-studio-spfx/
Copyright Notice: All articles in this blog are licensed under CC BY-NC-SA 4.0 unless stating additionally.
SPFxSharePoint FrameworkCopilot StudioMicrosoft 365Power PlatformBot FrameworkReactTypeScript