Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

Amazon Quick: How to disable per-action Allow/Deny prompts for connector Write actions (M365)?

0

We're using Amazon Quick chat agents with M365 connectors (Outlook, OneDrive, SharePoint, Teams). Read actions work cleanly after re-connecting and granting Entra admin consent for the Amazon Quick enterprise application (appId 4cf12f46-d83a-4f8f-b112-d6125cb15891). However, Write actions (e.g., Outlook CreateDraft, SharePoint upload) still surface an Allow/Deny confirmation card on every single invocation, which breaks autonomous agent workflows.

What we've already tried:

  1. Re-connected all four M365 connectors with a tenant admin account.
  2. Granted admin consent in Microsoft Entra for the Amazon Quick enterprise app.
  3. Reviewed Quick chat agent settings - no per-action confirmation toggle is exposed.
  4. Reviewed AWS docs and existing re:Post threads - confirmation appears to be an intentional guardrail with no documented bypass.

Questions:

  • Is there a supported way (account setting, agent config, IAM/Identity Center policy, or API parameter) to enable a 'trusted' or 'auto-approve' mode for Write actions on specific connectors or specific agents?
  • If not, is this on the roadmap? A per-agent or per-connector trust toggle would be extremely valuable for production automations where a human-in-the-loop confirmation on every write defeats the purpose of agentic execution.
  • Are there any workarounds (e.g., custom action/Lambda-backed connector) that would let an agent perform writes without the prompt while still respecting org policy?

Thanks for any guidance.

Topics
Business ApplicationsMachine Learning & AI
Tags
Amazon Q Business
Language
English
asked 20 days ago47 views
2 Answers
2

As far as I know, there is currently no native setting or toggle within Amazon Q Business to disable the Allow/Deny confirmation prompts for standard M365 connector Write actions. This behavior is an intentional security guardrail designed by AWS to ensure a "human-in-the-loop" for any data modification.

  • Standard Connectors: These currently enforce prompts for all Write invocations (CreateDraft, Upload, etc.) to prevent unintended actions caused by potential hallucinations or prompt injections.

  • Potential Workaround: The only way to achieve fully autonomous execution today is by using Custom Actions via AWS Lambda. By routing the Write request through a Lambda function (calling the MS Graph API directly), you bypass the built-in confirmation card. However, this requires managing your own security validation within the code.

  • Roadmap: While highly requested for agentic workflows, there is no official public date for a "trusted mode" for standard connectors yet.

@community, if I’m mistaken or if there's a hidden configuration I’ve missed, please correct me - I’m always happy to learn more about this !

EXPERT
answered 19 days ago
0

Seems there is no way to support yet for disabling the per‑action Allow/Deny prompts for Microsoft 365 connector Write actions in Amazon Quick.

https://docs.aws.amazon.com/quick/latest/userguide/microsoft-teams-integration.html

No option to bypass yet above

EXPERT
answered 16 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Relevant content