How to Build a High-Performance Agentic Workforce in 30 Days

1
00:00:00,000 --> 00:00:02,120
Most organizations think deploy Copilot

2
00:00:02,120 --> 00:00:03,920
and suddenly they have an agentec workforce.

3
00:00:03,920 --> 00:00:06,160
They are wrong agents don't create discipline.

4
00:00:06,160 --> 00:00:09,360
They amplify whatever entropy already exists.

5
00:00:09,360 --> 00:00:12,560
Bad data, unclear ownership, and controls

6
00:00:12,560 --> 00:00:14,080
that only live in PowerPoint.

7
00:00:14,080 --> 00:00:16,800
So week two arrives, the first confident wrong answer

8
00:00:16,800 --> 00:00:19,880
hits the wrong audience and adoption quietly dies.

9
00:00:19,880 --> 00:00:22,640
This is a 30-day roadmap that produces measurable outcomes,

10
00:00:22,640 --> 00:00:23,440
not a demo.

11
00:00:23,440 --> 00:00:24,680
Three pillars in order.

12
00:00:24,680 --> 00:00:27,560
Copilot Studio orchestration first, Azure AI Search

13
00:00:27,560 --> 00:00:31,200
plus MCP grounding second and Entra Agent ID governance third.

14
00:00:31,200 --> 00:00:33,640
And there's one design choice that prevents ghost agents

15
00:00:33,640 --> 00:00:34,240
later.

16
00:00:34,240 --> 00:00:35,000
It's coming.

17
00:00:35,000 --> 00:00:37,480
Define high performance in executive terms.

18
00:00:37,480 --> 00:00:39,520
Before anyone builds an agent, leadership

19
00:00:39,520 --> 00:00:41,400
has to define high performance in terms

20
00:00:41,400 --> 00:00:42,520
that business can audit.

21
00:00:42,520 --> 00:00:43,720
Not users loved it.

22
00:00:43,720 --> 00:00:45,720
Not we shipped four bots.

23
00:00:45,720 --> 00:00:47,200
Outcomes.

24
00:00:47,200 --> 00:00:49,360
Because the platform will happily generate activity

25
00:00:49,360 --> 00:00:50,520
without impact.

26
00:00:50,520 --> 00:00:52,080
You can have thousands of chats and still

27
00:00:52,080 --> 00:00:54,080
have the same backlog, the same seller breaches

28
00:00:54,080 --> 00:00:55,320
and the same escalations.

29
00:00:55,320 --> 00:00:56,560
That distinction matters.

30
00:00:57,560 --> 00:01:00,680
In executive terms, high performance means the system

31
00:01:00,680 --> 00:01:03,800
measurably changes three things, demand time and risk.

32
00:01:03,800 --> 00:01:05,280
Demand is volume reduction.

33
00:01:05,280 --> 00:01:08,400
If the agent works, fewer tickets get created at all.

34
00:01:08,400 --> 00:01:10,320
Not because users stopped having problems,

35
00:01:10,320 --> 00:01:12,720
but because the first interaction resolves them.

36
00:01:12,720 --> 00:01:13,520
That is deflection.

37
00:01:13,520 --> 00:01:15,680
And it's the only metric that actually hits cost.

38
00:01:15,680 --> 00:01:17,200
Time is cycle reduction.

39
00:01:17,200 --> 00:01:20,120
If a ticket still gets created, it should be created

40
00:01:20,120 --> 00:01:23,320
with better classification, better context, and fewer handoffs.

41
00:01:23,320 --> 00:01:26,120
That shows up as SLA reduction faster first response

42
00:01:26,120 --> 00:01:28,000
and higher first contact resolution.

43
00:01:28,000 --> 00:01:29,760
Risk is controlled behavior.

44
00:01:29,760 --> 00:01:31,880
The agent doesn't helpfully guess.

45
00:01:31,880 --> 00:01:34,880
It either answers with grounded evidence or it escalates.

46
00:01:34,880 --> 00:01:37,240
And every action is attributable to an identity

47
00:01:37,240 --> 00:01:38,200
with an audit trail.

48
00:01:38,200 --> 00:01:40,000
So for a 30-day window, the KPIs

49
00:01:40,000 --> 00:01:42,880
have to be realistic, measurable and tied to one domain.

50
00:01:42,880 --> 00:01:45,000
Here are target leaders can sign their name to.

51
00:01:45,000 --> 00:01:49,400
For service IT, 20% to 40% ticket deflection at LL1,

52
00:01:49,400 --> 00:01:52,480
15% to 30% reduction in SLA time for the subset

53
00:01:52,480 --> 00:01:55,840
of tickets the agent touches and 10% to 25% fewer escalations.

54
00:01:55,840 --> 00:01:57,040
Those aren't vanity numbers.

55
00:01:57,040 --> 00:01:59,200
They come directly from three operational levers,

56
00:01:59,200 --> 00:02:02,560
rooting accuracy, containment boundaries, and handoff latency.

57
00:02:02,560 --> 00:02:06,040
For user productivity, 30 to 60 minutes saved per user

58
00:02:06,040 --> 00:02:07,720
per week in the target group.

59
00:02:07,720 --> 00:02:09,560
Not time saved in theory.

60
00:02:09,560 --> 00:02:12,760
Time saved as measured by reduced back and forth,

61
00:02:12,760 --> 00:02:17,000
fewer status check messages and fewer who owns this detours.

62
00:02:17,000 --> 00:02:21,080
Also, over 60% task completion without a human handoff

63
00:02:21,080 --> 00:02:22,560
for the narrow workflow you choose,

64
00:02:22,560 --> 00:02:25,280
an adoption in the target group of 30 to 50%.

65
00:02:25,280 --> 00:02:27,040
If nobody uses it, it doesn't exist.

66
00:02:27,040 --> 00:02:31,040
For quality and risk, greater than 85% grounded answer accuracy

67
00:02:31,040 --> 00:02:34,280
on an evaluation set, zero access violations,

68
00:02:34,280 --> 00:02:36,520
an audit logging enabled from day one.

69
00:02:36,520 --> 00:02:37,640
Not after the pilot.

70
00:02:37,640 --> 00:02:40,200
Day one, now the antimetrics, these are the numbers teams

71
00:02:40,200 --> 00:02:41,480
love because they're easy.

72
00:02:41,480 --> 00:02:42,520
They are also useless.

73
00:02:42,520 --> 00:02:44,920
Prompt counts, check counts, token consumption,

74
00:02:44,920 --> 00:02:47,320
number of agents, these measure noise, not outcomes,

75
00:02:47,320 --> 00:02:49,520
they also incentivize exactly the wrong behavior.

76
00:02:49,520 --> 00:02:51,440
Build more, publish more, celebrate more.

77
00:02:51,440 --> 00:02:54,040
Meanwhile, the system decays, a better mental model is this.

78
00:02:54,040 --> 00:02:57,080
Every KPI maps to an operational lever you can actually tune.

79
00:02:57,080 --> 00:02:59,040
Deflection and first contact resolution map

80
00:02:59,040 --> 00:03:01,640
to containment design, what the agent must solve

81
00:03:01,640 --> 00:03:03,240
versus what it must escalate.

82
00:03:03,240 --> 00:03:04,560
If you don't define that boundary,

83
00:03:04,560 --> 00:03:06,960
you will either over escalate and waste time

84
00:03:06,960 --> 00:03:09,520
or over confidently answer and destroy trust.

85
00:03:09,520 --> 00:03:12,680
SLA reduction maps to handoff latency and enrichment.

86
00:03:12,680 --> 00:03:15,560
If escalation requires the user to repeat everything,

87
00:03:15,560 --> 00:03:17,640
you didn't build an agent, you built a delay.

88
00:03:17,640 --> 00:03:20,800
The handoff has to carry the context, intent, urgency,

89
00:03:20,800 --> 00:03:24,080
impacted service, device, and what the agent already tried.

90
00:03:24,080 --> 00:03:25,960
Grounded accuracy maps to knowledge coverage

91
00:03:25,960 --> 00:03:27,040
and retrieval quality.

92
00:03:27,040 --> 00:03:29,840
If your content is messy, stale or too large to retrieve

93
00:03:29,840 --> 00:03:31,680
cleanly, the model will improvise.

94
00:03:31,680 --> 00:03:33,920
It's not malice, it's math.

95
00:03:33,920 --> 00:03:36,480
An adoption maps to user experience, short answers,

96
00:03:36,480 --> 00:03:39,240
clear next actions and fewer decisions per interaction.

97
00:03:39,240 --> 00:03:41,440
Paragraphs don't ship work, decisions do.

98
00:03:41,440 --> 00:03:43,280
The next thing leaders miss is ownership.

99
00:03:43,280 --> 00:03:46,360
High performance doesn't come from who built the bot.

100
00:03:46,360 --> 00:03:47,880
It comes from who owns the outcome,

101
00:03:47,880 --> 00:03:49,720
so a sign an outcome owner per use case,

102
00:03:49,720 --> 00:03:52,360
not a maker, not a dev lead, an accountable operator.

103
00:03:52,360 --> 00:03:54,920
For IT triage, that's usually the service owner

104
00:03:54,920 --> 00:03:56,200
or the head of service desk.

105
00:03:56,200 --> 00:03:58,960
They sign the KPI targets, they decide what done means.

106
00:03:58,960 --> 00:04:01,400
They also own deprecating topics that don't perform

107
00:04:01,400 --> 00:04:03,800
because if nobody has authority to kill weak behavior,

108
00:04:03,800 --> 00:04:06,200
the system accumulates entropy generators forever.

109
00:04:06,200 --> 00:04:08,560
Finally, set the system boundary, pick one domain,

110
00:04:08,560 --> 00:04:10,520
one channel, one audience, one backlog.

111
00:04:10,520 --> 00:04:12,120
Performance requires a closed system

112
00:04:12,120 --> 00:04:13,640
where change is observable.

113
00:04:13,640 --> 00:04:15,280
If every department ships an agent

114
00:04:15,280 --> 00:04:17,720
to solve a personal annoyance, you don't get a workforce.

115
00:04:17,720 --> 00:04:19,560
You get a zoo and that's the transition point.

116
00:04:19,560 --> 00:04:21,440
The roadmap starts by forcing a boundary

117
00:04:21,440 --> 00:04:23,720
because without one, everything becomes theater.

118
00:04:23,720 --> 00:04:26,520
The core misconception.

119
00:04:26,520 --> 00:04:28,880
Automation isn't an agentic workforce.

120
00:04:28,880 --> 00:04:31,240
Most leaders have already funded automation.

121
00:04:31,240 --> 00:04:32,720
Some of it even worked.

122
00:04:32,720 --> 00:04:34,920
A power-automate flow here, a ticket template there,

123
00:04:34,920 --> 00:04:37,120
maybe a chatbot that answers the top five questions

124
00:04:37,120 --> 00:04:38,640
when the moon is in the right phase.

125
00:04:38,640 --> 00:04:40,080
That's not an agentic workforce.

126
00:04:40,080 --> 00:04:42,200
That's sparkling automation, isolated wins

127
00:04:42,200 --> 00:04:43,360
that look great in a demo

128
00:04:43,360 --> 00:04:45,480
because they run in a clean, staged world.

129
00:04:45,480 --> 00:04:46,960
But they don't compose into a system.

130
00:04:46,960 --> 00:04:49,120
They don't share a vocabulary of intent.

131
00:04:49,120 --> 00:04:50,600
They don't have consistent boundaries.

132
00:04:50,600 --> 00:04:52,000
They don't learn from failure.

133
00:04:52,000 --> 00:04:54,280
And when they break, nobody can explain why

134
00:04:54,280 --> 00:04:56,440
because they were never instrumented like a system.

135
00:04:56,440 --> 00:04:58,000
They were shipped like a feature.

136
00:04:58,000 --> 00:04:59,600
The uncomfortable truth is this.

137
00:04:59,600 --> 00:05:01,240
Agentic isn't a UI choice.

138
00:05:01,240 --> 00:05:02,520
It's an operating model.

139
00:05:02,520 --> 00:05:04,760
A real agent behaves less like a chat widget

140
00:05:04,760 --> 00:05:06,800
and more like a distributed decision engine.

141
00:05:06,800 --> 00:05:10,000
It takes an event, interprets intent, pulls context,

142
00:05:10,000 --> 00:05:13,480
selects tools, takes action, verifies the outcome,

143
00:05:13,480 --> 00:05:15,960
and then hands off when the risk exceeds its mandate.

144
00:05:15,960 --> 00:05:18,280
That loop is the definition, not the chat transcript.

145
00:05:18,280 --> 00:05:19,960
And yes, that sounds like a lot.

146
00:05:19,960 --> 00:05:21,160
Good, it should.

147
00:05:21,160 --> 00:05:24,360
Because what most organizations build first is the opposite.

148
00:05:24,360 --> 00:05:27,720
A conversational front end bolted onto existing chaos

149
00:05:27,720 --> 00:05:31,040
with permission sprawl and a vague goal like help users.

