The Citadel · 19 min mission
Graph Connectors and Enterprise Grounding for Copilot
Make external knowledge searchable and citeable in Copilot without widening access or confusing grounding with execution.
Orientation
This guide is for platform, search, compliance, and source-system owners deciding how external knowledge should become available to Microsoft 365 Copilot. It covers connector models, schema, ACLs, validation, and the line between grounding and execution.
Microsoft 365 Copilot connectors and Microsoft Graph connector APIs are the enterprise grounding path for external content. They make external items searchable, permission-trimmed, and citeable in Microsoft 365 experiences. They are not an execution engine.
Build connectors when the organization wants Jira issues, Confluence pages, knowledge-base articles, service tickets, or custom records to appear as governed knowledge. Preserve the source authorization model with ACLs and identity mapping. When the job needs live writes, pair the connector with API, MCP, Power Automate, or backend tooling that re-reads source state at execution time.
Use This When / Avoid This When
Use connectors when
External content should be searchable, answerable, and citable for users who already have source access, and the organization can own schema, crawl, ACL, identity mapping, and validation.
Avoid connectors when
The requirement is to update source systems, the permission model cannot be represented safely, the content must not be indexed, or the team cannot operate crawl and ACL validation.
How to use this interactive section
The Connector ACL Designer teaches the security model behind connector grounding.
- Start with a source record type such as a Jira issue or Confluence page.
- Decide which fields become title, URL, content, labels, and retrievable metadata.
- Model who should and should not see the item.
- Compare the visibility result with the ACL drill below.
- Treat any broad grant or unclear identity mapping as a launch blocker.
Connector ACL Designer
Connector ACL designer
Ground external knowledge without widening access
Microsoft 365 Copilot connectors make external content searchable and citeable. They do not publish, update, or approve source records, and their value depends on ACL trimming.
| Concept | What it does | Operational test |
|---|---|---|
| External connection | Defines the external content source and schema in Microsoft Graph | Schema fields map to useful title, URL, status, owner, labels, and modified metadata |
| External item | Represents one indexed record with content, properties, ACLs, and source URL | Deleted or restricted source records are removed or re-crawled quickly enough |
| ACLs and external groups | Trim results so users see only source-authorized items | Test users with different Jira projects, Confluence spaces, and groups |
| Full crawl | Refreshes schema, permissions, deletes, and large permission migrations | Run after ACL design changes; do not depend only on incremental updates |
| Connector model | Use it for | Do not use it for |
|---|---|---|
| Synced connector | Broad external knowledge that should be indexed into Microsoft 365 for search, Copilot answers, and citations | Live state at write time, source-system mutations, or content too sensitive to copy into the index |
| Federated connector | Live read-only retrieval through MCP where content should stay in the source system | Create, update, transition, publish, delete, or notify operations |
| Microsoft Graph connector API | Custom synced ingestion: external connection, schema, items, content, properties, ACLs, and external groups | Delegated user reads, direct Microsoft 365 Copilot prompts, or raw source API pass-through |
| API/MCP action layer | Live read, prepare, commit, retry, approval, and audit workflows paired with connector grounding | Broad enterprise search or long-lived knowledge indexing |
{
"id": "jira-ACME-OPS-241",
"properties": {
"title": "ACME-OPS-241 Release checklist export fails for pilot account group",
"url": "https://example.atlassian.net/browse/ACME-OPS-241",
"project": "ACME-OPS",
"status": "In Progress",
"priority": "Highest",
"fixVersion": "2026.09",
"updated": "2026-09-22T16:30:00Z"
},
"content": {
"type": "text",
"value": "Normalized issue summary, acceptance criteria, latest public status, and linked blocker references."
},
"acl": [
{
"type": "user",
"value": "11111111-2222-3333-4444-555555555555",
"accessType": "grant"
},
{
"type": "externalGroup",
"value": "jira-project-acme-ops-developers",
"accessType": "grant"
}
]
}Connector readiness checklist
Name the content owner and rollout group
A connector needs a source owner, search owner, compliance reviewer, pilot audience, and incident owner before ingestion starts.
Design the schema for answers, not raw dumps
Map title, URL, content, last modified time, status, owner, and semantic labels. Avoid mirroring every source field into the index.
Model identities and groups
Use Entra users/groups or external groups that mirror the source authorization model. Never use a broad grant to speed up a demo.
Validate with three personas
Test full-access, partial-access, and no-access users in Microsoft Search, Copilot, and the target agent.
Plan freshness and delete handling
Define incremental crawl, full crawl, permission update, deletion, and reindex procedures before production rollout.
Connector grounding versus live execution
Connector
Indexes or federates external content for read-only search, Q&A, and citations. It should preserve the source permission model and surface source URLs.
API, MCP, flow, or backend action
Calls the live source system for current state, prepares writes, commits approved writes, handles idempotency, and records audit.
| Symptom | Likely cause | Recovery step |
|---|---|---|
| Item appears in Search but not Copilot | Content quality, labels, rollout state, connector availability, or Copilot-specific indexing lag | Check indexed-content diagnostics, semantic labels, retrievable fields, source descriptions, and agent/tenant availability |
| Wrong user sees content | Broad grant, stale permission crawl, incorrect identity mapping, or external group mismatch | Stop rollout, inspect ACLs, deny/grant precedence, group mapping, and full-crawl requirements |
| No citations or poor citations | Weak title, URL, content, or semantic labels | Improve title/content/url/icon fields, last-modified metadata, and source-specific summary text |
| Content is stale | Incremental crawl missed source changes, deletes, or permission changes | Run a full crawl where required, handle deletes explicitly, and compare source timestamps to indexed timestamps |
| Connector hits limits or throttling | Too many items, large payloads, or source API rate limits | Use paging, backoff, checkpointing, reduced fields, and source-owner-approved crawl windows |
Knowledge check
A team wants Copilot to answer from Jira issues but never update Jira. What is the correct base pattern?
Reach the end and this star joins your charted sky.