AzureFeeds

SharePoint Embedded is a fully managed, cloud-based, API-only document management system that lets you securely integrate your custom web or mobile apps, whether built on Azure or other clouds, with Microsoft 365 file storage. It’s especially ideal for ISVs building multi-tenant apps because content stays within each customer’s Microsoft 365 tenant. 

Design apps that include Microsoft 365 Copilot and agent capabilities, connected Office experiences like Word, and Microsoft Purview compliance and data protection, all within your own user experience. Use built-in retrieval augmented generation (RAG) or bring your own models to create intelligent, secure solutions that reason over your business content, support real-time co-authoring, and scale with granular permissions and storage control. 

Jeremy Chapman, Microsoft 365 Director, shares how to build intelligent, secure solutions that integrate seamlessly with Microsoft 365 content and services. 

No data movement & no loss of control. 

Keep custom app content in your Microsoft 365 tenant. Check out Microsoft SharePoint Embedded.

Custom frontend, your domain.

Still connected to Office, Copilot, and Microsoft 365. Get started with SharePoint Embedded.

Built-in vector embeddings. 

Automatically index files for AI. Get started with SharePoint Embedded.

QUICK LINKS: 

00:00 — Keep content secure & compliant without moving it 

01:21 — Build fully custom experiences 

02:11 — Use built-in vector indexing and RAG 

02:55 — Use your models with Copilot’s vector search 

04:34 — How it works 

05:23 — How the app is built 

06:19 — Microsoft Copilot retrieval API 

06:58 — Security and compliance 

08:02 — Wrap up

Link References 

Build your first agent at https://aka.ms/SPEAgent 

Unfamiliar with Microsoft Mechanics? 

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. 

• Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries


• Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog 


• Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast 

Keep getting this insider knowledge, join us on social: 

• Follow us on Twitter: https://twitter.com/MSFTMechanics 


• Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/


• Enjoy us on Instagram: https://www.instagram.com/msftmechanics/


• Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-If you’re looking to build AI powered web or mobile apps for your employees that can securely leverage your organization’s content without moving it or compromising your existing data security. That’s where SharePoint Embedded comes in. Microsoft SharePoint Embedded is a cloud-based document management system. As an API only solution, it lets you as a developer connect the apps that you might be building on Azure or in other clouds securely to the Microsoft 365 file and document storage platform. And this is also an advantage if you’re an ISV who’s building multi-tenant apps because the content stays within your customer’s Microsoft 365 tenant. SharePoint Embedded lets you integrate Microsoft 365 capabilities into your apps, including Microsoft 365 Copilot and agent capabilities, connected Office app experiences like Word and other familiar apps, as well as Microsoft Purview data security and compliance controls. 

-So you can build generative AI and agent-based solutions using built-in retrieval augmented generation without needing to move your business documents outside of your Microsoft 365 boundary. SharePoint Embedded is also fully managed, so you don’t need to worry about provisioning or managing the underlying compute and infrastructure. And this works with your own web front ends and logic. Let me show you an example. So this is a specialized contract management app that curates case files, which are stored in SharePoint Embedded. Notice this isn’t a SharePoint created site. It’s our own custom application. It’s our own user experience and it’s on our own domain. You’ll see that I need to connect to Microsoft 365 with my user account because the file access is based on my unique set of permissions like I would have if I was running this in Microsoft 365 or an Office app. 

-This is a one-time connection performed by an end user account, and previously to build an app like this, you would need to send those files to another document management or storage location, maybe like Azure Blob storage or another cloud service where the classifications, protections and permissions for those files would effectively get lost. And once I’m securely signed in, I can see the documents that I have permissions to access within the app and that I want my AI app to reason over. I can also upload or add cloud files from SharePoint, OneDrive, or third party locations into my app, and these files, if not previously on SharePoint or OneDrive will get stored in SharePoint Embedded containers in my tenant. And behind the scenes, these files are indexed at upload time for AI reasoning using embeddings for vector-based search, and the vector index itself is also within my Microsoft 365 tenant. 