150
00:05:31,040 --> 00:05:32,160
Helpful isn't the spec.

151
00:05:32,160 --> 00:05:34,480
It's how you get confident wrong behavior at scale.

152
00:05:34,480 --> 00:05:37,160
So the shift leaders need to make is not task completion.

153
00:05:37,160 --> 00:05:38,720
It's outcome completion.

154
00:05:38,720 --> 00:05:41,560
Task completion is, answer the question.

155
00:05:41,560 --> 00:05:43,320
Create the ticket.

156
00:05:43,320 --> 00:05:44,680
Summary is the policy.

157
00:05:44,680 --> 00:05:46,480
It's transactional.

158
00:05:46,480 --> 00:05:50,360
Outcome completion is, resolve the incident without escalation.

159
00:05:50,360 --> 00:05:51,760
Reduce time to restore.

160
00:05:51,760 --> 00:05:53,360
Prevent policy violations.

161
00:05:53,360 --> 00:05:54,640
Outcomes have constraints.

162
00:05:54,640 --> 00:05:55,480
They have ownership.

163
00:05:55,480 --> 00:05:56,320
They have rollback.

164
00:05:56,320 --> 00:05:58,280
They have accountability.

165
00:05:58,280 --> 00:06:01,600
That distinction matters because once you aim at outcomes,

166
00:06:01,600 --> 00:06:05,160
you're forced to design the system that makes outcomes repeatable.

167
00:06:05,160 --> 00:06:07,240
And then there's the part nobody wants to hear.

168
00:06:07,240 --> 00:06:10,200
System learning doesn't happen because the model is smart.

169
00:06:10,200 --> 00:06:12,600
It happens because the platform is instrumented.

170
00:06:12,600 --> 00:06:14,240
If you don't capture failure reasons,

171
00:06:14,240 --> 00:06:18,120
escalation causes, missing knowledge coverage, tool errors and routing ambiguity,

172
00:06:18,120 --> 00:06:19,000
nothing improves.

173
00:06:19,000 --> 00:06:20,720
You don't get an agentic workforce.

174
00:06:20,720 --> 00:06:22,920
You get a static bot that slowly becomes wrong

175
00:06:22,920 --> 00:06:25,240
as policies drift and services change.

176
00:06:25,240 --> 00:06:28,320
Entropy always wins when feedback loops don't exist.

177
00:06:28,320 --> 00:06:31,760
This is where the frontier firm framing actually becomes useful,

178
00:06:31,760 --> 00:06:33,760
if you strip out the hype.

179
00:06:33,760 --> 00:06:34,440
Humans lead.

180
00:06:34,440 --> 00:06:37,200
They define outcomes, boundaries and acceptable risk.

181
00:06:37,200 --> 00:06:38,080
Agents operate.

182
00:06:38,080 --> 00:06:40,800
They execute within those constraints consistently.

183
00:06:40,800 --> 00:06:41,560
Systems learn.

184
00:06:41,560 --> 00:06:44,120
They improve because the organization measures the right things

185
00:06:44,120 --> 00:06:45,480
and updates the design.

186
00:06:45,480 --> 00:06:47,720
But only if you do the boring part, the constraints.

187
00:06:47,720 --> 00:06:51,400
Most rollouts fail for three reasons that are painfully predictable.

188
00:06:51,400 --> 00:06:52,760
First, vague goals.

189
00:06:52,760 --> 00:06:54,480
Improved productivity means nothing.

190
00:06:54,480 --> 00:06:55,480
It produces nothing.

191
00:06:55,480 --> 00:06:57,120
It creates competing interpretations

192
00:06:57,120 --> 00:06:59,560
and a dozen half-built agents that nobody owns.

193
00:06:59,560 --> 00:07:01,360
Second, no constraints.

194
00:07:01,360 --> 00:07:04,840
Unlimited tool access turns an agent into a probabilistic admin.

195
00:07:04,840 --> 00:07:05,960
People call it innovation.

196
00:07:05,960 --> 00:07:07,240
Auditors call it a finding.

197
00:07:07,240 --> 00:07:08,800
Third, uncontrolled publishing.

198
00:07:08,800 --> 00:07:11,120
When every team can publish an agent to everyone,

199
00:07:11,120 --> 00:07:12,240
you don't get empowerment.

200
00:07:12,240 --> 00:07:13,080
You get collision.

201
00:07:13,080 --> 00:07:14,680
Users don't ask for 50 agents.

202
00:07:14,680 --> 00:07:15,960
They ask for one that works.

203
00:07:15,960 --> 00:07:18,000
So they try three, get two wrong answers

204
00:07:18,000 --> 00:07:19,840
and decide the whole thing is a toy.

205
00:07:19,840 --> 00:07:22,000
Everything clicked for most experienced architects

206
00:07:22,000 --> 00:07:23,480
when they realize this.

207
00:07:23,480 --> 00:07:25,320
Automation reduces steps.

208
00:07:25,320 --> 00:07:27,440
An agentic workforce reduces uncertainty.

209
00:07:27,440 --> 00:07:29,360
Automation says, if X, then Y.

210
00:07:29,360 --> 00:07:33,040
Agents say given messy input, what is X and which Y is allowed.

211
00:07:33,040 --> 00:07:34,920
That's why the governance and grounding work

212
00:07:34,920 --> 00:07:36,080
isn't Phase 2.

213
00:07:36,080 --> 00:07:37,040
It's foundational.

214
00:07:37,040 --> 00:07:39,440
If you skip it, the system doesn't become agentic.

215
00:07:39,440 --> 00:07:40,800
It becomes conditional chaos.

216
00:07:40,800 --> 00:07:42,760
So the roadmap can't be a feature rollout.

217
00:07:42,760 --> 00:07:46,120
It has to be a 30-day operating model that forces clarity.

218
00:07:46,120 --> 00:07:49,040
One domain, explicit outcomes, tool boundaries,

219
00:07:49,040 --> 00:07:51,480
evidence requirements, and a publishing path

220
00:07:51,480 --> 00:07:54,160
that doesn't turn every experiment into production.

221
00:07:54,160 --> 00:07:56,400
Because if you don't force that clarity up front,

222
00:07:56,400 --> 00:07:57,920
week two shows up on schedule.

223
00:07:57,920 --> 00:08:00,600
And the platform will do exactly what you configured,

224
00:08:00,600 --> 00:08:02,680
not what you intended.

225
00:08:02,680 --> 00:08:05,560
The 30-day operating model, a 30-day roadmap

226
00:08:05,560 --> 00:08:07,920
fails when it's treated like a project plan.

227
00:08:07,920 --> 00:08:08,520
It isn't.

228
00:08:08,520 --> 00:08:10,680
It's an operating model that constraints behave

229
00:08:10,680 --> 00:08:12,640
you long enough for reality to show up.

230
00:08:12,640 --> 00:08:14,160
So the structure is simple.

231
00:08:14,160 --> 00:08:15,880
Four weeks, each with a different purpose,

232
00:08:15,880 --> 00:08:18,160
and each with a gate you either pass or you stop.

233
00:08:18,160 --> 00:08:18,960
No heroics.

234
00:08:18,960 --> 00:08:20,160
No will fix it later.

235
00:08:20,160 --> 00:08:21,720
Later is where Agents sprawl is born.

236
00:08:21,720 --> 00:08:23,520
Week one is baseline and constraints.

237
00:08:23,520 --> 00:08:25,920
Not building, measuring and boxing the problem in.

238
00:08:25,920 --> 00:08:27,640
You pick one domain and one channel.

239
00:08:27,640 --> 00:08:30,440
For this roadmap, IT service is the least controversial place

240
00:08:30,440 --> 00:08:32,240
to start because the metrics exist.

241
00:08:32,240 --> 00:08:33,520
The workflow is repetitive,

242
00:08:33,520 --> 00:08:35,800
and the political blast radius is manageable.

243
00:08:35,800 --> 00:08:37,400
Then you establish the baseline.

244
00:08:37,400 --> 00:08:39,520
Ticket volume categories, current deflection,

245
00:08:39,520 --> 00:08:42,280
SLA, escalation rate, and the top intent patterns

246
00:08:42,280 --> 00:08:44,040
that show up in real user language.

247
00:08:44,040 --> 00:08:46,520
You also define the containment boundary on day one.

248
00:08:46,520 --> 00:08:47,800
What the agent must solve,

249
00:08:47,800 --> 00:08:50,200
what it must never attempt, and what triggers escalation.

250
00:08:50,200 --> 00:08:51,760
That boundary becomes the contract.

251
00:08:51,760 --> 00:08:53,080
Week two is built in ground.

252
00:08:53,080 --> 00:08:54,520
This is where most teams want to start.

253
00:08:54,520 --> 00:08:56,280
They're impatient and they ship a chat box.

254
00:08:56,280 --> 00:08:59,160
Don't week two means you build the first agent

255
00:08:59,160 --> 00:09:00,840
that can do one thing end-to-end,

256
00:09:00,840 --> 00:09:03,960
classify, retrieve, propose, and either resolve or root.

257
00:09:03,960 --> 00:09:06,040
And you begin grounding discipline immediately.

258
00:09:06,040 --> 00:09:07,480
No source, no answer.

259
00:09:07,480 --> 00:09:09,760
If the agent can't cite a policy, a runbook,

260
00:09:09,760 --> 00:09:12,040
or a known-outage notice, it escalates.

261
00:09:12,040 --> 00:09:14,800
This is also where you create your initial evaluation set

262
00:09:14,800 --> 00:09:16,800
and start scoring grounded accuracy.

263
00:09:16,800 --> 00:09:18,360
Not perfect, measurable.

264
00:09:18,360 --> 00:09:20,440
Week three is orchestrate and integrate.

265
00:09:20,440 --> 00:09:22,080
This is where the system becomes real.

266
00:09:22,080 --> 00:09:24,640
Orchestration turns a response into a workflow.

267
00:09:24,640 --> 00:09:27,840
You integrate the deterministic steps with power automate.

268
00:09:27,840 --> 00:09:31,200
Ticket creation, assignment, user notifications,

269
00:09:31,200 --> 00:09:33,080
logging, and the hand-off payload.

270
00:09:33,080 --> 00:09:34,800
You introduce tool boundaries.

271
00:09:34,800 --> 00:09:37,520
Read operations are default, write operations are gated.

272
00:09:37,520 --> 00:09:39,200
You add the first approval pattern

273
00:09:39,200 --> 00:09:41,600
if you're doing anything that changes state.

274
00:09:41,600 --> 00:09:43,760
And you begin instrumenting failure reasons

275
00:09:43,760 --> 00:09:45,800
so the system can improve without guessing.

276
00:09:45,800 --> 00:09:47,480
Week four is hardened and scale.

277
00:09:47,480 --> 00:09:49,320
Hardening doesn't mean polishing the prompt.

278
00:09:49,320 --> 00:09:51,240
It means making the behavior survivable.

279
00:09:51,240 --> 00:09:54,520
You lock down publishing paths, verify logging,

280
00:09:54,520 --> 00:09:58,440
validate access boundaries, and run adversarial tests.

281
00:09:58,440 --> 00:10:02,120
Prompt injection, tool misuse, and helpful requests

282
00:10:02,120 --> 00:10:04,480
that should trigger escalation.

283
00:10:04,480 --> 00:10:07,400
You identify topics with high confusion and kill them.

284
00:10:07,400 --> 00:10:11,440
You finalize the lifecycle model, pilot, active, deprecated.

285
00:10:11,440 --> 00:10:13,240
And then you prepare the next domain

286
00:10:13,240 --> 00:10:16,160
based on what the metrics proved, not what leadership feels.

287
00:10:16,160 --> 00:10:18,520
Now the work selection rule, because you can't do everything

288
00:10:18,520 --> 00:10:21,360
in 30 days, you choose processes that are high volume,

289
00:10:21,360 --> 00:10:23,120
low variance, and high friction.

290
00:10:23,120 --> 00:10:25,160
High volume means the savings show up quickly.

291
00:10:25,160 --> 00:10:27,480
Low variance means the intent space is stable enough

292
00:10:27,480 --> 00:10:28,720
to root reliably.

293
00:10:28,720 --> 00:10:30,760
High friction means people hate doing it

294
00:10:30,760 --> 00:10:33,040
and will actually use an agent that removes the pain.

295
00:10:33,040 --> 00:10:35,320
Password reset flows, access requests,

296
00:10:35,320 --> 00:10:38,080
how do I policy questions common incident triage,

297
00:10:38,080 --> 00:10:40,240
service catalog routing, that class of work,

298
00:10:40,240 --> 00:10:43,520
and you define done in a way that prevents theater.

299
00:10:43,520 --> 00:10:45,360
Done means three things at once.

300
00:10:45,360 --> 00:10:48,320
Measureable improvement, auditability, and safe rollback.

