The Future of Enterprise Connectivity: Unlocking Innovation with Logic Apps and Copilot Studio

1
00:00:00,000 --> 00:00:04,320
Most enterprises talk about connectivity like it's plumbing, connect system A to system B,

2
00:00:04,320 --> 00:00:06,120
add a connector, call it transformation.

3
00:00:06,120 --> 00:00:07,360
That assumption feels safe.

4
00:00:07,360 --> 00:00:10,800
It's also why the same organizations keep replatforming every three years.

5
00:00:10,800 --> 00:00:12,960
Here's the promise, this is not a demo tour.

6
00:00:12,960 --> 00:00:15,840
It's a set of executive mental models you can reuse.

7
00:00:15,840 --> 00:00:20,120
Why logic apps is the execution spine, why copilot studio is the intent interface,

8
00:00:20,120 --> 00:00:23,400
and why MCP matters even when connectors already exist?

9
00:00:23,400 --> 00:00:24,920
Keep one question in mind.

10
00:00:24,920 --> 00:00:27,200
What problem are we actually solving?

11
00:00:27,200 --> 00:00:28,920
The foundational misunderstanding.

12
00:00:28,920 --> 00:00:30,600
Integration isn't the problem.

13
00:00:30,600 --> 00:00:32,320
This is the uncomfortable truth.

14
00:00:32,320 --> 00:00:35,280
Enterprises don't fail because systems can't connect.

15
00:00:35,280 --> 00:00:37,880
They fail because intent can't survive handoffs.

16
00:00:37,880 --> 00:00:40,320
The average organization already has connectivity.

17
00:00:40,320 --> 00:00:45,360
It has APIs, it has connectors, it has ETL, it has integration platforms.

18
00:00:45,360 --> 00:00:49,520
And yet the business still experiences the same outcomes, delays, rework, audit panic,

19
00:00:49,520 --> 00:00:53,240
and a constant feeling that automation should be easier than this.

20
00:00:53,240 --> 00:00:55,160
That's not a tooling gap, that's an intent gap.

21
00:00:55,160 --> 00:00:59,120
Every time a process crosses a boundary, team boundary, system boundary, vendor boundary,

22
00:00:59,120 --> 00:00:59,960
you lose context.

23
00:00:59,960 --> 00:01:01,760
And when you lose context, people improvise.

24
00:01:01,760 --> 00:01:06,120
They open tickets, they add exceptions, they make a spreadsheet, they ask for temporary access.

25
00:01:06,120 --> 00:01:11,880
They build a side flow just for this one case, those are not edge cases, those are entropy generators.

26
00:01:11,880 --> 00:01:16,600
Most organizations describe this as automation backlog.

27
00:01:16,600 --> 00:01:18,160
Architecturally, it's something else.

28
00:01:18,160 --> 00:01:22,200
You are using humans as message buses and you are using tickets as state machines.

29
00:01:22,200 --> 00:01:26,280
The hiring manager fills in a form, HR copies it into another system, I'd get the tickets,

30
00:01:26,280 --> 00:01:29,360
someone in identity makes an account, someone else assigns groups.

31
00:01:29,360 --> 00:01:32,840
Payroll needs a different attribute, facilities needs a badge request.

32
00:01:32,840 --> 00:01:36,120
The manager sends a team's message, can we expedite?

33
00:01:36,120 --> 00:01:38,920
And the actual state of the onboarding exists nowhere.

34
00:01:38,920 --> 00:01:42,600
It exists in fragments, half in the HR system, half in the ticketing system, half in email

35
00:01:42,600 --> 00:01:47,560
threads, and the final truth is whoever you can find on Slack at 9pm, that's what integration

36
00:01:47,560 --> 00:01:48,840
looks like in practice.

37
00:01:48,840 --> 00:01:52,680
And here's the trap, when leadership says we need better integration, they usually mean

38
00:01:52,680 --> 00:01:55,120
we need the humans to stop doing this.

39
00:01:55,120 --> 00:01:59,280
But the humans are doing it because the system does not preserve intent across steps, it

40
00:01:59,280 --> 00:02:03,480
preserves transactions, not decisions.

41
00:02:03,480 --> 00:02:08,720
Automation in most enterprises is treated as a set of isolated scripts, when x happens

42
00:02:08,720 --> 00:02:12,160
do why the coordination is what the enterprise actually needs.

43
00:02:12,160 --> 00:02:16,920
When x happens, what are we trying to achieve, under which constraints, and with what proof?

44
00:02:16,920 --> 00:02:20,920
This is why AI changes the story, and also why AI makes everything worse if you treat

45
00:02:20,920 --> 00:02:22,160
it like a UI feature.

46
00:02:22,160 --> 00:02:25,760
If you bolt a chatbot onto a broken handoff, you haven't eliminated the handoff.

47
00:02:25,760 --> 00:02:27,800
You've made it non-deterministic.

48
00:02:27,800 --> 00:02:31,920
Now the system doesn't just lose intent between teams, it can lose intent mid-sentence.

49
00:02:31,920 --> 00:02:37,080
You ask for provision access for the new hire, and the model guesses what access means.

50
00:02:37,080 --> 00:02:39,480
It guesses which system is the source of truth.

51
00:02:39,480 --> 00:02:42,400
It guesses which group naming convention matters.

52
00:02:42,400 --> 00:02:47,080
It guesses whether a finance analyst implies SAP roles or just a distribution list, and when

53
00:02:47,080 --> 00:02:51,160
it guesses wrong, the enterprise pays for it in the only currency that matters.

54
00:02:51,160 --> 00:02:52,960
Incident reviews and audit findings.

55
00:02:52,960 --> 00:02:55,120
So the foundational misunderstanding is this.

56
00:02:55,120 --> 00:03:00,160
AI isn't a smarter form, it's not a friendly UI for the same integration spaghetti.

57
00:03:00,160 --> 00:03:04,920
Architecturally you are building a distributed decision engine, that distinction matters.

58
00:03:04,920 --> 00:03:09,400
A decision engine needs two things if you wanted to scale, without turning into conditional

59
00:03:09,400 --> 00:03:10,400
chaos.

60
00:03:10,400 --> 00:03:12,080
Constraints and traceability.

61
00:03:12,080 --> 00:03:12,920
Constraints.

62
00:03:12,920 --> 00:03:16,880
What actions are allowed, what data can move, what pathways are legitimate.

63
00:03:16,880 --> 00:03:20,560
Traceability, what happened, who triggered it, what was decided, what tools were called,

64
00:03:20,560 --> 00:03:22,520
what was written, and where the evidence lives.

65
00:03:22,520 --> 00:03:24,560
Now connect that back to the real world.

66
00:03:24,560 --> 00:03:26,320
Executives don't wake up worried about connectors.

67
00:03:26,320 --> 00:03:29,640
They wake up worried about, why did we grant that access?

68
00:03:29,640 --> 00:03:31,280
Why did finance get the wrong number?

69
00:03:31,280 --> 00:03:34,000
Why did the integration break during quarter close?

70
00:03:34,000 --> 00:03:36,720
Why did this take three weeks when it should take three hours?

71
00:03:36,720 --> 00:03:38,160
Those are intent failures.

72
00:03:38,160 --> 00:03:39,560
And they compound over time.

73
00:03:39,560 --> 00:03:43,560
Because every workaround becomes precedent, every exception becomes a pattern, every temporary

74
00:03:43,560 --> 00:03:46,240
bypass becomes a dependency.

75
00:03:46,240 --> 00:03:50,320
Eventually policy exists in PowerPoint, but execution exists in whatever the last person

76
00:03:50,320 --> 00:03:51,600
did under pressure.

77
00:03:51,600 --> 00:03:55,760
The solution isn't more integration, the solution is an architecture where intent can be

78
00:03:55,760 --> 00:04:00,160
expressed, interpreted, and executed without being reinvented at every hop.

79
00:04:00,160 --> 00:04:02,240
That's the spine for the rest of this episode.

80
00:04:02,240 --> 00:04:05,320
Copilot Studio is where intent shows up in human language.

81
00:04:05,320 --> 00:04:09,720
Logic Apps is where execution becomes deterministic, auditable, and boring on purpose.

82
00:04:09,720 --> 00:04:14,040
And MCP is the contract that stops the model from improvising when it reaches for the enterprise.

83
00:04:14,040 --> 00:04:18,240
Now we can define MCP in terms that executives can actually reuse.

84
00:04:18,240 --> 00:04:21,640
MCP in plain terms, a contract between reasoning and doing.

85
00:04:21,640 --> 00:04:26,480
Okay, so basically, MCP model context protocol is a way to stop your AI from freelancing

86
00:04:26,480 --> 00:04:28,280
inside your enterprise.

87
00:04:28,280 --> 00:04:30,040
Kentware defines it cleanly.

88
00:04:30,040 --> 00:04:34,680
It is an open protocol that enables seamless integration between large language model applications

89
00:04:34,680 --> 00:04:36,880
or agents and tools and data.

90
00:04:36,880 --> 00:04:39,800
That sounds abstract until you translate it into what it prevents.

91
00:04:39,800 --> 00:04:42,920
MCP is not an API replacement, but it's not yet another connector.

92
00:04:42,920 --> 00:04:46,920
It's not a new integration platform you buy because you're tired of the old integration

93
00:04:46,920 --> 00:04:47,920
platform you bought.

94
00:04:47,920 --> 00:04:51,040
MCP is a tool contract, a contract between reasoning and doing.

95
00:04:51,040 --> 00:04:52,960
The reasoning side is the model.

96
00:04:52,960 --> 00:04:57,680
Non-deterministic, context-driven, good at language, good at picking an approach.

97
00:04:57,680 --> 00:05:02,160
The doing side is the enterprise, deterministic systems of record, compliance boundaries,

98
00:05:02,160 --> 00:05:06,800
limit, business rules, and the minor detail that finance will notice if you write the

99
00:05:06,800 --> 00:05:08,000
wrong thing.

100
00:05:08,000 --> 00:05:11,880
Without a contract model's guess, the guess which endpoint matters, the guess which parameters

101
00:05:11,880 --> 00:05:16,240
are required, the guess what create record means, the guess which account you meant, and

102
00:05:16,240 --> 00:05:17,400
you can't govern guessing.

103
00:05:17,400 --> 00:05:19,160
You can only apologize for it later.

104
00:05:19,160 --> 00:05:24,440
With MCP, you give the model a catalog of tools with explicit names, schemers and descriptions.

105
00:05:24,440 --> 00:05:26,280
The model doesn't need to invent a pathway.

106
00:05:26,280 --> 00:05:28,440
It chooses from approved pathways.

107
00:05:28,440 --> 00:05:33,320
It's the real shift from the model can call anything to the model can only call what you

108
00:05:33,320 --> 00:05:34,320
published.

109
00:05:34,320 --> 00:05:36,160
Here's what most people miss.

110
00:05:36,160 --> 00:05:37,400
Enterprises already have connectors.

111
00:05:37,400 --> 00:05:39,800
Logic apps has one four hundred plus connectors.

112
00:05:39,800 --> 00:05:41,040
Power Platform has connectors.

113
00:05:41,040 --> 00:05:42,520
Copilot Studio has connectors.

114
00:05:42,520 --> 00:05:44,160
So why care about MCP at all?

115
00:05:44,160 --> 00:05:45,840
Because connectors are not governance.

116
00:05:45,840 --> 00:05:47,240
Connectors are plumbing.

117
00:05:47,240 --> 00:05:49,600
At scale, connectors become connectors, brawl.

118
00:05:49,600 --> 00:05:53,880
Thousands of small, slightly different integrations built by different teams with different

119
00:05:53,880 --> 00:05:58,840
naming, different fields, different error handling and different security assumptions.

120
00:05:58,840 --> 00:06:03,600
It works until it doesn't and then you discover your business process is implemented as folklore.

121
00:06:03,600 --> 00:06:08,760
MCP is an attempt to standardize the shape of tool usage for models the same way APIs standardize

122
00:06:08,760 --> 00:06:12,640
the shape of system to system calls, but it's more specific than APIs.

123
00:06:12,640 --> 00:06:18,160
APIs are designed for developers who already know what they're doing and want maximum flexibility.

124
00:06:18,160 --> 00:06:21,680
MCP tools are designed for models that need constraints to be safe and cheap.

125
00:06:21,680 --> 00:06:26,680
That's why MCP tools are typically task focused, not here's a generic crud interface to your

126
00:06:26,680 --> 00:06:28,400
entire CRM.

127
00:06:28,400 --> 00:06:33,440
More like create a contact in Salesforce with these five fields or list incidents in service

128
00:06:33,440 --> 00:06:37,800
now with these filters or update an opportunity stage with these allowed values.

129
00:06:37,800 --> 00:06:42,160
You are narrowing the surface area on purpose because the models job isn't to explore your

130
00:06:42,160 --> 00:06:43,440
entire schema.

131
00:06:43,440 --> 00:06:46,920
The models job is to execute the business intent you allow.

132
00:06:46,920 --> 00:06:49,600
This is also why MCP shows up now, not five years ago.

133
00:06:49,600 --> 00:06:53,000
The world move to multi agent reality and multi platform reality.

134
00:06:53,000 --> 00:06:55,480
You will have co pilot studio in parts of the org.

135
00:06:55,480 --> 00:06:57,240
You will have foundry in parts of the org.

