Copilot + Microsoft Graph Usage Fetch

This project pulls usage and inventory data for:

• Copilot Studio agents and conversation analytics
• SharePoint agents (.agent files)
• Optional M365 Copilot Agent Builder package metadata

The scripts authenticate with a service principal (SPN), call Microsoft APIs, and write JSON/CSV/TXT outputs under Data/CopilotStudio.

bot usage analytics.py is for the Azure Search OpenAI Demo that Microsoft suggested before Copilot Studio/Agents emerged. Works for CosmosDB exports based on conversation history that is provisioned in the old Azure AI Studio > chat playground > deploy web app. Feel free to ignore bot usage analytics.py

What It Does

• Fetch - CopilotStudio.ps1
  • Reads bots and conversation transcript analytics from configured Copilot Studio environments.
• Fetch - SharePointAgents.ps1
  • Connects to SharePoint Online and finds .agent files via search.
• Fetch - M365CopilotAgents.ps1
  • Calls Graph beta endpoints for Copilot admin package metadata (optional).
• Fetch-Run.ps1
  • Orchestrator that reads Config.json and runs selected scripts.

Prerequisites

• PowerShell 7+
• Entra app registration (service principal) with client secret
• Required API permissions granted and admin consented
• PnP.PowerShell module for SharePoint script:

Install-Module -Name PnP.PowerShell -Scope CurrentUser -Force -AllowClobber

Entra SPN Permissions

Use application permissions (not delegated) for the SPN.

• Copilot Studio / Power Platform permissions:
  • TenantRead.All
  • CopilotStudio.ReadAll
• Microsoft Graph permissions (needed by Fetch - M365CopilotAgents.ps1):
  • AgentCollection.Read.All
  • AgentInstance.Read.All
  • CopilotPackages.Read.All
• SharePoint access:
  • App-only access to your SharePoint tenant and permissions sufficient to query/search sites with agent files.
  • In many tenants this is configured with Sites read-level access plus appropriate admin approvals.

After adding permissions, grant admin consent in Entra before running the scripts.

Configuration

Update Config.json with your tenant values. Keep real secrets out of source control.

{
	"OutputPath": ".\\Data",
	"ServicePrincipal": {
		"ClientId": "<app-id>",
		"ClientSecret": "<client-secret>",
		"TenantId": "<tenant-id>",
		"Environment": "Public"
	},
	"CopilotStudio": {
		"StartDate": null,
		"EndDate": null,
		"Environments": [
			{
				"Name": "<environment-name>",
				"EnvironmentId": "<environment-id>",
				"EnvironmentUrl": "<environment-hostname-without-https>"
			}
		]
	},
	"SharePoint": {
		"ClientId": "<optional-dedicated-sharepoint-app-id>",
		"ClientSecret": "<optional-dedicated-sharepoint-secret>",
		"TenantAdminUrl": "https://<tenant>-admin.sharepoint.com"
	}
}

How To Use

Run all enabled collectors:

./Fetch-Run.ps1

If script execution is blocked by policy, run with a temporary bypass for the current PowerShell process:

Set-ExecutionPolicy -Scope Process -ExecutionPolicy Bypass
./Fetch-Run.ps1

Or run in one command:

powershell -ExecutionPolicy Bypass -File .\Fetch-Run.ps1

Run with explicit config path:

./Fetch-Run.ps1 -configFilePath .\Config.json

Run one script directly:

./"Fetch - CopilotStudio.ps1" -config (Get-Content .\Config.json | ConvertFrom-Json)

Output

The scripts generate report files in Data/CopilotStudio, including:

• Agents.json, Analytics.json
• SharePointAgents.json, SharePointAgents-Report.csv, SharePointAgents-Report.txt
• M365CopilotAgents.json, M365CopilotAgents-Report.csv, M365CopilotAgents-Report.txt

Security Notes

• Do not commit live client secrets to git.
• Prefer a local Config.json with placeholder template values in shared repos.
• Review generated output before sharing, as reports may contain internal names, URLs, and user metadata.