301
00:10:48,320 --> 00:10:50,520
If you can't roll it back, you didn't build a system.

302
00:10:50,520 --> 00:10:51,840
You built a liability.

303
00:10:51,840 --> 00:10:54,240
Measureable improvement means the KPI is moved

304
00:10:54,240 --> 00:10:56,800
for the slice of work you targeted, not anecdotes,

305
00:10:56,800 --> 00:10:58,160
not screenshots.

306
00:10:58,160 --> 00:11:01,360
Auditability means you can answer what did the agent decide,

307
00:11:01,360 --> 00:11:04,040
what sources did it use, what tool did it call,

308
00:11:04,040 --> 00:11:05,280
and what outcome occurred.

309
00:11:05,280 --> 00:11:07,640
If you can't reconstruct the decision, you can't defend it.

310
00:11:07,640 --> 00:11:09,720
Safe rollback means you can disable the agent

311
00:11:09,720 --> 00:11:12,440
or remove tool access without breaking the underlying process.

312
00:11:12,440 --> 00:11:14,840
That distinction matters because humans still need to work

313
00:11:14,840 --> 00:11:16,000
when the model misbehales.

314
00:11:16,000 --> 00:11:18,800
Now the governance move that prevents parallel chaos.

315
00:11:18,800 --> 00:11:21,120
Single intake, single backlog, single cadence.

316
00:11:21,120 --> 00:11:23,640
Every agent request goes through one intake path.

317
00:11:23,640 --> 00:11:26,160
One queue, one set of prioritization rules.

318
00:11:26,160 --> 00:11:29,680
Not because bureaucracy is fun, but because parallel agent building

319
00:11:29,680 --> 00:11:33,200
creates incompatible vocabularies and duplicated tool chains.

320
00:11:33,200 --> 00:11:36,560
That turns into conditional chaos faster than any threat actor.

321
00:11:36,560 --> 00:11:38,200
Cadence is also non-negotiable.

322
00:11:38,200 --> 00:11:40,800
A daily build loop for shipping small changes,

323
00:11:40,800 --> 00:11:43,240
a weekly governance review for permissions and publishing,

324
00:11:43,240 --> 00:11:45,160
and an end-of-week KPI check.

325
00:11:45,160 --> 00:11:47,200
If the metrics don't move, you don't scale.

326
00:11:47,200 --> 00:11:48,640
You fix.

327
00:11:48,640 --> 00:11:50,800
And that's the punchline of the operating model.

328
00:11:50,800 --> 00:11:54,400
The platform moves fast, but your organization must move deliberately,

329
00:11:54,400 --> 00:11:55,680
otherwise the system will drift,

330
00:11:55,680 --> 00:11:58,120
and it will drift away from your intent.

331
00:11:58,120 --> 00:12:01,960
Choose the first use case, IT, ticket triage as the entry pillar.

332
00:12:01,960 --> 00:12:05,640
If leadership wants a 30-day win that survives contact with reality,

333
00:12:05,640 --> 00:12:08,240
IT, ticket triage is the entry pillar.

334
00:12:08,240 --> 00:12:12,120
Not because IT is special, but because IT has three things most departments don't.

335
00:12:12,120 --> 00:12:14,600
Volume, instrumentation, and consequences.

336
00:12:14,600 --> 00:12:18,400
Tickets already have timestamps, categories, owners, and escalation paths.

337
00:12:18,400 --> 00:12:20,160
That means performance is observable,

338
00:12:20,160 --> 00:12:23,880
and when the system gets something wrong, the impact is obvious enough to fix quickly.

339
00:12:23,880 --> 00:12:25,480
It also wins politically.

340
00:12:25,480 --> 00:12:29,360
HR, finance, and legal are high-risk domains with high sensitivity

341
00:12:29,360 --> 00:12:31,480
and low tolerance for probabilistic behavior.

342
00:12:31,480 --> 00:12:34,920
IT service is still risky, but it's socially acceptable to iterate.

343
00:12:34,920 --> 00:12:38,320
People already expect a service desk to ask clarifying questions.

344
00:12:38,320 --> 00:12:41,520
They don't expect the payroll agent to take a guess.

345
00:12:41,520 --> 00:12:43,880
So the use case is not built in IT chatbot.

346
00:12:43,880 --> 00:12:47,440
The use case is ticket triage as a controlled decision pipeline.

347
00:12:47,440 --> 00:12:51,480
Classify the issue, enrich the context, attempt a resolution when it's safe,

348
00:12:51,480 --> 00:12:53,440
and otherwise root to the correct queue

349
00:12:53,440 --> 00:12:56,320
with enough context that the human doesn't start from zero.

350
00:12:56,320 --> 00:12:57,680
Here's the flow in plain terms.

351
00:12:57,680 --> 00:12:59,560
A user shows up with free text pane,

352
00:12:59,560 --> 00:13:03,280
Teams message, portal form, email, pick one channel first.

353
00:13:03,280 --> 00:13:05,680
The agent's first job is intent classification.

354
00:13:05,680 --> 00:13:07,480
Not sentiment, not personality.

355
00:13:07,480 --> 00:13:09,040
What is this in operational terms?

356
00:13:09,040 --> 00:13:14,240
Password reset, VPN, Outlook, device compliance, access request, known outage.

357
00:13:14,240 --> 00:13:16,040
Something is broken with no signal.

358
00:13:16,040 --> 00:13:19,400
That classification determines everything downstream, then comes enrichment.

359
00:13:19,400 --> 00:13:22,000
This is the part most teams skip because it's not shiny.

360
00:13:22,000 --> 00:13:25,080
The agent needs just enough context to stop wasting human time.

361
00:13:25,080 --> 00:13:28,400
Who the user is, what device they're on, what service they're touching,

362
00:13:28,400 --> 00:13:31,240
whether there's a current incident and whether this is a repeat.

363
00:13:31,240 --> 00:13:35,880
If the organization has an ITSM platform, that's where the prior history lives.

364
00:13:35,880 --> 00:13:39,560
If the organization has a service catalog, that's where rooting should land.

365
00:13:39,560 --> 00:13:42,640
If none of that exists, the agent doesn't magically create it.

366
00:13:42,640 --> 00:13:44,280
It just makes the absence visible.

367
00:13:44,280 --> 00:13:47,760
After enrichment, the agent makes the only decision that matters.

368
00:13:47,760 --> 00:13:50,120
Resolve, root, or create.

369
00:13:50,120 --> 00:13:53,840
Resolve means the agent has a deterministic fix path and the risk is low.

370
00:13:53,840 --> 00:13:56,240
Reset a password through an approved workflow.

371
00:13:56,240 --> 00:13:58,400
Provide a step-by-step runbook with citations.

372
00:13:58,400 --> 00:14:00,560
Confirm the user did it, verify success.

373
00:14:00,560 --> 00:14:01,480
Close the loop.

374
00:14:01,480 --> 00:14:05,200
Root means the agent can't safely execute, but it can identify the right team

375
00:14:05,200 --> 00:14:06,720
and hand them a clean payload.

376
00:14:06,720 --> 00:14:11,720
The intent, the likely service, the urgency, the impact, the evidence, and what was attempted.

377
00:14:11,720 --> 00:14:13,480
Routing without payload is theater.

378
00:14:13,480 --> 00:14:15,600
Payload is where SLA actually improves.

379
00:14:15,600 --> 00:14:20,000
Create means the user insists on escalation, or the process requires a record,

380
00:14:20,000 --> 00:14:21,480
or the system detects risk.

381
00:14:21,480 --> 00:14:26,280
The agent creates the ticket with structured fields, not a copy paste of the conversation.

382
00:14:26,280 --> 00:14:28,200
This is where power automate earns its keep.

383
00:14:28,200 --> 00:14:30,160
Create a sign, notify, and log.

384
00:14:30,160 --> 00:14:32,120
Deterministic steps stay deterministic.

385
00:14:32,120 --> 00:14:34,280
Now define the containment boundary upfront.

386
00:14:34,280 --> 00:14:38,400
The agent must have a contract that says, these are the things it is allowed to solve end to end.

387
00:14:38,400 --> 00:14:40,720
And these are the things it must never attempt.

388
00:14:40,720 --> 00:14:44,080
Never includes anything privileged, anything financially material,

389
00:14:44,080 --> 00:14:48,440
anything that changes access without approval, and anything that lacks an authoritative source.

390
00:14:48,440 --> 00:14:50,440
That boundary is not about limiting the agent.

391
00:14:50,440 --> 00:14:51,760
It's about protecting trust.

392
00:14:51,760 --> 00:14:54,320
And this is where the no source, no answer policy starts.

393
00:14:54,320 --> 00:14:57,000
Not in week three, not after the first incident on day one.

394
00:14:57,000 --> 00:15:01,920
If the agent can't cite a runbook, a policy, a known issue, or a service status update,

395
00:15:01,920 --> 00:15:02,920
it doesn't answer.

396
00:15:02,920 --> 00:15:03,920
It escalates.

397
00:15:03,920 --> 00:15:07,320
The first time an agent gives a confident, wrong answer to a user who's already frustrated,

398
00:15:07,320 --> 00:15:10,040
adoption dies quietly, permanently.

399
00:15:10,040 --> 00:15:13,160
So for ticket triage, citations, and evidence aren't academic.

400
00:15:13,160 --> 00:15:17,720
There how the system earns the right to exist, tie it directly to the KPIs you said earlier.

401
00:15:17,720 --> 00:15:22,600
Deflection comes from resolving the low risk, high volume intents inside the boundary.

402
00:15:22,600 --> 00:15:26,320
First contact resolution comes from clean enrichment plus grounded runbooks.

403
00:15:26,320 --> 00:15:29,960
Fewer escalations come from correct rooting and fewer dead end handoffs.

404
00:15:29,960 --> 00:15:33,360
SLA improvement comes from structured tickets and reduced back and forth.

405
00:15:33,360 --> 00:15:37,240
And the best part is you can measure all of it without inventing new telemetry.

406
00:15:37,240 --> 00:15:40,320
The ITSM system already tracks timestamps and assignments.

407
00:15:40,320 --> 00:15:43,600
You just need to tag agent touched and capture escalation reasons.

408
00:15:43,600 --> 00:15:48,080
The transition to the next section is the uncomfortable constraint that makes triage work.

409
00:15:48,080 --> 00:15:49,320
Topics aren't free.

410
00:15:49,320 --> 00:15:52,400
Every helpful new intent you add creates ambiguity.

411
00:15:52,400 --> 00:15:54,640
Every ambiguous root creates mysteryage.

412
00:15:54,640 --> 00:15:57,320
And mysteryage is just escalation with extra steps.

413
00:15:57,320 --> 00:16:01,080
So if you want ticket triage to become a pillar instead of a pilot, you have to treat intent

414
00:16:01,080 --> 00:16:02,600
like a design asset.

415
00:16:02,600 --> 00:16:04,040
Not a brainstorm list.

416
00:16:04,040 --> 00:16:08,280
Copilot Studio Design Law intent first, topic second.

417
00:16:08,280 --> 00:16:13,360
Copilot Studio encourages people to think in topics because topics are visible.

418
00:16:13,360 --> 00:16:14,560
They feel like progress.

419
00:16:14,560 --> 00:16:17,360
Click name it, write a few trigger phrases, ship it.

420
00:16:17,360 --> 00:16:18,840
That's how topics brawl happens.

421
00:16:18,840 --> 00:16:20,360
And topics brawl isn't just messy.

422
00:16:20,360 --> 00:16:22,080
It's an entropy generator.

423
00:16:22,080 --> 00:16:26,600
Every new topic adds another overlapping root the system can take, which increases ambiguity,

424
00:16:26,600 --> 00:16:30,680
which increases misclassification, which increases escalations, which makes everyone conclude

425
00:16:30,680 --> 00:16:32,400
the agent doesn't work.

426
00:16:32,400 --> 00:16:33,400
It does work.

427
00:16:33,400 --> 00:16:35,600
You just turned routing into a probabilistic game.

428
00:16:35,600 --> 00:16:36,760
So the design law is blunt.

429
00:16:36,760 --> 00:16:38,720
intent first, topic second.

430
00:16:38,720 --> 00:16:41,080
Intent is the operational meaning behind the user's words.

431
00:16:41,080 --> 00:16:42,080
It's stable.

432
00:16:42,080 --> 00:16:44,360
When you set my password will still exist next quarter.

433
00:16:44,360 --> 00:16:48,040
Can't get into my account, still maps to the same underlying outcome.

434
00:16:48,040 --> 00:16:50,120
Intent is what you can instrument and improve.

435
00:16:50,120 --> 00:16:51,360
Topics are just routing tables.

436
00:16:51,360 --> 00:16:53,080
They are implementation detail.

437
00:16:53,080 --> 00:16:54,600
That distinction matters.

438
00:16:54,600 --> 00:16:58,440
Because most organizations start by collecting departmental wish lists.