136
00:06:57,240 --> 00:06:59,520
You will have GitHub co pilot in engineering.

137
00:06:59,520 --> 00:07:03,760
You will have third party agents showing up anyway and every one of those will want to use

138
00:07:03,760 --> 00:07:04,760
tools.

139
00:07:04,760 --> 00:07:08,680
MCP is vendor agnostic pressure relief, a standard shape for tools so you can build

140
00:07:08,680 --> 00:07:11,960
once published ones and reuse across agent surfaces.

141
00:07:11,960 --> 00:07:14,720
And here's the consequence executives should care about.

142
00:07:14,720 --> 00:07:19,320
MCP reduces the amount of bespoke glue you have to govern, not because it removes complexity

143
00:07:19,320 --> 00:07:23,920
because it concentrates complexity into deliberate, reviewable, auditable tool definitions.

144
00:07:23,920 --> 00:07:26,880
If you remember nothing else from this section, remember this.

145
00:07:26,880 --> 00:07:29,240
MCP doesn't make the model smarter.

146
00:07:29,240 --> 00:07:33,480
It makes the model less creative in the places where creativity is a liability.

147
00:07:33,480 --> 00:07:34,480
Logic apps.

148
00:07:34,480 --> 00:07:37,040
What it is architecturally, not what marketing says.

149
00:07:37,040 --> 00:07:40,560
Logic apps is usually introduced as low code workflow automation.

150
00:07:40,560 --> 00:07:41,880
That description is not wrong.

151
00:07:41,880 --> 00:07:45,200
It's just incomplete in the way that gets organizations hurt.

152
00:07:45,200 --> 00:07:47,560
Architecturally, logic apps is not an automation toy.

153
00:07:47,560 --> 00:07:52,640
It is an execution runtime with a connector fabric and an observability plane glued to

154
00:07:52,640 --> 00:07:53,640
it.

155
00:07:53,640 --> 00:07:57,720
That combination matters because the moment you introduce AI reasoning, the only sane move

156
00:07:57,720 --> 00:08:01,720
is to make execution boring, deterministic and reviewable.

157
00:08:01,720 --> 00:08:04,080
Kentwear points out the awkward reality.

158
00:08:04,080 --> 00:08:06,520
Logic apps has been around almost 10 years.

159
00:08:06,520 --> 00:08:07,840
It launched in 2016.

160
00:08:07,840 --> 00:08:08,840
That's not trivia.

161
00:08:08,840 --> 00:08:12,560
It means enterprises have already been running business critical integrations on it long

162
00:08:12,560 --> 00:08:15,000
before anyone started saying, "agentic."

163
00:08:15,000 --> 00:08:16,200
The muscle is there.

164
00:08:16,200 --> 00:08:21,640
It triggers, connectors, retries, compensation patterns, run history and the miserable lessons

165
00:08:21,640 --> 00:08:25,560
that show up after the first time an integration fails during quarter close.

166
00:08:25,560 --> 00:08:27,400
So what is it in system terms?

167
00:08:27,400 --> 00:08:31,120
Logic apps is a workflow runtime that can accept a trigger, perform a sequence of calls

168
00:08:31,120 --> 00:08:34,000
and then persist an auditable record of what happened.

169
00:08:34,000 --> 00:08:38,480
It's the thing that turns, we should update three systems when this event happens into

170
00:08:38,480 --> 00:08:41,600
an artifact you can trace, rerun and prove.

171
00:08:41,600 --> 00:08:43,760
And the connector part is the other half of the story.

172
00:08:43,760 --> 00:08:46,000
Logic apps has a large connector library.

173
00:08:46,000 --> 00:08:48,680
It calls out 1,400 plus.

174
00:08:48,680 --> 00:08:52,120
That means an organization doesn't start from a blank sheet every time it needs to touch

175
00:08:52,120 --> 00:08:58,640
service now, SAP, Salesforce, Teams, Dataverse, SQL or some random SAS someone bought with

176
00:08:58,640 --> 00:08:59,720
a credit card.

177
00:08:59,720 --> 00:09:00,720
But here's the shift.

178
00:09:00,720 --> 00:09:04,440
In an MCP world, connectors are not the endpoint, they're raw material.

179
00:09:04,440 --> 00:09:08,400
Logic apps becomes the place where you wrap raw connector actions into governed tools and

180
00:09:08,400 --> 00:09:09,400
workflows.

181
00:09:09,400 --> 00:09:10,400
You decide what is exposed.

182
00:09:10,400 --> 00:09:11,760
You decide what is hidden.

183
00:09:11,760 --> 00:09:13,320
You decide what inputs matter.

184
00:09:13,320 --> 00:09:14,960
You decide what outputs return.

185
00:09:14,960 --> 00:09:17,080
And you do it once in a way that can be reused.

186
00:09:17,080 --> 00:09:19,760
Now deployment models, most people gloss over this.

187
00:09:19,760 --> 00:09:22,320
Don't logic apps has three deployment models.

188
00:09:22,320 --> 00:09:24,960
Consumption, standard and hybrid, that is not a feature list.

189
00:09:24,960 --> 00:09:26,760
It is a control plane decision.

190
00:09:26,760 --> 00:09:28,760
Consumption is multi-tenant, it's convenient.

191
00:09:28,760 --> 00:09:33,120
It's also by design not where you go when you need tight network boundaries and predictable

192
00:09:33,120 --> 00:09:34,600
execution at scale.

193
00:09:34,600 --> 00:09:35,600
Standard is single tenant.

194
00:09:35,600 --> 00:09:39,560
Can't describe that as single tenancy dedicated compute, dedicated storage, networking.

195
00:09:39,560 --> 00:09:40,560
That's the key.

196
00:09:40,560 --> 00:09:44,920
In standard, the workflow runs inside compute you control with networking you can shape.

197
00:09:44,920 --> 00:09:48,760
And with identity primitives that don't require you to play the where did this secret get

198
00:09:48,760 --> 00:09:50,680
copied game.

199
00:09:50,680 --> 00:09:54,520
Hybrid is the extension of that idea when you need to bring the runtime closer to your

200
00:09:54,520 --> 00:09:55,720
environment.

201
00:09:55,720 --> 00:10:00,880
Arc connected Kubernetes, semi connected execution, data staying local with telemetry sinking

202
00:10:00,880 --> 00:10:01,880
back.

203
00:10:01,880 --> 00:10:04,720
That's for the parts of the enterprise that still live in reality.

204
00:10:04,720 --> 00:10:09,000
Factories, regulated networks, awkward latency and the unspoken requirement that cloud

205
00:10:09,000 --> 00:10:11,600
outage cannot equal business outage.

206
00:10:11,600 --> 00:10:14,280
So why does any of this matter for co-pilot and MCP?

207
00:10:14,280 --> 00:10:18,360
Because the execution plane needs properties, the reasoning plane will never have.

208
00:10:18,360 --> 00:10:22,520
Deterministic behavior, predictable retries, clear failure modes and a run history that

209
00:10:22,520 --> 00:10:24,320
can serve as evidence.

210
00:10:24,320 --> 00:10:25,880
Logic apps gives you that by default.

211
00:10:25,880 --> 00:10:29,840
It's not glamorous, it's not conversational, it does not pretend to be intelligent.

212
00:10:29,840 --> 00:10:30,840
Good.

213
00:10:30,840 --> 00:10:34,480
In the AI era, the most valuable system is the one that refuses to improvise.

214
00:10:34,480 --> 00:10:39,000
And that's why logic apps become the practical MCP factory inside Microsoft Estates.

215
00:10:39,000 --> 00:10:41,840
It can take your enterprise's messy reality.

216
00:10:41,840 --> 00:10:45,640
It can take your business, networks, identities, throttling retries and package it into tools

217
00:10:45,640 --> 00:10:50,960
that are safe enough for a model to use without turning every request into a new experiment.

218
00:10:50,960 --> 00:10:55,560
Now we can place co-pilot studio correctly, not as the thing that integrates everything.

219
00:10:55,560 --> 00:10:59,400
As the thing that decides what should happen, then hands execution to something that can

220
00:10:59,400 --> 00:11:00,880
be held accountable.

221
00:11:00,880 --> 00:11:04,640
Co-pilot studio, the intent interface, not the integration layer.

222
00:11:04,640 --> 00:11:08,320
Co-pilot studio is where most leaders want to start because it looks like the business.

223
00:11:08,320 --> 00:11:09,840
A person asks a question.

224
00:11:09,840 --> 00:11:11,960
The system answers, it feels like progress.

225
00:11:11,960 --> 00:11:15,720
But the moment you confuse that interface for the integration layer, you've quietly

226
00:11:15,720 --> 00:11:17,640
rebuild the same old problem.

227
00:11:17,640 --> 00:11:21,560
You've put business intent inside a surface that can't own the enterprise's execution

228
00:11:21,560 --> 00:11:22,560
debt.

229
00:11:22,560 --> 00:11:24,320
That distinction matters.

230
00:11:24,320 --> 00:11:29,520
Co-pilot studio is excellent at three things, conversation, decision framing and tool selection.

231
00:11:29,520 --> 00:11:33,160
Conversation means it can pull context out of humans without forcing them through a form

232
00:11:33,160 --> 00:11:34,160
they hate.

233
00:11:34,160 --> 00:11:37,400
Hiring managers don't want to know which attribute maps to which HR field.

234
00:11:37,400 --> 00:11:42,520
They want to say start date is the 15th, remote needs contractor access and yes finance systems.

235
00:11:42,520 --> 00:11:44,480
Co-pilot studio can extract that cleanly.

236
00:11:44,480 --> 00:11:49,160
Decision framing means it can take fuzzy requests and turn them into a structured intent.

237
00:11:49,160 --> 00:11:50,960
What is the user trying to achieve?

238
00:11:50,960 --> 00:11:52,360
What constraints are implied?

239
00:11:52,360 --> 00:11:53,840
What information is missing?

240
00:11:53,840 --> 00:11:54,840
What needs approval?

241
00:11:54,840 --> 00:11:56,360
That is not integration.

242
00:11:56,360 --> 00:11:57,840
That's interpretation.

243
00:11:57,840 --> 00:12:01,480
Tool selection means it can choose the next action from a defined set of tools based

244
00:12:01,480 --> 00:12:03,080
on descriptions and schemas.

245
00:12:03,080 --> 00:12:06,080
And that's where it becomes dangerous if your tools are a mess because the model will

246
00:12:06,080 --> 00:12:08,520
still choose even if the choices are ambiguous.

247
00:12:08,520 --> 00:12:11,040
Here's the foundational mistake organizations make.

248
00:12:11,040 --> 00:12:15,440
They assume co-pilot studio should just connect to systems of record directly because it

249
00:12:15,440 --> 00:12:16,440
can.

250
00:12:16,440 --> 00:12:17,440
It can.

251
00:12:17,440 --> 00:12:18,440
It shouldn't.

252
00:12:18,440 --> 00:12:22,040
When co-pilot studio calls a connector directly, you've embedded execution inside the reasoning

253
00:12:22,040 --> 00:12:23,040
plane.

254
00:12:23,040 --> 00:12:26,920
You've made the model responsible for error handling, retries, compensations and the

255
00:12:26,920 --> 00:12:31,600
kinds of boring transactional guarantees that humans expect and systems rarely provide.

256
00:12:31,600 --> 00:12:33,160
That is not an AI problem.

257
00:12:33,160 --> 00:12:34,440
That is an architecture problem.

258
00:12:34,440 --> 00:12:37,680
Now to be fair, the tools landscape inside co-pilot studio is getting broader and more

259
00:12:37,680 --> 00:12:38,680
capable.

260
00:12:38,680 --> 00:12:39,680
You can use prompts.

261
00:12:39,680 --> 00:12:40,680
You can use connectors.

262
00:12:40,680 --> 00:12:41,680
You can use agent flows.

263
00:12:41,680 --> 00:12:45,360
You can use computer use for UI automation when the API story is terrible.

264
00:12:45,360 --> 00:12:46,360
And now you can use MCP.

265
00:12:46,360 --> 00:12:49,680
But each of those tools exists on a spectrum of governance.

266
00:12:49,680 --> 00:12:51,680
Prompts are flexible, but they're not evidence.

267
00:12:51,680 --> 00:12:54,000
Connectors are convenient, but they're not a control plane.

268
00:12:54,000 --> 00:12:58,360
Agent flows can be structured, but they still need an execution spine behind them if you

269
00:12:58,360 --> 00:13:00,800
want consistent enterprise behavior.

270
00:13:00,800 --> 00:13:04,240
Computer use is powerful, but it is literally automation through screens.

271
00:13:04,240 --> 00:13:08,160
That is the opposite of stable, and MCP is the one that forces you to stop pretending

272
00:13:08,160 --> 00:13:10,600
the model can safely improvise.

273
00:13:10,600 --> 00:13:12,760
This is why Kent's question lands.

274
00:13:12,760 --> 00:13:14,720
Co-pilot studio has connectivity.

275
00:13:14,720 --> 00:13:17,080
So why do I care about MCP server?

276
00:13:17,080 --> 00:13:20,720
Because the enterprise doesn't care that a single agent can do a thing once.

277
00:13:20,720 --> 00:13:24,840
The enterprise cares that the next 10 agents don't each invent their own way to do the same

278
00:13:24,840 --> 00:13:25,840
thing.

