How to Build a Copilot That Respects DLP and Compliance.

1
00:00:00,000 --> 00:00:02,780
Your copilot isn't dumb, you starved it.

2
00:00:02,780 --> 00:00:05,460
No skimmer, no rules, no guardrails,

3
00:00:05,460 --> 00:00:07,500
then you complain about hallucinations.

4
00:00:07,500 --> 00:00:08,880
The truth?

5
00:00:08,880 --> 00:00:12,040
Most power platform AI failures aren't model IQ,

6
00:00:12,040 --> 00:00:14,140
they're context that you created.

7
00:00:14,140 --> 00:00:15,620
Here's what you'll get today.

8
00:00:15,620 --> 00:00:17,700
A repeatable context engineering pattern

9
00:00:17,700 --> 00:00:19,620
for copilot studio and power automate

10
00:00:19,620 --> 00:00:22,660
that kills hallucinations, fixes cross-tenant drift

11
00:00:22,660 --> 00:00:24,620
and slashes latency and cost

12
00:00:24,620 --> 00:00:26,620
will build the system message pattern,

13
00:00:26,620 --> 00:00:28,260
a schema grounding checklist,

14
00:00:28,260 --> 00:00:30,140
and a retrieval pipeline template.

15
00:00:30,140 --> 00:00:32,580
There's one layer, everyone forgets the policy layer

16
00:00:32,580 --> 00:00:34,380
that prevents governance drift.

17
00:00:34,380 --> 00:00:37,540
We'll wire it in and prove it with before and after metrics.

18
00:00:37,540 --> 00:00:38,620
Now we start.

19
00:00:38,620 --> 00:00:41,680
Problem, why your copilot fails, context dead.

20
00:00:41,680 --> 00:00:44,420
Let's define the problem precisely, context dead.

21
00:00:44,420 --> 00:00:46,700
It's the accumulation of missing or sloppy context

22
00:00:46,700 --> 00:00:49,140
that forces a language model to guess.

23
00:00:49,140 --> 00:00:51,940
You skip system rules, you don't ground to dataverse,

24
00:00:51,940 --> 00:00:55,060
you leave tools undefined and you ignore policies.

25
00:00:55,060 --> 00:00:57,820
Then you're shocked when outputs wobble across tenants.

26
00:00:57,820 --> 00:00:59,180
Fascinating.

27
00:00:59,180 --> 00:01:01,500
Context dead shows up as four failures.

28
00:01:01,500 --> 00:01:03,540
First, missing system rules, no identity,

29
00:01:03,540 --> 00:01:05,500
no scope, no refusal policy,

30
00:01:05,500 --> 00:01:07,780
the model optimizes for being helpful in verbose,

31
00:01:07,780 --> 00:01:09,660
not compliant and precise.

32
00:01:09,660 --> 00:01:12,780
Second, ungrounded data, you wave at the loan table

33
00:01:12,780 --> 00:01:15,260
without giving entity names, field definitions,

34
00:01:15,260 --> 00:01:17,180
relationships or sample records.

35
00:01:17,180 --> 00:01:19,020
Third, undefined tools.

36
00:01:19,020 --> 00:01:20,940
You ask it to update status,

37
00:01:20,940 --> 00:01:22,820
but you don't expose a governed action path

38
00:01:22,820 --> 00:01:23,860
in power automate.

39
00:01:23,860 --> 00:01:25,460
Fourth, absent policies.

40
00:01:25,460 --> 00:01:28,580
You rely on vibes instead of DLP, sensitivity labels

41
00:01:28,580 --> 00:01:31,340
and conditional access that quieted guarantees drift.

42
00:01:31,340 --> 00:01:32,780
The evidence is everywhere.

43
00:01:32,780 --> 00:01:35,260
High failure and abandonment rates in enterprise AI

44
00:01:35,260 --> 00:01:37,860
track to execution and context, not model limits.

45
00:01:37,860 --> 00:01:41,180
Teams report hallucinations, environment-specific inconsistencies

46
00:01:41,180 --> 00:01:44,500
and token burn from overfetching whole tables just to be safe.

47
00:01:44,500 --> 00:01:45,740
You don't need a bigger model.

48
00:01:45,740 --> 00:01:46,580
You need a spine.

49
00:01:46,580 --> 00:01:48,300
Here's the mental model that fixes it.

50
00:01:48,300 --> 00:01:51,940
Four layers of context, system, retrieval, tools, policies,

51
00:01:51,940 --> 00:01:54,220
think of it like the Windows registry for your agent.

52
00:01:54,220 --> 00:01:55,260
It's not just a database.

53
00:01:55,260 --> 00:01:56,220
It's the spine.

54
00:01:56,220 --> 00:01:58,780
System declares who the agent is and what it refuses.

55
00:01:58,780 --> 00:02:00,540
Retrieval provides facts and schemas

56
00:02:00,540 --> 00:02:02,220
so it stops inventing fields.

57
00:02:02,220 --> 00:02:04,580
Tools expose the exact actions it's allowed

58
00:02:04,580 --> 00:02:06,420
to perform under least privilege.

59
00:02:06,420 --> 00:02:09,420
Policies enforce boundaries regardless of clever prompts.

60
00:02:09,420 --> 00:02:11,220
Remove any layer and the outputs wobble,

61
00:02:11,220 --> 00:02:12,780
add all four and they lock in.

62
00:02:12,780 --> 00:02:13,940
The thing most devs miss,

63
00:02:13,940 --> 00:02:16,940
environments are the security boundary in power platform.

64
00:02:16,940 --> 00:02:19,620
If your DLP policy blocks business to non-business connector,

65
00:02:19,620 --> 00:02:21,300
mixing in prod but not in dev,

66
00:02:21,300 --> 00:02:23,100
you've built two different universes.

67
00:02:23,100 --> 00:02:26,020
Your agents, eyes and hands changed by environment.

68
00:02:26,020 --> 00:02:28,780
So yes, results drift across tenants and environments

69
00:02:28,780 --> 00:02:30,940
because you changed the world under its feet.

70
00:02:30,940 --> 00:02:32,700
Let me spell out the typical failure loop.

71
00:02:32,700 --> 00:02:34,300
You build a co-pilot studio agent,

72
00:02:34,300 --> 00:02:37,420
you give it a vague goal, help with loan applications.

73
00:02:37,420 --> 00:02:39,420
You link a document library of PDFs

74
00:02:39,420 --> 00:02:41,060
without extracting structure.

75
00:02:41,060 --> 00:02:43,220
You don't index dataverse entities, relationships

76
00:02:43,220 --> 00:02:44,620
or sensitivity labels.

77
00:02:44,620 --> 00:02:47,020
You skip the tool catalog and assume co-pilot

78
00:02:47,020 --> 00:02:48,300
will figure it out.

79
00:02:48,300 --> 00:02:49,500
Then you ask a question.

80
00:02:49,500 --> 00:02:51,420
It replies with generic policy fluff

81
00:02:51,420 --> 00:02:54,540
an inventor field named Loanstage that doesn't exist in your schema.

82
00:02:54,540 --> 00:02:56,060
Congratulations, you paid for tokens

83
00:02:56,060 --> 00:02:58,260
to read the wrong content and got nonsense back.

84
00:02:58,260 --> 00:02:59,820
Compare that to a grounded approach.

85
00:02:59,820 --> 00:03:02,740
Same question but your retrieval layer includes a schema index,

86
00:03:02,740 --> 00:03:05,580
entity loan application, field status,

87
00:03:05,580 --> 00:03:08,900
pick list values, relationships to applicant and document,

88
00:03:08,900 --> 00:03:10,500
plus sample records.

89
00:03:10,500 --> 00:03:12,380
The agent references loan application,

90
00:03:12,380 --> 00:03:15,580
status explicitly and sites allowed values, no guessing.

91
00:03:15,580 --> 00:03:17,740
The difference isn't model, it's context.

92
00:03:17,740 --> 00:03:20,060
Latency and cost are symptoms of the same debt.

93
00:03:20,060 --> 00:03:22,860
Overfetching entire tables because you lack field level filters,

94
00:03:22,860 --> 00:03:26,140
explodes tokens in time, vague retrieval forces the model

95
00:03:26,140 --> 00:03:27,980
to wait through irrelevant chunks.

96
00:03:27,980 --> 00:03:30,060
Undefined top can no intent filtering,

97
00:03:30,060 --> 00:03:32,780
you pay for everything, learn nothing and still hallucinate.

98
00:03:32,780 --> 00:03:33,780
Brutal.

99
00:03:33,780 --> 00:03:35,660
Governance drift is the quiet killer.

100
00:03:35,660 --> 00:03:37,020
Without a policy layer,

101
00:03:37,020 --> 00:03:39,900
DLP sensitivity labels conditional access,

102
00:03:39,900 --> 00:03:41,940
your agent's behavior gradually diverges.

103
00:03:41,940 --> 00:03:43,420
A connector gets reclassified,

104
00:03:43,420 --> 00:03:45,860
a guest account sneaks into a float, logs are off,

105
00:03:45,860 --> 00:03:47,980
then the agent happily summarizes sensitive notes

106
00:03:47,980 --> 00:03:49,380
to a non-business connector.

107
00:03:49,380 --> 00:03:51,740
You don't notice until audit week, excellent.

108
00:03:51,740 --> 00:03:55,060
Here's the fix and will build it step by step in this series.

109
00:03:55,060 --> 00:03:57,900
System layer, a Terse versioned system message

110
00:03:57,900 --> 00:04:01,300
that encodes identity, scope, refusal, schema awareness,

111
00:04:01,300 --> 00:04:03,700
tool use rules and logging boundaries.

112
00:04:03,700 --> 00:04:06,100
Authored per environment with tokens for business unit

113
00:04:06,100 --> 00:04:07,700
and sensitivity mapping.

114
00:04:07,700 --> 00:04:11,260
Retrieval layer, a pipeline that grounds to data verse first

115
00:04:11,260 --> 00:04:13,780
with a document index as a secondary source

116
00:04:13,780 --> 00:04:17,620
using entity aware chunking, hybrid search, security trimming,

117
00:04:17,620 --> 00:04:18,940
and field level filters.

118
00:04:19,380 --> 00:04:22,540
Tools layer, a curated catalog of power automated actions

119
00:04:22,540 --> 00:04:24,700
under least privilege with prompt templates

120
00:04:24,700 --> 00:04:28,340
that define input schemas, refusal logic and sensitivity flags.

121
00:04:28,340 --> 00:04:31,860
Policy layer, enforced DLP groups, conditional access,

122
00:04:31,860 --> 00:04:35,340
real-time masking via labels, and an admin kill switch.

123
00:04:35,340 --> 00:04:37,020
If you remember nothing else, remember this,

124
00:04:37,020 --> 00:04:40,340
models predict text, you engineer truth, power, and boundaries.

125
00:04:40,340 --> 00:04:41,900
Your job is the context.

126
00:04:41,900 --> 00:04:44,540
The model is the rendering engine, stop blaming the renderer

127
00:04:44,540 --> 00:04:45,940
for your missing blueprint.

128
00:04:45,940 --> 00:04:49,820
Layer one, system context that doesn't drift, pattern, plus checklist.

129
00:04:49,820 --> 00:04:51,980
Now we stop the guessing and install identity

130
00:04:51,980 --> 00:04:54,620
without explicit identity scope and refusal rules,

131
00:04:54,620 --> 00:04:57,540
large language models default to being charming laboratories,

132
00:04:57,540 --> 00:05:00,860
fetching everything, pleasing everyone, and trampling compliance.

133
00:05:00,860 --> 00:05:02,740
You need a bouncer, not a golden retrieval.

134
00:05:02,740 --> 00:05:06,420
The truth, if your system message is vague, your outputs will be vague.

135
00:05:06,420 --> 00:05:09,580
If your system message is inconsistent per environment,

136
00:05:09,580 --> 00:05:11,340
your outputs will drift per environment.

137
00:05:11,340 --> 00:05:12,620
So we also the spine first.

138
00:05:12,620 --> 00:05:13,780
Here's the pattern I use.

139
00:05:13,780 --> 00:05:16,100
It's short, versioned, and ruthless.

140
00:05:16,100 --> 00:05:19,660
Roll, you are the loan operations co-pilot for business unit

141
00:05:19,660 --> 00:05:21,860
in environment, environment name.

142
00:05:21,860 --> 00:05:25,140
You answer only about the loan applications and related processes.

143
00:05:25,140 --> 00:05:28,500
Scope, stick to dataverse entities and label documents

144
00:05:28,500 --> 00:05:29,860
in this environment.

145
00:05:29,860 --> 00:05:32,980
If the answer requires external systems or unlabeled content,

146
00:05:32,980 --> 00:05:35,340
refuse and propose a safe next step.

147
00:05:35,340 --> 00:05:41,340
Tone, concise factual site fields exactly as schema entity dot field.

148
00:05:41,340 --> 00:05:44,900
Refusal policy, if sensitive content labeled amy-plabel list

149
00:05:44,900 --> 00:05:47,060
is requested in a non-business context refuse

150
00:05:47,060 --> 00:05:49,300
with reason and log refusal summary.

151
00:05:49,300 --> 00:05:50,580
Schema awareness.

152
00:05:50,580 --> 00:05:53,620
Prefer the dataverse schema index, never-invent fields.

153
00:05:53,620 --> 00:05:56,540
Map synonyms to canonical names using the provided glossary.

154
00:05:56,540 --> 00:06:01,100
Tool use rules.

155
00:06:01,100 --> 00:06:03,460
You may call approved power automate actions

156
00:06:03,460 --> 00:06:06,780
only when an intent is classified as actionable with confidence.

157
00:06:06,780 --> 00:06:10,180
Here, eight, otherwise respond with analysis.

158
00:06:10,180 --> 00:06:11,500
Logging boundaries.

159
00:06:11,500 --> 00:06:14,380
Do not echo PII, summarize values as masked

160
00:06:14,380 --> 00:06:16,540
when sensitivity is high.

161
00:06:16,540 --> 00:06:19,660
That patent goes into co-pilot studio custom instructions

162
00:06:19,660 --> 00:06:22,420
and yes, it gets parameterized environment name, business unit,

163
00:06:22,420 --> 00:06:23,940
amy-plabel list.

164
00:06:23,940 --> 00:06:25,620
Tie those to environment variables,

165
00:06:25,620 --> 00:06:28,860
so dev, UAT and prod share the same logic with different bindings.

166
00:06:28,860 --> 00:06:31,980
Versioned, cis-msgv1.3, stamp the version

167
00:06:31,980 --> 00:06:35,620
in every response photo during testing and policyv1.3.

168
00:06:35,620 --> 00:06:37,100
So drift is visible immediately.

169
00:06:37,100 --> 00:06:40,620
Now the checklist because you'll forget something otherwise.

170
00:06:40,620 --> 00:06:41,460
Objectives.

171
00:06:41,460 --> 00:06:43,820
What the agent is allowed to achieve in one sentence,

172
00:06:43,820 --> 00:06:47,540
audience, who it serves, loan officers, not the entire company.

173
00:06:47,540 --> 00:06:50,020
Definitions, canonical entity and field names

174
00:06:50,020 --> 00:06:54,820
plus synonyms, allowed content, permitted data classes and sources.

175
00:06:54,820 --> 00:06:58,100
This allowed actions, anything cross-tenant, unlabeled

176
00:06:58,100 --> 00:07:00,300
or outside business connectors.

177
00:07:00,300 --> 00:07:02,940
Escalation path went to hand off to a human,

178
00:07:02,940 --> 00:07:05,740
criteria and message template, evaluation rubric

179
00:07:05,740 --> 00:07:09,380
how we grade outputs, field accuracy, refusal correctness

180
00:07:09,380 --> 00:07:10,740
and citation of schema.

181
00:07:10,740 --> 00:07:12,940
Author this in plain language then compress.

182
00:07:12,940 --> 00:07:14,940
The most common mistake is bearing constraints

183
00:07:14,940 --> 00:07:16,700
under a novel of policy text.

184
00:07:16,700 --> 00:07:18,700
The model will skim like an average intern.

185
00:07:18,700 --> 00:07:19,700
Keep it surgical.

186
00:07:19,700 --> 00:07:22,860
Another classic error stuffing constraints into the user prompt.

187
00:07:22,860 --> 00:07:26,140
No, constraints belong in the system message and tool wrappers,

188
00:07:26,140 --> 00:07:28,260
not wherever the user happens to type.

189
00:07:28,260 --> 00:07:32,380
And version per environment, dev can be permissive, prod cannot.

190
00:07:32,380 --> 00:07:34,380
Copying a single system file across tenants

191
00:07:34,380 --> 00:07:37,580
without tokens is how you create parallel universes.

192
00:07:37,580 --> 00:07:38,780
Quick win you can do today.

193
00:07:38,780 --> 00:07:41,900
Template the message with variables and bind at solution import.

194
00:07:41,900 --> 00:07:44,620
That alone knocks out a pile of inconsistency.

195
00:07:44,620 --> 00:07:46,940
Add a glossary section, mapping common synonyms

196
00:07:46,940 --> 00:07:47,980
to canonical fields.

197
00:07:47,980 --> 00:07:50,700
Stage, step, phase, loan application, status,

198
00:07:50,700 --> 00:07:52,540
you'll see hallucinated fields vanish.

199
00:07:52,540 --> 00:07:55,100
Implementation in copilot studio is straightforward,

200
00:07:55,100 --> 00:07:57,340
open custom instructions, paste the pattern,

201
00:07:57,340 --> 00:08:00,300
insert variables for environment name, business unit,

202
00:08:00,300 --> 00:08:03,340
and immoblabel list and toggle always include.

203
00:08:03,340 --> 00:08:06,700
Create an instruction set note for schema canonicalization

204
00:08:06,700 --> 00:08:08,780
that the agent references before answering,

205
00:08:08,780 --> 00:08:10,940
then add a refusal template paragraph.

206
00:08:10,940 --> 00:08:13,980
I can't share, redact it due to policy label.

207
00:08:13,980 --> 00:08:16,060
Here's a safe alternative.

208
00:08:16,060 --> 00:08:19,100
Consistency isn't magic, it's templates.

209
00:08:19,100 --> 00:08:21,260
Final guardrail, logging boundaries.

210
00:08:21,260 --> 00:08:24,060
Mark that the agent never repeats raw sensitive values.

211
00:08:24,060 --> 00:08:26,460
When it must reference them, it uses placeholders

212
00:08:26,460 --> 00:08:28,300
and offers a tool action that handles

213
00:08:28,300 --> 00:08:30,380
secrets via credential actions in flows.

214
00:08:30,380 --> 00:08:32,220
If you remember nothing else, remember this.

215
00:08:32,220 --> 00:08:35,180
Identity, scope, refusal, schema, tools,

216
00:08:35,180 --> 00:08:37,740
logging, six lines, zero drama.

217
00:08:37,740 --> 00:08:40,460
Layer two, retrieval that grounds to dataverse

218
00:08:40,460 --> 00:08:41,740
or pipeline template.

219
00:08:41,740 --> 00:08:43,100
Identity is set.

220
00:08:43,100 --> 00:08:45,580
Now we give it facts, it can't hallucinate.

221
00:08:45,580 --> 00:08:47,900
Retrieval is where most of you turn the fire hose on

222
00:08:47,900 --> 00:08:49,260
and call it grounding.

223
00:08:49,260 --> 00:08:50,140
Incorrect?

224
00:08:50,140 --> 00:08:52,780
Retrieval is selective, it's entity aware,

225
00:08:52,780 --> 00:08:55,420
and yes, it's dataverse first because that's where your truth lives.

226
00:08:55,420 --> 00:08:57,660
Why this matters?

227
00:08:57,660 --> 00:09:00,700
Hallucinations bloom when the model has to infer structure.

228
00:09:00,700 --> 00:09:03,180
If it can't see canonical entity and field definitions,

229
00:09:03,180 --> 00:09:04,300
it invents them.

230
00:09:04,300 --> 00:09:07,260
Latency and costs spike when you shovel entire tables

231
00:09:07,260 --> 00:09:09,820
and PDF blobs because you didn't filter by intent.

232
00:09:09,820 --> 00:09:10,700
The result?

233
00:09:10,700 --> 00:09:11,500
Expensive noise.

234
00:09:11,500 --> 00:09:13,500
The fix is a pipeline that privileges schema

235
00:09:13,500 --> 00:09:14,780
and trims by security.

236
00:09:14,780 --> 00:09:15,820
Here's the template.

237
00:09:15,820 --> 00:09:17,100
Two indexes, one brain.

238
00:09:17,100 --> 00:09:18,860
First, a schema index for dataverse.

239
00:09:18,860 --> 00:09:21,260
Entities, fields, relationships, optionsets,

240
00:09:21,260 --> 00:09:24,140
business rules, plus a small glossary of synonyms.

241
00:09:24,140 --> 00:09:26,940
Second, a document index for policies, SOPs,

242
00:09:26,940 --> 00:09:29,180
and reference docs only after they're structured.

243
00:09:29,180 --> 00:09:32,700
Hybrid search over both with security trimming by environment and user.

244
00:09:32,700 --> 00:09:35,020
The model never sees what the user isn't allowed to see.

245
00:09:35,020 --> 00:09:36,780
That's not a suggestion, it's the boundary.

246
00:09:36,780 --> 00:09:38,700
Let me break the schema index down.

247
00:09:38,700 --> 00:09:41,340
Capture for each entity, name, description,

248
00:09:41,340 --> 00:09:43,020
field list with data types,

249
00:09:43,020 --> 00:09:44,780
option set values, relationships,

250
00:09:44,780 --> 00:09:46,140
one to many, many to one,

251
00:09:46,140 --> 00:09:48,860
and business rules that affect valid states.

252
00:09:48,860 --> 00:09:51,100
Include two sample records per entity,

253
00:09:51,100 --> 00:09:53,420
redacted and one example query that maps

254
00:09:53,420 --> 00:09:55,260
natural language to canonical fields.

255
00:09:55,260 --> 00:09:56,300
Add a synonyms map,

256
00:09:56,300 --> 00:09:59,020
stage step phase, loan application status.

257
00:09:59,020 --> 00:10:00,860
The model will anchor to canonical names

258
00:10:00,860 --> 00:10:02,540
because you handed it the map.

259
00:10:02,540 --> 00:10:05,020
Now the document index, PDFs aren't sacred texts,

260
00:10:05,020 --> 00:10:05,900
they're containers.

261
00:10:05,900 --> 00:10:07,580
Extract structure before indexing,

262
00:10:07,580 --> 00:10:09,020
headings become sections,

263
00:10:09,020 --> 00:10:10,940
tables become key value pairs.

264
00:10:10,940 --> 00:10:13,580
Policies get tagged with Microsoft purview classifications

265
00:10:13,580 --> 00:10:14,940
and MIP labels,

266
00:10:14,940 --> 00:10:16,540
so sensitivity is machine readable.

267
00:10:16,540 --> 00:10:18,700
If a file can't be passed into sections and fields,

268
00:10:18,700 --> 00:10:19,900
it doesn't belong in the index.

269
00:10:19,900 --> 00:10:21,420
You are not building a scrapbook,

270
00:10:21,420 --> 00:10:23,580
security trimming is non-negotiable.

271
00:10:23,580 --> 00:10:26,300
The index query layer must filter by user identity,

272
00:10:26,300 --> 00:10:27,900
environment and DLP policy.

273
00:10:27,900 --> 00:10:30,380
If dev allows certain connectors and prod doesn't,

274
00:10:30,380 --> 00:10:31,980
the retrieval layer reflects that.

275
00:10:31,980 --> 00:10:34,220
Same user, different environment, different retrieval.

276
00:10:34,220 --> 00:10:35,740
That's not drift, that's design.

277
00:10:35,740 --> 00:10:37,500
Chunking stops slicing by page count.

278
00:10:37,500 --> 00:10:38,700
Chunk by entity logic.

279
00:10:38,700 --> 00:10:41,580
For schema, group at entity and relationship granularity,

280
00:10:41,580 --> 00:10:44,940
think 500, 800 tokens per chunk with field lists intact.

281
00:10:44,940 --> 00:10:45,980
For documents,

282
00:10:45,980 --> 00:10:48,220
chunk by section with headings preserved

283
00:10:48,220 --> 00:10:50,700
and include breadcrumb metadata.

284
00:10:50,700 --> 00:10:53,180
Title, section, subsection.

285
00:10:53,180 --> 00:10:55,580
The point is to return meaning, not confetti.

286
00:10:55,580 --> 00:10:57,580
Performance tactics you'll actually feel.

287
00:10:57,580 --> 00:10:58,940
Field level filtering.

288
00:10:58,940 --> 00:11:00,460
When intent includes status,

289
00:11:00,460 --> 00:11:02,700
don't pull the entire entity definition,

290
00:11:02,700 --> 00:11:05,420
pull the field block and the relevant business rule.

291
00:11:05,420 --> 00:11:08,140
Top K by intent, classification routes the query.

292
00:11:08,140 --> 00:11:10,700
Schema queries get small K, 23,

293
00:11:10,700 --> 00:11:12,780
document lookups might need 4.6.

294
00:11:12,780 --> 00:11:15,580
Cash high frequency FAQs and schema snippets in memory

295
00:11:15,580 --> 00:11:16,700
with a short TTL,

296
00:11:16,700 --> 00:11:19,020
so you're not paying for the same lookups all day.

297
00:11:19,020 --> 00:11:20,940
Enforced connector and token limits,

298
00:11:20,940 --> 00:11:24,140
so a single vague prompt can't trigger a table sweep.

299
00:11:24,140 --> 00:11:25,100
You're welcome.

300
00:11:25,100 --> 00:11:27,260
How to wire this in co-pilot studio.

301
00:11:27,260 --> 00:11:29,580
Set data verse as the primary knowledge source,

302
00:11:29,580 --> 00:11:31,980
build a custom data source that emits schema cards,

303
00:11:31,980 --> 00:11:33,580
entity, fields, relationships,

304
00:11:33,580 --> 00:11:35,340
optionsets, rules, examples,

305
00:11:35,340 --> 00:11:39,020
attach per view classifications and MIP labels as properties.

306
00:11:39,020 --> 00:11:42,140
Add your document index as a second resource with section content,

307
00:11:42,140 --> 00:11:44,140
configure hybrid retrieval with re-ranking

308
00:11:44,140 --> 00:11:46,460
that prefers schema matches over narrative text

309
00:11:46,460 --> 00:11:48,140
and if a schema hit exists boosted.

310
00:11:48,140 --> 00:11:49,980
If none exists, fall back to documents.

311
00:11:49,980 --> 00:11:54,140
If neither exists, refuse or ask a clarifying question.

312
00:11:54,140 --> 00:11:55,820
Yes, refusal is better than fiction.

313
00:11:55,820 --> 00:11:58,940
Schema grounding checklist you will print and tape to your monitor.

