Share via

Copilot Studio agent asks users to connect Azure Function and fails with ConnectorRequestFailure

Yogesh Borse 40 Reputation points
2025-12-23T09:43:56.0966667+00:00

Question:

I have published a Copilot Studio agent to Microsoft Teams and Copilot that uses an Azure Function App as a tool to access Azure SQL.

  • The Azure Function tool is configured with Maker-provided credentials

It works correctly for the maker account

Other users are prompted to manually connect the tool

  • After a few successful queries, the agent starts failing with:

My goal:

Any user who can access the agent in Teams/Copilot should be able to use it without manual connection and without intermittent failures.

Questions:

Why are other users still asked to connect despite using Maker-provided credentials?

What causes the ConnectorRequestFailure after some queries?

What is the recommended authentication approach for shared Copilot agents:

Managed Identity?

  App registration (client credentials)?
  
     Environment-level connection?

Any guidance or best practices would be appreciated.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
0 comments
Answer accepted by question author
  1. Pravallika KV 4,755 Reputation points Microsoft External Staff Moderator
    2025-12-23T16:46:20.18+00:00

    Hi @Yogesh Borse ,

    Thanks for reaching out to Microsoft Q&A.

    Please check if below provided information helps:

    Why are other users still asked to connect despite using Maker-provided credentials?

    This often occurs if the Azure Function is relying on specific user credentials that aren't available to other users. It might be worthwhile to look into using a more universal authentication method, such as Managed Identities or App Registration with client credentials, which allow seamless access for all users.

    What causes the ConnectorRequestFailure after some queries?

    This error can happen when the responses from your Azure SQL exceed the 500 KB limit that Copilot Studio imposes. Make sure to filter your Azure SQL queries to return only the necessary data, using the inputs feature in your connector action settings. You might also want to check for intermittent connection issues, as these can contribute to request failures.

    What is the recommended authentication approach for shared Copilot agents?

    For shared agents, using a Managed Identity is generally recommended for Azure resources that support it, as it simplifies the connection by automating the token management. Alternatively, using App Registration with client credentials can be effective too, but requires handling client secrets safely.

    Steps to follow:

    • Ensure that your Azure Function's API doesn't return excessive data; implement input filtering where possible.
    • For authentication, consider implementing Managed Identities, which can lead to a seamless experience without the need for individual user tokens.
    • Review your connection settings regularly and ensure that all users have the necessary permissions to access the resources.

    References:

    Hope it helps!

    Please do not forget to click "Accept the answer” and Yes, this can be beneficial to other community members.

    User's image

    If you have any other questions, let me know in the "comments" and I would be happy to help you.

    1 person found this answer helpful.
    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-12-23T09:44:06.9633333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    When using a Copilot Studio agent with Azure Functions, there are a few reasons why users might still be prompted to connect manually, even when using Maker-provided credentials:

    1. User Permissions: Maker-provided credentials typically allow the maker to access resources without additional authentication. However, other users may not have the same permissions or access rights to the Azure Function or the underlying Azure SQL database, leading to the prompt for manual connection.
    2. Conditional Access Policies: If your organization has implemented Conditional Access policies through Microsoft Entra ID, these policies may restrict access for users other than the maker, causing them to be prompted to connect manually.
    3. Authentication Token Issues: The ConnectorRequestFailure error after some successful queries could be due to issues with the authentication token. If the token expires or if there are changes in the user’s permissions or roles, it may lead to failures in subsequent requests.

    Regarding the recommended authentication approach for shared Copilot agents:

    • Managed Identity: This is often the preferred method for Azure resources, as it simplifies authentication and eliminates the need for credential management.
    • App Registration (Client Credentials): This approach is also valid, especially if you need to manage permissions explicitly. It requires setting up an app registration in Azure AD and granting the necessary API permissions.
    • Environment-Level Connection: This can be useful for managing connections at a broader level, but it may not provide the granularity of control that managed identities or app registrations offer.

    In summary, using Managed Identity is generally recommended for shared Copilot agents to ensure seamless access without manual connections for all users. However, the specific choice may depend on your organization's security policies and architecture.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.