279
00:13:25,840 --> 00:13:30,200
MCP servers are how you make connectivity reusable, reviewable and portable across agent

280
00:13:30,200 --> 00:13:31,200
platforms.

281
00:13:31,200 --> 00:13:35,800
But the tool contract once, publish it and then co-pilot studio foundry VS code and whatever

282
00:13:35,800 --> 00:13:38,880
else shows up next can consume the same governed capabilities.

283
00:13:38,880 --> 00:13:42,280
It's also how you prevent connector sprawl from becoming agents sprawl.

284
00:13:42,280 --> 00:13:46,760
If every team can attach connectors directly to their agent, your security model will drift.

285
00:13:46,760 --> 00:13:48,160
Your data movement will drift.

286
00:13:48,160 --> 00:13:49,480
Your approval logic will drift.

287
00:13:49,480 --> 00:13:50,880
Not because people are reckless.

288
00:13:50,880 --> 00:13:53,680
Because entropy always wins when enforcement is optional.

289
00:13:53,680 --> 00:13:55,520
So co-pilot studio's role is specific.

290
00:13:55,520 --> 00:13:57,000
It is the intent interface.

291
00:13:57,000 --> 00:13:58,640
It is where humans express what they want.

292
00:13:58,640 --> 00:14:01,360
It is where the system asks the right follow-up questions.

293
00:14:01,360 --> 00:14:05,120
It is where reasoning happens and then it hands off to an execution layer that doesn't

294
00:14:05,120 --> 00:14:06,120
negotiate.

295
00:14:06,120 --> 00:14:08,880
That handoff is not a minor implementation detail.

296
00:14:08,880 --> 00:14:11,360
It's the architecture.

297
00:14:11,360 --> 00:14:15,360
Co-pilot studio without an execution spine becomes a high end demo machine.

298
00:14:15,360 --> 00:14:16,760
Impressive in a meeting.

299
00:14:16,760 --> 00:14:18,840
Unpredictable in production.

300
00:14:18,840 --> 00:14:23,960
Co-pilot studio with a governed execution layer becomes a scalable operating model.

301
00:14:23,960 --> 00:14:29,400
In addition, decisions, constraint actions and traceability you can defend in an audit.

302
00:14:29,400 --> 00:14:32,440
Now we can introduce the executive mental model that makes this click.

303
00:14:32,440 --> 00:14:33,440
Two planes.

304
00:14:33,440 --> 00:14:34,720
Two jobs.

305
00:14:34,720 --> 00:14:38,080
And a hard boundary between decide and do.

306
00:14:38,080 --> 00:14:39,440
The two plane model.

307
00:14:39,440 --> 00:14:41,680
Reasoning plane versus execution plane.

308
00:14:41,680 --> 00:14:44,560
Here's what most organizations miss until the first incident review.

309
00:14:44,560 --> 00:14:46,920
AI doesn't automate workflows.

310
00:14:46,920 --> 00:14:50,800
AI changes where decisions get made and once decisions move control either follows

311
00:14:50,800 --> 00:14:53,360
by design or it evaporates by accident.

312
00:14:53,360 --> 00:14:55,240
So the executive mental model is this.

313
00:14:55,240 --> 00:14:56,240
Two planes.

314
00:14:56,240 --> 00:14:57,800
A reasoning plane and an execution plane.

315
00:14:57,800 --> 00:14:59,520
The reasoning plane is co-pilot studio.

316
00:14:59,520 --> 00:15:00,520
It's conversational.

317
00:15:00,520 --> 00:15:01,520
It's adaptive.

318
00:15:01,520 --> 00:15:02,520
It's probabilistic by nature.

319
00:15:02,520 --> 00:15:04,840
It's good at interpreting messy human intent.

320
00:15:04,840 --> 00:15:07,920
Asking for missing context and deciding which option fits the moment.

321
00:15:07,920 --> 00:15:09,200
But it is not deterministic.

322
00:15:09,200 --> 00:15:10,600
It will never be deterministic.

323
00:15:10,600 --> 00:15:11,600
That's not a bug.

324
00:15:11,600 --> 00:15:12,600
That's what makes it useful.

325
00:15:12,600 --> 00:15:14,360
The execution plane is logic apps.

326
00:15:14,360 --> 00:15:15,360
It's transactional.

327
00:15:15,360 --> 00:15:16,360
It's auditable.

328
00:15:16,360 --> 00:15:17,360
It's designed to be boring.

329
00:15:17,360 --> 00:15:20,920
It takes a decision and turns it into a series of controlled actions against systems

330
00:15:20,920 --> 00:15:25,480
of record with retries, compensations and a run history that can survive and audit.

331
00:15:25,480 --> 00:15:27,080
It is deterministic on purpose.

332
00:15:27,080 --> 00:15:29,680
That distinction matters.

333
00:15:29,680 --> 00:15:33,000
Because if you blend the planes, you get conditional chaos.

334
00:15:33,000 --> 00:15:38,240
A system where outcomes vary based on phrasing, context drift, tool ambiguity or a model update

335
00:15:38,240 --> 00:15:39,600
you didn't schedule.

336
00:15:39,600 --> 00:15:43,400
In the two plane model, each plane has a job it can actually do well.

337
00:15:43,400 --> 00:15:46,520
In the reasoning plane, the job is interpret intent.

338
00:15:46,520 --> 00:15:48,040
What is the user really asking for?

339
00:15:48,040 --> 00:15:49,520
What policy constraints apply?

340
00:15:49,520 --> 00:15:50,880
What approvals are needed?

341
00:15:50,880 --> 00:15:52,640
What information is missing?

342
00:15:52,640 --> 00:15:54,880
And critically, what tool should be called next?

343
00:15:54,880 --> 00:15:58,320
In the execution plane, the job is enforce intent.

344
00:15:58,320 --> 00:16:00,320
Make the call the same way every time.

345
00:16:00,320 --> 00:16:02,560
Validate inputs.

346
00:16:02,560 --> 00:16:04,400
Handle failures predictably.

347
00:16:04,400 --> 00:16:07,440
Write to the right system in the right order with the right identity.

348
00:16:07,440 --> 00:16:10,080
Capture the evidence.

349
00:16:10,080 --> 00:16:14,200
Now connect this to the line that should be written on a whiteboard in every AI transformation

350
00:16:14,200 --> 00:16:15,760
steering committee.

351
00:16:15,760 --> 00:16:17,640
Copilot decides what should happen.

352
00:16:17,640 --> 00:16:20,440
Logic apps ensures it happens within your compliance boundaries.

353
00:16:20,440 --> 00:16:24,440
If copilot makes a decision that violates policy, the execution plane should refuse.

354
00:16:24,440 --> 00:16:28,280
If copilot makes a decision without required data, the execution plane should force the missing

355
00:16:28,280 --> 00:16:29,280
fields.

356
00:16:29,280 --> 00:16:33,520
If copilot makes a decision that triggers a risky operation, the execution plane should

357
00:16:33,520 --> 00:16:36,120
require an approval pathway or an escalation.

358
00:16:36,120 --> 00:16:41,360
This is where MCP becomes more than a protocol and starts acting like the seam between planes.

359
00:16:41,360 --> 00:16:45,640
MCP is how the reasoning plane asks the execution plane to do something without improvising

360
00:16:45,640 --> 00:16:46,720
the mechanics.

361
00:16:46,720 --> 00:16:48,080
The tool name is fixed.

362
00:16:48,080 --> 00:16:49,240
The schema is fixed.

363
00:16:49,240 --> 00:16:50,600
The inputs are explicit.

364
00:16:50,600 --> 00:16:51,880
The outputs are structured.

365
00:16:51,880 --> 00:16:52,880
The model stops guessing.

366
00:16:52,880 --> 00:16:53,960
It starts selecting.

367
00:16:53,960 --> 00:16:57,720
And that changes everything about blast radius because the most dangerous idea in enterprise

368
00:16:57,720 --> 00:17:01,320
AI is AI inside every workflow.

369
00:17:01,320 --> 00:17:02,320
That sounds modern.

370
00:17:02,320 --> 00:17:06,960
It's also how you end up with non-deterministic rights to your systems of record scattered across

371
00:17:06,960 --> 00:17:11,120
dozens of agents, each with slightly different prompts, slightly different tools and slightly

372
00:17:11,120 --> 00:17:12,960
different security assumptions.

373
00:17:12,960 --> 00:17:15,320
In other words, policy drift at machine speed.

374
00:17:15,320 --> 00:17:17,520
The two plane model reduces that risk by design.

375
00:17:17,520 --> 00:17:19,400
You don't let reasoning leak into execution.

376
00:17:19,400 --> 00:17:22,000
You don't let execution logic get rebuilt in every agent.

377
00:17:22,000 --> 00:17:26,600
You centralize execution into an orchestration layer that is observable, governable and repeatable.

378
00:17:26,600 --> 00:17:31,080
Then you let AI do what it's actually good at, understanding humans and choosing among

379
00:17:31,080 --> 00:17:32,520
constrained options.

380
00:17:32,520 --> 00:17:34,560
This also scales organizationally.

381
00:17:34,560 --> 00:17:38,600
Agent builders can focus on intents, conversations and decision quality.

382
00:17:38,600 --> 00:17:43,480
Workflow owners can focus on integration, integrity, idempotency and data contracts.

383
00:17:43,480 --> 00:17:46,360
Operators can focus on run, history, failures and evidence.

384
00:17:46,360 --> 00:17:48,360
That row separation is not bureaucracy.

385
00:17:48,360 --> 00:17:52,280
It's how you stop privilege sprawl and tool sprawl from becoming permanent.

386
00:17:52,280 --> 00:17:57,000
And if you're listening for the payoff, this is why MCP matters even when connectors exist.

387
00:17:57,000 --> 00:18:01,560
Connectors let you call systems MCP, paired with an execution plane, let you call systems

388
00:18:01,560 --> 00:18:02,560
safely.

389
00:18:02,560 --> 00:18:06,360
That's the difference between it works in a demo and it survives quarter close.

390
00:18:06,360 --> 00:18:11,280
Now that the model is clear, we can narrate what this actually looks like end to end.

391
00:18:11,280 --> 00:18:16,040
Event, reasoning, orchestration and an audit trail that doesn't rely on someone's memory.

392
00:18:16,040 --> 00:18:17,720
Walkthrough narrated.

393
00:18:17,720 --> 00:18:21,040
Event, reasoning, orchestration, audit trail.

394
00:18:21,040 --> 00:18:25,000
Here's the narrated version of what actually happens when this architecture is working end

395
00:18:25,000 --> 00:18:27,040
to end without screens.

396
00:18:27,040 --> 00:18:30,000
Start with a real signal, not a user click the button demo signal.

397
00:18:30,000 --> 00:18:34,600
A real enterprise event, a new hire is approved in the HR system and invoiced lands in a shared

398
00:18:34,600 --> 00:18:35,600
mailbox.

399
00:18:35,600 --> 00:18:38,320
A servitoo ticket gets created in your ITSM platform.

400
00:18:38,320 --> 00:18:43,040
A pricing update is published from SAP, something changes and now the enterprise has to respond.

401
00:18:43,040 --> 00:18:45,920
That event is the trigger and the first discipline is this.

402
00:18:45,920 --> 00:18:49,240
Don't let the trigger become the workflow, a trigger is just a fact.

403
00:18:49,240 --> 00:18:51,000
It says something happened.

404
00:18:51,000 --> 00:18:55,040
The reasoning plane is where the system decides what that fact means in business terms.

405
00:18:55,040 --> 00:18:59,520
So Copilot Studio takes the event, plus whatever context is allowed to see, and it does

406
00:18:59,520 --> 00:19:04,080
the part humans usually do in chat messages and half filled tickets, interpretation.

407
00:19:04,080 --> 00:19:08,240
For HR onboarding, it looks at the hire request and immediately starts asking the questions

408
00:19:08,240 --> 00:19:09,920
that always get asked too late.

409
00:19:09,920 --> 00:19:15,040
Roll, location, start date, manager, equipment needs, standard access versus special access,

410
00:19:15,040 --> 00:19:18,600
contractor versus employee and whether any approvals are missing.

411
00:19:18,600 --> 00:19:23,440
For invoice exceptions, it does the thing, accounts payable teams hate doing manually.

412
00:19:23,440 --> 00:19:24,800
Why was this rejected?

413
00:19:24,800 --> 00:19:29,240
It reads the rejection reason, asks for missing context, normalizes vendor names and figures

414
00:19:29,240 --> 00:19:34,160
out whether this is a mismatch, a missing PO, a limit breach or an approval gap.

415
00:19:34,160 --> 00:19:37,360
For IT service automation, it identifies the intent.

416
00:19:37,360 --> 00:19:42,080
Password reset, device compliance, VPN access, mailbox permissions, whatever your tier catalog

417
00:19:42,080 --> 00:19:43,600
actually contains.

418
00:19:43,600 --> 00:19:46,520
And it checks whether this is within policy or needs escalation.

419
00:19:46,520 --> 00:19:47,520
Now here's the key.

420
00:19:47,520 --> 00:19:51,720
Copilot Studio is not calling random connectors because it can.

421
00:19:51,720 --> 00:19:57,160
It is selecting tools, MCP tools, tools with names and schemers that were designed in advance.

422
00:19:57,160 --> 00:20:01,880
This is where the system stops being a chatbot and starts behaving like a constrained operator.