439
00:16:58,440 --> 00:17:00,120
We need a topic for VPN.

440
00:17:00,120 --> 00:17:01,560
We need a topic for printers.

441
00:17:01,560 --> 00:17:02,960
We need a topic for teams.

442
00:17:02,960 --> 00:17:07,760
And then they create a hundred topics that all trigger on the word can't help or not working.

443
00:17:07,760 --> 00:17:09,120
You didn't build coverage.

444
00:17:09,120 --> 00:17:10,440
You built collisions.

445
00:17:10,440 --> 00:17:13,280
So the first rule is to cap the initial intent space.

446
00:17:13,280 --> 00:17:14,280
Ten to fifteen intents.

447
00:17:14,280 --> 00:17:18,800
Not because the rest don't exist, but because you need stability before you need coverage.

448
00:17:18,800 --> 00:17:23,320
In the first 30 days you're proving that the system can classify and contain reliably.

449
00:17:23,320 --> 00:17:25,800
Not that it can answer every question in the organization.

450
00:17:25,800 --> 00:17:28,880
Here's what those first intents look like in IT triage.

451
00:17:28,880 --> 00:17:30,280
Password and account access.

452
00:17:30,280 --> 00:17:32,280
VPN or remote access.

453
00:17:32,280 --> 00:17:33,280
Email and calendar.

454
00:17:33,280 --> 00:17:34,600
Teams calling and meetings.

455
00:17:34,600 --> 00:17:35,600
Device compliance.

456
00:17:35,600 --> 00:17:36,600
Wi-Fi.

457
00:17:36,600 --> 00:17:37,600
Software install.

458
00:17:37,600 --> 00:17:38,600
Access request.

459
00:17:38,600 --> 00:17:39,760
Service outage check.

460
00:17:39,760 --> 00:17:42,600
And unknown issue as a controlled catch all.

461
00:17:42,600 --> 00:17:45,640
That's enough volume to matter and enough clarity to tune.

462
00:17:45,640 --> 00:17:47,560
Now how do you design intents without guessing?

463
00:17:47,560 --> 00:17:51,360
You use intents signals and co-pilot studio gives you more signals than people use.

464
00:17:51,360 --> 00:17:53,880
The obvious signal is user language patterns.

465
00:17:53,880 --> 00:17:56,440
The phrases and synonyms people actually type.

466
00:17:56,440 --> 00:17:58,360
Not what IT calls it, what users call it.

467
00:17:58,360 --> 00:18:02,720
No my laptop won't connect is not 802.1x supplicant failure.

468
00:18:02,720 --> 00:18:05,280
You model the human input, then translate.

469
00:18:05,280 --> 00:18:06,840
The next signal is metadata.

470
00:18:06,840 --> 00:18:10,800
If you have a portal form, it might include service or category fields.

471
00:18:10,800 --> 00:18:14,760
If you have ITSM integration, you might have existing categories you can map to.

472
00:18:14,760 --> 00:18:17,960
These can reduce ambiguity, but only if your categories aren't garbage.

473
00:18:17,960 --> 00:18:22,600
If your ITSM taxonomy is 15 variations of other, the agent can't salvage it.

474
00:18:22,600 --> 00:18:23,600
Then there's channel context.

475
00:18:23,600 --> 00:18:26,840
A team's message at 9 a.m. Monday is often I'm stuck right now.

476
00:18:26,840 --> 00:18:28,720
A portal submission might be more structured.

477
00:18:28,720 --> 00:18:32,080
An email to a shared mailbox is often a dump of symptoms.

478
00:18:32,080 --> 00:18:33,200
Channel changes language.

479
00:18:33,200 --> 00:18:36,400
That means channel is part of intent detection, not just where you published.

480
00:18:36,400 --> 00:18:39,240
Now the part most people avoid, the fallback strategy.

481
00:18:39,240 --> 00:18:41,640
In Copilot Studio, fallback is not a safety net.

482
00:18:41,640 --> 00:18:42,960
It is a control surface.

483
00:18:42,960 --> 00:18:47,260
If you let fallback behave like I'll try to be helpful anyway, you just build hallucinations

484
00:18:47,260 --> 00:18:48,800
into your routing layer.

485
00:18:48,800 --> 00:18:51,960
The agent will invent an intent, pick a tool and act with confidence.

486
00:18:51,960 --> 00:18:55,440
So you need one controlled fallback, one.

487
00:18:55,440 --> 00:18:56,800
Fallback should do three things.

488
00:18:56,800 --> 00:19:03,120
In order, ask one clarifying question to force disambiguation, check for known outage or incident

489
00:19:03,120 --> 00:19:07,440
context and then escalate with a structured payload if it still can't classify.

490
00:19:07,440 --> 00:19:09,960
No long conversations, no 20 questions.

491
00:19:09,960 --> 00:19:13,300
If the agent can't classify after one clarifier, it roots.

492
00:19:13,300 --> 00:19:16,280
That keeps the system fast and keeps the failure mode predictable.

493
00:19:16,280 --> 00:19:17,680
And yes, it feels strict.

494
00:19:17,680 --> 00:19:18,680
Good.

495
00:19:18,680 --> 00:19:20,640
Strict is how you prevent conditional chaos.

496
00:19:20,640 --> 00:19:22,160
Now topic lifecycle.

497
00:19:22,160 --> 00:19:25,000
This is the part that prevents your backlog from becoming a museum.

498
00:19:25,000 --> 00:19:27,280
You kill weak topics early, not later.

499
00:19:27,280 --> 00:19:28,880
Early.

500
00:19:28,880 --> 00:19:31,480
Set deprecation criteria upfront.

501
00:19:31,480 --> 00:19:37,800
Low usage, high confusion, low containment, high escalation, high unknown fallback rate,

502
00:19:37,800 --> 00:19:40,080
or repeated misroots into the wrong cues.

503
00:19:40,080 --> 00:19:43,920
If a topic can't hit containment and routing accuracy targets inside two weeks, it doesn't

504
00:19:43,920 --> 00:19:44,920
get a third month.

505
00:19:44,920 --> 00:19:49,920
It gets removed or merged because every weak topic you keep becomes permanent ambiguity.

506
00:19:49,920 --> 00:19:51,880
And ambiguity compounds.

507
00:19:51,880 --> 00:19:56,000
Finally, close the loop with a design choice that prevents ghost agents and sprawl later,

508
00:19:56,000 --> 00:19:59,960
treat intents as a shared enterprise asset, not as per agent inventions.

509
00:19:59,960 --> 00:20:04,480
One intent registry, one naming scheme, one owner, one backlog.

510
00:20:04,480 --> 00:20:06,760
Agents can vary by channel and audience.

511
00:20:06,760 --> 00:20:07,760
Intents shouldn't.

512
00:20:07,760 --> 00:20:10,200
When intents are stable, topics become small and boring.

513
00:20:10,200 --> 00:20:12,040
That's the point.

514
00:20:12,040 --> 00:20:14,040
Orchestration becomes the real product.

515
00:20:14,040 --> 00:20:17,120
Event to decision to action, to verification, to hand off.

516
00:20:17,120 --> 00:20:19,080
Topics just tell the system where to start.

517
00:20:19,080 --> 00:20:22,920
And that transition matters because once routing is disciplined, you can finally build

518
00:20:22,920 --> 00:20:24,520
the thing people think they are buying.

519
00:20:24,520 --> 00:20:25,920
A control plane.

520
00:20:25,920 --> 00:20:27,120
Orchestration is a control plane.

521
00:20:27,120 --> 00:20:30,280
Once intents are disciplined, the next mistake is thinking the work is done.

522
00:20:30,280 --> 00:20:31,280
It isn't.

523
00:20:31,280 --> 00:20:32,280
Routing is just a switchboard.

524
00:20:32,280 --> 00:20:34,080
The real product is orchestration.

525
00:20:34,080 --> 00:20:37,920
Orchestration is the control plane that turns an interaction into a verified outcome.

526
00:20:37,920 --> 00:20:41,040
Event to reasoning, to action, to verification, to hand off.

527
00:20:41,040 --> 00:20:43,240
Without that loop, you have a conversational index.

528
00:20:43,240 --> 00:20:45,480
With it, you have something that can actually replace work.

529
00:20:45,480 --> 00:20:48,800
That distinction matters because most early agents behave like this.

530
00:20:48,800 --> 00:20:52,240
The user types a problem, the agent answers in paragraphs, and then the user still has

531
00:20:52,240 --> 00:20:53,840
to do the next five steps.

532
00:20:53,840 --> 00:20:55,360
They copy text into a ticket.

533
00:20:55,360 --> 00:20:56,640
They hunt for the right form.

534
00:20:56,640 --> 00:20:57,640
They message the wrong team.

535
00:20:57,640 --> 00:20:58,640
They repeat themselves.

536
00:20:58,640 --> 00:21:00,320
The agent helped, but nothing moved.

537
00:21:00,320 --> 00:21:02,520
A control plane agent doesn't aim to be eloquent.

538
00:21:02,520 --> 00:21:03,960
It aims to be operational.

539
00:21:03,960 --> 00:21:06,760
So the orchestration pattern is simple and repeatable.

540
00:21:06,760 --> 00:21:08,280
First, classify.

541
00:21:08,280 --> 00:21:10,280
Confirm the intent and the containment boundary.

542
00:21:10,280 --> 00:21:13,560
If the user asks for something outside the boundary, the agent doesn't negotiate.

543
00:21:13,560 --> 00:21:14,560
It roots.

544
00:21:14,560 --> 00:21:18,040
That prevents the slow drift from helpful assistant into probabilistic operator.

545
00:21:18,040 --> 00:21:19,800
Second, retrieve.

546
00:21:19,800 --> 00:21:23,160
Pull the minimum authoritative knowledge needed to propose a solution.

547
00:21:23,160 --> 00:21:27,120
That can be a runbook, a policy, a service status item, or a known issue record.

548
00:21:27,120 --> 00:21:28,440
No source means no answer.

549
00:21:28,440 --> 00:21:30,640
This is where the agent proves it's not improvising.

550
00:21:30,640 --> 00:21:31,800
Third, propose.

551
00:21:31,800 --> 00:21:34,200
The agent gives a short, actionable recommendation.

552
00:21:34,200 --> 00:21:35,200
Not an essay.

553
00:21:35,200 --> 00:21:37,680
Two or three steps max, written like instructions.

554
00:21:37,680 --> 00:21:38,800
And here's the weird part.

555
00:21:38,800 --> 00:21:40,640
The proposal is not the action.

556
00:21:40,640 --> 00:21:42,440
It's a plan the system can verify.

557
00:21:42,440 --> 00:21:43,880
Fourth, confirm.

558
00:21:43,880 --> 00:21:47,440
This is where human in the loop becomes precise instead of performative.

559
00:21:47,440 --> 00:21:49,480
You don't approve the whole agent.

560
00:21:49,480 --> 00:21:50,960
You approve decision points.

561
00:21:50,960 --> 00:21:51,960
Should I reset your password?

562
00:21:51,960 --> 00:21:54,640
Should I create a ticket in this category?

563
00:21:54,640 --> 00:21:56,680
Should I request access on your behalf?

564
00:21:56,680 --> 00:21:59,520
The approval happens at the boundary between read and write.

565
00:21:59,520 --> 00:22:00,520
Fifth, execute.

566
00:22:00,520 --> 00:22:03,240
Only after confirmation and only through allowed tools.

567
00:22:03,240 --> 00:22:06,920
This is where power automate and MCP style tool boundaries matter.

568
00:22:06,920 --> 00:22:11,680
The agent should not be composing ad hoc API calls like a drunk junior developer.

569
00:22:11,680 --> 00:22:14,120
It should call known tools with known parameters.

570
00:22:14,120 --> 00:22:15,720
Sixth, verify.

571
00:22:15,720 --> 00:22:17,600
The agent checks whether the action worked.

572
00:22:17,600 --> 00:22:19,120
Did the password reset succeed?

573
00:22:19,120 --> 00:22:20,520
Did the ticket get created?

574
00:22:20,520 --> 00:22:22,680
Did the user confirm access is restored?

575
00:22:22,680 --> 00:22:26,840
Verification is where agents stop being theater and start being reliable.

576
00:22:26,840 --> 00:22:29,200
Seventh, hand off.

577
00:22:29,200 --> 00:22:32,960
If the agent can't resolve, it escalates with a structured payload.

578
00:22:32,960 --> 00:22:36,560
Intent, enriched context, sources used, steps attempted,

579
00:22:36,560 --> 00:22:38,520
and what it needs the human to decide.

580
00:22:38,520 --> 00:22:40,040
The human shouldn't read a transcript.

581
00:22:40,040 --> 00:22:41,200
They should read a case file.

582
00:22:41,200 --> 00:22:43,480
That's orchestration.

583
00:22:43,480 --> 00:22:47,000
Now the uncomfortable constraint, tool invocation boundaries.

