Copilot Studio's sharp edges: scope claims and character budgets

Two Copilot Studio constraints cost me real hours this sprint; both are cheap to avoid once named.

The three-way scope mismatch. When a custom MCP connector returns authorization failures, the cause is almost always that three things disagree: the scope exposed by the Entra app registration, the scp claim actually inside the token Copilot Studio sends, and the scope your server is configured to require. The debugging move is to decode the token and read the claim first - five minutes of looking beats hours of changing settings on a guess. Then normalize: one scope name (access_as_user), used identically in the registration, the connector, and the server config, ends the entire class of bug.

The 8,000-character ceiling. Agent instructions have a hard limit, and it's load-bearing. Consolidating three overlapping instruction drafts into one that fits forced a useful discipline: directives survive, explanations don't. Anything procedural that won't fit doesn't belong in the prompt anyway - move reference material into retrieved documents and keep the instructions for behavior.

Treat both as design inputs rather than surprises and Copilot Studio integration goes from mysterious to merely fiddly.