Microsoft 365 Copilot: Build Your First Declarative Agent with API Plugin

Key insights

• Declarative Agents in Microsoft 365 Copilot are customizable assistants that automate workflows and enhance collaboration by connecting with external data sources. These agents use the same interface as Copilot, making them user-friendly and easy to adopt.
  
• API Plugins allow declarative agents to interact with external REST APIs, enabling actions such as retrieving, creating, updating, or deleting data through natural language prompts. Each plugin requires an OpenAPI description document and a plugin manifest.
  
• Secure Integration: API plugins support secure connections using methods like OAuth2 or API keys. Before sending any data to an API plugin, Copilot asks for user confirmation to ensure privacy and compliance.
  
• User Interaction Flow: When a user makes a request (e.g., checking a budget), the agent finds the right plugin, maps question details to API parameters, asks for permission if needed, authenticates via token or key, sends the request to the external API, then presents a conversational response based on the returned data.
  
• Development Tools: Developers can use Teams Toolkit in Visual Studio or Visual Studio Code and the command-line tool Kiota. These tools help create plugin packages from OpenAPI descriptions and provide starter projects for building new APIs.
  
• Customization & Best Practices: Plugins can customize how responses appear using Adaptive Card templates. To ensure Copilot selects your plugin when needed, describe its skills and parameters clearly in the manifest. Note that URLs in API responses are redacted by default for privacy.
  

Introduction: Declarative Agents and API Plugins in Microsoft 365 Copilot

The latest advancements in Microsoft 365 Copilot are reshaping how businesses approach automation, data integration, and user productivity within their existing workflows. In a recent YouTube demonstration led by Bob German from Microsoft, viewers were guided through the process of building a declarative agent with an API plugin that securely connects to external data sources using Entra ID. This detailed walkthrough, part of the Copilot Developer Camp "Extend" series, highlighted not only the technical setup but also the strategic considerations and benefits of leveraging this technology within the Microsoft 365 ecosystem. As organizations increasingly seek to integrate external data and automate business processes, the approach presented in the video offers a compelling blueprint. By combining tools such as Teams Toolkit, Azure Functions, and REST APIs backed by Azure Table Storage, developers can now create agents capable of both reading and writing data, all while maintaining robust security standards. This article examines the main insights from the presentation, exploring the architecture, advantages, challenges, and broader implications of declarative agents with API plugins for Microsoft 365 Copilot.

The Architecture: Building Blocks of a Declarative Agent

At the core of this innovation lies the concept of declarative agents. These agents are customizable digital assistants designed to address specific business needs by automating tasks, providing insights, and facilitating collaboration across teams. Unlike generic chatbots, declarative agents operate within the familiar Microsoft 365 Copilot interface, ensuring a seamless user experience and accelerating adoption. To construct such an agent, developers must assemble several key components. The app manifest defines the agent’s configuration and capabilities, while the declarative agents manifest outlines available actions and conversation starters. When API integration is required, a plugin manifest specifies the plugin’s capabilities, enabling the agent to interact with external REST APIs. The process is further streamlined by development tools such as Visual Studio Code with the Teams Toolkit extension. These tools simplify the creation, configuration, and deployment of agents and their plugins. For example, Teams Toolkit can generate plugin packages from an existing OpenAPI description, allowing developers to quickly scaffold projects that connect to external services. In cases where no existing API is available, Teams Toolkit even provides starter projects with example APIs and corresponding plugin packages.

API Plugin Integration: Enabling Seamless Data Exchange

A defining feature of this approach is the ability to extend a declarative agent’s functionality through API plugins. These plugins enable agents to interact with external REST APIs, supporting a broad range of operations—from simple data queries to complex transactions such as creating, updating, or deleting records. The key requirement for API plugin integration is an OpenAPI description document and a plugin manifest that details the API’s capabilities. Once integrated, these plugins empower users to issue natural language prompts that the agent translates into precise API calls. For example, a user might ask, “How much is left in the Contoso travel budget?” The agent identifies the appropriate plugin, maps the user’s intent to the API’s parameters, and issues a GET request to retrieve the relevant data. Similarly, more complex actions, such as charging expenses or allocating funds, are handled with POST requests, updating the underlying data and providing real-time feedback to the user. Moreover, the system incorporates robust security measures. API access can be secured using API keys or OAuth2, ensuring that sensitive operations are protected. Prior to sending data to an API, the agent prompts the user for explicit consent, offering options to allow data sharing once or always for a given function. This user-centric approach to security builds trust and aligns with enterprise compliance requirements.

Customization, Security, and User Experience: Navigating Tradeoffs

The integration of declarative agents and API plugins within Microsoft 365 Copilot brings several significant advantages. Foremost among these is enhanced customization. Developers can tailor agents to specific business scenarios, automating repetitive tasks and improving overall productivity. The ability to integrate with any REST API, provided it has an OpenAPI description, means that organizations can connect Copilot to a wide array of internal and third-party systems, greatly expanding its utility. However, these benefits must be balanced against certain tradeoffs and challenges. One key consideration is security. While the platform offers strong authentication and consent mechanisms, integrating with external APIs introduces potential risks related to data privacy and compliance. Microsoft mitigates these risks by redacting URLs in API responses, except for those explicitly allowed, and by requiring user confirmation before data is shared. Another area of focus is the user experience. By default, APIs that only retrieve data provide an “Always allow” option, simplifying repeated queries. In contrast, APIs that modify data typically require explicit user approval for each action, reducing the risk of unintended changes. Plugin developers have some flexibility to override these defaults, but must do so thoughtfully to maintain user trust. Customizing how responses are presented is another important aspect. Plugins can use Adaptive Card templates to display data in a structured and visually appealing manner, making information easier to digest and act upon. This flexibility, however, requires careful design to ensure consistency with the overall Copilot interface and to avoid overwhelming users with too much information.

Development Tools and Best Practices: Streamlining the Process

To support rapid development and deployment, Microsoft provides a suite of tools and best practices. In addition to Teams Toolkit, the Kiota command line tool and Visual Studio Code extension can generate API plugin packages from existing OpenAPI descriptions. This automation reduces manual coding effort and minimizes the risk of errors. A critical factor in ensuring that Copilot effectively leverages a given plugin is the quality of the plugin’s manifest and descriptions. According to the presentation, developers should provide concise and accurate descriptions in the plugin manifest, clearly outlining the plugin’s skills and the parameters required to initiate them. This clarity enables the Copilot orchestrator to select the appropriate plugin in response to user prompts, ensuring that the right functionality is delivered at the right time. Nonetheless, developers must be aware of current limitations. For example, API plugins are only supported as actions within declarative agents and are not enabled in the broader Microsoft 365 Copilot environment. Additionally, URLs in API responses are generally redacted to protect user privacy, except where explicitly permitted.

Future Outlook: Expanding the Potential of AI-Driven Productivity

The introduction of declarative agents with API plugins represents a significant evolution in the way organizations can customize and extend Microsoft 365 Copilot. By enabling secure, seamless integration with external data sources and services, these agents transform the Copilot experience from a generic assistant into a highly personalized productivity tool. Looking ahead, the approach offers exciting possibilities for further innovation. As more organizations adopt this model, there will likely be increased demand for standardized APIs, improved tooling, and enhanced security features. Additionally, balancing ease of use with robust security and compliance will remain an ongoing challenge, requiring close collaboration between developers, IT administrators, and business stakeholders. In summary, the technology showcased in Microsoft’s recent YouTube video provides a powerful framework for extending the capabilities of Microsoft 365 Copilot. By combining declarative agents, API plugins, and secure integration patterns, organizations can unlock new levels of productivity, efficiency, and user empowerment—setting the stage for the next wave of AI-driven business solutions.

Keywords

Microsoft 365 Copilot API plugin declarative agent create Microsoft 365 automation AI integration Copilot development