584
00:22:47,000 --> 00:22:50,200
Every tool you connect is an entropy generator if you don't gate it.

585
00:22:50,200 --> 00:22:51,240
Start read only.

586
00:22:51,240 --> 00:22:52,480
List get search.

587
00:22:52,480 --> 00:22:54,720
Delay create update delete.

588
00:22:54,720 --> 00:22:57,880
If you allow write operations on day one, you're not accelerating delivery.

589
00:22:57,880 --> 00:22:59,720
You're creating an incident with better marketing.

590
00:22:59,720 --> 00:23:02,080
So implement a two tier tool policy.

591
00:23:02,080 --> 00:23:05,320
Tier one tools are read only and safe.

592
00:23:05,320 --> 00:23:06,880
Check service status.

593
00:23:06,880 --> 00:23:08,520
Search the knowledge base.

594
00:23:08,520 --> 00:23:09,640
Look up ticket history.

595
00:23:09,640 --> 00:23:11,200
Fetch device compliance state.

596
00:23:11,200 --> 00:23:12,880
These tools reduce uncertainty.

597
00:23:12,880 --> 00:23:14,040
They don't change state.

598
00:23:14,040 --> 00:23:16,480
Tier two tools are write actions and risky.

599
00:23:16,480 --> 00:23:17,400
Create a ticket.

600
00:23:17,400 --> 00:23:22,320
Update a user attribute, grant access, reset credentials, trigger changes in downstream systems.

601
00:23:22,320 --> 00:23:25,520
These tools require explicit approval and stronger logging.

602
00:23:25,520 --> 00:23:27,200
Some require stronger authentication.

603
00:23:27,200 --> 00:23:28,560
The point is not to slow down.

604
00:23:28,560 --> 00:23:31,720
The point is to keep autonomy proportional to risk.

605
00:23:31,720 --> 00:23:34,400
Human in the loop also needs to be placed correctly.

606
00:23:34,400 --> 00:23:36,360
Approve everything is just a slow agent.

607
00:23:36,360 --> 00:23:41,400
Approve nothing is how you end up explaining to leadership why an LLM updated a production

608
00:23:41,400 --> 00:23:42,400
record.

609
00:23:42,400 --> 00:23:45,760
The control plane placement is approve at irreversible boundaries.

610
00:23:45,760 --> 00:23:50,480
Actions, privileged operations, external communications, anything financially material, anything

611
00:23:50,480 --> 00:23:53,520
that could become an audit question, everything else should run.

612
00:23:53,520 --> 00:23:55,240
And here's why this improves adoption.

613
00:23:55,240 --> 00:23:56,680
Users don't want explanations.

614
00:23:56,680 --> 00:23:57,800
They want next actions.

615
00:23:57,800 --> 00:24:00,000
A good orchestration response looks like.

616
00:24:00,000 --> 00:24:02,040
I can do A or B. Here's what I found.

617
00:24:02,040 --> 00:24:03,040
Pick one.

618
00:24:03,040 --> 00:24:04,600
That turns chat into decisions.

619
00:24:04,600 --> 00:24:05,920
Decisions turn into outcomes.

620
00:24:05,920 --> 00:24:07,440
Outcomes are what executives fund.

621
00:24:07,440 --> 00:24:10,720
So by the end of this section, the system is no longer an agent that talks.

622
00:24:10,720 --> 00:24:13,640
It's a control plane that roots, acts and verifies.

623
00:24:13,640 --> 00:24:19,000
An orchestration has a hidden dependency and this is where most builds stall, context enrichment.

624
00:24:19,000 --> 00:24:22,200
Because reasoning without context is just confident guessing.

625
00:24:22,200 --> 00:24:24,320
Context enrichment without overreach.

626
00:24:24,320 --> 00:24:28,600
Context enrichment is where most smart agents quietly become privacy incidents.

627
00:24:28,600 --> 00:24:30,440
Because enrichment feels harmless.

628
00:24:30,440 --> 00:24:34,480
Pull a little identity, a little device info, maybe some recent tickets, maybe a list

629
00:24:34,480 --> 00:24:35,480
of installed apps.

630
00:24:35,480 --> 00:24:36,480
What could go wrong?

631
00:24:36,480 --> 00:24:37,480
Overreach goes wrong.

632
00:24:37,480 --> 00:24:39,280
And it goes wrong in two ways at the same time.

633
00:24:39,280 --> 00:24:40,480
You increase risk.

634
00:24:40,480 --> 00:24:41,760
And you decrease accuracy.

635
00:24:41,760 --> 00:24:46,360
The model gets more tokens, more noise, more chance to anchor on irrelevant detail.

636
00:24:46,360 --> 00:24:48,280
You trade it clarity for context hoarding.

637
00:24:48,280 --> 00:24:50,440
So the rule is minimum viable context.

638
00:24:50,440 --> 00:24:53,560
Only the facts the process needs to make the next decision safely.

639
00:24:53,560 --> 00:24:56,040
For IT triage, that minimum set is boring.

640
00:24:56,040 --> 00:24:57,440
And that's why it works.

641
00:24:57,440 --> 00:24:59,120
First, user identity.

642
00:24:59,120 --> 00:25:00,400
Not a biography.

643
00:25:00,400 --> 00:25:03,760
Just the stable identifiers that matter for rooting and policy.

644
00:25:03,760 --> 00:25:08,320
User principle name, department if it maps to support groups, location if it maps to service

645
00:25:08,320 --> 00:25:11,720
availability, and whether the user is privileged.

646
00:25:11,720 --> 00:25:13,960
User's change the containment boundary.

647
00:25:13,960 --> 00:25:17,800
An agent can't treat a help desk admin like an intern with a locked out mailbox.

648
00:25:17,800 --> 00:25:19,160
Second, device state.

649
00:25:19,160 --> 00:25:23,480
If the use case touches endpoint compliance, you need device ID, OS management state and

650
00:25:23,480 --> 00:25:24,560
compliance status.

651
00:25:24,560 --> 00:25:26,400
You don't need a full inventory dump.

652
00:25:26,400 --> 00:25:27,400
The question is simple.

653
00:25:27,400 --> 00:25:30,480
Can this user do the thing they're asking for on the device they're using?

654
00:25:30,480 --> 00:25:31,800
Third, service context.

655
00:25:31,800 --> 00:25:33,160
Is there an active incident?

656
00:25:33,160 --> 00:25:34,520
Is the service degraded?

657
00:25:34,520 --> 00:25:36,000
Is there a change window in progress?

658
00:25:36,000 --> 00:25:37,640
This one is the hidden time saver.

659
00:25:37,640 --> 00:25:39,080
Half of my teams is broken.

660
00:25:39,080 --> 00:25:40,280
Isn't a user problem.

661
00:25:40,280 --> 00:25:41,200
It's an outage.

662
00:25:41,200 --> 00:25:44,560
If the agent can detect that early, it stops the endless troubleshooting theatre and

663
00:25:44,560 --> 00:25:46,280
routes to the right message.

664
00:25:46,280 --> 00:25:47,280
Status.

665
00:25:47,280 --> 00:25:48,280
Expectation.

666
00:25:48,280 --> 00:25:49,280
And next check.

667
00:25:49,280 --> 00:25:50,800
Fourth, recent history.

668
00:25:50,800 --> 00:25:51,800
Recent tickets.

669
00:25:51,800 --> 00:25:52,800
Recent similar incidents.

670
00:25:52,800 --> 00:25:54,040
Recent failed attempts.

671
00:25:54,040 --> 00:25:57,400
This is how you avoid re-triaging the same person every week.

672
00:25:57,400 --> 00:25:58,400
But keep it tight.

673
00:25:58,400 --> 00:25:59,400
Last five tickets.

674
00:25:59,400 --> 00:26:00,400
Last seven days.

675
00:26:00,400 --> 00:26:01,400
Same category.

676
00:26:01,400 --> 00:26:04,000
Anything beyond that becomes narrative, not signal.

677
00:26:04,000 --> 00:26:06,120
Fifth, service catalog mapping.

678
00:26:06,120 --> 00:26:10,440
If your ITSM has a catalog, pull the service and the default assignment group that turns

679
00:26:10,440 --> 00:26:14,800
I need help into this belongs to Group X with fields Y populated.

680
00:26:14,800 --> 00:26:16,520
Which is what actually reduces SLA.

681
00:26:16,520 --> 00:26:19,800
Now the sources, people say M365 signals like that's one thing.

682
00:26:19,800 --> 00:26:20,800
It isn't.

683
00:26:20,800 --> 00:26:24,000
It's a pile of systems with different governance, different data boundaries and

684
00:26:24,000 --> 00:26:25,640
different failure modes.

685
00:26:25,640 --> 00:26:29,520
Enrichment sources you can justify in an IT triage workflow are usually

686
00:26:29,520 --> 00:26:33,480
Entra directory attributes, device compliance signals from endpoint management,

687
00:26:33,480 --> 00:26:37,400
ITSM fields and ticket history and a curated service status source.

688
00:26:37,400 --> 00:26:39,880
In some orgs, that service status is in service now.

689
00:26:39,880 --> 00:26:42,040
In others, it's in a team's channel post nobody owns.

690
00:26:42,040 --> 00:26:45,680
Either way, make it a source the agent can cite, not a rumor it repeats.

691
00:26:45,680 --> 00:26:48,000
And this is where the system law shows up again.

692
00:26:48,000 --> 00:26:49,000
Normalize inputs.

693
00:26:49,000 --> 00:26:53,320
If your taxonomy for service has 15 spellings of the same thing, enrichment will amplify

694
00:26:53,320 --> 00:26:54,320
the mess.

695
00:26:54,320 --> 00:26:57,320
The agent can only be as deterministic as the labels you feed it.

696
00:26:57,320 --> 00:27:02,800
So define a small taxonomy for the pilot, service, urgency, impact, environment, not 50 fields,

697
00:27:02,800 --> 00:27:03,800
four.

698
00:27:03,800 --> 00:27:04,800
And make the mapping explicit.

699
00:27:04,800 --> 00:27:09,840
If the user says Outlook, the system maps to Exchange Online, not email-ish problem.

700
00:27:09,840 --> 00:27:12,320
Then add a verification step before any right action.

701
00:27:12,320 --> 00:27:15,160
This is the difference between enrichment and hallucination.

702
00:27:15,160 --> 00:27:18,720
The agent should play back the enriched facts and ask for confirmation when those facts

703
00:27:18,720 --> 00:27:19,960
will change behavior.

704
00:27:19,960 --> 00:27:24,000
Your on-device X, it's non-compliant and this request requires compliance.

705
00:27:24,000 --> 00:27:25,200
Is that correct?

706
00:27:25,200 --> 00:27:29,280
Your requesting access to system Y, which is a privileged app, confirm.

707
00:27:29,280 --> 00:27:30,800
Verification doesn't mean you approve everything.

708
00:27:30,800 --> 00:27:33,760
It means the agent doesn't treat guest context as truth.

709
00:27:33,760 --> 00:27:37,720
Now privacy, if you're tempted to pull HR attributes, manager chains, performance data

710
00:27:37,720 --> 00:27:40,440
or everything in graph because it's available, stop.

711
00:27:40,440 --> 00:27:41,440
That's not enrichment.

712
00:27:41,440 --> 00:27:42,920
That's surveillance, cosplay.

713
00:27:42,920 --> 00:27:47,440
The minimum viable context principle protects you because it forces a justification.

714
00:27:47,440 --> 00:27:49,520
What decision does this field influence?

715
00:27:49,520 --> 00:27:52,720
If the answer is none, the field doesn't belong in the agent.

716
00:27:52,720 --> 00:27:57,600
And yes, more context sometimes improves accuracy, but accuracy without boundary becomes a liability.

717
00:27:57,600 --> 00:28:01,560
The agent will learn to use data it shouldn't and users will learn they can prompt it into

718
00:28:01,560 --> 00:28:02,560
revealing it.

719
00:28:02,560 --> 00:28:05,680
So keep enrichment tightly scoped, audited and reversible.

720
00:28:05,680 --> 00:28:10,160
If a field becomes risky, remove it and the system still functions because context is the

721
00:28:10,160 --> 00:28:12,320
hidden engine of orchestration.

722
00:28:12,320 --> 00:28:16,680
But the next failure mode is what happens when the agent has context has a plan and still

723
00:28:16,680 --> 00:28:18,320
answers wrong with confidence.

724
00:28:18,320 --> 00:28:22,720
That's grounding and it kills adoption faster than any outage ever will.

725
00:28:22,720 --> 00:28:25,680
The failure mode that kills adoption, confident wrong answer.

726
00:28:25,680 --> 00:28:28,640
If you remember one thing about adoption, make it this.

727
00:28:28,640 --> 00:28:30,880
Users will forgive, I don't know.

728
00:28:30,880 --> 00:28:34,080
They will not forgive, I'm sure, followed by being wrong.

