Microsoft readiness
Microsoft external-tenant guide
Current connector mode
AgentProof Microsoft connector — read-only Power Platform + Copilot Studio discovery.
External tenant status: AgentProof is configured. Awaiting customer admin to grant consent.
Admin consent: Customer admin consent not yet granted.
App registration: Multi-tenant app registration. AgentProof never receives the customer's tenant secret.
Redirect URI: Configured redirect URI matches the expected value.
What is ready in AgentProof
- Multi-tenant Entra app registration is wired into the AgentProof server.
- Read-only Microsoft Graph + Power Platform + Copilot Studio discovery is implemented.
- Tokens never leave the AgentProof server; the browser never sees them.
What Microsoft Entra still needs
- Customer Microsoft admin must approve AgentProof for the customer's tenant (admin consent).
- Customer admin should review the read-only scopes AgentProof requests before consenting.
- Customer admin must allow the AgentProof redirect URI in Entra app registration.
Why external tenant may not connect yet: Customer tenants are external. AgentProof cannot connect until the customer admin grants consent to the multi-tenant app. AgentProof does not bypass this — it is by design.
What admin consent means: Admin consent means the customer's Microsoft admin allows AgentProof to read agent metadata across the tenant on behalf of any tester. AgentProof never receives the customer's client secret or any business records.
What happens after connection: After connection AgentProof can list the Power Platform environments and Copilot Studio agents that the signed-in tester can already see. AgentProof reads only metadata required for the readiness footprint.
How disconnect works: Disconnect revokes the AgentProof session and removes locally cached metadata. Prior reviews and reports remain in the workspace.