AI Service Graph Connector for Microsoft
Summarize
Summary of AI Service Graph Connector for Microsoft
The AI Service Graph Connector for Microsoft enables ServiceNow customers to discover, import, and manage AI assets from Azure AI Foundry and Microsoft Copilot Studio environments directly into the ServiceNow AI Control Tower. This integration catalogs AI agents, models, and prompts while providing usage data that enhances visibility and governance of AI operations through the AI Control Tower value dashboard.
Show less
Key Features
- Discovery of Azure AI Foundry agents, including ML Services, AI Services, and new Foundry variants.
- Discovery of Microsoft Copilot agents across single or multiple Power Platform environments.
- Tracking AI asset lineage and dependencies via sub-component relationships.
- Aggregation of usage and execution metrics by agent, date, and session.
- Flexible discovery scopes for Azure Foundry: tenant-wide, filtered by resource names, or by region.
- Multi-environment discovery for Microsoft Copilot using a single connection with support for multiple environment IDs.
Configuration and Prerequisites
To set up the connector, customers must:
- Assign appropriate roles in ServiceNow (snaidisc.discoveryadmin and sncmdbintutil.sgcadmin) for configuration.
- Update data source access permissions to allow creation and modification of data sources within ServiceNow.
- Clear the cache for relevant tables to ensure proper data handling during discovery.
Azure AI Foundry Specific Requirements
- Register an application in Microsoft Entra ID to obtain OAuth credentials for Azure API authentication.
- Assign the Reader role at subscription or resource group level and the Azure AI Foundry User role on Azure AI Foundry resources to the client application.
- Configure discovery scope options including tenant-wide, specific resource filtering, or regional filtering.
- ServiceNow supports both the original and the New Azure AI Foundry, which treats each agent version as a distinct entity and supports additional tool types.
Microsoft Copilot Studio Specific Requirements
- Register an application in Microsoft Entra ID for OAuth credentials.
- Configure the application as an application user within each Copilot environment with Basic User and System Administrator security roles.
- Support for multi-environment discovery by specifying multiple environment IDs separated by commas, using the same OAuth credentials for all environments.
- Ensure the application user is configured with required roles in each environment to enable discovery and import.
Supported ServiceNow Versions and Access
- The connector supports Australia, Zurich, and Yokohama Patch 11 releases of ServiceNow.
- Available for download from the ServiceNow Store.
This connector empowers ServiceNow customers to integrate AI asset discovery and monitoring from Microsoft environments, enabling consolidated governance, operational insight, and seamless management of AI resources within the ServiceNow platform.
The AI Service Graph Connector for Microsoft enables you to discover and import AI assets from Azure AI Foundry and Microsoft Copilot Studio environments into ServiceNow AI Control Tower.
The connector creates separate AI connections for each Microsoft platform, cataloging AI agents, models, and prompts. The usage information is consumed by the AI Control Tower value dashboard, providing comprehensive visibility and governance of your AI operations.
Key capabilities:
- Discovery of Azure AI Foundry agents across ML Services, AI Services, and New Foundry variants
- Discovery of Microsoft Copilot agents across single or multiple Power Platform environments
- AI asset lineage and dependency tracking through sub-component relationships
- Usage and execution metrics aggregated by agent, date, and session
- Support for tenant-wide discovery or filtered discovery by resource and region (Azure Foundry)
- Multi-environment discovery using a single Copilot connection
Download apps from the store
Visit the ServiceNow store website to download the AI Service Graph Connector for Microsoft application.
Supported ServiceNow versions
| Release | Status |
|---|---|
| Australia | Supported |
| Zurich | Supported |
| Yokohama Patch 11 | Supported |
User Roles
You must have one of the following roles assigned to complete the configuration task.
| Required Role |
| sn_ai_disc.discovery_admin |
| sn_cmdb_int_util.sgc_admin |
ServiceNow Prerequisites
Complete the following setup steps once when configuring the connector for the first time.
The connector requires write permissions to the Data Source table to create data sources.
- Select Global from the application picker.
- Navigate to Application Access.
- Select the Can create, Can update, and Can delete checkboxes.
- Select Update.
- Switch to the connector application scope.
Clear the cached data for the Data Source and Tables.
- Navigate to System Definition > Background Scripts
- Paste the following script into the Run Script text box:
GlideTableManager.invalidateTable('sys_data_source'); GlideCacheManager.flushTable('sys_data_source'); GlideTableManager.invalidateTable('sys_db_object'); GlideCacheManager.flushTable('sys_db_object'); - Select Run Script.Note:The script may take several minutes to complete.
- After completion, switch to the connector application scope.
Azure AI Foundry Prerequisites
Complete the following steps in your Azure environment before creating an Azure Foundry connection.
The connector uses OAuth to authenticate with Azure APIs. To obtain credentials, register an application in Microsoft Entra ID. For full instructions, refer to the Azure documentation
- Reader role at the subscription or resource group level to discover resources.
- Azure AI Foundry User role on the Azure AI Foundry resources.
Configure the scope of Azure Foundry discovery using the following options:
Tenant-wide discovery (default): Leave the Resource Name and Region fields empty to discover all Al agents across your entire Azure tenant.
Filter by resource (optional): To limit discovery to specific resources, enter resource names as comma-separated values (e.g., resource1, resource2).
Filter by region (optional): To limit discovery to specific Azure regions, enter region names as comma-separated values (e.g., eastus, westus2).
Microsoft Copilot Studio Prerequisites
Complete the following steps in your Power Platform environment before creating a Copilot connection.
Register an application to obtain OAuth credentials for the connector.
- Follow the Microsoft Entra app registration quickstart to create a new application.
- Record the Client ID and Client Secret from the registration.
Configure the application as a user in your Copilot environment.
To configure application access:
- Open the Power Platform Admin Center
- Navigate to Environments and select your Copilot environment
- Go to Settings > Users + Permissions > Application users
- Select New App User and add your application using the Client ID from step 1
- Assign the following security roles to the application user
- Basic User
- System administrator
You can discover agents from multiple Copilot environments using a single connection. To configure multi-environment discovery:
- Enter multiple environment IDs as comma-separated values in the Environment ID field (eg.., env-id-1, env-id-2, env-id-3)
- The same OAuth credentials (Client ID and Client Secret) are used for all environments
- Ensure the application user is configured in each environment with the required security roles
- Each environment will be tested and discovered separately during the import process