729
00:28:34,080 --> 00:28:38,080
It's the failure mode that kills an agent program in week two because the first time an agent

730
00:28:38,080 --> 00:28:41,800
answers confidently and incorrectly, the user doesn't file a bug report.

731
00:28:41,800 --> 00:28:45,040
They don't politely provide feedback, they screenshot it, paste it into a team's chat

732
00:28:45,040 --> 00:28:47,840
and the story becomes co-pilot make stuff up.

733
00:28:47,840 --> 00:28:51,800
And once that narrative exists, every future success gets dismissed as luck.

734
00:28:51,800 --> 00:28:53,680
This is why grounding isn't an enhancement.

735
00:28:53,680 --> 00:28:55,240
It's a survival requirement.

736
00:28:55,240 --> 00:28:57,360
Grounding failures usually happen for three reasons.

737
00:28:57,360 --> 00:29:01,320
First, the agent answers from its general model knowledge instead of your enterprise truth.

738
00:29:01,320 --> 00:29:05,400
It's fine when the question is generic and catastrophic when the question is policy, HR,

739
00:29:05,400 --> 00:29:06,880
security or internal process.

740
00:29:06,880 --> 00:29:11,320
The model can sound correct while being wrong in exactly the ways that matter to auditors.

741
00:29:11,320 --> 00:29:13,600
Second, the agent retrieves the wrong document.

742
00:29:13,600 --> 00:29:16,760
Not because retrieval is broken but because your content is ambiguous.

743
00:29:16,760 --> 00:29:20,440
Two similar policies, a stale runbook, a SharePoint page with three unrelated procedures

744
00:29:20,440 --> 00:29:21,920
jammed into one.

745
00:29:21,920 --> 00:29:24,600
Retrieval doesn't fix entropy, it indexes it.

746
00:29:24,600 --> 00:29:27,280
Third, the agent blends sources.

747
00:29:27,280 --> 00:29:31,360
It pulls one chunk from one dock, another chunk from another dock and then stitches a reasonable

748
00:29:31,360 --> 00:29:32,960
answer that never existed.

749
00:29:32,960 --> 00:29:35,520
It feels helpful, it also becomes impossible to defend.

750
00:29:35,520 --> 00:29:38,560
So the control rule has to be explicit and enforced.

751
00:29:38,560 --> 00:29:40,960
Citations required for any non-trivial claim.

752
00:29:40,960 --> 00:29:43,320
Not citations are nice, required.

753
00:29:43,320 --> 00:29:45,840
If the user asks, "What's the VPN setup?"

754
00:29:45,840 --> 00:29:50,200
The agent can cite, "If the user asks, can I access this customer data set from my personal

755
00:29:50,200 --> 00:29:51,200
device?"

756
00:29:51,200 --> 00:29:54,840
The agent's sites or escalates, "If the agent can't produce a source, it doesn't answer,

757
00:29:54,840 --> 00:29:55,840
it routes."

758
00:29:55,840 --> 00:30:00,160
Also where you separate knowledge from action, answering and doing our different risk classes

759
00:30:00,160 --> 00:30:03,120
and the platform won't keep them separate unless you design it that way.

760
00:30:03,120 --> 00:30:07,720
A grounded answer is red behavior, it's retrieval plus summarization with evidence, an action

761
00:30:07,720 --> 00:30:10,800
is right behavior, it's changing state in a system of record.

762
00:30:10,800 --> 00:30:15,160
You don't grant permissions because the agent wrote a persuasive paragraph, you grant permissions

763
00:30:15,160 --> 00:30:19,840
because a tool call executed under a constrained identity with explicit approval and a log

764
00:30:19,840 --> 00:30:20,840
you can defend.

765
00:30:20,840 --> 00:30:24,680
That distinction matters because many teams accidentally couple them.

766
00:30:24,680 --> 00:30:26,920
The agent answers, therefore it acts.

767
00:30:26,920 --> 00:30:30,600
That's how you end up with tool misuse driven by conversational confidence.

768
00:30:30,600 --> 00:30:35,440
Now define grounded accuracy because vague quality discussions turn into feelings.

769
00:30:35,440 --> 00:30:40,880
Grounded accuracy means in a test set of real questions, the agent's answer is supported

770
00:30:40,880 --> 00:30:44,240
by the cited source and the source is the correct source for that question.

771
00:30:44,240 --> 00:30:48,360
Not close, not sounds right, supported and correct.

772
00:30:48,360 --> 00:30:52,080
You measure it with sampling, you don't need a PhD evaluation framework to start.

773
00:30:52,080 --> 00:30:53,480
You need a fixed question set.

774
00:30:53,480 --> 00:30:57,960
The top intents, the top policies, the top runbooks and the top known issue questions.

775
00:30:57,960 --> 00:31:02,120
You run them weekly, you score correct with correct citation, correct with wrong citation,

776
00:31:02,120 --> 00:31:06,240
incorrect with citation, incorrect with no citation and escalated appropriately.

777
00:31:06,240 --> 00:31:11,640
Your target in 30 days is greater than 85% grounded accuracy on that evaluation set.

778
00:31:11,640 --> 00:31:15,600
That's realistic if you constrain scope and enforce no source, no answer.

779
00:31:15,600 --> 00:31:20,680
And you categorize failure reasons because fixing the wrong thing wastes weeks.

780
00:31:20,680 --> 00:31:23,640
Using doc, the knowledge doesn't exist in an indexable form.

781
00:31:23,640 --> 00:31:28,040
Wrong doc, retrieval pulled in adjacent policy often because metadata is weak.

782
00:31:28,040 --> 00:31:30,760
Wrong inference, the agent made a leap the doc didn't support.

783
00:31:30,760 --> 00:31:33,200
Stale doc, the truth changed, the index didn't.

784
00:31:33,200 --> 00:31:36,480
Now the part everyone avoids until it hurts, red teaming prompts.

785
00:31:36,480 --> 00:31:37,480
Do it early.

786
00:31:37,480 --> 00:31:41,840
Not because you expect a nation state attacker in week one, but because normal users accidentally

787
00:31:41,840 --> 00:31:43,240
behave like attackers.

788
00:31:43,240 --> 00:31:47,760
They paste emails, they paste error messages, they paste internal links and sometimes they

789
00:31:47,760 --> 00:31:50,080
paste instructions that conflict with policy.

790
00:31:50,080 --> 00:31:51,400
The model will try to comply.

791
00:31:51,400 --> 00:31:56,240
So your red team set includes prompt injection attempts, requests to ignore policy, requests

792
00:31:56,240 --> 00:32:01,160
to reveal sensitive data and instructions to perform actions outside the containment boundary.

793
00:32:01,160 --> 00:32:05,680
You run them against the agent before you expand the pilot group and the key is you don't

794
00:32:05,680 --> 00:32:08,440
treat failures as the model is dumb.

795
00:32:08,440 --> 00:32:13,800
You treat them as design signals, tighten boundaries, improve retrieval, add an escalation clause,

796
00:32:13,800 --> 00:32:16,720
remove an unsafe tool because trust doesn't come from charm.

797
00:32:16,720 --> 00:32:20,880
It comes from predictable behavior and grounding is what makes behavior predictable, but grounding

798
00:32:20,880 --> 00:32:23,440
can't be implemented as vibes and prompt warnings.

799
00:32:23,440 --> 00:32:27,400
It needs a computable knowledge layer and a retrieval strategy you can tune.

800
00:32:27,400 --> 00:32:28,640
SharePoints brawl won't save you.

801
00:32:28,640 --> 00:32:31,160
That's why the next section is Azure AI search.

802
00:32:31,160 --> 00:32:35,000
Turning knowledge into something the system can actually retrieve on purpose.

803
00:32:35,000 --> 00:32:37,960
As your AI search make knowledge computable.

804
00:32:37,960 --> 00:32:39,560
SharePoint is not a knowledge strategy.

805
00:32:39,560 --> 00:32:41,680
It's a document landfill with a search box.

806
00:32:41,680 --> 00:32:43,360
And yes, Microsoft search has improved.

807
00:32:43,360 --> 00:32:46,840
The pilot can sometimes find the right page, but sometimes is exactly the problem.

808
00:32:46,840 --> 00:32:51,880
An agentic workforce can't run on probabilistic discovery when the output needs to be audible,

809
00:32:51,880 --> 00:32:53,320
repeatable and fast.

810
00:32:53,320 --> 00:32:55,880
The system needs knowledge it can retrieve on purpose.

811
00:32:55,880 --> 00:32:57,960
That's what Azure AI search actually does.

812
00:32:57,960 --> 00:32:59,480
It doesn't make content smarter.

813
00:32:59,480 --> 00:33:01,080
It makes content computable.

814
00:33:01,080 --> 00:33:05,360
Indexed, chunked, tagged, refreshed and security trimmed so retrieval becomes a designed

815
00:33:05,360 --> 00:33:07,240
behavior instead of a hope.

816
00:33:07,240 --> 00:33:10,840
That distinction matters because grounding collapses when retrieval is accidental.

817
00:33:10,840 --> 00:33:15,440
So the simple version is Azure AI search turns your messy pile of documents into an index

818
00:33:15,440 --> 00:33:17,280
the agent can query with structure.

819
00:33:17,280 --> 00:33:18,680
And the structure is the whole game.

820
00:33:18,680 --> 00:33:21,720
The first design choice is what you index.

821
00:33:21,720 --> 00:33:25,280
Most organizations point at the SharePoint site and call it done.

822
00:33:25,280 --> 00:33:27,960
That's how you get blended answers and stale policy conflicts.

823
00:33:27,960 --> 00:33:31,280
Instead, index the knowledge that is allowed to be operational truth.

824
00:33:31,280 --> 00:33:36,480
Runbooks approved SOPs, policy documents, known issue articles, service status notices and

825
00:33:36,480 --> 00:33:38,200
service catalog entries.

826
00:33:38,200 --> 00:33:41,520
Not drafts, not personal notes, not the random wiki nobody owns.

827
00:33:41,520 --> 00:33:45,760
If it doesn't have an owner and a life cycle, it doesn't belong in an index feeding production

828
00:33:45,760 --> 00:33:46,760
answers.

829
00:33:46,760 --> 00:33:47,760
Then comes chunking.

830
00:33:47,760 --> 00:33:50,360
This is where retrieval either stays clean or becomes a smear.

831
00:33:50,360 --> 00:33:54,280
chunking is splitting documents into smaller pieces so the system can retrieve the exact

832
00:33:54,280 --> 00:33:56,000
part that answers the question.

833
00:33:56,000 --> 00:34:00,520
If your chunk is too large, the model gets an entire page with three procedures and it

834
00:34:00,520 --> 00:34:01,640
will blend them.

835
00:34:01,640 --> 00:34:06,400
If the chunk is too small, the model loses context and starts inventing transitions.

836
00:34:06,400 --> 00:34:08,120
The right answer is boring.

837
00:34:08,120 --> 00:34:09,680
Product by atomic procedure.

838
00:34:09,680 --> 00:34:14,080
One policy section per chunk, one runbook step sequence per chunk, one exception clause per

839
00:34:14,080 --> 00:34:15,080
chunk.

840
00:34:15,080 --> 00:34:16,880
The goal is not to index the dog.

841
00:34:16,880 --> 00:34:18,880
The goal is to index the decision unit.

842
00:34:18,880 --> 00:34:20,720
That's the atomic knowledge rule.

843
00:34:20,720 --> 00:34:24,680
If a piece of content can't stand alone as an answer source, it's not a good chunk.

844
00:34:24,680 --> 00:34:25,680
Next is metadata.

845
00:34:25,680 --> 00:34:28,720
Without metadata, retrieval becomes a popularity contest.

846
00:34:28,720 --> 00:34:32,760
Metadata is how you turn VPN policy into VPN policy for contractors.

847
00:34:32,760 --> 00:34:39,200
One EU applies to Windows, updated 2025-01-12-Owner security ops.

848
00:34:39,200 --> 00:34:41,320
The agent doesn't need all of that in the response.

849
00:34:41,320 --> 00:34:44,560
It needs it for filtering and ranking so it doesn't retrieve the wrong thing.

850
00:34:44,560 --> 00:34:49,480
So tag content by service, audience, region, risk tier, dog type and last review date.

851
00:34:49,480 --> 00:34:51,960
Keep the taxonomy small, consistent and enforced.

852
00:34:51,960 --> 00:34:55,840
If your metadata is optional, it will be missing on the documents that matter most.

853
00:34:55,840 --> 00:34:57,160
That's how entropy works.

854
00:34:57,160 --> 00:34:59,680
Now security trimming, this is not a nice to have.

855
00:34:59,680 --> 00:35:04,120
If the index can retrieve content, the user shouldn't see, you will eventually leak something.

856
00:35:04,120 --> 00:35:07,920
Not because the model is malicious, because a user will ask a question that causes retrieval

857
00:35:07,920 --> 00:35:11,480
to surface restricted content and the system will try to be helpful.

