Prerequisites
This guide covers the full GriMoire setup: SharePoint deployment, Azure backend, and Agent 365 tooling.
1. Microsoft 365 tenant
You need a Microsoft 365 tenant with SharePoint Online and a tenant app catalog. You also need a SharePoint admin who can upload and deploy the .sppkg package and approve API permissions.
2. Microsoft Frontier AI Program
GriMoire uses Agent 365 tooling servers for Microsoft 365 actions — Outlook mail, calendar, Teams, SharePoint, OneDrive, Word, and more. These require enrollment in the Microsoft Frontier AI Program.
Confirm enrollment before proceeding: Microsoft Frontier AI Program
Official references:
3. Copilot license
At least one Microsoft 365 Copilot license is part of the documented enablement story for Agent 365. Confirm that your tenant has Copilot licensing in place.
4. Azure AI model deployments
GriMoire uses three model slots deployed through Azure AI Foundry (formerly Azure OpenAI Service). All model access runs through Azure — GriMoire does not call OpenAI directly.
| Slot | Azure deployment | Purpose |
|---|---|---|
| Reasoning | gpt-5-mini | Primary model for chat, tool dispatch, and complex reasoning |
| Fast | gpt-5-nano | Lightweight model for intent classification and query expansion |
| Realtime | gpt-realtime-1.5 | WebRTC voice model |
Security model
The backend authenticates to Azure AI endpoints using managed identity via DefaultAzureCredential. This keeps model credentials on the server side — the browser never talks to Azure models directly.
The browser communicates with the backend through a Proxy API Key configured in the web part property pane. This key authenticates the web part's requests to the backend proxy.
5. Azure requirements
The backend deployment script expects Azure access to create or configure:
- A resource group
- A Microsoft Foundry / Azure AI resource
- Model deployments for reasoning, fast, and realtime
- An Azure Function App with managed identity
- A storage account (for Table Storage persistence)
- An Entra app registration for the backend API (created automatically by the deploy script for Easy Auth-protected user data routes)
6. Local toolchain
Required
- Node.js 22 or later
- Azure CLI (
az) - Azure Functions Core Tools (
func) - PowerShell 7+ for the Agent 365 service-principal script
You will also need the Power Platform Environment ID — see Find your environment and organization IDs for how to locate it.
7. Admin roles by stage
| Stage | Required role |
|---|---|
Upload and deploy .sppkg | SharePoint admin or app catalog admin |
| Approve SharePoint API access requests | SharePoint admin or tenant admin |
Run New-Agent365ToolsServicePrincipalProdPublic.ps1 | Application Administrator or Global Administrator |
| Enable Frontier / Agent 365 access | Microsoft 365 admin |
| Create Azure resources and managed identity roles | Azure subscription contributor/owner-level access |
Before you proceed
Confirm all of the following:
- your tenant has SharePoint Online with a tenant app catalog
- your tenant is enrolled in the Microsoft Frontier AI Program
- you have at least one Microsoft 365 Copilot license
- you can deploy Azure resources (Function App, AI resource, storage)
- you have the admin access described in the roles table above
When all of that is true, continue to Install.