423
00:20:01,880 --> 00:20:06,280
The agent sees a tool catalog and chooses a tool based on description and required inputs.

424
00:20:06,280 --> 00:20:07,600
It's not inventing an endpoint.

425
00:20:07,600 --> 00:20:09,320
It's not guessing at field names.

426
00:20:09,320 --> 00:20:10,920
It's selecting from what you published.

427
00:20:10,920 --> 00:20:14,680
Yes, the descriptions matter because they become decision inputs for the model.

428
00:20:14,680 --> 00:20:19,560
When Ken said MCP enables seamless integration between large language model applications or

429
00:20:19,560 --> 00:20:23,120
agents and tools and data, that's what seamless really means.

430
00:20:23,120 --> 00:20:25,760
The model gets a clean menu instead of a junk drawer.

431
00:20:25,760 --> 00:20:29,760
So Copilot Studio chooses the tool, fills in the schema and hands off the request to the

432
00:20:29,760 --> 00:20:30,760
execution plane.

433
00:20:30,760 --> 00:20:32,160
Now logic apps takes over.

434
00:20:32,160 --> 00:20:35,440
This is where the enterprise stops debating what should happen and starts doing what is

435
00:20:35,440 --> 00:20:36,600
allowed to happen.

436
00:20:36,600 --> 00:20:38,600
Logic apps executes connector calls.

437
00:20:38,600 --> 00:20:43,400
But it does it with boring features that matter in production, retries, timeouts, compensating

438
00:20:43,400 --> 00:20:45,720
actions and controlled sequencing.

439
00:20:45,720 --> 00:20:48,320
If a downstream system throttles it retries in the right way.

440
00:20:48,320 --> 00:20:53,800
If a step fails after partial success, it compensates or it roots to a human approval path.

441
00:20:53,800 --> 00:20:57,960
If a call needs enrichment, look up the manager's ID, map the vendor number, translate a location

442
00:20:57,960 --> 00:20:58,960
code.

443
00:20:58,960 --> 00:21:00,720
Logic apps does it deterministically.

444
00:21:00,720 --> 00:21:03,280
And this is why logic apps is the execution spine.

445
00:21:03,280 --> 00:21:04,760
It doesn't just call APIs.

446
00:21:04,760 --> 00:21:06,320
It owns the workflow reality.

447
00:21:06,320 --> 00:21:07,720
The enterprise depends on.

448
00:21:07,720 --> 00:21:12,320
Now the part executives should care about even more than the automation is the evidence trail.

449
00:21:12,320 --> 00:21:14,680
Because enterprises don't get punished for automating.

450
00:21:14,680 --> 00:21:16,960
They get punished for not being able to prove what happened.

451
00:21:16,960 --> 00:21:18,440
Logic apps gives you run history.

452
00:21:18,440 --> 00:21:22,600
And when you run MCP tools through it, you get a full chain, the trigger event, the parameters

453
00:21:22,600 --> 00:21:27,360
passed, the connector calls made, the responses received and the final output.

454
00:21:27,360 --> 00:21:33,480
Kent described it as full traceability, inputs outputs, what the user said, what the agent

455
00:21:33,480 --> 00:21:34,680
responded.

456
00:21:34,680 --> 00:21:36,160
We've got a very complete picture.

457
00:21:36,160 --> 00:21:37,440
That is not a nice to have.

458
00:21:37,440 --> 00:21:41,240
It is the difference between an automation you can scale and an automation you quietly turn

459
00:21:41,240 --> 00:21:43,200
off after the first compliance review.

460
00:21:43,200 --> 00:21:44,720
The output is simple.

461
00:21:44,720 --> 00:21:49,480
Systems update, tickets close, records reconcile, access provisions, approvals route and

462
00:21:49,480 --> 00:21:51,800
humans only touch the weird cases.

463
00:21:51,800 --> 00:21:53,120
But the real product isn't the update.

464
00:21:53,120 --> 00:21:56,280
The real product is that the enterprise can replay the truth.

465
00:21:56,280 --> 00:21:58,200
When someone asks, who approved this?

466
00:21:58,200 --> 00:21:59,200
You don't search teams.

467
00:21:59,200 --> 00:22:00,200
You pull the run.

468
00:22:00,200 --> 00:22:02,160
When someone asks, why did the agent do that?

469
00:22:02,160 --> 00:22:03,160
You don't blame the model.

470
00:22:03,160 --> 00:22:06,200
You show the tool call and the policy boundary at hit.

471
00:22:06,200 --> 00:22:08,680
And once you have that, you're not building automations anymore.

472
00:22:08,680 --> 00:22:10,880
You're building a govern decision and execution pipeline.

473
00:22:10,880 --> 00:22:14,440
Now we can talk about the part that determines whether the scales or collapses.

474
00:22:14,440 --> 00:22:15,760
Tool design.

475
00:22:15,760 --> 00:22:19,080
Tool design is governance, avoiding conditional chaos.

476
00:22:19,080 --> 00:22:23,920
This is where most agentec enterprise conversations collapse into a polite disaster.

477
00:22:23,920 --> 00:22:24,920
Tool design.

478
00:22:24,920 --> 00:22:27,880
Not model selection, not prompt tuning, not which chat surface you picked.

479
00:22:27,880 --> 00:22:28,880
Tool design.

480
00:22:28,880 --> 00:22:30,800
Because once a model has tools, it will use them.

481
00:22:30,800 --> 00:22:34,520
And if the tools are vague, overlapping or overpowered, you've created conditional

482
00:22:34,520 --> 00:22:38,600
chaos with a friendly UI, can set the line that should permanently ruin the idea of just

483
00:22:38,600 --> 00:22:40,200
expose the connector.

484
00:22:40,200 --> 00:22:42,240
Create record, create record of what?

485
00:22:42,240 --> 00:22:44,080
That question isn't pedantic.

486
00:22:44,080 --> 00:22:47,200
It's the entire governance problem in one sentence.

487
00:22:47,200 --> 00:22:51,480
In an enterprise connector, create record usually means create anything in a system that

488
00:22:51,480 --> 00:22:54,320
contains hundreds of entities and thousands of fields.

489
00:22:54,320 --> 00:22:57,240
Humans can handle that because humans carry context and caution.

490
00:22:57,240 --> 00:22:58,240
Models don't.

491
00:22:58,240 --> 00:23:02,560
Models optimize for completing the task and they will happily fill in blanks with guesses

492
00:23:02,560 --> 00:23:03,920
that look plausible.

493
00:23:03,920 --> 00:23:06,080
For the first rule of MCP Tool design is simple.

494
00:23:06,080 --> 00:23:07,320
Generic tools don't scale.

495
00:23:07,320 --> 00:23:09,040
They scale ambiguity.

496
00:23:09,040 --> 00:23:12,880
An ambiguity is expensive, in tokens, in retries, in wrong rights.

497
00:23:12,880 --> 00:23:17,480
And in the time you'll spend explaining to audit why an AI wrote something to somewhere,

498
00:23:17,480 --> 00:23:19,000
because the tool allowed it.

499
00:23:19,000 --> 00:23:22,760
The counter-intuitive part is that governance isn't a policy document.

500
00:23:22,760 --> 00:23:23,760
Governance is what you expose.

501
00:23:23,760 --> 00:23:27,920
And if you expose a tool that can write to ten tables, you've already lost the argument

502
00:23:27,920 --> 00:23:29,880
that you control the system.

503
00:23:29,880 --> 00:23:31,440
Control is not what you intended.

504
00:23:31,440 --> 00:23:32,760
Control is what the interface permits.

505
00:23:32,760 --> 00:23:38,360
So you design tools, like you designed guardrails, narrow surface area, clear intent, constrained

506
00:23:38,360 --> 00:23:41,080
inputs, predictable outputs.

507
00:23:41,080 --> 00:23:44,600
And the output constraints matter more than most people think because tool responses become

508
00:23:44,600 --> 00:23:45,920
model context.

509
00:23:45,920 --> 00:23:49,920
If you return the entire record payload every time you're not being thorough, you're burning

510
00:23:49,920 --> 00:23:53,320
tokens and feeding the model noise it will treat as relevant.

511
00:23:53,320 --> 00:23:59,000
The simple version is your tool schema is your policy boundary, now practical consequences.

512
00:23:59,000 --> 00:24:04,240
If you build an MCP tool called update opportunity, and it accepts any field in the opportunity

513
00:24:04,240 --> 00:24:08,960
object, the model will eventually update the wrong field, not because it's malicious,

514
00:24:08,960 --> 00:24:11,880
because it is trying to be helpful in a schema it can't fully reason about.

515
00:24:11,880 --> 00:24:16,160
But if you build advanced opportunity stage with allowed values required IDs and a constrained

516
00:24:16,160 --> 00:24:20,800
output that returns the new stage timestamp and a correlation ID, you've done something

517
00:24:20,800 --> 00:24:25,880
different, you've turned a risky right into a controlled action, that distinction matters.

518
00:24:25,880 --> 00:24:28,960
And this is where logic apps becomes more than an execution engine.

519
00:24:28,960 --> 00:24:32,640
It becomes a tool compiler, you take raw connectors and you wrap them into tools that match

520
00:24:32,640 --> 00:24:38,640
business verbs, not platform verbs, provision day one access, create incident with severity,

521
00:24:38,640 --> 00:24:43,480
validate invoice against PO, sync pricing changes with ID and potency, those aren't connector

522
00:24:43,480 --> 00:24:46,000
operations, they're governed capabilities.

523
00:24:46,000 --> 00:24:50,520
Now the part everyone underestimates tool descriptions, tool descriptions are not documentation,

524
00:24:50,520 --> 00:24:51,600
they're decision inputs.

525
00:24:51,600 --> 00:24:56,600
A model doesn't read your wiki, it reads the tool catalog description and schema, that's

526
00:24:56,600 --> 00:24:59,480
what it uses to decide whether a tool fits the situation.

527
00:24:59,480 --> 00:25:02,960
If the description is generic, the model selection is probabilistic, if the description is

528
00:25:02,960 --> 00:25:05,720
precise, the model selection becomes constrained.

529
00:25:05,720 --> 00:25:10,040
So you write descriptions like you're writing for a deterministic system, because you are.

530
00:25:10,040 --> 00:25:15,280
This tool creates a Salesforce contact with last name, email and account ID, use it only

531
00:25:15,280 --> 00:25:19,880
when a human confirms the contact should be created, that is governance.

532
00:25:19,880 --> 00:25:25,280
And the moment you do that consistently, something else happens, you reduce tool collisions.

533
00:25:25,280 --> 00:25:29,680
You reduce duplicate tools across teams, you reduce the temptation for every agent builder

534
00:25:29,680 --> 00:25:33,640
to invent their own slightly different version of the same capability, because they don't

535
00:25:33,640 --> 00:25:34,640
need to.

536
00:25:34,640 --> 00:25:37,200
This is also where you kill entropy generators early.

537
00:25:37,200 --> 00:25:41,280
Policy exceptions thrive in ambiguity, side channels thrive when the official path is

538
00:25:41,280 --> 00:25:43,440
harder than the unofficial one.

539
00:25:43,440 --> 00:25:47,560
Shadow integrations appear when the blessed tool can't answer the real question.

540
00:25:47,560 --> 00:25:51,720
Well designed tools remove those escape hatches, not by telling people to behave, by making

541
00:25:51,720 --> 00:25:53,560
the correct path the easiest path.

542
00:25:53,560 --> 00:25:55,800
Now tie this back to governance as an enabler.

543
00:25:55,800 --> 00:25:59,720
A tool catalog that's curated and constrained is what allows you to move faster without losing

544
00:25:59,720 --> 00:26:00,720
control.

545
00:26:00,720 --> 00:26:04,600
It's how you let teams build agents quickly without granting them raw access to systems

546
00:26:04,600 --> 00:26:05,600
of record.

547
00:26:05,600 --> 00:26:09,720
It's how you let co-pilot studio do things without turning every action into a bespoke

548
00:26:09,720 --> 00:26:10,720
security review.

549
00:26:10,720 --> 00:26:13,720
You don't govern agent behavior by reviewing every conversation.

550
00:26:13,720 --> 00:26:16,000
You govern it by designing what actions are possible.

551
00:26:16,000 --> 00:26:17,000
That's why MCP matters.

552
00:26:17,000 --> 00:26:18,320
It's not just a protocol.

553
00:26:18,320 --> 00:26:21,560
It's a forcing function that makes tool design the unit of governance.

554
00:26:21,560 --> 00:26:26,200
And once tool design is governance, you stop arguing about whether AI is safe.

555
00:26:26,200 --> 00:26:27,840
You start proving it.

556
00:26:27,840 --> 00:26:30,680
Scenario one, HR onboarding across systems.

557
00:26:30,680 --> 00:26:34,520
HR onboarding is the universal enterprise mess because it looks simple until you try to

558
00:26:34,520 --> 00:26:35,840
do it consistently.

559
00:26:35,840 --> 00:26:37,080
A person is hired.

560
00:26:37,080 --> 00:26:38,080
They need an identity.

561
00:26:38,080 --> 00:26:39,080
They need a mailbox.

562
00:26:39,080 --> 00:26:40,080
They need access.

563
00:26:40,080 --> 00:26:41,080
They need a device.

564
00:26:41,080 --> 00:26:42,080
They need payroll.