858
00:35:11,480 --> 00:35:13,920
So the index must respect access controls.

859
00:35:13,920 --> 00:35:17,720
Retrieval should only return chunks the requesting user is entitled to read.

860
00:35:17,720 --> 00:35:22,680
In other words, your knowledge plane must obey the same boundary rules as your data plane.

861
00:35:22,680 --> 00:35:24,480
Refresh cadence is the next trap.

862
00:35:24,480 --> 00:35:25,920
Static index becomes wrong.

863
00:35:25,920 --> 00:35:30,160
Next policies change, outages resolve, runbooks get updated after incidents.

864
00:35:30,160 --> 00:35:35,200
If your index refreshes weekly and your operations change daily, the agent will confidently answer

865
00:35:35,200 --> 00:35:36,680
with yesterday's truth.

866
00:35:36,680 --> 00:35:37,840
Users will notice.

867
00:35:37,840 --> 00:35:38,840
Trust will die.

868
00:35:38,840 --> 00:35:43,880
So set refresh cadence by dog type, service status and known issues refresh frequently.

869
00:35:43,880 --> 00:35:48,120
Policies refresh on publish, runbooks refresh on change control and make last indexed visible

870
00:35:48,120 --> 00:35:52,840
in telemetry because stale answers look identical to hallucinations from the user's perspective.

871
00:35:52,840 --> 00:35:56,720
Now the output requirement shows sources, not because citations feel academic because

872
00:35:56,720 --> 00:35:59,280
they're the only way to make the system defensible.

873
00:35:59,280 --> 00:36:03,060
The agent response should include the answer, the linked source and the specific section

874
00:36:03,060 --> 00:36:04,920
title or except reference.

875
00:36:04,920 --> 00:36:07,160
If the system can't provide that, it escalates.

876
00:36:07,160 --> 00:36:08,240
No source, no answer.

877
00:36:08,240 --> 00:36:11,440
That rule becomes enforceable when retrieval is a design component.

878
00:36:11,440 --> 00:36:12,440
And here's the weird part.

879
00:36:12,440 --> 00:36:16,280
Once you implement Azure AI search, you stop arguing about prompt quality as if it's

880
00:36:16,280 --> 00:36:17,280
the product.

881
00:36:17,280 --> 00:36:18,640
Prompts become thin glue.

882
00:36:18,640 --> 00:36:19,640
Retrieval becomes the product.

883
00:36:19,640 --> 00:36:24,360
Co-pilot studio can sit on top as the orchestration layer, but as your AI search becomes the grounded

884
00:36:24,360 --> 00:36:28,440
knowledge backbone, it's how you make policy computable, not just searchable.

885
00:36:28,440 --> 00:36:32,160
But retrieval still isn't action, knowing the right runbook step doesn't execute the

886
00:36:32,160 --> 00:36:33,160
step.

887
00:36:33,160 --> 00:36:36,880
Knowing which ticket category applies doesn't create the ticket for that you need tools

888
00:36:36,880 --> 00:36:39,520
that are predictable, governed and reusable.

889
00:36:39,520 --> 00:36:43,040
That's where MCP shows up and why it matters more than most people want to admit.

890
00:36:43,040 --> 00:36:45,880
MCP, turning co-pilot from chat into a system.

891
00:36:45,880 --> 00:36:48,800
Azure AI search makes knowledge retrievable on purpose.

892
00:36:48,800 --> 00:36:51,520
But the next failure mode shows up immediately.

893
00:36:51,520 --> 00:36:54,440
The agent still can't do anything predictable with that knowledge.

894
00:36:54,440 --> 00:36:58,800
It can explain a runbook, it can cite a policy, and then it stops waiting for a human to

895
00:36:58,800 --> 00:37:00,720
carry the work across the finish line.

896
00:37:00,720 --> 00:37:02,240
That's where MCP comes in.

897
00:37:02,240 --> 00:37:06,040
Most people hear model context protocol and think it's a developer convenience.

898
00:37:06,040 --> 00:37:07,320
It is not.

899
00:37:07,320 --> 00:37:12,280
In enterprise terms, MCP is a standard contract for tools, a predictable way for an agent

900
00:37:12,280 --> 00:37:15,960
to discover capabilities, call them and receive structured results.

901
00:37:15,960 --> 00:37:18,680
Especpo glue, more reusable capability.

902
00:37:18,680 --> 00:37:22,840
And that distinction matters because without a standard tool interface, every agent becomes

903
00:37:22,840 --> 00:37:24,840
a one off integration project.

904
00:37:24,840 --> 00:37:27,720
One bot talks to service now through a custom connector.

905
00:37:27,720 --> 00:37:31,320
Another talks to Gira through a different pattern, a third one hits graph with a different

906
00:37:31,320 --> 00:37:32,560
auth model.

907
00:37:32,560 --> 00:37:34,720
Over time, you're not building an agent ecosystem.

908
00:37:34,720 --> 00:37:36,560
You're building an integration junkyard.

909
00:37:36,560 --> 00:37:40,520
Okay, so basically, MCP makes tools legible to agents.

910
00:37:40,520 --> 00:37:43,120
A tool isn't just an API endpoint.

911
00:37:43,120 --> 00:37:46,400
A tool becomes name, description, parameters and expected output.

912
00:37:46,400 --> 00:37:50,040
That's what gives the agent the ability to plan and execute in a loop without you hard

913
00:37:50,040 --> 00:37:51,040
coding every branch.

914
00:37:51,040 --> 00:37:55,040
It's the difference between a human seeing a labeled button that says create ticket versus

915
00:37:55,040 --> 00:37:59,200
a human being handed a raw rest API spec and being told, figure it out.

916
00:37:59,200 --> 00:38:01,640
Now why does that translate into fast ROI?

917
00:38:01,640 --> 00:38:06,320
Because MCP shifts effort from building new agents to reusing the same small set of enterprise

918
00:38:06,320 --> 00:38:07,320
tools everywhere.

919
00:38:07,320 --> 00:38:10,000
Build one good ticket create tool.

920
00:38:10,000 --> 00:38:14,280
Use it across IT triage, HR requests, access requests and facilities.

921
00:38:14,280 --> 00:38:16,640
Build one service status lookup tool.

922
00:38:16,640 --> 00:38:18,520
Reuse it across every support experience.

923
00:38:18,520 --> 00:38:21,640
Build one KB retrieval with citations tool.

924
00:38:21,640 --> 00:38:23,400
Reuse it everywhere grounded answers matter.

925
00:38:23,400 --> 00:38:25,480
That's how you scale without multiplying chaos.

926
00:38:25,480 --> 00:38:30,520
But the uncomfortable truth is MCP also accelerates the risk you are already going to have.

927
00:38:30,520 --> 00:38:32,200
Because tools are authority.

928
00:38:32,200 --> 00:38:36,200
And when you give an agent a tool that can write, you've handed it a lever that moves production

929
00:38:36,200 --> 00:38:37,200
systems.

930
00:38:37,200 --> 00:38:40,920
Even law for MCP in the first 30 days is strict.

931
00:38:40,920 --> 00:38:42,760
Read operations first.

932
00:38:42,760 --> 00:38:44,600
Write operations gated.

933
00:38:44,600 --> 00:38:46,960
Read list get search tools are where you start.

934
00:38:46,960 --> 00:38:49,840
They increase accuracy without changing state.

935
00:38:49,840 --> 00:38:54,080
Write tools create update delete only enter the system when you've already proven

936
00:38:54,080 --> 00:38:56,640
routing stability grounding discipline and logging.

937
00:38:56,640 --> 00:38:59,240
And even then you gate them behind explicit approvals.

938
00:38:59,240 --> 00:39:00,800
This is not a philosophical stance.

939
00:39:00,800 --> 00:39:02,640
It's entropy management.

940
00:39:02,640 --> 00:39:07,460
The fastest way to create an agentic incident is to connect a right capable tool with no

941
00:39:07,460 --> 00:39:10,120
life cycle, no allow list and no rollback.

942
00:39:10,120 --> 00:39:11,960
And yes, tokens sprawl becomes real here.

943
00:39:11,960 --> 00:39:16,360
API tokens, client secrets and unmanaged credentials become shadow admin keys.

944
00:39:16,360 --> 00:39:19,680
The moment they get copied into three environments and ten agents.

945
00:39:19,680 --> 00:39:22,360
The organization forgets they exist until one expires.

946
00:39:22,360 --> 00:39:24,720
Or worse, gets reused somewhere it shouldn't.

947
00:39:24,720 --> 00:39:28,320
So MCP governance starts with a tool allow list and a denial list.

948
00:39:28,320 --> 00:39:32,800
That means only approved MCP servers and approved tools inside those servers.

949
00:39:32,800 --> 00:39:37,520
Denialist means explicitly block classes of tools you know you don't want.

950
00:39:37,520 --> 00:39:42,040
Delete operations bulk updates privilege grants anything that changes identity access or

951
00:39:42,040 --> 00:39:44,400
finance without a human boundary.

952
00:39:44,400 --> 00:39:47,360
That's governance by design not governance after cleanup.

953
00:39:47,360 --> 00:39:51,240
Now how does MCP actually turn chat into a system?

954
00:39:51,240 --> 00:39:52,840
Because it creates a closed loop.

955
00:39:52,840 --> 00:39:57,840
The agent can reason call a tool read the response validated and decide the next step.

956
00:39:57,840 --> 00:40:02,400
But loop is what makes an agent definition hold runs tools in a loop to achieve a goal

957
00:40:02,400 --> 00:40:03,400
without tools.

958
00:40:03,400 --> 00:40:06,280
The agent is a narrator with tools it becomes an operator.

959
00:40:06,280 --> 00:40:07,920
But only if the tools are predictable.

960
00:40:07,920 --> 00:40:10,280
So you keep tool descriptions short and specific.

961
00:40:10,280 --> 00:40:14,440
You don't expose 50 vaguely named operations and hope the model chooses the right one.

962
00:40:14,440 --> 00:40:16,800
That is just conditional chaos with better packaging.

963
00:40:16,800 --> 00:40:21,560
You expose a small well label tool set that matches your orchestration steps.

964
00:40:21,560 --> 00:40:27,400
Classify retrieve check status, create ticket, update ticket, notify user, request approval.

965
00:40:27,400 --> 00:40:31,400
When you instrument tool outcomes tool errors matter more than model errors because tool errors

966
00:40:31,400 --> 00:40:36,240
break workflows track which tool failed, why it failed and what the agent did next.

967
00:40:36,240 --> 00:40:40,960
If the agent retries endlessly you've built an infinite loop that burns budget and trust.

968
00:40:40,960 --> 00:40:45,560
Finally the key design choice that prevents ghost agents later shows up again.

969
00:40:45,560 --> 00:40:51,560
Prefer reusable tools over reusable agents agents are experiences tools are capabilities.

970
00:40:51,560 --> 00:40:55,880
When you standardize tools agents can stay small, domain scoped and disposable.

971
00:40:55,880 --> 00:41:00,160
And you don't every agent becomes a fragile snowflake that nobody can maintain.

972
00:41:00,160 --> 00:41:02,240
So MCP isn't the cool protocol.

973
00:41:02,240 --> 00:41:06,640
It's the enforcement layer that makes tools composable, governable and repeatable.

974
00:41:06,640 --> 00:41:10,200
Now that you have retrieval that's computable in tools that are standardized you can finally

975
00:41:10,200 --> 00:41:12,120
connect the two into a real system.

976
00:41:12,120 --> 00:41:14,480
So next it stops being theoretical.

977
00:41:14,480 --> 00:41:19,520
IT ticket triage end to end with co-pilot studio routing, Azure AI search grounding,

978
00:41:19,520 --> 00:41:23,640
MCP tools for actions and power automate doing the deterministic work.

979
00:41:23,640 --> 00:41:27,040
Demo architecture one, IT ticket triage end to end.

980
00:41:27,040 --> 00:41:31,800
Here's the end to end demo architecture that makes executives stop asking so it's chat and

981
00:41:31,800 --> 00:41:34,160
start asking when can this hit production.

982
00:41:34,160 --> 00:41:38,160
The flow is intentionally boring because boring is how enterprise systems survive.

983
00:41:38,160 --> 00:41:43,360
Start with the users issue coming in through one channel, pick teams or a portal first, don't do all of them.

984
00:41:43,360 --> 00:41:46,160
Channel sprawl is just topics sprawl with better UI.

985
00:41:46,160 --> 00:41:52,840
The user types free text, VPN died, outlook won't send, can't access SharePoint, whatever.

986
00:41:52,840 --> 00:41:55,800
The first step is intent classification in co-pilot studio.

987
00:41:55,800 --> 00:41:59,000
This is where your 10, 15 intents actually earn their keep.

988
00:41:59,000 --> 00:42:03,920
The agent selects an intent and immediately applies the containment boundary tied to that intent.

989
00:42:03,920 --> 00:42:06,520
Then the agent enriches context, not everything.