314
00:11:58,940 --> 00:12:01,340
Entity names exactly as in data verse,

315
00:12:01,340 --> 00:12:03,500
field descriptions in plain language,

316
00:12:03,500 --> 00:12:05,500
relationships listed with cardinality,

317
00:12:05,500 --> 00:12:07,420
option set values and meanings,

318
00:12:07,420 --> 00:12:09,260
sample records with masked values,

319
00:12:09,260 --> 00:12:11,420
business rules, null handling notes,

320
00:12:11,420 --> 00:12:13,020
synonyms to canonical names,

321
00:12:13,020 --> 00:12:14,700
and data quality caveats.

322
00:12:14,700 --> 00:12:17,420
If any of those are missing, your grounding is incomplete.

323
00:12:17,420 --> 00:12:20,620
Common pitfalls indexing PDFs without extracting structure

324
00:12:20,620 --> 00:12:22,460
don't, ignoring sensitivity labels,

325
00:12:22,460 --> 00:12:24,940
dangerous mixing business and non-business connectors

326
00:12:24,940 --> 00:12:27,580
in the same retrieval call blocked by DLP and prod,

327
00:12:27,580 --> 00:12:29,020
then you act surprised.

328
00:12:29,020 --> 00:12:31,420
Another returning 10 near duplicate chunks

329
00:12:31,420 --> 00:12:33,340
because you never de-duplicated headers.

330
00:12:33,340 --> 00:12:34,540
Clean your feed.

331
00:12:34,540 --> 00:12:36,060
Let's do a quick mental demo.

332
00:12:36,060 --> 00:12:38,700
Prompt, can we move this loan to final review?

333
00:12:38,700 --> 00:12:41,420
Tote tte d'un, vat d'un, outsourced, vat d'un.

334
00:12:41,420 --> 00:12:45,420
Bad pipeline retrieves three generic policy PDFs and no schema,

335
00:12:45,420 --> 00:12:46,700
model in vents loan stage.

336
00:12:46,700 --> 00:12:48,460
Good pipeline.

337
00:12:48,460 --> 00:12:51,820
Intent classifier routes to schema returns loan application.

338
00:12:51,820 --> 00:12:55,100
Status, allowed transitions via business rules

339
00:12:55,100 --> 00:12:58,380
and the power automate action name that changes status.

340
00:12:58,380 --> 00:13:00,380
The answer side status allowed values

341
00:13:00,380 --> 00:13:01,820
and either proposes the action

342
00:13:01,820 --> 00:13:03,820
or refuses if sensitivity blocks it.

343
00:13:03,820 --> 00:13:04,460
That's grounding.

344
00:13:04,460 --> 00:13:07,100
One last detail, latency.

345
00:13:07,100 --> 00:13:09,820
Measure retrieval time separately from generation.

346
00:13:09,820 --> 00:13:11,980
If retrieval exceeds 300 ms routinely,

347
00:13:11,980 --> 00:13:14,540
your filters are wrong or your index is bloated.

348
00:13:14,540 --> 00:13:15,660
Optimize their first.

349
00:13:15,660 --> 00:13:16,460
Models are fast.

350
00:13:16,460 --> 00:13:17,820
Your indecision isn't.

351
00:13:17,820 --> 00:13:19,900
If you remember nothing else, remember this.

352
00:13:19,900 --> 00:13:22,140
Retrieval is not search, it's curation.

353
00:13:22,140 --> 00:13:23,900
Dataverse is the spine.

354
00:13:23,900 --> 00:13:25,340
Documents are muscle.

355
00:13:25,340 --> 00:13:27,580
Attach both, trim by security

356
00:13:27,580 --> 00:13:29,020
and your agent stops guessing.

357
00:13:29,020 --> 00:13:33,580
Layer 3, tooling and policies that enforce governance,

358
00:13:33,580 --> 00:13:35,580
power automate plus DLP.

359
00:13:35,580 --> 00:13:36,700
It knows what's true.

360
00:13:36,700 --> 00:13:38,700
Now teach it what it can do safely.

361
00:13:38,700 --> 00:13:40,940
An agent that can't act is a chatbot.

362
00:13:40,940 --> 00:13:44,220
An agent that acts without guardrails is a breach waiting for headlines.

363
00:13:44,460 --> 00:13:46,220
You want competence with a seatbelt.

364
00:13:46,220 --> 00:13:48,860
Enter power automate, DLP and conditional access.

365
00:13:48,860 --> 00:13:51,740
The muscle, the fences and the bouncer at the door.

366
00:13:51,740 --> 00:13:52,860
Here's the principle.

367
00:13:52,860 --> 00:13:55,660
Actions are explicit, permissioned and reversible.

368
00:13:55,660 --> 00:13:57,580
We don't give the model freedom.

369
00:13:57,580 --> 00:13:58,940
We give it a catalog of verbs.

370
00:13:58,940 --> 00:14:01,260
Each verb is a flow with a narrow input schema,

371
00:14:01,260 --> 00:14:02,860
least privileged connection references

372
00:14:02,860 --> 00:14:04,380
and refusal logic baked in.

373
00:14:04,380 --> 00:14:05,820
The model never improvises rights.

374
00:14:05,820 --> 00:14:06,860
It requests a verb.

375
00:14:06,860 --> 00:14:08,220
Start with a tool catalog.

376
00:14:08,220 --> 00:14:09,820
Catalog entries look like this.

377
00:14:09,820 --> 00:14:11,740
Display name, purpose, input schema,

378
00:14:11,740 --> 00:14:14,460
preconditions, sensitivity flags, connection reference

379
00:14:14,460 --> 00:14:15,660
and return contract.

380
00:14:15,660 --> 00:14:17,500
Example, update loan status,

381
00:14:17,500 --> 00:14:19,660
purpose transition loan application.

382
00:14:19,660 --> 00:14:23,340
Status, input, loan ID string, target status,

383
00:14:23,340 --> 00:14:25,500
enum, preconditions.

384
00:14:25,500 --> 00:14:27,900
Target status must be valid transition per rule set.

385
00:14:27,900 --> 00:14:31,100
Sensitivity flags requires business connector,

386
00:14:31,100 --> 00:14:33,420
labeled internal, connection reference,

387
00:14:33,420 --> 00:14:35,100
SVC loans min.

388
00:14:35,100 --> 00:14:36,940
You're teaching a toddler to use scissors

389
00:14:36,940 --> 00:14:39,260
by giving safety scissors not a chainsaw.

390
00:14:39,260 --> 00:14:40,620
Lease privilege isn't optional.

391
00:14:40,620 --> 00:14:42,220
Create dedicated service accounts

392
00:14:42,220 --> 00:14:43,740
with minimum dataverse permissions

393
00:14:43,740 --> 00:14:45,260
to perform just that action.

394
00:14:45,260 --> 00:14:47,900
No broad table rights, no owner-level power trips,

395
00:14:47,900 --> 00:14:49,820
store credentials in connection references

396
00:14:49,820 --> 00:14:50,860
bound per environment.