565
00:26:42,080 --> 00:26:45,520
They need just one exception because the new hire is remote or a contractor or joining

566
00:26:45,520 --> 00:26:48,960
finance or starting tomorrow or all of the above.

567
00:26:48,960 --> 00:26:54,120
And every one of those needs lives in a different system owned by a different team with a different

568
00:26:54,120 --> 00:26:55,880
definition of done.

569
00:26:55,880 --> 00:26:57,600
So here's the strategic framing.

570
00:26:57,600 --> 00:26:59,360
onboarding isn't an integration problem.

571
00:26:59,360 --> 00:27:03,760
It's a coordination problem with security consequences because the moment onboarding becomes

572
00:27:03,760 --> 00:27:06,720
a ticket relay race, two things always happen.

573
00:27:06,720 --> 00:27:07,720
First you lose time.

574
00:27:07,720 --> 00:27:09,800
Day one readiness turns into day three readiness.

575
00:27:09,800 --> 00:27:10,800
Then day seven readiness.

576
00:27:10,800 --> 00:27:13,840
Then they'll be fine with shared access for now.

577
00:27:13,840 --> 00:27:15,120
Second you lose control.

578
00:27:15,120 --> 00:27:19,720
The access becomes normal access manual overrides become permanent pathways and nobody can prove

579
00:27:19,720 --> 00:27:23,880
why a given person got a given entitlement because the decision lived in an email and the

580
00:27:23,880 --> 00:27:25,760
execution happened in four different places.

581
00:27:25,760 --> 00:27:28,640
Now drop co pilot studio and logic apps into that reality.

582
00:27:28,640 --> 00:27:30,560
The intent interface is co pilot studio.

583
00:27:30,560 --> 00:27:34,840
The hiring manager doesn't need to know what entry attribute maps to what downstream system.

584
00:27:34,840 --> 00:27:37,120
They need to communicate intent in human terms.

585
00:27:37,120 --> 00:27:42,920
Roll location start date manager department employment type and whether standard access applies

586
00:27:42,920 --> 00:27:45,080
or special access is required.

587
00:27:45,080 --> 00:27:47,520
And co pilot studio's job is not to guess the answer.

588
00:27:47,520 --> 00:27:51,240
It's to interrogate the request until the request becomes executable.

589
00:27:51,240 --> 00:27:53,280
This is where you reduce entropy early.

590
00:27:53,280 --> 00:27:56,320
The agent asks the questions humans usually ask too late.

591
00:27:56,320 --> 00:27:59,840
It confirms whether the person is employee or contractor, whether they need privileged

592
00:27:59,840 --> 00:28:04,520
access, whether they handle regulated data, whether they require SIP rolls, whether they

593
00:28:04,520 --> 00:28:09,640
need a device shipped and whether approvals exist for any non-standard entitlements.

594
00:28:09,640 --> 00:28:11,280
Then the handoff happens.

595
00:28:11,280 --> 00:28:15,560
The pilot selects a tool not a connector a tool with a name that encodes your governance

596
00:28:15,560 --> 00:28:21,640
intent like start on boarding for new hire or provision day one access.

597
00:28:21,640 --> 00:28:25,960
And this is where mcp matters the model isn't improvising a sequence of connector calls.

598
00:28:25,960 --> 00:28:29,160
It is calling a published capability with a schema you defined.

599
00:28:29,160 --> 00:28:33,760
The request goes into logic apps and logic apps does the boring work that you actually want

600
00:28:33,760 --> 00:28:34,760
boring.

601
00:28:34,760 --> 00:28:38,520
It creates the identity using managed identity not shared credentials.

602
00:28:38,520 --> 00:28:42,600
It assigns baseline groups using explicit mappings, not whatever the model thinks.

603
00:28:42,600 --> 00:28:46,800
It provisions the mailbox, triggers device enrollment tasks, creates payroll records

604
00:28:46,800 --> 00:28:49,160
and opens or updates the ITSM ticket.

605
00:28:49,160 --> 00:28:52,880
So the operational teams see a single authoritative state.

606
00:28:52,880 --> 00:28:54,960
If something fails, it doesn't apologize.

607
00:28:54,960 --> 00:28:57,920
It retries, it compensates, it escalates.

608
00:28:57,920 --> 00:28:59,600
This is the part executives miss.

609
00:28:59,600 --> 00:29:01,160
You aren't automating on boarding.

610
00:29:01,160 --> 00:29:04,520
You're automating the control plane for on boarding because the workflow becomes the

611
00:29:04,520 --> 00:29:09,320
place where you enforce what done means and you can enforce separation of duties by design.

612
00:29:09,320 --> 00:29:13,400
Agent builders can define the conversational experience and the intent model.

613
00:29:13,400 --> 00:29:16,480
Workflow owners control the execution layer.

614
00:29:16,480 --> 00:29:22,600
Which systems are touched in what order, with what identity and what evidence is recorded.

615
00:29:22,600 --> 00:29:27,000
Operators monitor runs and failures without needing access to redesign tools.

616
00:29:27,000 --> 00:29:31,440
That RBX split matters because on boarding is where privileged sprawl starts.

617
00:29:31,440 --> 00:29:34,080
Now take the scenario everyone has.

618
00:29:34,080 --> 00:29:35,080
Special access.

619
00:29:35,080 --> 00:29:38,880
A manager says they'll need finance reporting access on day one.

620
00:29:38,880 --> 00:29:43,080
In the old model that becomes a side channel, a team's message to someone who can do it real

621
00:29:43,080 --> 00:29:44,080
quick.

622
00:29:44,080 --> 00:29:47,920
In this model, Copilot collects the justification and roots it into the workflow.

623
00:29:47,920 --> 00:29:49,920
Logic apps enforces the policy boundary.

624
00:29:49,920 --> 00:29:54,080
Either it requires an approval step or it queues it for a privileged workflow or it

625
00:29:54,080 --> 00:29:59,520
refuses unless the request meets conditions you defined, same request, different outcome.

626
00:29:59,520 --> 00:30:03,600
Not because the AI is smarter, because the system is constrained and the audit story becomes

627
00:30:03,600 --> 00:30:04,600
clean.

628
00:30:04,600 --> 00:30:07,040
If someone asks why did this person receive that access?

629
00:30:07,040 --> 00:30:09,240
You don't reconstruct the narrative from five systems.

630
00:30:09,240 --> 00:30:10,320
You open the run history.

631
00:30:10,320 --> 00:30:14,480
You see who asked what was asked, what approvals were captured, what tools were called, what

632
00:30:14,480 --> 00:30:17,800
groups were assigned and what downstream updates were made.

633
00:30:17,800 --> 00:30:21,520
That is the actual value of enterprise connectivity in an AI era.

634
00:30:21,520 --> 00:30:24,600
Not faster clicks, but fewer, untracked decisions.

635
00:30:24,600 --> 00:30:27,080
And the business outcome is easy to say without hype.

636
00:30:27,080 --> 00:30:32,440
Fewer manual handoffs, faster day one readiness, fewer access mistakes and a measurable reduction

637
00:30:32,440 --> 00:30:34,600
in the hidden labor of coordination.

638
00:30:34,600 --> 00:30:39,040
Now that the pattern is clear, the next scenario makes the same point from a different angle.

639
00:30:39,040 --> 00:30:40,280
Invoices aren't hard.

640
00:30:40,280 --> 00:30:41,280
Exceptions are.

641
00:30:41,280 --> 00:30:42,280
Scenario 2.

642
00:30:42,280 --> 00:30:44,080
Invoice processing and exception handling.

643
00:30:44,080 --> 00:30:47,080
Invoice automation is always sold as a paper to ERP story.

644
00:30:47,080 --> 00:30:51,240
Scan the PDF, extract the fields, match the PO, post the invoice, done.

645
00:30:51,240 --> 00:30:52,480
That's the brochure version.

646
00:30:52,480 --> 00:30:54,800
In reality, invoices aren't hard.

647
00:30:54,800 --> 00:30:57,120
Expansions are endless and they are usually undocumented.

648
00:30:57,120 --> 00:31:00,200
The vendor name doesn't match what procurement entered three years ago.

649
00:31:00,200 --> 00:31:03,040
The PO is missing, but we always pay this vendor.

650
00:31:03,040 --> 00:31:06,400
The amounts don't line up because someone changed pricing after the PO.

651
00:31:06,400 --> 00:31:08,680
The approval threshold got exceeded by $12.

652
00:31:08,680 --> 00:31:12,360
The cost center is wrong, the invoice got emailed to the wrong mailbox.

653
00:31:12,360 --> 00:31:14,960
The line items are structured like a ransom note.

654
00:31:14,960 --> 00:31:19,520
And every business unit has its own definition of urgent, so the enterprise cost isn't invoice

655
00:31:19,520 --> 00:31:20,520
processing.

656
00:31:20,520 --> 00:31:22,040
It's human exception triage.

657
00:31:22,040 --> 00:31:25,320
And that triage is almost always done in the worst possible place.

658
00:31:25,320 --> 00:31:30,080
Email threads and comments inside whatever ERP screen someone happens to know.

659
00:31:30,080 --> 00:31:31,880
Here's the architectural reframing.

660
00:31:31,880 --> 00:31:35,240
Invoice exceptions are a coordination problem with money attached.

661
00:31:35,240 --> 00:31:36,240
That means two things.

662
00:31:36,240 --> 00:31:40,480
First, you need a reasoning surface that can collect context without forcing AP to become

663
00:31:40,480 --> 00:31:41,480
a detective.

664
00:31:41,480 --> 00:31:46,800
Second, you need an execution layer that refuses to just post it when policy says otherwise.

665
00:31:46,800 --> 00:31:51,800
This is where co-pilot studio earns its place, not by automating finance.

666
00:31:51,800 --> 00:31:56,160
By handling the conversation nobody wants to have manually, 50 times a day.

667
00:31:56,160 --> 00:32:00,160
When an invoice fails validation, the agent can answer the only question people actually

668
00:32:00,160 --> 00:32:02,400
ask, why was this rejected?

669
00:32:02,400 --> 00:32:06,040
And it can do the follow-up work that humans usually do via back and forth.

670
00:32:06,040 --> 00:32:07,800
Which PO should this map to?

671
00:32:07,800 --> 00:32:09,080
Is this a duplicate?

672
00:32:09,080 --> 00:32:10,800
Who owns this cost center?

673
00:32:10,800 --> 00:32:12,720
Do you want to split the amount?

674
00:32:12,720 --> 00:32:15,920
Is this a legitimate exception and if so, who can approve it?

675
00:32:15,920 --> 00:32:19,240
That matters because it pulls intent out of the business in plain language.

676
00:32:19,240 --> 00:32:22,280
And then the system has to stop being polite and start being strict.

677
00:32:22,280 --> 00:32:25,240
This is where logic apps become the execution spine again.

678
00:32:25,240 --> 00:32:27,840
The model can reason across messy inputs.

679
00:32:27,840 --> 00:32:31,160
But the workflow decides what can move where.

680
00:32:31,160 --> 00:32:35,960
Logic apps enforces validations, vendor match, PO match, limits and approval routing.

681
00:32:35,960 --> 00:32:38,560
It does the ordering that keeps finance sane.

682
00:32:38,560 --> 00:32:40,160
Enrich invoice data.

683
00:32:40,160 --> 00:32:44,680
Check against authoritative systems, root to approvals if thresholds trip, then right back to the

684
00:32:44,680 --> 00:32:49,880
ERP only when the conditions are satisfied. And it does it with audit grade behavior, deterministic

685
00:32:49,880 --> 00:32:53,480
steps, retries where retries make sense and a recorded run history.

686
00:32:53,480 --> 00:32:56,800
Now at the part most AI demos skip because it's not as fun.

687
00:32:56,800 --> 00:32:57,800
DLP.

688
00:32:57,800 --> 00:32:59,400
In finance, DLP isn't a slide.

689
00:32:59,400 --> 00:33:02,920
It's the difference between, we can deploy this and security shut it down.

690
00:33:02,920 --> 00:33:04,280
The practical model is simple.

691
00:33:04,280 --> 00:33:06,280
AI can reason across information.

692
00:33:06,280 --> 00:33:09,640
Workflows decide what information is allowed to move between systems.

693
00:33:09,640 --> 00:33:13,600
So you can let co-pilot studio interpret an exception, summarize what's missing and ask

694
00:33:13,600 --> 00:33:15,360
the user for clarification.

695
00:33:15,360 --> 00:33:19,600
Without granting it direct, unconstrained access to write into your system of record, because

696
00:33:19,600 --> 00:33:22,080
authenticated does not mean authorized.

697
00:33:22,080 --> 00:33:25,600
And even authorized does not mean safe to execute without guardrails.

698
00:33:25,600 --> 00:33:28,320
Now in MCP terms, this becomes a tool story.

699
00:33:28,320 --> 00:33:32,720
You don't expose a generic, create invoice tool with a hundred fields and vague meanings.

700
00:33:32,720 --> 00:33:36,080
You expose an invoice exception resolution tool set.

701
00:33:36,080 --> 00:33:40,880
Validate invoice against PO, retrieve vendor master details, request approval for exception

702
00:33:40,880 --> 00:33:45,840
type X, post invoice with correlation ID, and return a structured result that contains

703
00:33:45,840 --> 00:33:48,560
what happened and what evidence was created.

