![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 76%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERP%3C/text%3E%3C/svg%3E)
Azure AI Bot Service
An Azure service that provides an integrated environment for bot development.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(28.799999999999997, 15%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAV%3C/text%3E%3C/svg%3E)
The certificate for the “Sales Copilot Power Virtual Agents Bot (Power Virtual Agents)” app registration is managed like any other Microsoft Entra app registration. The update is done in two parts:
- Add/rotate the certificate in Microsoft Entra ID.
- Update the bot application to use the new certificate (if the bot is configured for certificate-based auth).
Because this is a Microsoft‑owned first‑party application, the app registration typically isn’t meant to be customized by customers. If this app is the built‑in Sales Copilot / Power Virtual Agents integration, certificate management is handled by Microsoft and shouldn’t be changed. If instead this is a customer‑owned bot app with that name, use the steps below.
1. Add the new certificate to the app registration
- In the Microsoft Entra admin center, go to App registrations and select Sales Copilot Power Virtual Agents Bot (Power Virtual Agents).
- Select Certificates & secrets.
- Under Certificates, select Upload certificate.
- Choose the certificate file (
.cer,.pem, or.crt) and select Add. - Record the certificate Thumbprint for use in the bot code if needed.
This is the standard way to add or rotate a certificate for any confidential client application.
2. Update the bot to use certificate-based authentication (if applicable)
If the bot is configured to authenticate with a certificate instead of a client secret, update the bot code or configuration to use the new certificate:
- JavaScript bot example:
const credentialsFactory = new ConfigurationServiceClientCredentialFactory({ MicrosoftAppId: config.botId, CertificatePrivateKey: '{your private key}', CertificateThumbprint: '{your cert thumbprint}', MicrosoftAppType: 'MultiTenant', }); const botFrameworkAuthentication = new ConfigurationBotFrameworkAuthentication( {}, credentialsFactory ); const adapter = new CloudAdapter(botFrameworkAuthentication); - C# bot example:
builder.Services.AddSingleton<ServiceClientCredentialsFactory>((e) => new CertificateServiceClientCredentialsFactory("{your certificate}", "{your entra id}"));
After updating the code and redeploying the bot, test to confirm it works with the new certificate.
3. Remove old client secrets (if migrating away from secrets)
Once the bot is confirmed to be working with the certificate, remove any old client secrets from the same Certificates & secrets blade to complete the migration away from secret-based authentication.
4. If this is a Microsoft‑managed first‑party app
If the app registration is locked or owned by Microsoft (typical for built‑in Sales Copilot / PVA integrations), do not modify its certificates. In that case, open a support ticket through the Azure or Dynamics/Power Platform support channels and reference the app name so the owning product team can assist.
References: