Salta al contenuto
Usando AWS re:Post, accetti AWS re:Post Termini di utilizzo
AWS re:Postre:Post
Informazioni su re:Post

Amazon Quick: How to disable per-action Allow/Deny prompts for connector Write actions (M365)?

0

We're using Amazon Quick chat agents with M365 connectors (Outlook, OneDrive, SharePoint, Teams). Read actions work cleanly after re-connecting and granting Entra admin consent for the Amazon Quick enterprise application (appId 4cf12f46-d83a-4f8f-b112-d6125cb15891). However, Write actions (e.g., Outlook CreateDraft, SharePoint upload) still surface an Allow/Deny confirmation card on every single invocation, which breaks autonomous agent workflows.

What we've already tried:

  1. Re-connected all four M365 connectors with a tenant admin account.
  2. Granted admin consent in Microsoft Entra for the Amazon Quick enterprise app.
  3. Reviewed Quick chat agent settings - no per-action confirmation toggle is exposed.
  4. Reviewed AWS docs and existing re:Post threads - confirmation appears to be an intentional guardrail with no documented bypass.

Questions:

  • Is there a supported way (account setting, agent config, IAM/Identity Center policy, or API parameter) to enable a 'trusted' or 'auto-approve' mode for Write actions on specific connectors or specific agents?
  • If not, is this on the roadmap? A per-agent or per-connector trust toggle would be extremely valuable for production automations where a human-in-the-loop confirmation on every write defeats the purpose of agentic execution.
  • Are there any workarounds (e.g., custom action/Lambda-backed connector) that would let an agent perform writes without the prompt while still respecting org policy?

Thanks for any guidance.

Argomenti
Apprendimento automatico e intelligenza artificialeApplicazioni aziendali
Tag
Amazon Q Business
Lingua
English
posta un mese fa52 visualizzazioni
2 Risposte
2

As far as I know, there is currently no native setting or toggle within Amazon Q Business to disable the Allow/Deny confirmation prompts for standard M365 connector Write actions. This behavior is an intentional security guardrail designed by AWS to ensure a "human-in-the-loop" for any data modification.

  • Standard Connectors: These currently enforce prompts for all Write invocations (CreateDraft, Upload, etc.) to prevent unintended actions caused by potential hallucinations or prompt injections.

  • Potential Workaround: The only way to achieve fully autonomous execution today is by using Custom Actions via AWS Lambda. By routing the Write request through a Lambda function (calling the MS Graph API directly), you bypass the built-in confirmation card. However, this requires managing your own security validation within the code.

  • Roadmap: While highly requested for agentic workflows, there is no official public date for a "trusted mode" for standard connectors yet.

@community, if I’m mistaken or if there's a hidden configuration I’ve missed, please correct me - I’m always happy to learn more about this !

ESPERTO
con risposta un mese fa
0

Seems there is no way to support yet for disabling the per‑action Allow/Deny prompts for Microsoft 365 connector Write actions in Amazon Quick.

https://docs.aws.amazon.com/quick/latest/userguide/microsoft-teams-integration.html

No option to bypass yet above

ESPERTO
con risposta un mese fa

Accesso non effettuato. Accedi per postare una risposta.

Una buona risposta soddisfa chiaramente la domanda, fornisce un feedback costruttivo e incoraggia la crescita professionale del richiedente.

Contenuto pertinente