704
00:33:48,560 --> 00:33:52,880
The model doesn't freehand an ERP transaction, it selects from approved actions.

705
00:33:52,880 --> 00:33:56,080
And the best part is the outcome that executives actually care about.

706
00:33:56,080 --> 00:33:58,920
Humans only touch exceptions, not the happy path.

707
00:33:58,920 --> 00:34:03,360
Happy path invoices post automatically with boring reliability.

708
00:34:03,360 --> 00:34:06,760
Exceptions become structured conversations with constrained outcomes, and you can measure

709
00:34:06,760 --> 00:34:12,280
it in the only ways finance trusts, reduced cycle time, fewer manual touches per invoice,

710
00:34:12,280 --> 00:34:16,360
and fewer we don't know why this was posted moments that show up during close.

711
00:34:16,360 --> 00:34:17,880
This also changes the failure mode.

712
00:34:17,880 --> 00:34:21,120
In the old world, the failure mode is silent drift.

713
00:34:21,120 --> 00:34:24,040
Someone finds a workaround and it becomes policy by accident.

714
00:34:24,040 --> 00:34:26,160
In this world, the failure mode is explicit.

715
00:34:26,160 --> 00:34:29,080
The workflow refuses, roots, or escalates.

716
00:34:29,080 --> 00:34:32,720
And you can see it happen, which means your control environment becomes a system, not

717
00:34:32,720 --> 00:34:33,720
a story.

718
00:34:33,720 --> 00:34:37,640
In voice exception, stop consuming human attention, you get a second order benefit.

719
00:34:37,640 --> 00:34:42,400
Your AP team stops spending time, being a message bus, and start spending time on the only

720
00:34:42,400 --> 00:34:46,480
work worth human judgment, actual anomalies and actual fraud signals.

721
00:34:46,480 --> 00:34:51,400
Now if you want the scenario where this becomes even more obvious, it's IT service automation.

722
00:34:51,400 --> 00:34:55,240
Because IT isn't paid to be creative, it is paid to be consistent under pressure with

723
00:34:55,240 --> 00:34:56,240
receipts.

724
00:34:56,240 --> 00:34:57,240
Scenario 3.

725
00:34:57,240 --> 00:34:58,760
IT service automation.

726
00:34:58,760 --> 00:35:02,720
IT service management is where enterprise reality shows up without makeup.

727
00:35:02,720 --> 00:35:04,320
It's a repetitive.

728
00:35:04,320 --> 00:35:06,760
Documentation is outdated the day after it's written.

729
00:35:06,760 --> 00:35:10,200
Tribal knowledge lives in the heads of two people you can't afford to lose.

730
00:35:10,200 --> 00:35:14,240
And the SLA clock keeps running even when the root cause is a user who swears they didn't

731
00:35:14,240 --> 00:35:15,240
change anything.

732
00:35:15,240 --> 00:35:19,120
So yes, it is a great place to start with a genetic orchestration, not because it's glamorous,

733
00:35:19,120 --> 00:35:22,680
because it's measurable, painful, and full of work that should not require a human to

734
00:35:22,680 --> 00:35:24,960
interpret the same request for the thousandth time.

735
00:35:24,960 --> 00:35:27,920
But here's the thing, most organizations get wrong when they try it.

736
00:35:27,920 --> 00:35:29,960
They aim for AI resolve's tickets.

737
00:35:29,960 --> 00:35:30,960
That's not the real objective.

738
00:35:30,960 --> 00:35:31,960
The real objective is.

739
00:35:31,960 --> 00:35:38,280
AI handles standard intents and the system escalates only when policy thresholds are crossed.

740
00:35:38,280 --> 00:35:41,640
Tier to tier 2 is not a human hierarchy, it's a control boundary.

741
00:35:41,640 --> 00:35:44,600
Tier is self-service and safe automation.

742
00:35:44,600 --> 00:35:50,120
Password resets account unlocks basic access requests, known device compliance checks, standard

743
00:35:50,120 --> 00:35:55,880
VPN, troubleshooting prompts, maybe a simple, how do I request that roots to a knowledge base?

744
00:35:55,880 --> 00:35:58,600
Tier 1 is guided execution with guardrails.

745
00:35:58,600 --> 00:36:02,200
If you do this action, then verify this condition, then notify the user.

746
00:36:02,200 --> 00:36:06,400
It's still mostly deterministic, it's the human doing the steps because the system didn't.

747
00:36:06,400 --> 00:36:09,800
Tier 2 is where the organization actually pays for judgment.

748
00:36:09,800 --> 00:36:14,840
Complex incidents, ambiguous symptoms, high impact outages, or anything that can create collateral

749
00:36:14,840 --> 00:36:15,840
damage.

750
00:36:15,840 --> 00:36:19,920
Agentech orchestration is about moving work down the stack without moving risk up the stack.

751
00:36:19,920 --> 00:36:21,280
So here's the pattern.

752
00:36:21,280 --> 00:36:24,200
Copilot Studio becomes the intake and triage surface.

753
00:36:24,200 --> 00:36:28,000
It takes messy user language and turns it into a clean intent.

754
00:36:28,000 --> 00:36:34,080
Password, re-enroll device, request application access, check mailbox permissions, troubleshoot

755
00:36:34,080 --> 00:36:38,920
teams audio, whatever your top ticket categories actually are, then it does the part a ticket

756
00:36:38,920 --> 00:36:40,520
form never does well.

757
00:36:40,520 --> 00:36:42,880
It collects the missing context conversationally.

758
00:36:42,880 --> 00:36:47,200
Device name, error message, location, whether it's a new device or a rebuild, whether the

759
00:36:47,200 --> 00:36:51,280
user is traveling, whether this is affecting one person or a whole team.

760
00:36:51,280 --> 00:36:53,360
This seems small, it's not.

761
00:36:53,360 --> 00:36:57,360
Because IT tickets fail for the same reason invoices fail, missing context forces humans

762
00:36:57,360 --> 00:36:58,520
to improvise.

763
00:36:58,520 --> 00:37:01,440
Then Copilot selects the tool and this is where you need to be ruthless.

764
00:37:01,440 --> 00:37:04,120
IT tools are not query everything and do anything.

765
00:37:04,120 --> 00:37:07,800
That's how you end up with an agent that can disable accounts because someone phrased

766
00:37:07,800 --> 00:37:08,800
a question badly.

767
00:37:08,800 --> 00:37:11,600
Your MCP tools here should map to safe verbs.

768
00:37:11,600 --> 00:37:17,720
Reset password for user, unlock account, create incident with severity, check device compliance,

769
00:37:17,720 --> 00:37:22,600
request software access with a profile, update ticket status, notify user.

770
00:37:22,600 --> 00:37:25,000
If you're hearing repetition, good repetition is the point.

771
00:37:25,000 --> 00:37:29,080
A safe enterprise is mostly repeated patterns executed consistently.

772
00:37:29,080 --> 00:37:33,680
Now logic apps takes the request and executes it and this is where IT benefits from boring

773
00:37:33,680 --> 00:37:38,760
on purpose more than any other domain because IT automation isn't just do the thing.

774
00:37:38,760 --> 00:37:43,040
It's do the thing, then prove it worked, then record what happened.

775
00:37:43,040 --> 00:37:47,600
Logic apps can update your ITSM platform, service now, Azure DevOps, whatever your reality

776
00:37:47,600 --> 00:37:48,600
is.

777
00:37:48,600 --> 00:37:50,400
It can call graph for identity operations.

778
00:37:50,400 --> 00:37:54,280
It can integrate with endpoint tooling that can post to teams, it can send email, it can

779
00:37:54,280 --> 00:37:59,280
trigger follow-up actions and it can do it with controlled retries and clear failure parts.

780
00:37:59,280 --> 00:38:03,280
If the password reset fails due to a lockout policy, the workflow doesn't keep guessing.

781
00:38:03,280 --> 00:38:04,520
It roots to escalation.

782
00:38:04,520 --> 00:38:08,840
If the device action fails, it captures the error, attaches it to the ticket and moves the

783
00:38:08,840 --> 00:38:10,440
case to tier two with evidence.

784
00:38:10,440 --> 00:38:11,600
This is the real win.

785
00:38:11,600 --> 00:38:14,640
You stop escalating tickets without context.

786
00:38:14,640 --> 00:38:15,760
You escalate with a record.

787
00:38:15,760 --> 00:38:20,120
Now add governance because IT is where governance either becomes real or it becomes a slide.

788
00:38:20,120 --> 00:38:25,240
You separate roles, agent designers build the conversational experience and intent rooting.

789
00:38:25,240 --> 00:38:28,160
Workflow owners build and maintain the executable pathways.

790
00:38:28,160 --> 00:38:32,600
Operators watch run history and manage failures and authentication does not equal authorization.

791
00:38:32,600 --> 00:38:36,400
The system can authenticate the agent and still restrict which tool calls are permitted

792
00:38:36,400 --> 00:38:39,440
for which scenarios, which users and which groups.

793
00:38:39,440 --> 00:38:45,040
If you let any authenticated agent call any IT tool, you just created a new tier incident

794
00:38:45,040 --> 00:38:46,040
generator.

795
00:38:46,040 --> 00:38:49,640
This is also where managed identities and least privilege stop being best practice and

796
00:38:49,640 --> 00:38:51,080
start being survival.

797
00:38:51,080 --> 00:38:55,680
No shed credentials in a workflow, no copy-paste API keys inside an agent, no temporary service

798
00:38:55,680 --> 00:38:58,720
accounts that become permanent because nobody wants to rotate them.

799
00:38:58,720 --> 00:39:01,560
Now for the part executives will actually ask for outcomes.

800
00:39:01,560 --> 00:39:06,520
In IT and HR, 20 to 40% ticket deflection is a credible range when you focus on the top

801
00:39:06,520 --> 00:39:07,760
repetitive intents.

802
00:39:07,760 --> 00:39:12,120
Not because the AI is brilliant, because the system finally stops requiring humans to coordinate

803
00:39:12,120 --> 00:39:13,120
between tools.

804
00:39:13,120 --> 00:39:15,720
And the bigger outcome is SLA protection.

805
00:39:15,720 --> 00:39:19,880
When the agent handles the standard work, humans get time back for real incidents.

806
00:39:19,880 --> 00:39:22,560
When escalations happen, they happen with context and evidence.

807
00:39:22,560 --> 00:39:26,120
When audits ask who changed what, you can answer without archaeology.

808
00:39:26,120 --> 00:39:28,800
Kentware even said it directly in the context of IT.

809
00:39:28,800 --> 00:39:31,960
IT service management always a good place to start.

810
00:39:31,960 --> 00:39:33,280
He's not being optimistic.

811
00:39:33,280 --> 00:39:35,640
He's describing where the economics work first.

812
00:39:35,640 --> 00:39:40,040
And once you can prove this works in IT, where metrics are unforgiving, you have a template

813
00:39:40,040 --> 00:39:41,840
you can take to every other domain.

814
00:39:41,840 --> 00:39:45,840
The same two-plane model, the same constraint tools, the same deterministic execution, the

815
00:39:45,840 --> 00:39:47,320
same traceability.

816
00:39:47,320 --> 00:39:51,120
Now the next scenario is where you find out whether your orchestration layer is real or

817
00:39:51,120 --> 00:39:52,600
just polite.

818
00:39:52,600 --> 00:39:55,760
Transactual sync across systems of record where failure isn't annoying.

819
00:39:55,760 --> 00:39:56,760
It's expensive.

820
00:39:56,760 --> 00:39:57,760
Snaurio 4.

821
00:39:57,760 --> 00:39:58,760
SAP.

822
00:39:58,760 --> 00:39:59,760
Dataverse.

823
00:39:59,760 --> 00:40:01,960
Lobby sync without breaking finance.

824
00:40:01,960 --> 00:40:06,200
SAP and finance adjacent systems are where just automated goes to die.

825
00:40:06,200 --> 00:40:09,560
Because the failure mode isn't a funny demo glitch, it's a reconciliation exercise that

826
00:40:09,560 --> 00:40:11,280
becomes someone's full-time job.

827
00:40:11,280 --> 00:40:13,800
And here's the pattern every enterprise recognizes.

828
00:40:13,800 --> 00:40:14,800
Pricing.

829
00:40:14,800 --> 00:40:16,000
Customer master data.

830
00:40:16,000 --> 00:40:17,400
Vendor master data.

831
00:40:17,400 --> 00:40:18,400
Product catalog.

832
00:40:18,400 --> 00:40:19,400
Cost centers.

833
00:40:19,400 --> 00:40:20,400
GL mappings.

834
00:40:20,400 --> 00:40:21,400
Pick your poison.

835
00:40:21,400 --> 00:40:24,760
The business wants a change to show up everywhere, immediately and consistently.

836
00:40:24,760 --> 00:40:26,080
But the estate is a patchwork.

837
00:40:26,080 --> 00:40:27,080
SAP.

838
00:40:27,080 --> 00:40:28,080
Dataverse.

839
00:40:28,080 --> 00:40:30,920
A few line of business apps that matter way more than they look like they should.

840
00:40:30,920 --> 00:40:34,680
And an integration layer that's accumulated five years of temporary fixes.

841
00:40:34,680 --> 00:40:36,000
So teams try to sync.

842
00:40:36,000 --> 00:40:37,600
They build point to point calls.

843
00:40:37,600 --> 00:40:38,960
They wire up a connector.

844
00:40:38,960 --> 00:40:39,960
They do a nightly job.

845
00:40:39,960 --> 00:40:40,960
It works for a while.

846
00:40:40,960 --> 00:40:42,840
And then something fails silently.

847
00:40:42,840 --> 00:40:44,120
A request times out.

848
00:40:44,120 --> 00:40:45,960
A downstream API throttles.

849
00:40:45,960 --> 00:40:47,440
A duplicate update slips through.

850
00:40:47,440 --> 00:40:48,280
A schema changes.

851
00:40:48,280 --> 00:40:50,200
A retry replays the wrong step.

852
00:40:50,200 --> 00:40:53,160
The sync succeeds in one system and fails in another.

853
00:40:53,160 --> 00:40:55,400
And now your systems of record disagree.

854
00:40:55,400 --> 00:40:56,920
That is not a technical annoyance.

855
00:40:56,920 --> 00:40:58,880
That is financial risk.

856
00:40:58,880 --> 00:41:01,640
And this is where the two-plane model becomes non-negotiable.

857
00:41:01,640 --> 00:41:04,640
Copilot Studio can help interpret intent here.

858
00:41:04,640 --> 00:41:06,240
And yes, there is real value in that.

859
00:41:06,240 --> 00:41:08,880
A finance user doesn't want to file an integration request.

860
00:41:08,880 --> 00:41:13,640
They want to say, sync pricing changes for these skews or update customer credit limits

861
00:41:13,640 --> 00:41:18,560
for this region or reconcile product categories between ERP and CRM.

862
00:41:18,560 --> 00:41:24,280
Copilot can translate that into structured intent, scope, criteria, timing, approval needs,

863
00:41:24,280 --> 00:41:25,840
and which systems are involved.

864
00:41:25,840 --> 00:41:29,200
But copilot should never wing it when it comes to multi-system rights.

865
00:41:29,200 --> 00:41:31,440
Because the enterprise doesn't need a conversational update.

866
00:41:31,440 --> 00:41:33,160
It needs transactional integrity.

867
00:41:33,160 --> 00:41:36,200
So the right pattern is copilot decides what should happen.

868
00:41:36,200 --> 00:41:38,160
Logic apps ensures it happens.

869
00:41:38,160 --> 00:41:42,240
And this is where logic apps earns its keep as the execution plane.

870
00:41:42,240 --> 00:41:46,720
The workflow encodes ordering, read source of truth, compute deltas, apply updates in a

871
00:41:46,720 --> 00:41:48,920
controlled sequence and verify results.

872
00:41:48,920 --> 00:41:51,240
It encodes idempotency.

873
00:41:51,240 --> 00:41:54,440
If the same request is replayed, you don't double apply the change.

874
00:41:54,440 --> 00:41:57,720
It encodes retries that don't turn into accidental duplication.

875
00:41:57,720 --> 00:42:01,560
And it encodes compensating actions for the cases where a partial success is worse than

876
00:42:01,560 --> 00:42:02,560
a full failure.

877
00:42:02,560 --> 00:42:05,120
This is the kind of boring nobody claps for in a demo.

878
00:42:05,120 --> 00:42:07,760
It is also the only kind of boring finance trusts.

879
00:42:07,760 --> 00:42:09,600
Now layer in the connectivity reality.

880
00:42:09,600 --> 00:42:12,960
A lot of these systems are not meant to be exposed to the public internet.

881
00:42:12,960 --> 00:42:15,720
They live behind networks with reasons not vibes.

882
00:42:15,720 --> 00:42:18,600
This is where logic app standard and the networking options matter.

883
00:42:18,600 --> 00:42:22,800
If you need private endpoints and vnet integration so the orchestration layer can talk to internal

884
00:42:22,800 --> 00:42:26,800
systems without punching holes through your perimeter, this is where you do it.

885
00:42:26,800 --> 00:42:29,000
Executives here, private endpoint.

886
00:42:29,000 --> 00:42:30,400
And think it's a networking detail.

887
00:42:30,400 --> 00:42:31,400
It's not.

888
00:42:31,400 --> 00:42:32,400
It's a trust boundary.

889
00:42:32,400 --> 00:42:37,360
It's the difference between we integrated SAP and we exposed SAP integration to whatever

890
00:42:37,360 --> 00:42:38,800
could hit an endpoint.

891
00:42:38,800 --> 00:42:40,400
Now bring mcp into the picture.

892
00:42:40,400 --> 00:42:43,400
In this scenario mcp is not about making SAP magical.

893
00:42:43,400 --> 00:42:47,680
It's about packaging the governed workflow as a tool the model can call without improvisation.

894
00:42:47,680 --> 00:42:51,040
So instead of giving the model a connector and hoping it can construct a correct right

895
00:42:51,040 --> 00:42:56,680
into SAP you give it a tool like sync pricing changes backed by a logic app workflow that

896
00:42:56,680 --> 00:43:01,880
does the ugly parts validation mapping sequencing retries and evidence.

897
00:43:01,880 --> 00:43:06,040
The schema forces specificity which products which effective date which price list which

898
00:43:06,040 --> 00:43:11,400
region what approval ID if required what correlation ID should be returned for audit and the output

899
00:43:11,400 --> 00:43:16,360
is structured not chatty what changed what didn't what failed and where the evidence lives.

900
00:43:16,360 --> 00:43:20,240
This is the part most people miss the output format is governance too.

901
00:43:20,240 --> 00:43:25,400
If you return huge payloads and raw ERP responses you're not being transparent you're flooding

902
00:43:25,400 --> 00:43:29,880
the reasoning plane with noise so you return the minimum needed for decisions and you store

903
00:43:29,880 --> 00:43:31,600
the rest as run history.

904
00:43:31,600 --> 00:43:33,440
Now business outcomes.

905
00:43:33,440 --> 00:43:38,160
The direct benefit is fewer integration outages and fewer systems disagree incidents but

906
00:43:38,160 --> 00:43:42,200
the bigger benefit is that change becomes safer when the enterprise can trust that cross-system

907
00:43:42,200 --> 00:43:47,000
updates are ordered, idempatent and traceable you can move faster without creating reconciliation

908
00:43:47,000 --> 00:43:48,000
debt.

909
00:43:48,000 --> 00:43:52,360
And yes reconciliation debt is a real thing you pay it later with interest during quarter

910
00:43:52,360 --> 00:43:53,360
close.

911
00:43:53,360 --> 00:43:57,640
This scenario also clarifies a strategic truth AI doesn't remove the need for integration

912
00:43:57,640 --> 00:44:02,080
engineering it exposes whether you ever had it if your estate relies on tribal knowledge

913
00:44:02,080 --> 00:44:07,840
and side channel coordination AI will amplify the inconsistency if your estate has a deterministic

914
00:44:07,840 --> 00:44:12,840
execution layer with governed tools AI will amplify throughput without amplifying risk

915
00:44:12,840 --> 00:44:16,400
that's the difference between agente transformation and agente chaos.

916
00:44:16,400 --> 00:44:21,320
Next there's one scenario that turns all of this into executive language instantly compliance

917
00:44:21,320 --> 00:44:26,840
evidence collection where the output isn't automation it's proof scenario five compliance

918
00:44:26,840 --> 00:44:31,960
evidence collection audit sell reality compliance is where strategy stops being inspirational

919
00:44:31,960 --> 00:44:36,240
and starts being accountable most executives don't fear automation they fear the email

920
00:44:36,240 --> 00:44:40,600
from audit that says prove it prove who approved the access prove why the change was made

921
00:44:40,600 --> 00:44:44,600
prove the control operated consistently prove the data didn't leak prove the exception

922
00:44:44,600 --> 00:44:48,760
was justified prove it across three systems that don't agree and two teams that remember

923
00:44:48,760 --> 00:44:53,280
it differently and that's the ugly truth in most enterprises the work is automated but

924
00:44:53,280 --> 00:44:57,840
the evidence is manual people spend weeks collecting screenshots digging through tickets exporting

925
00:44:57,840 --> 00:45:01,840
logs and stitching together a narrative that sounds plausible enough to pass not because

926
00:45:01,840 --> 00:45:06,040
anyone wants to lie because the systems were never designed to tell the story and to end

927
00:45:06,040 --> 00:45:10,240
this is where agente orchestration gets to stop being innovation and start being an operating

928
00:45:10,240 --> 00:45:14,520
model copilot studio plays the front door here but not as the system of record as the

929
00:45:14,520 --> 00:45:19,560
interface to the evidence executives ask questions like who has access to finance reporting

930
00:45:19,560 --> 00:45:24,240
and why which invoices were posted outside policy last quarter what changed in the last

931
00:45:24,240 --> 00:45:28,880
release that impacted customer data which approvals were bypassed during the outage humans

932
00:45:28,880 --> 00:45:33,360
can answer those questions slowly in meetings with caveats copilot studio can answer them

933
00:45:33,360 --> 00:45:37,800
conversationally quickly and in a way that executives will actually use because it can translate

934
00:45:37,800 --> 00:45:42,040
vague questions into structured requests but only if the execution plane can produce

935
00:45:42,040 --> 00:45:45,920
deterministic evidence that is the constraint so the pattern looks like this copilot studio

936
00:45:45,920 --> 00:45:52,080
takes the audit style question and converts it into an evidence request scope time window systems

937
00:45:52,080 --> 00:45:57,680
involved the definition of exception and what the auditor will accept as proof then it

938
00:45:57,680 --> 00:46:02,440
selects a tool that doesn't search everything it calls an evidence assembly capability and

939
00:46:02,440 --> 00:46:06,400
logic apps does what logic apps always does when it's used correctly it executes a boring

940
00:46:06,400 --> 00:46:10,480
repeatable process that creates a trace you can defend pull the access assignments from

941
00:46:10,480 --> 00:46:15,160
entry pull the ticket approvals from it sm pull the workflow runs that provisioned or revoked

942
00:46:15,160 --> 00:46:19,480
access pull the finance transaction logs that show postings and reversals package it into

943
00:46:19,480 --> 00:46:23,240
an evidence bundle with correlation IDs and timestamps store it where your compliance

944
00:46:23,240 --> 00:46:28,200
team expects it return a summary to the agent that is small structured and decision ready

945
00:46:28,200 --> 00:46:32,400
and here's the architectural payoff you're not relying on copilot's memory of the conversation

946
00:46:32,400 --> 00:46:37,720
to be the record you're relying on run history can't describe it as full traceability

947
00:46:37,720 --> 00:46:41,880
inputs outputs what the user said and what the agent responded we've got a very complete

948
00:46:41,880 --> 00:46:45,800
picture that matters most in audits because audits are not about what your system intended

949
00:46:45,800 --> 00:46:50,080
they're about what your system did logic apps run history becomes an audit artifact who

950
00:46:50,080 --> 00:46:54,400
triggered the workflow what inputs were supplied what tools were called what downstream systems

951
00:46:54,400 --> 00:46:58,960
responded and what the workflow returned if your agent asked for evidence the workflow

952
00:46:58,960 --> 00:47:03,640
can provide it with the same determinism every time and once you have that something changes

953
00:47:03,640 --> 00:47:08,680
culturally audit stop being a seasonal panic they become a query that's not a small shift

954
00:47:08,680 --> 00:47:15,120
it's executive language reduced compliance labor fewer control failures faster response

955
00:47:15,120 --> 00:47:19,480
to audit requests and less reliance on heroics also it forces a healthier boundary between

956
00:47:19,480 --> 00:47:24,360
reasoning and execution copilot can talk it can interpret it can format the answer for a human

957
00:47:24,360 --> 00:47:28,840
but the evidence comes from a deterministic system that can be replayed inspected and monitored

958
00:47:28,840 --> 00:47:33,560
that's what governed AI actually means not trust in the model but trust in the trail

959
00:47:33,560 --> 00:47:38,360
and if you want the most cynical accurate ROI statement for compliance it's this the business

960
00:47:38,360 --> 00:47:42,600
value isn't that the agent can answer auditors the business value is that the enterprise

961
00:47:42,600 --> 00:47:47,800
stops paying humans to reconstruct reality after the fact governance that enable speed guard

962
00:47:47,800 --> 00:47:52,920
rails that don't rot governance is usually presented as a break pedal that framing is why it fails

963
00:47:52,920 --> 00:47:57,560
a break pedal is something people try to avoid they root around it they temporarily bypass it

964
00:47:57,560 --> 00:48:03,000
they build side channels then governance becomes theater a slide deck about controls that were never

965
00:48:03,000 --> 00:48:09,480
enforced by design in an agentic world governance has to be an accelerator not because leaders suddenly

966
00:48:09,480 --> 00:48:14,840
love compliance because the only way to scale AI is to make the safe path the default path

967
00:48:14,840 --> 00:48:19,000
every other option is entropy with a budget line so here's what governance looks like when it

968
00:48:19,000 --> 00:48:23,960
actually enables speed and doesn't rot six months after launched first role separation that matches

969
00:48:23,960 --> 00:48:28,520
how the system works you need three roles and you need them because the platform will drift without

970
00:48:28,520 --> 00:48:35,240
them agent designers build the intent interface prompts conversation flows and tool selection logic

971
00:48:35,240 --> 00:48:39,960
they should not be able to change what a provision access tool can do in production workflow owners

972
00:48:39,960 --> 00:48:46,200
build the execution plane logic apps workflows tool schemas retries compensations and the integration