-Here, we’re also using Microsoft 365 Copilot’s orchestration within the app for retrieval augmented generation to respond to my prompts. Alternatively, you can also leverage your own foundational models while leveraging Copilot’s vector search and retrieval, and that way, your content and associated indexes stay within your compliance boundary. The app is designed so that the manual work of rationalizing and processing proposals and legal documents can be done in a fraction of the time using AI. So I can use the custom starter prompts on the top with this agent or write my own prompts. 

-Here, I’m going to ask it to summarize the proposals by uptime and hourly rates. And as it responds, you’ll see a summary of the uploaded and attached files. Using this app’s custom instructions, it knows exactly how to respond with the right voice and format. Everything in this response is grounded on our information in SharePoint Embedded and contextualized to our application. It’s also fully integrated with familiar Office app experiences, so when I click into any of these documents, the app can open them directly in their respective apps on desktop, web and mobile. And because it’s powered by SharePoint, you can also do real-time co-authoring, also commenting and sharing, and it works with over 300 different file types. And I can even access this as an agent using Microsoft 365 Copilot Chat, like I’m doing here with my prompt, looking for information from the same SharePoint Embedded container that I showed earlier. You now have the flexibility for how you want to design your apps and their information architecture while maintaining data security and permission controls over the underlying files. 

-So let me explain how this works. When you have an app that uses SharePoint Embedded in your Microsoft 365 tenant, SharePoint Embedded creates another partition within your tenant. The storage partition is headless and doesn’t have a user experience so you can develop your own. Within it, the documents you upload go into that storage partition and they’re only accessible via APIs. In that partition, documents are accessible to the custom app or agent while residing in your own Microsoft 365 tenant and to limit per app access within this new storage partition, a SharePoint Embedded app can create multiple file storage containers to store content where each container can have its own unique permissions. So the app that uses SharePoint Embedded has full control over the containers and the documents within them. 

-And if you’re a developer, let me show you how you can build an app like this. So I’m in Visual Studio Code. And the first thing that you’ll need to do is provision a container, and containers within SharePoint Embedded are tied to the app that creates them. Next, your application will need to integrate with Microsoft Entra for authentication for the signed in user to access files in that storage location. Again, because this is powered by SharePoint, you can build in all the granular access controls all the way down to the individual file level. And because this also leverages Microsoft Graph, you can use Graph APIs to directly access files in your SharePoint Embedded containers. This uses the same file operations that you have across Microsoft 365, except they’re scoped to your app that uses SharePoint Embedded. That means that anything that you can use with Graph APIs can also be used in your SharePoint Embedded apps. 

-And related to that, you can also use the Microsoft 365 Copilot retrieval API, so that you can leverage built-in RAG for your own custom orchestration and have full control over the experience, or you can use what’s built in, like I showed before. In fact, this is the code for the AI component of our app where we’ve defined the information locations to ground responses and the theming of the sidebar so it matches your app, the suggested prompts that are presented as starter recommendations for users and the meta prompt to customize the voice, tone, format and other aspects of generated responses. 

-Importantly, your application gets the full Microsoft Purview security and compliance capabilities, which include detailed auditing for all SharePoint Embedded app interactions, data loss prevention, or DLP policy integration to protect sensitive and high value information and information protection controls to identify and protect other classified content. Your containers can be managed from the SharePoint admin center, where you can also apply default sensitivity labels for each container to protect the content within it. 

-Again, any security and compliance controls that you can apply to your SharePoint sites can also be leveraged by your SharePoint Embedded app. SharePoint Embedded is an Azure service that’s billed based on consumption for storage, transactions and Copilot interactions. When you set up SharePoint Embedded for the first time in the Microsoft 365 admin center, under Org settings, you’ll enable it as a pay-as-you-go service in one billing policy where you’ll define your Azure subscription, your resource group, and your region. Now you’re ready. And the good news is, as a developer, you can get started right away using the Visual Studio extension for SharePoint Embedded. 

-To find out more about that and build your first agent, check out aka.ms/SPEAgent and keep watching Microsoft Mechanics for the latest tech updates. Subscribe to our channel and thanks for watching.