Microsoft agents
In order to use a Microsoft agent in HERE Enterprise Browser, an "app registration" must be created in your organization's Entra admin center. The available Microsoft agents are the following:
- Microsoft 365 — search for documents, contacts, Teams chats and channels (v1.1, HERE 12 and later), and Outlook email (v1.2, HERE 13 and later)
- Dynamics 365
- Microsoft 365 Copilot (in HERE 10.0 and later)
Configure an app registration in Microsoft Entra
Registration must be done by a user with Application Administrator permissions or higher in Microsoft Entra. This might be someone in a different department from the HERE administrator.
-
Go to the Microsoft Entra admin center (or Azure portal — Microsoft provides multiple ways to access the same functionality).
-
Navigate to App registrations and create a new registration to be used for the Microsoft agent in HERE or choose an existing one. For details, see the Microsoft documentation on registering an application.
-
Create the registration as a Single-page Application.
-
For Supported account types, the option you choose depends on your company's Microsoft setup and how it chooses to deploy HERE. The administrator for HERE needs to know whether the app registration is configured as single-tenant (Accounts in this organizational directory only) or multitenant (any other option).
-
For the Redirect URI value: Ask your HERE customer contact for the URI value.
-
(Optional) We recommend that you grant consent for all permissions the Microsoft agent needs so that your users do not have to do this individually when signing in for the first time. You can do this as part of the app registration or, if you have a HERE account and access to the Microsoft agent, you can grant consent for all users when you sign in to the Agent.
Go to App permissions > Add a permission > Microsoft Graph > Delegated permissions, and select the following permissions:
-
For Microsoft 365
- Files.Read.All
- Mail.Read (required for email search in v1.2 and later)
- Mail.ReadWrite.Shared
- offline_access
- People.Read
- User.Read
- User.ReadBasic.All
If you plan to enable Teams search (available in v1.1 and later), also add:
- Channel.ReadBasic.All
- ChannelMessage.Read.All
- Chat.Read
- Team.ReadBasic.All
-
For Microsoft Dynamics 365
- user_impersonation
- offline_access
- User.Read
-
For Microsoft 365 Copilot
- offline_access
- User.Read
- Files.Read.All
- Sites.Read.All
- Mail.Read
- People.Read.All
- OnlineMeetingTranscript.Read.All
- Chat.Read
- ChannelMessage.Read.All
- ExternalItem.Read.All
-
-
Go to Certificates & Secrets and create a new client secret. Make a note of the client secret value.
-
If you have specified app permissions, select Grant admin consent for at the top of the list of permissions, and confirm.
-
Make a note of the following information to use for the agent configuration:
- Directory (tenant) ID, if single-tenant
- Application (client) ID
-
For Microsoft Dynamics 365, in a web browser (not within Entra admin center) navigate to the Dynamics instance. Make a note of the base URL of the Dynamics instance; it is similar to
https://ORGNAME.crm.dynamics.com.
Add the agent in Admin Console
If this agent is enabled for your Enterprise Browser Instance (it can be enabled upon request), follow these steps:
-
In the Admin Console, navigate to the Content page. Click Create and then Agent.
-
Select Custom Agent.
-
Click on a Microsoft agent: Microsoft 365, Dynamics 365, or 365 Copilot.
The agent configuration dialog box opens.
-
(Optional) Modify the default description of the agent.
-
(For Microsoft 365 v1.1 and later) Optionally, select the Enable Teams Search checkbox to allow users to search Teams chats, channels, and messages. This option requires the additional Teams permissions listed under Configure an app registration in Microsoft Entra.
In Microsoft 365 agent v1.2 (HERE 13 and later), Outlook email search is enabled by default. This requires the Mail.Read permission in the app registration.
-
Enter the following values. These values are provided by your Microsoft Entra ID administrator, noted from the Microsoft Entra admin center configuration.
-
Directory (tenant): If specified, must be the tenant where the app registration was done. This restricts the allowed users to only be tenant specific, even if the app registration is multi-tenant.
-
The word
organizationsmust be used if the app registration was configured as multi-tenant and you want to allow users from other tenants to sign in. The wordorganizationscan be used if the app registration was configured as multi-tenant. -
The words
commonorconsumerscan be used in combination with a multi-tenant app registration, to ensure personal Microsoft accounts are allowed to utilize the Microsoft 365 Search Agent.
-
-
Application (client) ID
-
Client Secret
-
(For Microsoft Dynamics) Dynamics instance URL
-
-
Click Grant Access. The Users Access dialog box opens.
-
If access was already granted via Microsoft Entra, click Save. By default, the new agent is activated.
Microsoft 365 (including Teams search when enabled) and Dynamics 365 are searched from the address bar like other agents.
Microsoft 365 Copilot does not use address-bar search. Users authenticate for Copilot, and when AI Center is enabled and configured for your organization, Copilot queries run through AI Center rather than the search bar.
Add a content app for Microsoft domains
Add a content app that includes relevant Microsoft domains, so that users can access content results returned by the Microsoft search agent.
-
In the Admin Console, navigate to the Content page. Click Create and then App.
-
Leave the Content Type as Web App.
-
Add the following domains as URIs in the Basics section:
-
Microsoft 365 and 365 Copilot
- m365.cloud.microsoft
- cloud.microsoft
- microsoftonline.com
- office.com
- office365.com
- sharepoint.com
- outlook.com
- live.com
- microsoft.com
-
Dynamics 365
- crm.dynamics.com
- dynamics.com
- microsoftonline.com
- login.microsoftonline.com
- apps.powerapps.com
-
-
Define any other settings and access as needed and click Publish.