IT Admin Guide

AmpliFlow in Microsoft 365 Copilot

Microsoft 365 Copilot supports MCP servers via Copilot Studio. This guide shows you, as an IT admin, how to create an agent, connect it to AmpliFlow, and publish it to your organization.

Each user signs in with their own AmpliFlow account via an OAuth flow built into the chat. No shared keys, no shared credentials.

Requirements

License per user Microsoft 365 Copilot Business, add-on from $18/month. Requires a Microsoft 365 subscription as a base plan.
Admin role Teams Administrator or Global Administrator (needed in step 7 to allow the agent in Teams Admin Center)
Copilot Studio Included in the Microsoft 365 Copilot Business plan (Copilot Studio terms apply)
Authentication AmpliFlow MCP uses OAuth 2.1 with PKCE and Dynamic Client Registration — compatible with Copilot Studio's Dynamic discovery mode

Step by step

  1. Open Copilot Studio

    Go to copilotstudio.microsoft.com and sign in with an account that has a Copilot Studio license.

  2. Create or open an agent

    Create a new agent or open an existing one. Go to the Tools tab and click Add a tool.

  3. Add an MCP tool

    Select New tool and then Model Context Protocol.

  4. Enter the server URL and authentication

    Fill in a name (AmpliFlow), a short description, and the server URL. Set authentication type to OAuth 2.0 with sub-type Dynamic discovery — Copilot Studio fetches AmpliFlow's OAuth configuration automatically and registers the client without any manual steps.

    https://mcp.ampliflow.cc/mcp
  5. Enable Generative orchestration

    In the agent settings, enable Generative orchestration. This is required for the agent to call MCP tools.

  6. Publish the agent

    Click Publish in Copilot Studio and select Microsoft Teams and/or Microsoft 365 Copilot as the publish target.

  7. Allow the agent in Teams Admin Center

    Open admin.teams.microsoft.com with a Teams Administrator or Global Administrator account. Go to Teams appsManage apps. Search for the agent name, open it, and choose which users or groups should have access.

  8. Users sign in

    Users open Copilot in Teams or at m365.cloud.microsoft/chat, select the agent, and sign in with their own AmpliFlow account when prompted. After that, the agent runs with their individual permissions.

How authentication works

AmpliFlow's MCP server implements OAuth 2.1 with PKCE and Dynamic Client Registration (DCR) per the MCP specification. This means Copilot Studio can register itself automatically with AmpliFlow without manual client configuration.

The first time a user activates the agent, a sign-in card appears in the chat. The user signs in with their AmpliFlow tenant, username, and password on AmpliFlow's own login page. Copilot Studio receives an access token and stores it — the password never reaches Microsoft. The agent then runs with the signed-in user's exact permissions in AmpliFlow.

Tokens are renewed automatically using refresh tokens. Users do not need to sign in again.