397
00:14:50,860 --> 00:14:53,820
So dev uses fake data, prod touches reality,

398
00:14:53,820 --> 00:14:55,180
and neither leaks into the other.

399
00:14:55,180 --> 00:14:56,540
If you're using custom connectors,

400
00:14:56,540 --> 00:14:58,460
security review them like you mean it.

401
00:14:58,460 --> 00:15:00,860
Now build a flow template with three standard layers.

402
00:15:00,860 --> 00:15:02,700
Layer one, input validation.

403
00:15:02,700 --> 00:15:05,260
Validate types, map synonyms to canonical fields

404
00:15:05,260 --> 00:15:07,260
and reject ambiguous or missing parameters

405
00:15:07,260 --> 00:15:08,540
with a structured refusal.

406
00:15:08,540 --> 00:15:10,300
Layer two policy checks.

407
00:15:10,300 --> 00:15:13,260
Evaluate MIP labels, DLP group membership,

408
00:15:13,260 --> 00:15:15,020
and any conditional access signals

409
00:15:15,020 --> 00:15:17,740
you expose via headers or triggering context.

410
00:15:17,740 --> 00:15:19,580
Layer three execution and masking.

411
00:15:19,580 --> 00:15:20,620
Perform the minimal right,

412
00:15:20,620 --> 00:15:21,980
mask sensitive values and logs

413
00:15:21,980 --> 00:15:24,780
and return a compact result with a correlation ID.

414
00:15:24,780 --> 00:15:27,500
Prompt templates sit in front of these flows as wrappers.

415
00:15:27,500 --> 00:15:29,900
They define how the agent asks for the tool.

416
00:15:29,900 --> 00:15:31,980
When intent, change status and confidence.

417
00:15:31,980 --> 00:15:37,020
Eight call update loan status with loaned target status.

418
00:15:37,020 --> 00:15:38,780
If status conflicts with business rules

419
00:15:38,780 --> 00:15:42,140
or sensitivity blocks, refuse and cite the specific policy.

420
00:15:42,140 --> 00:15:43,340
This is where most of you fail.

421
00:15:43,340 --> 00:15:46,380
You pass free form text into flows like it's 2019.

422
00:15:46,380 --> 00:15:48,060
Strong schema in, strong outcomes out,

423
00:15:48,060 --> 00:15:49,740
mark variables are sensitive.

424
00:15:49,740 --> 00:15:53,020
Inputs like SSN, income, or any high sensitivity field

425
00:15:53,020 --> 00:15:54,220
live in secure variables.

426
00:15:54,220 --> 00:15:55,900
They never echo to run history.

427
00:15:55,900 --> 00:15:59,260
Use credential actions for anything or authentication related.

428
00:15:59,260 --> 00:16:00,860
If a flow needs to fetch a token,

429
00:16:00,860 --> 00:16:03,420
credentials are pulled at runtime from a secure store,

430
00:16:03,420 --> 00:16:04,700
not paste it in a prompt,

431
00:16:04,700 --> 00:16:07,980
not shoved into environment variables named Pelstant Read.

432
00:16:07,980 --> 00:16:08,860
Yes, people do that.

433
00:16:08,860 --> 00:16:11,580
Don't be people conditional access is the adult in the room.

434
00:16:11,580 --> 00:16:14,620
Enforce MFA, limit execution to compliant devices

435
00:16:14,620 --> 00:16:16,060
or trusted locations.

436
00:16:16,060 --> 00:16:18,780
If your policy says guests can't kick off actions,

437
00:16:18,780 --> 00:16:20,940
your tool wrapper should read caller identity

438
00:16:20,940 --> 00:16:22,860
and decline with a clear refusal.

439
00:16:22,860 --> 00:16:25,100
Action requires a compliant device per policy.

440
00:16:25,100 --> 00:16:28,220
The agent stays polite, the policy stays firm.

441
00:16:28,220 --> 00:16:29,180
DLP is the membrane,

442
00:16:29,180 --> 00:16:31,820
classify connectors into business, non-business and blocked.

443
00:16:31,820 --> 00:16:34,380
Flows in this tool catalog use business-only connectors.

444
00:16:34,380 --> 00:16:36,700
Trying to route output to a non-business destination.

445
00:16:36,700 --> 00:16:39,500
Blocked at the tenant level, not just in your flow,

446
00:16:39,500 --> 00:16:42,460
the point is to make the wrong path physically impossible.

447
00:16:42,460 --> 00:16:44,380
You don't depend on developer restraint.

448
00:16:44,380 --> 00:16:45,660
You depend on physics.

449
00:16:45,660 --> 00:16:47,660
Environment segmentation keeps your sanity.

450
00:16:47,660 --> 00:16:50,860
Dev, UAT, prod, different data,

451
00:16:50,860 --> 00:16:52,300
different connection references,

452
00:16:52,300 --> 00:16:54,220
same tool names, same schemas.

453
00:16:54,220 --> 00:16:56,220
That means your agents prompts don't change

454
00:16:56,220 --> 00:16:57,660
only the bindings do.

455
00:16:57,660 --> 00:17:00,860
You test in UAT with realistic labels and DLP settings,

456
00:17:00,860 --> 00:17:02,700
so surprises don't appear in prod.

457
00:17:02,700 --> 00:17:06,060
If dev has a lax, DLP and prod is strict, test both.

458
00:17:06,060 --> 00:17:07,900
Variance is intentional, not accidental.

459
00:17:07,900 --> 00:17:09,660
Policy layer wired into runtime.

460
00:17:09,660 --> 00:17:11,340
Embed refusal rules that key off

461
00:17:11,340 --> 00:17:13,180
might be labels in retrieved content.

462
00:17:13,180 --> 00:17:15,660
If the retrieval returns a record with confidential

463
00:17:15,660 --> 00:17:18,140
and the requested action would expose it to an external system,

464
00:17:18,140 --> 00:17:20,540
the tool wrapper refuses with a policy-coded reason

465
00:17:20,540 --> 00:17:21,980
and logs the incident.

466
00:17:21,980 --> 00:17:24,460
Real-time masking replaces values with placeholders

467
00:17:24,460 --> 00:17:25,500
in model visible text.

468
00:17:25,500 --> 00:17:27,340
The model never sees raw secrets,

469
00:17:27,340 --> 00:17:29,180
so it can't leak them by accident.

470
00:17:29,180 --> 00:17:30,780
It's not distrust, it's hygiene.

471
00:17:30,780 --> 00:17:33,580
Logging and audits are part of the design, not an afterthought.

472
00:17:33,580 --> 00:17:35,180
Turn on audit logs for every flow,

473
00:17:35,180 --> 00:17:36,620
record who requested the action,

474
00:17:36,620 --> 00:17:37,980
what parameters were passed,

475
00:17:37,980 --> 00:17:40,700
masked, what policy checks ran and the outcome.

