Showing results for 
Search instead for 
Did you mean: 

Enhancing Microsoft Endpoint Manager end user experiences with Power Virtual Agents

Admin & user experiences and automation are topics I love to discuss with customers. Experience is critical to end user satisfaction, impacts the perception of a product, and we also tend to remember experiences we have with products. If we have a bad experience we’re reluctant to go back and is why the experience the end user has is so important.


In an effort to enhance end user experience and satisfaction, virtual agents are being utilized to help individuals on their journey to find answers. However, if you’ve had any experience with virtual agents i.e. “chatbots”, some experiences are good and some are terrible. For example, I’ve utilized chatbots that put me through a loop and/or don’t quite understand my intent, which turned into a bad experience leading to frustration. Recently AI is being utilized to learn about the intent and patterns to enhance responses, which improves the experience, however in some scenarios chatbots still need to be trained.

For this months post I focus on creating a virtual agent using Power Virtual Agents to help users with identifying their enrolled devices, assist with wiping a device (i.e. remove corporate data), contact support, and locating where to access a Bitlocker recovery key. We can always expand on these operations and the options are endless, however I chose to keep the virtual agent fairly simple for this post.




Let’s get started!


  • Power Virtual Agents
  • Power Automate
  • Microsoft Graph
  • Microsoft Endpoint Manager

Power Virtual Agents

To describe Power Virtual Agents I pulled the following is directly from Overview of Power Virtual Agents web app – Power Virtual Agents | Microsoft Docs

Power Virtual Agents lets you create powerful chatbots that can be created with a guided, no-code graphical interface – and without the need for data scientists or developers.

The benefits of using a no-code graphical interface help to:

  • Eliminate the gap between subject matter experts and development teams building the chatbots
  • Reduce the time from when bot builders and owners recognize an issue to when it can be updated
  • Remove the need to understand complex conversational AI systems and methodologies
  • Simplify the need for complex code
  • Minimize the IT effort needed to deploy and maintain a custom conversational solution

Time is precious and having the tools to create solutions quickly, reliably, with rapid deployment options is a massive time saver. If you’ve read any of my previous posts utilizing the Power Platform, you’ll see there’s a real opportunity for citizen developers to create automated and end user solutions with little to no code. Chatbots traditionally have required setting up services, importing data, training, etc. and Microsoft has enabled methods in Azure to create chatbots quickly, however may still require some knowledge of managing services, endpoints, and writing some code. With Power Virtual Agents, most of those processes goes away, especially when utilizing components from with the Power Platform, however is extensible to leverage APIs and other solutions traditional development processes have created.

In this scenario, the virtual agent I designed covers the following topics:

  • Return a list of enrolled devices for the user
  • Locate where to access a Bitlocker recovery key
  • Wipe a device (remove all corporate data)
  • Contact support

Those are all common support requests, however you can add additional scenarios such as password resets, and much more.

Accessing Power Virtual Agents designer
Navigate to: to open the console and you’ll see something similar to the following screen:



Select “Topics” and you’ll see a list of pre-populated topics. Think of these as chat topics or scenarios. For this post we’ll create topics to address the following scenarios:

  • Help a user find devices they’ve enrolled – Topic name: Enrolled Devices
  • Locate the Bitlocker recovery key for a device – Topic name: Bitlocker recovery key
  • Help a user wipe their device – Topic name: Wipe device
  • Contact support – Topic name: Support team



Creating topics
Select “New topic” from the Topics screen and fill in the sections. Under “Trigger phrases” this is a manually generated list, so feel free to add words or phrases you think would trigger this topic. For example, for learning about enrolled devices scenario, I have a variety of trigger phrases, however if I type the term “device” into the virtual agent chat it will go down the path of my “Enrolled Devices” topic regardless if the term matches the full trigger phrase.



When finished filling out the fields and adding trigger phrases, select “Go to authoring canvas”. This is where we’ll build out to flow of the virtual agent, and is super exciting to see it in action once drafted.