973
00:48:46,200 --> 00:48:50,920
contracts they should not be writing the conversational layer operators run the estate monitoring

974
00:48:50,920 --> 00:48:55,240
incident response and evidence production they should not be editing workflows in the middle of

975
00:48:55,240 --> 00:48:59,800
an outage because someone asked nicely that's our back as an operating model not our back as a

976
00:48:59,800 --> 00:49:04,520
checkbox and if you don't do it you will get privileged sprawl you will get everyone is a maker

977
00:49:04,520 --> 00:49:10,360
access drift you will get production edited from a browser tab at 11 p.m second managed identity as

978
00:49:10,360 --> 00:49:15,800
the default not as a nice when we have time upgrade if an automation can run only because somebody

979
00:49:15,800 --> 00:49:21,080
copied a client secret into a connection you have not built a system you've built a hostage situation

980
00:49:21,080 --> 00:49:26,600
managed identities are how you keep execution boring no secrets no shared credentials no rotated

981
00:49:26,600 --> 00:49:31,400
keys that nobody rotates it also gives you something executives care about when they eventually ask

982
00:49:31,400 --> 00:49:37,240
who had access to do that because the identity is explicit scoped and auditable third tenant

983
00:49:37,240 --> 00:49:42,200
and environment isolation that reflects reality dev test and prod aren't best practice they are

984
00:49:42,200 --> 00:49:46,360
entropy containment agent behavior will change prompts will change tools will evolve connectors will

985
00:49:46,360 --> 00:49:51,000
get updated models will get updated if you don't isolate environments you've created a single

986
00:49:51,000 --> 00:49:56,760
shared blast radius where experimentation and production share the same failure modes so you isolate

987
00:49:56,760 --> 00:50:03,000
not by duplicating intelligence but by promoting vetted artifacts tool contracts workflows policies

988
00:50:03,000 --> 00:50:08,520
build once then promote through environments with controlled change fourth network boundaries early

989
00:50:08,520 --> 00:50:13,480
not as a retrofit if you wait until after the pilot to ask should this traffic stay private

990
00:50:13,480 --> 00:50:17,880
you've already chosen public exposure you just haven't admitted it logic app standard and

991
00:50:17,880 --> 00:50:23,000
private endpoints exist for a reason enterprises have systems that cannot be internet adjacent and

992
00:50:23,000 --> 00:50:27,640
when you're feeding those systems through agente pathways you don't get to pretend the network is

993
00:50:27,640 --> 00:50:32,760
someone else's problem private endpoints keep internal traffic internal vnet integration keeps the

994
00:50:32,760 --> 00:50:37,480
orchestration layer on the right side of your perimeter and yes it's slower to set up at first it's

995
00:50:37,480 --> 00:50:42,920
faster than rebuilding everything after security says no fifth dlp as the line between reasoning

996
00:50:42,920 --> 00:50:47,560
and movement copilot studio can reason across a lot of information that's the point but workflows

997
00:50:47,560 --> 00:50:53,480
decide what can move where so you treat dlp policies as rooting rules for data movement not as abstract

998
00:50:53,480 --> 00:50:58,280
restrictions you define which connectors can exchange which data classes you define where sensitive

999
00:50:58,280 --> 00:51:03,240
data can be written you define what can be summarized versus what can be exported this is how you stop

1000
00:51:03,240 --> 00:51:09,400
helpful from becoming x filtration finally authorization beyond authentication enterprises love

1001
00:51:09,400 --> 00:51:14,040
saying it's protected by entra that's only the first gate authenticated doesn't mean authorized

1002
00:51:14,040 --> 00:51:18,600
authorize doesn't mean least privilege least privilege doesn't mean safe tool design so you enforce

1003
00:51:18,600 --> 00:51:24,120
authorization at the execution plane which tools can be called by which agents on behalf of which

1004
00:51:24,120 --> 00:51:29,800
uses for which scopes under which conditions and you log it as evidence not as best effort this is

1005
00:51:29,800 --> 00:51:34,680
the uncomfortable truth policy will erode wherever enforcement is optional so you make enforcement

1006
00:51:34,680 --> 00:51:40,200
structural you publish constrained tools you root execution through deterministic workflows you

1007
00:51:40,200 --> 00:51:44,920
isolate environments you remove secrets you keep the network private and you keep the run history

1008
00:51:44,920 --> 00:51:49,400
as the truth source because governance that works is not something people remember to do it's

1009
00:51:49,400 --> 00:51:55,000
what the architecture refuses to let them avoid operating model build ones reuse everywhere most

1010
00:51:55,000 --> 00:52:00,200
enterprises don't lose to technology they lose to duplication one team builds a sales force connector

1011
00:52:00,200 --> 00:52:04,440
solution another team builds the same thing slightly differently because they couldn't find the

1012
00:52:04,440 --> 00:52:09,640
first one couldn't trust it or couldn't use it without begging for access six months later you don't

1013
00:52:09,640 --> 00:52:13,480
have an integration strategy you have a museum of near identical artifacts and now you're about to

1014
00:52:13,480 --> 00:52:18,520
do the same thing with agents so this section is the operating model how you stop agentic work from

1015
00:52:18,520 --> 00:52:23,480
becoming a new layer of sprawl the rule is simple build ones reuse everywhere but that only works if

1016
00:52:23,480 --> 00:52:28,200
you treat tools as products not as project outputs that means you need a catalog not a folder not a

1017
00:52:28,200 --> 00:52:34,440
team's post not ask bob a catalog with ownership visibility and a life cycle this is why api center

1018
00:52:34,440 --> 00:52:39,080
shows up in Kent's story as more than a wizard it's the discoverability layer that prevents your

1019
00:52:39,080 --> 00:52:43,880
mcp servers from becoming that thing someone built in a subscription nobody monitors and he called

1020
00:52:43,880 --> 00:52:48,760
api center a central hub to stop your api sprawl that's not marketing that's the problem statement

1021
00:52:48,760 --> 00:52:53,480
because mcp servers without a catalog are just better hidden endpoints and hidden endpoints are

1022
00:52:53,480 --> 00:52:57,880
how governance dies now practically there are three catalog shaped paths in the Microsoft estate

1023
00:52:57,880 --> 00:53:03,560
that all converge on the same idea first api center is the enterprise catalog for api's and mcp

1024
00:53:03,560 --> 00:53:08,280
servers it's where you register describe and publish what exists it's where admins can see what's

1025
00:53:08,280 --> 00:53:12,840
out there and developers can discover what they're allowed to reuse and yes it's also where you can

1026
00:53:12,840 --> 00:53:18,280
start small Kent mentioned the free tier with a limit of up to 200 registered assets that's enough

1027
00:53:18,280 --> 00:53:23,080
runway for most organizations to prove the model without turning procurement into a blocker second

1028
00:53:23,080 --> 00:53:28,040
foundry's tools catalog this is the agent builder's view of the same reality it's where teams go when

1029
00:53:28,040 --> 00:53:32,680
they want to add capability fast but still through a governed pathway what matters here isn't the

1030
00:53:32,680 --> 00:53:37,960
UI what matters is that the tool gets created as an mcp server with consistent security and packaging

1031
00:53:37,960 --> 00:53:43,720
so it becomes reusable across agents not embedded into one build third native logic apps where the actual

1032
00:53:43,720 --> 00:53:48,680
execution lives this is where the workflows exist the run history exists and the operational

1033
00:53:48,680 --> 00:53:53,560
reality gets owned the catalog is just the storefront logic apps is the factory these aren't

1034
00:53:53,560 --> 00:53:57,800
competing approaches they're different entry points to the same operating model and once you accept

1035
00:53:57,800 --> 00:54:03,960
that your strategy becomes less about which portal do we prefer and more about how do we enforce reuse

1036
00:54:03,960 --> 00:54:08,680
now reuse fails for predictable reasons and you can design around them the first is discoverability

1037
00:54:08,680 --> 00:54:13,000
if people can't find the tool they rebuild it the second is trust if people can't see how the tool

1038
00:54:13,000 --> 00:54:17,800
behaves they don't bet their process on it the third is friction if consuming the tool requires a

1039
00:54:17,800 --> 00:54:22,680
weeks long security negotiation teams will route around it so you solve these with an enterprise posture

1040
00:54:22,680 --> 00:54:27,720
that is boring and explicit every mcp server gets an owner every tool gets a description that matches

1041
00:54:27,720 --> 00:54:32,040
business verbs not platform verbs every tool gets a schema that constraints inputs and constraints

1042
00:54:32,040 --> 00:54:37,400
outputs every tool gets versioning and change control because we updated the workflow is not an

1043
00:54:37,400 --> 00:54:42,200
acceptable release note when the workflow is now the execution plane for multiple agents

1044
00:54:42,200 --> 00:54:47,800
and every tool gets an operational contract how it's monitored how failures route how evidence is

1045
00:54:47,800 --> 00:54:53,080
stored how changes are deployed now testing is the part everyone skips until the first outage can

1046
00:54:53,080 --> 00:54:57,800
mention the logic apps unit testing framework that is GA and the detail that matters isn't the

1047
00:54:57,800 --> 00:55:02,840
framework itself it's the posture you don't treat workflows as low code art you treat them as

1048
00:55:02,840 --> 00:55:08,440
production assets testable promotable and regression safe because when your mcp server is backed by

1049
00:55:08,440 --> 00:55:13,240
a workflow a workflow changes a tool change and a tool change is now a business risk so you build

1050
00:55:13,240 --> 00:55:19,240
smoke tests in vscode you validate tool schemas you test failure paths you test timeouts you test the

1051
00:55:19,240 --> 00:55:23,640
what happens when sales force throttles scenario because that's not hypothetical it's Tuesday

1052
00:55:23,640 --> 00:55:29,400
if you want a single executive framing for this operating model it's this the roi doesn't come from

1053
00:55:29,400 --> 00:55:34,200
smarter a i it comes from fewer humans coordinating between systems and fewer teams rebuilding the

1054
00:55:34,200 --> 00:55:39,080
same governed capabilities catalogs make capabilities visible logic apps makes execution reliable

1055
00:55:39,080 --> 00:55:44,120
mcp makes those capabilities portable across agent platforms and once that's true every new agent

1056
00:55:44,120 --> 00:55:49,480
stops being a bespoke integration project it becomes a consumer of a shared enterprise tool chain

1057
00:55:49,480 --> 00:55:55,240
executive decision checklist where this goes wrong and how to prevent it executives don't need

1058
00:55:55,240 --> 00:55:59,800
another architecture diagram they need a checklist that predicts failure so here it is the five ways

1059
00:55:59,800 --> 00:56:04,600
this goes wrong and what prevents it mistake one treating mcp like just another connector

1060
00:56:05,720 --> 00:56:11,320
that creates tools brawl 50 overlapping tools with vague names vague schemas and nobody who can explain

1061
00:56:11,320 --> 00:56:17,000
which one is safe prevention is boring publish a small curated tool catalog backed by owned workflows

1062
00:56:17,000 --> 00:56:22,920
then enforce reuse through the catalog not tribal knowledge mistake two letting a i write directly

1063
00:56:22,920 --> 00:56:27,880
to systems of record without an execution plane that's not automation that's uncontrolled

1064
00:56:27,880 --> 00:56:33,320
mutation prevention is the two plane model copilot reasons logic apps executes if it can't be traced

1065
00:56:33,320 --> 00:56:38,840
it doesn't run mistake three skipping discoverability if people can't find a standard tool they'll rebuild

1066
00:56:38,840 --> 00:56:43,720
it if they can't trust it they'll bypass it prevention is a catalog with ownership versioning

1067
00:56:43,720 --> 00:56:48,920
and a life cycle api center foundry catalog whatever your front door is the tool has to be

1068
00:56:48,920 --> 00:56:54,040
discoverable and governable or it doesn't exist mistake four ignoring networking and identity

1069
00:56:54,040 --> 00:56:58,840
until after the pilot that's how pilots die in security review prevention is designing with

1070
00:56:58,840 --> 00:57:04,600
private endpoints managed identity and environment isolation from day one you don't retrofit trust

1071
00:57:04,600 --> 00:57:11,720
boundaries you enforce them mistake five exposing generic do everything tools create record is not a

1072
00:57:11,720 --> 00:57:16,440
tool it's an entropy generator prevention is designing tools as constrained business verbs with

1073
00:57:16,440 --> 00:57:20,600
explicit inputs and constrained outputs and that's how you stop guessing from becoming writing now

1074
00:57:20,600 --> 00:57:28,440
the decision framework start in one domain where pain is obvious and measurement is easy i t sm or h r

1075
00:57:28,440 --> 00:57:33,880
build one mcp server backed by logic apps workflows publish it in a catalog use it from copilot studio

1076
00:57:33,880 --> 00:57:38,440
proof traceability and approval boundaries then scale by reuse not by cloning that's how you avoid

1077
00:57:38,440 --> 00:57:45,000
conditional chaos the positive thesis the future isn't smarter chat it's governed execution copilot

1078
00:57:45,000 --> 00:57:50,520
studio turns intent into decisions and logic apps turns decisions into controlled auditable action

1079
00:57:50,520 --> 00:57:54,440
if you want the governance patterns that keep this from turning into tools brawl watch the next

1080
00:57:54,440 --> 00:57:59,240
next episode and subscribe because this is where Enterprise AI either scales or breaks.