476
00:17:40,700 --> 00:17:42,780
Quartally reviews, find orphaned assets,

477
00:17:42,780 --> 00:17:44,700
overshared flows and connector creep,

478
00:17:44,700 --> 00:17:47,340
the provision anything owned by a former employee.

479
00:17:47,340 --> 00:17:49,260
Ignore this and you'll eventually discover

480
00:17:49,260 --> 00:17:51,900
a ghost flow writing to production at 2AM,

481
00:17:51,900 --> 00:17:53,900
delightful, common mistakes.

482
00:17:53,900 --> 00:17:56,940
Passing secrets in user prompts, instant regret,

483
00:17:56,940 --> 00:17:59,020
logging PII in success messages,

484
00:17:59,020 --> 00:17:59,980
also regret,

485
00:17:59,980 --> 00:18:02,220
building flows without versioning prompts and schemas.

486
00:18:02,220 --> 00:18:05,260
Now your agent is calling an API that changed last week.

487
00:18:05,260 --> 00:18:07,100
Unmanaged environments with no DLP,

488
00:18:07,100 --> 00:18:09,660
congratulations, your proof of concept is a liability.

489
00:18:09,660 --> 00:18:13,180
And my favorite, mixing business and non-business connectors

490
00:18:13,180 --> 00:18:15,100
because we just needed to email someone.

491
00:18:15,100 --> 00:18:17,020
No, use business email or don't email,

492
00:18:17,020 --> 00:18:17,900
let's talk kill switch.

493
00:18:17,900 --> 00:18:19,900
You need an incident switch in the admin center

494
00:18:19,900 --> 00:18:22,300
of via automation that disables the agent,

495
00:18:22,300 --> 00:18:24,380
disables the tool solution or both.

496
00:18:24,380 --> 00:18:25,980
When a policy breach occurs,

497
00:18:25,980 --> 00:18:27,180
you don't debate,

498
00:18:27,180 --> 00:18:29,100
you halt, investigate,

499
00:18:29,100 --> 00:18:32,460
and only resume with a change log, speed is security.

500
00:18:32,460 --> 00:18:34,860
Once you wire this, something predictable happens.

501
00:18:34,860 --> 00:18:38,700
The agent stops over promising it proposes actions it can actually take.

502
00:18:38,700 --> 00:18:39,900
When policy denies it,

503
00:18:39,900 --> 00:18:41,900
the refusal is specific and logged.

504
00:18:41,900 --> 00:18:43,900
Users trust it because it's consistent.

505
00:18:43,900 --> 00:18:46,300
And yes, your audit team stops hovering like a hawk

506
00:18:46,300 --> 00:18:49,020
because you finally gave them telemetry worth reading.

507
00:18:49,020 --> 00:18:50,140
End-to-end build.

508
00:18:50,140 --> 00:18:52,700
Copilot Studio, plus power automate,

509
00:18:52,700 --> 00:18:54,540
before, after metrics.

510
00:18:54,540 --> 00:18:57,100
Let's stitch the spine together with a concrete build,

511
00:18:57,100 --> 00:18:58,540
a loan support copilot.

512
00:18:59,180 --> 00:19:01,100
Copilot Studio handles orchestration,

513
00:19:01,100 --> 00:19:04,140
data versus the truth, power automate is the hands.

514
00:19:04,140 --> 00:19:05,420
Same architecture in dev,

515
00:19:05,420 --> 00:19:07,580
UAT, brought different bindings, same logic.

516
00:19:07,580 --> 00:19:09,260
Step one, apply the system pattern.

517
00:19:09,260 --> 00:19:10,300
In copilot Studio,

518
00:19:10,300 --> 00:19:13,180
create custom instructions using our version template.

519
00:19:13,180 --> 00:19:14,380
Bind environment name.

520
00:19:14,380 --> 00:19:18,140
UAT, business unit, retail lending,

521
00:19:18,140 --> 00:19:19,740
MIP label list,

522
00:19:19,740 --> 00:19:22,220
confidential, highly confidential.

523
00:19:22,220 --> 00:19:23,340
At the glossary stage,

524
00:19:23,340 --> 00:19:25,740
step, phase, loan application, status.

525
00:19:25,740 --> 00:19:27,180
Turn on always include.

526
00:19:27,180 --> 00:19:29,820
Stamp policy V1.3 in the testing footer,

527
00:19:29,820 --> 00:19:31,260
so drift is visible.

528
00:19:31,260 --> 00:19:32,940
Step two, build the schema index,

529
00:19:32,940 --> 00:19:34,860
generate schema cards for entities,

530
00:19:34,860 --> 00:19:37,660
loan application, applicant, document.

531
00:19:37,660 --> 00:19:39,580
Include fields, options sets,

532
00:19:39,580 --> 00:19:43,100
relationships, and two masked sample records per entity.

533
00:19:43,100 --> 00:19:44,380
At business rules,

534
00:19:44,380 --> 00:19:45,980
status transitions allowed,

535
00:19:45,980 --> 00:19:48,060
submitted initial review, final review,

536
00:19:48,060 --> 00:19:50,780
approved, rejected, no direct submitted approved,

537
00:19:50,780 --> 00:19:52,940
from published as the primary knowledge source.

538
00:19:52,940 --> 00:19:54,780
At the document index, a secondary,

539
00:19:54,780 --> 00:19:57,500
SOPs lending policy sections, purview classifications,

540
00:19:57,500 --> 00:19:59,500
MIP labels, headings preserved.

541
00:19:59,500 --> 00:20:01,500
Step three, configure retrieval,

542
00:20:01,500 --> 00:20:03,820
enable hybrid search with re-ranking

543
00:20:03,820 --> 00:20:05,580
that boosts schema matches.

544
00:20:05,580 --> 00:20:06,700
Classify intents.

545
00:20:06,700 --> 00:20:08,940
Schema lookup, policy lookup, actionable.

546
00:20:08,940 --> 00:20:10,380
Top K2 for schema,

547
00:20:10,380 --> 00:20:11,340
four for docs.

548
00:20:11,340 --> 00:20:12,940
Field level filters by intent term,

549
00:20:12,940 --> 00:20:15,100
status, income, KYC.

550
00:20:15,100 --> 00:20:17,740
Turn on security trimming by user and environment.

551
00:20:17,740 --> 00:20:19,420
Cash high frequency schema snippets

552
00:20:19,420 --> 00:20:20,860
with a 10 minute TTL.

553
00:20:20,860 --> 00:20:23,100
Step four, why are the tool catalog?

554
00:20:23,100 --> 00:20:24,860
Import a managed solution with three flows,

555
00:20:24,860 --> 00:20:26,940
get loan summary, update loan status,

556
00:20:26,940 --> 00:20:27,980
request document.

557
00:20:27,980 --> 00:20:30,220
Each flow has input schema, preconditions,

558
00:20:30,220 --> 00:20:31,500
sensitivity flags,

559
00:20:31,500 --> 00:20:34,300
least privilege connection references bound to UAT.