Below is my workflow for enrolled devices topic, however we need to break it down first.

Note: there are many methods of accomplishing the same outcome and my method is only one path of many possibilities.

There are different types of nodes we can add such as ask a question, call an action from Power Automate, show a message, condition, etc.

For the enrolled devices topic I start by adding a “Ask a question” node. The question asks if the individual would like to know if they have any devices enrolled. If they answer yes, I take the current user ID and pass that back to Power Automate to query for any any devices the user has enrolled with Intune.

Select “+” and select “Action” node and either select an existing or build out a new Power Automate flow. Most likely you’ll be building a new flow (see Power Automate details in Power Automate sections below).

I then add a condition where if the value returned from Power Automate is empty (i.e. the user doesn’t have any enrolled devices) I return a message in the agent that states no enrolled devices were found. However, if one or more enrolled are returned, then the agent lists out the device details followed by a message stating where to manage the device.

The agent then asks the question about managing the device and the final conditions branch off depending on the answer.

It’s a fairly simple work flow, however will to do the trick and provide your users a  better experience than dialing up their support and having to go through the same conversation verbally.



Wipe device (only remove corporate data) topic
I follow a similar pattern for wipe device, only I utilize a different Power Automate flow to wipe the device. I won’t explain all the details however below is the topic in it’s entirety.



The Bitlocker recovery key topic
I attempted to pull the keys via Graph, however doing so in a delegated manner using Power Automate isn’t supported so I point to user to the self service portal instead which is probably a more secure method in my opinion.



Support team contact topic
The last topic I created is to guide users to support team contact info. It’s a simple process, however it’s effective in guiding users to the information they need to contact support.



Power Automate
I have a two Power Automate flows I use for this entire scenario. Again, you’ll create this while creating the virtual agent.

Pro Tip – Locating Power Automate flow associated with Virtual Agents
When adding Power Automate flows to a virtual agent you’ll notice they are not visible in the Power Automate console normally utilized to create flows. To find them navigate to: and select “Solutions” on the right hand navigation pane. Find “Default Solution” in the list and select it, then select the filter option in the upper right of the page and select “Cloud Flow”. Once Cloud Flow is selected the virtual agent flows will be visible.

Get enrolled devices
To get the enrolled devices for the user I take the userID and pass that to the HTTP action inline of the Graph query. I also initialize a variable to store the response in so I can pass the output back to the virtual agent. You’ll notice I have some light formatting in the “Append string to variable” action, I do this because currently the Power Apps Virtual agents doesn’t support formatting otherwise I would have used a table or html formatting.



Device Wipe
When we create a flow from within Power Virtual Agents console it defaults to a template that has input and return value actions.

In the flow below make a graph call to get the device because I didn’t want to delete it and reenroll the device every time I ran a test, so to delete a device, in the HTTP action, simply change the method and URI to make the correct Graph call to wipe the device. The HTTP request for wipe device may be found here: wipe action – Microsoft Graph v1.0 | Microsoft Docs

Although the flow is mostly self explanatory, however when accessing MEM bot from Teams carriage returns and spaces are added to the return value (i.e. deviceID) so I needed to use a compose action to strip out all return values and spaces so the output utilized in the HTTP action is one URI with no spaces before or after the deviceID.



Microsoft Teams
We can publish the virtual agent to a web app or in my case I published to Microsoft Teams as I want users to have quick access to it. For more details on adding chatbots to Teams please visit: Add a chatbot to Microsoft Teams – Power Virtual Agents | Microsoft Docs

That’s it, we learned about what Power Virtual Agents are, create and agent to help guide users through learning about enrolled devices, wipe corporate data from devices, find Bitlocker recovery keys, and how to contact a support team. I hope this was valuable info and encouraged you to start your process automation journey though the use of Power Automate and Power Virtual Agents.