You built a Copilot Studio agent and connected it to a SharePoint knowledge source, but the agent returns no answers or says it cannot find information. This happens when the agent lacks permission to read the SharePoint site, the source is misconfigured, or the content format is unsupported. This article explains the three root causes and provides step-by-step fixes to restore SharePoint data access for your Copilot Studio agent.
Key Takeaways: Restoring SharePoint Access in Copilot Studio
- Copilot Studio agent > Settings > Security > Authentication: Must be set to “Authenticate with Microsoft” or “Custom website” with a valid Microsoft Entra ID app registration.
- SharePoint site > Site permissions > Share: The Copilot Studio service principal must have at least Read access to the site and all source documents.
- Copilot Studio > Knowledge > Add knowledge source > SharePoint: Only SharePoint document libraries and pages are supported; list items and external data columns are not indexed.
Why Copilot Studio Agents Fail to Read SharePoint Knowledge Sources
Copilot Studio agents use Microsoft Graph to fetch content from SharePoint. Three conditions must be met: the agent must be authenticated as a user or service principal with access to the SharePoint site, the SharePoint source must be a supported content type, and the agent must be configured to use Microsoft Entra ID for authentication. If any of these fail, the agent cannot read the knowledge source.
The most common root cause is permission. When you add a SharePoint knowledge source in Copilot Studio, the agent does not automatically inherit permissions. You must explicitly grant the agent’s service principal or the authenticated user access to the SharePoint site and its documents. Without this, Graph returns a 403 Forbidden error silently, and the agent responds with “I cannot find that information.”
Unsupported Content Types
Copilot Studio indexes only standard document libraries and wiki pages. It does not index SharePoint list items, external data columns, or files stored outside a document library. If your knowledge source points to a list or a library with unsupported file formats such as .zip or .exe, the agent sees an empty source.
Authentication Mode Mismatch
Copilot Studio agents can use two authentication modes: “Authenticate with Microsoft” which uses the agent’s own service principal, or “Custom website” which requires a Microsoft Entra ID app registration. If the agent is set to “No authentication,” Graph calls are blocked entirely.
Steps to Fix Copilot Studio Agent SharePoint Access
Follow these steps in order. Test the agent after each step to confirm the fix.
- Check the agent authentication setting
Open Copilot Studio. Go to Settings > Security > Authentication. Select “Authenticate with Microsoft” if you want the agent to use its own identity. For production agents, select “Custom website” and register a Microsoft Entra ID app with the required Graph permissions. Do not leave authentication set to “No authentication” when using SharePoint sources. - Grant the agent access to the SharePoint site
Open the SharePoint site in a browser. Click the gear icon and select Site permissions > Share site. In the dialog, type the name of the Copilot Studio agent service principal. The service principal name is displayed in Copilot Studio under Settings > Channels > Microsoft Teams > Manage. It typically looks like “copilot-studio-@ .onmicrosoft.com”. Assign the Read permission level. Click Share. - Verify the knowledge source URL
In Copilot Studio, go to Knowledge > Add knowledge source > SharePoint. Paste the full URL of the SharePoint site or document library. Do not include filters or query parameters. For a document library, use the URL format: https://.sharepoint.com/sites/ /Shared%20Documents. For a site, use the root URL: https:// .sharepoint.com/sites/ . - Confirm supported content
Ensure the SharePoint source contains only supported file types: .docx, .pptx, .xlsx, .pdf, .txt, and .html. Remove or move unsupported files such as .zip, .exe, .msg, or .csv to a separate library. Copilot Studio also indexes SharePoint wiki pages. List items in a list are not indexed. - Reindex the knowledge source
After changing permissions or content, remove the SharePoint knowledge source from the agent. Save the agent. Add the source again with the correct URL. Copilot Studio reindexes the content within 15 minutes. To force a refresh, go to Knowledge, select the source, and click Sync. - Test with a specific query
Open the agent test panel. Ask a question that matches a known document title or content in the SharePoint library. For example, if you have a file named “Onboarding Policy.docx”, ask “What is the onboarding policy?” If the agent still returns no answer, inspect the source status in Knowledge. A red status indicates a permission or indexing failure.
If Copilot Studio Agent Still Cannot Read SharePoint
If the main fix steps do not resolve the issue, check these additional failure patterns.
“The knowledge source returned no data” error
This error appears in the Copilot Studio knowledge source status panel. The cause is often a mismatched site URL. Verify the URL does not include a file path or query string. Also confirm the SharePoint site is not a communication site with restricted access. Grant the agent access to the site as described in Step 2.
Agent returns generic responses instead of SharePoint data
This indicates the agent can connect to SharePoint but cannot read the specific files. Check that the documents are not checked out to another user. Checked-out documents are invisible to Graph. Also confirm the documents are not in a folder that has unique permissions. The agent must have Read access to every folder and file in the library.
SharePoint source shows “Syncing” indefinitely
This happens when the SharePoint site is very large or has many nested folders. Copilot Studio indexes up to 10,000 items per source. If the library exceeds this limit, remove the source and add a more specific document library URL instead of the site root. For example, use https://
Agent fails after Microsoft Entra ID app registration changes
If you use custom authentication, verify the app registration has the delegated permission “Sites.Read.All” or “Sites.ReadWrite.All” under Microsoft Graph. Also grant admin consent for the permissions. Without consent, the agent cannot authenticate to SharePoint. Go to Microsoft Entra ID > App registrations > Your app > API permissions and click Grant admin consent.
| Item | Authenticate with Microsoft | Custom website |
|---|---|---|
| Description | Agent uses its own built-in service principal identity | Agent uses a Microsoft Entra ID app that you register |
| Setup time | Minutes | Hours |
| Graph permissions required | None to set up | Sites.Read.All delegated permission |
| Best for | Testing and small teams | Production agents with custom branding or SSO |
| Limitation | Cannot use with custom data sources outside Microsoft 365 | Requires admin consent and token refresh handling |
You can now diagnose and fix Copilot Studio agent SharePoint access failures by checking authentication, permissions, and content types. Start by verifying the agent authentication mode and granting Read access to the SharePoint site. If issues persist, narrow the knowledge source URL to a specific document library and confirm all files are supported and not checked out. For advanced scenarios, review the Microsoft Entra ID app registration permissions and ensure admin consent is granted.