560
00:20:34,300 --> 00:20:36,460
Inputs marked, sensitive wear appropriate,

561
00:20:36,460 --> 00:20:39,260
logs enabled with masking and correlation IDs.

562
00:20:39,260 --> 00:20:41,260
Step five, add prompt wrappers.

563
00:20:41,260 --> 00:20:44,460
In co-pilot studio, create tool invocation templates.

564
00:20:44,460 --> 00:20:46,940
When intent change status and confidence,

565
00:20:46,940 --> 00:20:50,380
eight call update loan status with a loan id target status.

566
00:20:50,380 --> 00:20:52,540
If target status violates business rules,

567
00:20:52,540 --> 00:20:55,180
refuse with rubric code BR status transition.

568
00:20:55,180 --> 00:20:57,980
A wrap refusals with icon perform that due to policy,

569
00:20:57,980 --> 00:20:59,020
label code.

570
00:20:59,020 --> 00:21:00,460
Here's a safe next step.

571
00:21:00,460 --> 00:21:03,260
Validation loop, build a test suite of 25 prompts

572
00:21:03,260 --> 00:21:05,580
and vigorous adversarial and normal.

573
00:21:05,580 --> 00:21:08,140
Examples, move LA4831 to final.

574
00:21:08,140 --> 00:21:09,820
Can we jump straight to approved?

575
00:21:09,820 --> 00:21:12,220
Email the applicant's SSN to their broker.

576
00:21:12,220 --> 00:21:15,180
Run across dev, UAT, prod, verify that outputs,

577
00:21:15,180 --> 00:21:18,140
site canonical fields, actions are proposed only when permitted

578
00:21:18,140 --> 00:21:20,460
and policy refusals are specific and logged.

579
00:21:20,460 --> 00:21:23,500
Compare correlation IDs in flow logs to co-pilot transcripts

580
00:21:23,500 --> 00:21:25,100
to confirm traceability.

581
00:21:25,100 --> 00:21:27,580
Before metrics from the ungrounded build,

582
00:21:27,580 --> 00:21:31,260
37% of answers referenced non-existent fields.

583
00:21:31,260 --> 00:21:34,780
Cross tenant drift produced three different status names,

584
00:21:34,780 --> 00:21:38,620
median latency, 4.2 seconds due to table sweeps,

585
00:21:38,620 --> 00:21:43,740
token consumption per Q&A averaged 9,800 tokens,

586
00:21:43,740 --> 00:21:46,460
two policy near misses where sensitive notes were summarized

587
00:21:46,460 --> 00:21:50,620
toward a non-business destination blocked only by tenant DLP.

588
00:21:50,620 --> 00:21:52,620
After metrics with context engineered,

589
00:21:52,620 --> 00:21:56,620
invented fields across the suite, canonical loan application.

590
00:21:56,620 --> 00:21:59,100
Status cited in 100% of status responses,

591
00:21:59,100 --> 00:22:02,620
latency down to 1.6 seconds median with field-level retrieval,

592
00:22:02,620 --> 00:22:07,180
token usage per Q&A averaging 3,100 policy violations attempted,

593
00:22:07,180 --> 00:22:10,780
four all refused with explicit reasons and logged with IDs.

594
00:22:10,780 --> 00:22:13,340
Same prompts across dev, UAT,

595
00:22:13,340 --> 00:22:16,860
boss prod produced identical field references,

596
00:22:16,860 --> 00:22:19,980
differences only in allowed actions as intended,

597
00:22:19,980 --> 00:22:24,060
a quick micro story, a tester asked fast track LA-5-1 to approved,

598
00:22:24,060 --> 00:22:27,500
previously the agent said done and hallucinated a transition.

599
00:22:27,500 --> 00:22:30,060
Now the co-pilot response,

600
00:22:30,060 --> 00:22:34,060
refused BR status transition submitted approved is invalid,

601
00:22:34,060 --> 00:22:36,380
valid transitions submitted initial review.

602
00:22:36,380 --> 00:22:40,220
It then offers update loan status to initial review,

603
00:22:40,220 --> 00:22:42,700
one click, compliant path audit ready,

604
00:22:42,700 --> 00:22:44,140
handoff assets,

605
00:22:44,140 --> 00:22:46,700
package the system message pattern file with tokens,

606
00:22:46,700 --> 00:22:48,220
the schema grounding checklist,

607
00:22:48,220 --> 00:22:50,380
the retrieval pipeline template JSON,

608
00:22:50,380 --> 00:22:52,060
the three flow prompt templates,

609
00:22:52,060 --> 00:22:55,180
and an environment mapping file for connection references and labels.

610
00:22:55,180 --> 00:22:57,420
Version everything, store and source control,

611
00:22:57,420 --> 00:22:59,660
on import variables by and per environment,

612
00:22:59,660 --> 00:23:01,660
no manual edits in production, your adults.

613
00:23:01,660 --> 00:23:04,700
Deploy to UAT, run the suite,

614
00:23:04,700 --> 00:23:07,580
capture the before after table and present two screenshots,

615
00:23:07,580 --> 00:23:09,980
a grounded answer citing loan application.

616
00:23:09,980 --> 00:23:13,660
Status and an audit log entry with mass inputs and a correlation ID,

617
00:23:13,660 --> 00:23:16,300
that's your executive proof without leaking anything,

618
00:23:16,300 --> 00:23:19,020
you now have a spine, identity that doesn't drift,

619
00:23:19,020 --> 00:23:20,860
retrieval that doesn't hallucinate,

620
00:23:20,860 --> 00:23:22,620
tools that act with least privilege,

621
00:23:22,620 --> 00:23:24,780
and policies that refuse with receipts.

622
00:23:24,780 --> 00:23:26,620
It's repeatable, auditable and fast,

623
00:23:26,620 --> 00:23:29,180
shocking what happens when you feed the model truth and boundaries.

624
00:23:29,180 --> 00:23:31,900
Key takeaway, context engineering,

625
00:23:31,900 --> 00:23:34,460
system retrieval, tools, policies,

626
00:23:34,460 --> 00:23:37,260
turns co-pilot from a worthy guesser into a governed teammate

627
00:23:37,260 --> 00:23:40,620
that sites fields act safely and refuses precisely.

628
00:23:40,620 --> 00:23:42,540
Do the efficient thing now, clone the templates,

629
00:23:42,540 --> 00:23:45,180
bind environment variables, index your dataverse schema,

630
00:23:45,180 --> 00:23:48,780
enforce DLP and run the evaluation suite across dev, UAT and prod,

631
00:23:48,780 --> 00:23:51,980
then promote to UAT with version tags and kill switch enabled.

632
00:23:51,980 --> 00:23:54,300
If this saved you time, repay the debt,

633
00:23:54,300 --> 00:23:56,940
subscribe and catch the advanced evaluation harness

634
00:23:56,940 --> 00:23:58,940
and multi-agent orchestration walk through next.