Skip to main content

Connect Microsoft 365

Microsoft 365 Copilot connects to MCP servers through Copilot Studio: an administrator (or maker) builds a Copilot agent, adds the Rise MCP server as a tool, and publishes the agent to Microsoft 365 Copilot. Unlike the other clients, this is an admin-led setup — individual users don't add MCP servers to Copilot directly.

Before you start

  • Copilot Studio access with permission to create and publish agents, plus rights to add a custom connector (or your tenant admin to approve one).
  • Microsoft 365 Copilot licensing for the people who will use the agent.
  • The Rise server URL: https://mcp.risepeople.com/mcp
  • A registered Rise OAuth application — Copilot Studio configures OAuth explicitly, so create one and have its client ID/secret ready. See Registering an application.

Microsoft's Copilot Studio and MCP surface change often. If a label differs, follow Microsoft's Copilot Studio MCP documentation. The durable facts are the server URL and the OAuth endpoints below.

Register a Rise OAuth app

Create an OAuth application in Rise:

  • Client type: Confidential (Copilot Studio holds the secret server-side)
  • Redirect URI: the callback Copilot Studio shows you while configuring the connection — commonly https://global.consent.azure-apim.net/redirect (use the exact value your tenant displays)
  • Scopes: reports:read and, if the agent should save reports, reports:write

Keep the client ID and client secret — the secret is shown once.

Add Rise to a Copilot agent

  1. In Copilot Studio, open or create an agent.
  2. Go to Tools → Add a tool → New tool → Model Context Protocol (or Custom connector, depending on your tenant).
  3. Provide the Rise server details:
    • Server URL: https://mcp.risepeople.com/mcp
    • Transport: Streamable HTTP
  4. Configure OAuth 2.0 authentication:
    • Authorization URL: https://api.risepeople.com/v1/oauth/authorize
    • Token URL: https://api.risepeople.com/v1/oauth/token
    • Client ID / Client Secret: from the Rise OAuth app above
    • Scopes: reports:read reports:write
  5. Save the connection. Complete the consent prompt to verify it (sign in to Rise and approve access).

Publish and use

  1. Add the Rise tool to the agent's available actions and give the agent brief instructions on when to use it (e.g. "Use Rise to answer questions about headcount, compensation, and other HR/payroll reporting.").

  2. Publish the agent and make it available in Microsoft 365 Copilot for the right users or groups.

  3. Each user signs in to their own Rise account the first time the agent calls Rise — permissions are always per-user, never shared.

  4. In Copilot, select the agent and ask, e.g.:

    Break down headcount by department, and save it as a report.

    See more prompts on What you can ask.

Troubleshooting

SymptomFix
No MCP / custom connector optionYour tenant restricts custom connectors. Ask your Microsoft 365 admin to allow them or approve the Rise connector.
OAuth fails with redirect mismatchThe redirect URI on the Rise OAuth app must exactly match the one Copilot Studio shows. Update the app and retry.
Connected but "no reports"The signed-in user's Rise account may not be enabled for the connector yet — email developers@risepeople.com.
"Insufficient scope" when savingThe connection was consented with reports:read only. Reconfigure with reports:write and re-consent. See insufficient-scope.

Remove it

Remove the Rise tool from the agent (or unpublish the agent) in Copilot Studio, and delete the connection. You can also revoke the OAuth app's access from your Rise account.