Update Azure Connector for AI security features

🚧
Important information
Third-party documentation is subject to change. Updates might not be reflected in BeyondTrust documentation.

Log into Insights and navigate to the connector creation screen for a new Microsoft Azure Connector.
Follow steps 2 to 4 only.
You’ll need to rerun the setup script to add custom permissions for the BT-SP-Connector Service Principal.
Register the connector as an admin management application. View Microsoft documentation.
1. Requires PowerShell for Power Platform Administrators module
2. Use the client ID of your configured BT-SP-Connector in Azure as the $appId in the script.
3. Use the tenant ID of your Azure environment as the $tenantId in the script
From the Azure portal, launch Power Platform
Navigate to Manage > Environments
For each environment:
1. Select the environment
2. If Dataverse has not been enabled in your environment, select Add Dataverse
3. Elevate your user account to the System Administrator role. View Microsoft documentation.
4. Navigate to Security Roles > + New Role and configure:
  1. Role Name: BT-Read-Only
  2. Business Unit: Select the current environment’s business unit
  3. Uncheck Include App Opener privileges for running Model‑Driven apps
  4. Select Save
  5. Select Organization for Read column for the following rows:
    
    Table Name
    Copilot bot
    Copilot component botcomponent
    Process workflow
5. From the current environment main page, navigate to S2S apps > + New app user
6. Add BT-SP-Connector as an app user, and assign it BT-Read-Only role

Table	Name
Copilot	bot
Copilot component	botcomponent
Process	workflow

🚧Important information

🚧
Important information