Skip to content

AI tools

Microsoft Copilot integration

Audience: Administrators setting up the Copilot connection, and end users who interact with DataHub through Copilot.

When to use this

Connect DataHub to Microsoft 365 Copilot when your organisation wants to query data governance information — glossary terms, catalog assets, metrics, contracts, products, flows, tasks, and insights — directly from Teams, Word, or the Copilot sidebar without switching to the DataHub UI.

How it works

DataHub exposes an MCP server at /mcp with agent meta-tools — a small set of high-level tools that route your questions through DataHub's AI specialist agents. Instead of choosing from dozens of low-level tools, Copilot calls a single meta-tool (e.g. ask_glossary) and DataHub's agent pipeline handles tool selection, multi-step orchestration, and response formatting internally.

Meta-tool What it covers
ask_datahub Any question — DataHub auto-routes to the best specialist
ask_glossary Business glossary terms, definitions, domains, relationships
ask_catalog Data catalog assets, schemas, records, tags
ask_metrics Business metrics, KPIs, metric definitions
ask_contracts Data contracts, SLAs, quality expectations
ask_products Data products, bundles, marketplace
ask_flows Business process flows, automation, execution logs
ask_tasks Tasks, assignments, review queues
ask_insights Dashboards, insight cards, analytics

Prerequisites

  • DataHub instance accessible via HTTPS (public URL or VPN)
  • Admin access to DataHub (MCP Governance permissions)
  • Microsoft 365 Copilot license with the Microsoft 365 Agents Toolkit in VS Code, or access to Copilot Studio

Setup

Step 1 — Create an OAuth client in DataHub

  1. Go to Admin > MCP Governance > OAuth Clients.
  2. Click Create Client.
  3. Give it a name (e.g. "Microsoft Copilot") and a description.
  4. Copy the Client ID and Client Secret — you will need these in the next step.

Step 2 — Assign the Copilot tool policy

  1. On the same OAuth client detail page, set the Tool Policy to Copilot — agent meta-tools.
  2. This policy allows only the 9 agent meta-tools listed above, ensuring Copilot routes through DataHub's intelligence layer.

Step 3 — Connect Copilot to DataHub

Option A: M365 Agents Toolkit (Declarative Agent)

  1. Open VS Code with the Microsoft 365 Agents Toolkit extension installed.
  2. Choose Create a new Declarative Agent.
  3. Select Add Action > Start with an MCP server.
  4. Enter your DataHub MCP URL: https://<your-datahub-domain>/mcp
  5. Configure OAuth 2.0 authentication with the Client ID and Client Secret from Step 1.
  6. The toolkit auto-discovers available tools. Select the ask_* meta-tools.
  7. Click Provision and test in the Copilot sidebar.

Option B: Copilot Studio

  1. Open Copilot Studio and create or edit an agent.
  2. Choose Add an action > search for MCP.
  3. Enter the DataHub MCP URL and configure OAuth credentials.
  4. The available tools and their descriptions appear automatically.
  5. Publish the agent to your organisation.

Step 4 — Test

Ask Copilot a question like "What is the definition of Customer Churn in our glossary?" and verify it routes through ask_glossary and returns a formatted answer from DataHub.

What users can ask

Users interact with Copilot naturally. The meta-tools handle routing:

  • "What glossary terms do we have in the Customer domain?" -> ask_glossary
  • "Show me all data assets tagged with PII" -> ask_catalog
  • "How is Monthly Active Users calculated?" -> ask_metrics
  • "Are there any data contracts in violation?" -> ask_contracts
  • "What tasks are assigned to me?" -> ask_tasks
  • "Why did the daily ETL flow fail?" -> ask_flows

Limitations

  • No streaming. Responses arrive as a single block (not token-by-token) since MCP tool calls are synchronous.
  • No conversation memory. Each Copilot tool call is independent — the DataHub agent does not remember prior turns within a Copilot session.
  • Tool policy scoping. The OAuth client can only access tools allowed by its assigned policy. The copilot.standard policy limits access to agent meta-tools.
  • User identity. The OAuth flow runs under the consenting user's DataHub identity and roles. Copilot can only access data the user has permission to see.

Troubleshooting

Symptom Cause Fix
"missing_bearer_token" error OAuth not configured or token expired Re-authenticate via the OAuth flow; check client credentials
"token_revoked" error Admin revoked the OAuth client's tokens Create new tokens or restore the client in MCP Governance
Tools return "No authentication token available" JWT context not propagated Verify the OAuth client is active and the user has aimodule.agent.run role
Empty or generic responses Tool policy too restrictive Assign the copilot.standard policy to the OAuth client
Copilot doesn't discover tools MCP URL incorrect or unreachable Verify https://<domain>/mcp is accessible; check /.well-known/oauth-authorization-server returns valid JSON
  • MCP governance — OAuth client management and tool policies
  • Connected apps — end-user view of authorised applications
  • AI chat — DataHub's built-in HERC assistant (uses the same agent pipeline)