Skip to Content
TutorialsDeclarative Agents 101

Declarative Agents 101

TL;DR: You will build a personal declarative agent in Microsoft 365 Copilot Agent Builder, ground it on a single SharePoint site, and publish it to yourself so you can see how knowledge scope and instructions shape what an agent can reach.

What you will learn

  • How a declarative agent differs from base Microsoft 365 Copilot and why that distinction matters for governance.
  • How to write clear instructions and starter prompts that keep an agent on task.
  • How to attach a SharePoint site as a scoped knowledge source instead of opening the whole tenant.
  • How to test an agent in the Try it pane and publish it for personal use only.
  • Which governance signals to watch before any agent is shared more widely.

Prerequisites

  • A Microsoft 365 Copilot licence assigned to your account (Agent Builder is included in the licence).
  • Access to the Microsoft 365 Copilot app at microsoft365.com/chat , office.com/chat , or the Microsoft Teams desktop or web client. Agent Builder is not available on mobile.
  • Read access to at least one SharePoint site you can safely use as a knowledge source, ideally a low-sensitivity test site.
  • No earlier tutorial is required. This is the entry point for the build and govern agents track.

Build the agent in Agent Builder

Step 1: Open Agent Builder

  1. Sign in to the Microsoft 365 Copilot app on the Work side at microsoft365.com/chat .
  2. Open the agents drawer next to the chat box and select Create agent, or choose Create agent from the Microsoft 365 Copilot tab in Teams.
  3. When the new agent screen appears, choose the Configure tab so you set each field explicitly rather than letting the Describe flow autogenerate them.

Step 2: Name and describe the agent

  1. Enter a clear name, for example Policy Helper.
  2. In the Description field, write a short, precise summary such as: This agent answers questions about our published IT and security policies. Keep it under 1,000 characters. The model uses this description to decide when the agent is the right tool.

Step 3: Write the instructions

The Instructions field directs the agent’s behaviour and has an 8,000 character limit. Keep it specific and bounded. A good starting point:

You are Policy Helper. Answer questions only about the organisation's
published IT and security policies, using the attached SharePoint
knowledge source. If the answer is not in the knowledge source, say
you do not have that information and suggest contacting the IT service
desk. Do not speculate. Cite the policy name in each answer.

Bounded instructions like a clear refusal path reduce the chance the agent invents answers or strays outside its intended scope.

Add knowledge and starter prompts

Step 4: Attach one SharePoint knowledge source

  1. In the Knowledge section, add a knowledge source and select SharePoint.
  2. Point it at a single site, folder, or file rather than a broad collection. Agent Builder supports up to 20 knowledge sources, but for this tutorial use exactly one.
  3. Confirm the site you chose contains only content the intended audience is already allowed to read. The agent honours existing permissions, but scoping narrowly is still the safer default.

Step 5: Add starter prompts

Starter prompts show users the scenarios the agent supports. Each prompt has a name and a description. Add two or three, for example:

  • Password policy: What is our current password and MFA policy?
  • Data handling: How should I classify and share a confidential document?
  • Report an incident: Who do I contact to report a suspected phishing email?

Step 6: Test in the Try it pane

  1. Open the Try it tab.
  2. Run each starter prompt and a question you know is outside scope.
  3. Confirm in-scope answers cite a policy and that the out-of-scope question triggers the refusal path from your instructions. Refine the instructions, knowledge, or prompts and retest as needed.

Publish to yourself

Step 7: Create and use the agent

  1. When you are satisfied, select Create to sideload the agent for personal use.
  2. The agent now appears in your agents drawer in Microsoft 365 Copilot. Open it and ask a real question to confirm it behaves as tested.
  3. Stop here. Do not share or submit to the organisational catalogue yet. Publishing to yourself first is the safest way to validate behaviour before anyone else can reach it.

Governance call-outs

  • Knowledge scope is your blast radius. A SharePoint site added as knowledge exposes everything the user is permitted to read in it. Scope to a single low-sensitivity site and review its permissions before attaching it.
  • Instructions are a control, not just a prompt. A clear refusal path and a no speculation rule limit hallucination and off-topic answers. Treat the instruction text as reviewable configuration.
  • Permissions are inherited, not bypassed. Declarative agents respect existing Microsoft 365 permissions and do not grant new access, but they can surface in-scope data faster, so least-privilege site membership still matters.
  • Personal first, then sharing gates. Sideloading to yourself avoids exposure. Sharing with others or submitting to the organisational catalogue should pass admin review and any approval workflow your tenant enforces.
  • Audit and lifecycle. Track who created the agent, what knowledge it points to, and when it changes. Agents that touch sensitive sites belong in your data governance and review cadence, not a one-off build.

Next step

Continue with the next tutorial.

Sources

Licensed under CC BY 4.0  by Educ4te .

Last updated on
Agent FundamentalsAgents Toolkit & TypeSpec