990
00:42:06,520 --> 00:42:11,520
Minimum viable context, user identity, device compliance state if relevant and service context

991
00:42:11,520 --> 00:42:12,840
like known outages.

992
00:42:12,840 --> 00:42:15,480
This enrichment should come from predictable sources.

993
00:42:15,480 --> 00:42:19,880
Entra attributes endpoint management signals and the IT SM ticket history.

994
00:42:19,880 --> 00:42:23,920
If the organization doesn't have those sources well defined, the demo still works.

995
00:42:23,920 --> 00:42:28,200
It just surfaces the real constraint your operations are not computable yet.

996
00:42:28,200 --> 00:42:32,760
Now the fork in the road, resolve root or create, resolve means the agent can safely close

997
00:42:32,760 --> 00:42:33,760
the loop.

998
00:42:33,760 --> 00:42:36,400
This is where the grounded knowledge path triggers.

999
00:42:36,400 --> 00:42:39,880
It retrieves a runbook or known issue article and answers with citations.

1000
00:42:39,880 --> 00:42:44,320
If the fix requires a deterministic step, like triggering a password reset workflow,

1001
00:42:44,320 --> 00:42:46,400
that step should not be done by reasoning.

1002
00:42:46,400 --> 00:42:50,480
It should be done by a tool called in this demo, Power Automate handles that deterministic

1003
00:42:50,480 --> 00:42:51,480
execution.

1004
00:42:51,480 --> 00:42:55,600
The agent proposes the action, confirms with the user at the right boundary, then Power

1005
00:42:55,600 --> 00:42:57,640
Automate executes and logs.

1006
00:42:57,640 --> 00:43:00,800
Root means the agent can't solve, but it can root cleanly.

1007
00:43:00,800 --> 00:43:02,280
The output isn't a transcript.

1008
00:43:02,280 --> 00:43:08,000
It's a payload, intent, impacted service, urgency, device state, and what was already attempted.

1009
00:43:08,000 --> 00:43:11,280
That payload becomes a ticket description plus structured fields.

1010
00:43:11,280 --> 00:43:13,400
The human gets a case file, not a chat log.

1011
00:43:13,400 --> 00:43:14,680
That's what reduces SLA.

1012
00:43:14,680 --> 00:43:15,960
The human doesn't retry out.

1013
00:43:15,960 --> 00:43:17,880
They start where the agent left off.

1014
00:43:17,880 --> 00:43:20,480
Create means you must open a ticket no matter what.

1015
00:43:20,480 --> 00:43:23,960
Policy requires it, access requires it, or the user insists.

1016
00:43:23,960 --> 00:43:28,320
The agent still adds value by making the ticket structured and pre-classified.

1017
00:43:28,320 --> 00:43:32,000
That's the difference between we deployed co-pilot and we reduced backlog.

1018
00:43:32,000 --> 00:43:36,240
Now where each product fits, co-pilot studio drives the orchestration and routing.

1019
00:43:36,240 --> 00:43:37,520
Topics are just the front door.

1020
00:43:37,520 --> 00:43:39,480
The core logic is the decision loop.

1021
00:43:39,480 --> 00:43:44,160
Classify, enrich, retrieve, propose, confirm, execute, verify, hand off.

1022
00:43:44,160 --> 00:43:45,760
Power Automate is the system's muscle.

1023
00:43:45,760 --> 00:43:49,480
It handles the deterministic steps you never want the model inventing.

1024
00:43:49,480 --> 00:43:55,800
Create ticket, update ticket, assign queue, notify user, write to audit log, post to teams,

1025
00:43:55,800 --> 00:43:56,880
and trigger approvals.

1026
00:43:56,880 --> 00:44:00,000
If it's an if this then that action, power automate does it.

1027
00:44:00,000 --> 00:44:02,920
The agent decides when to call it, not how to rewrite it.

1028
00:44:02,920 --> 00:44:08,400
The ITSM backend, service now, Gira service management, whatever, remains the system of record.

1029
00:44:08,400 --> 00:44:09,400
That matters.

1030
00:44:09,400 --> 00:44:11,160
You are not replacing ITSM.

1031
00:44:11,160 --> 00:44:14,920
You're improving the front end decision quality and reducing the human time spent on intake,

1032
00:44:14,920 --> 00:44:16,400
classification, and backend fourth.

1033
00:44:16,400 --> 00:44:20,480
If someone tries to rebuild ITSM with agents, the demo should fail on purpose.

1034
00:44:20,480 --> 00:44:21,720
Because that's how programs die.

1035
00:44:21,720 --> 00:44:23,400
Now layer in MCP where it's useful.

1036
00:44:23,400 --> 00:44:28,840
In the demo, MCP provides standardized tools to interact with ITSM and status sources.

1037
00:44:28,840 --> 00:44:29,840
Retools first.

1038
00:44:29,840 --> 00:44:31,640
List open incidents for this user.

1039
00:44:31,640 --> 00:44:33,080
Check service status.

1040
00:44:33,080 --> 00:44:35,480
Retrieve ticket templates, fetch routing groups.

1041
00:44:35,480 --> 00:44:38,880
Write tools only where you've already defined approval and rollback.

1042
00:44:38,880 --> 00:44:41,600
Create ticket, update ticket, request access.

1043
00:44:41,600 --> 00:44:44,200
The point is tool predictability, not novelty.

1044
00:44:44,200 --> 00:44:46,120
These criteria are not subjective.

1045
00:44:46,120 --> 00:44:47,120
Containment rate.

1046
00:44:47,120 --> 00:44:50,080
How many interactions resolved without ticket creation?

1047
00:44:50,080 --> 00:44:55,120
That's deflection.resolution time for the interactions the agent touches does cycle time drop.

1048
00:44:55,120 --> 00:44:57,800
That's SLA impact escalation reduction.

1049
00:44:57,800 --> 00:45:00,600
Fewer wrong handoffs, fewer ping pong assignments.

1050
00:45:00,600 --> 00:45:02,120
That's operational stability.

1051
00:45:02,120 --> 00:45:03,440
And you instrument it.

1052
00:45:03,440 --> 00:45:07,920
Every run logs detected intent, confidence, retrieved sources, tools invoked, execution

1053
00:45:07,920 --> 00:45:10,760
status, escalation reason, and final outcome.

1054
00:45:10,760 --> 00:45:12,720
If you can't answer why did it do that?

1055
00:45:12,720 --> 00:45:13,720
You don't have an agent.

1056
00:45:13,720 --> 00:45:14,840
You have a magic trick.

1057
00:45:14,840 --> 00:45:18,760
The best part of this demo is you can run it with a small pilot group in week two and

1058
00:45:18,760 --> 00:45:20,160
you can improve it daily.

1059
00:45:20,160 --> 00:45:24,680
You'll discover missing knowledge coverage, ambiguous intents and tool errors immediately.

1060
00:45:24,680 --> 00:45:25,680
That's not failure.

1061
00:45:25,680 --> 00:45:27,560
That's the system finally telling the truth.

1062
00:45:27,560 --> 00:45:28,560
And here's the transition.

1063
00:45:28,560 --> 00:45:32,320
Once you can triage end to end, the next demo isn't about tickets.

1064
00:45:32,320 --> 00:45:34,040
It's about trust.

1065
00:45:34,040 --> 00:45:37,440
Grounded policy answers with evidence or nothing.

1066
00:45:37,440 --> 00:45:39,120
Demo architecture two.

1067
00:45:39,120 --> 00:45:40,920
Grounded policy answers with evidence.

1068
00:45:40,920 --> 00:45:43,000
The second demo exists for one reason.

1069
00:45:43,000 --> 00:45:46,400
Policy answers are where hallucinations become career limiting.

1070
00:45:46,400 --> 00:45:50,400
IT and HR questions feel harmless until an agent confidently tells someone they're allowed

1071
00:45:50,400 --> 00:45:52,840
to do something they're explicitly not allowed to do.

1072
00:45:52,840 --> 00:45:54,280
Or it cites the wrong clause.

1073
00:45:54,280 --> 00:45:59,000
Or it mixes two versions of the same policy and produces a third policy that never existed.

1074
00:45:59,000 --> 00:46:00,880
Nobody audits the chat transcript for tone.

1075
00:46:00,880 --> 00:46:01,880
They audit it for harm.

1076
00:46:01,880 --> 00:46:05,520
So this demo is built around the highest risk question types.

1077
00:46:05,520 --> 00:46:08,960
SOPs, runbooks, compliance rules, and internal policy.

1078
00:46:08,960 --> 00:46:12,240
The staff people ask in a hurry, copy into emails, and then treat as truth.

1079
00:46:12,240 --> 00:46:14,280
The architecture is intentionally strict.

1080
00:46:14,280 --> 00:46:17,800
User asks, can contractors store customer data in one drive?

1081
00:46:17,800 --> 00:46:21,360
Or what's the process for requesting elevated access?

1082
00:46:21,360 --> 00:46:26,360
Or are we allowed to use personal devices for M365?

1083
00:46:26,360 --> 00:46:28,040
The agent's first behavior is not to answer.

1084
00:46:28,040 --> 00:46:30,880
It's to classify the question type and set the response mode.

1085
00:46:30,880 --> 00:46:34,240
If it's policy or compliance, the agent goes into evidence mode.

1086
00:46:34,240 --> 00:46:37,560
Retrieve first, site always, and refuse to speculate.

1087
00:46:37,560 --> 00:46:41,440
Now the backbone, as your AI search as the source of truth, not SharePoint search,

1088
00:46:41,440 --> 00:46:43,240
not I think I saw a doc.

1089
00:46:43,240 --> 00:46:48,280
As your AI search index, designed for policy retrieval, chunked by atomic sections,

1090
00:46:48,280 --> 00:46:53,680
tagged with metadata like policy domain, audience, region, and last review date,

1091
00:46:53,680 --> 00:46:57,960
and security trimmed so the user only retrieves what they're allowed to read.

1092
00:46:57,960 --> 00:47:01,040
The retrieval step pulls the top chunks that match the question,

1093
00:47:01,040 --> 00:47:02,680
but the key design constraint is this.

1094
00:47:02,680 --> 00:47:05,200
The agent can only answer from retrieved content.

1095
00:47:05,200 --> 00:47:07,400
It can paraphrase, it can compress, it can explain.

1096
00:47:07,400 --> 00:47:10,280
It cannot invent, that's how you get audit-ready responses.

1097
00:47:10,280 --> 00:47:13,440
The output format is also strict because format is a control mechanism.

1098
00:47:13,440 --> 00:47:17,400
The response is short answer, source, next action, escalation path.

1099
00:47:17,400 --> 00:47:19,200
Short answer means one paragraph max.

1100
00:47:19,200 --> 00:47:23,080
If the agent needs five paragraphs, it doesn't understand the policy boundary well enough,

1101
00:47:23,080 --> 00:47:24,880
or the policy itself is ambiguous.

1102
00:47:24,880 --> 00:47:28,960
Either way, long answers are where the model starts, helping.

1103
00:47:28,960 --> 00:47:33,640
Source means the exact document in section with a link if your environment allows it.

1104
00:47:33,640 --> 00:47:37,520
If there are multiple sources, the agent lists them explicitly and calls out the conflict.

1105
00:47:37,520 --> 00:47:39,040
It does not blend them.

1106
00:47:39,040 --> 00:47:42,480
Next action means the operational step the user should take.

1107
00:47:42,480 --> 00:47:44,320
Submit request via this form.

1108
00:47:44,320 --> 00:47:49,240
Open a ticket in this category, use this approved storage location, or escalate to security

1109
00:47:49,240 --> 00:47:50,240
ops.

1110
00:47:50,240 --> 00:47:52,200
Policies without next actions don't reduce work.

1111
00:47:52,200 --> 00:47:54,040
They create more meetings.

1112
00:47:54,040 --> 00:47:56,440
Escalation path is the final safety valve.

1113
00:47:56,440 --> 00:48:01,360
If the question involves exceptions, regulatory jurisdiction, or privileged access the agent

1114
00:48:01,360 --> 00:48:04,760
routes, it doesn't negotiate policy exceptions in chat.

1115
00:48:04,760 --> 00:48:09,280
Now the inevitable reality, policy conflicts, you will have them every enterprise does.

1116
00:48:09,280 --> 00:48:14,360
Two docs disagree, one is newer, one is unofficial, one has the right title but the wrong audience.

1117
00:48:14,360 --> 00:48:18,360
The system needs a conflict strategy that doesn't rely on trust the model.

1118
00:48:18,360 --> 00:48:20,720
So the demo includes conflict handling rules.

1119
00:48:20,720 --> 00:48:25,280
If two policies conflict, the agent answers conflict detected, sides both, and escalates

1120
00:48:25,280 --> 00:48:26,520
to the policy owner.

1121
00:48:26,520 --> 00:48:31,480
That escalation payload includes the retrieved chunks and the reason the system flagged ambiguity,

1122
00:48:31,480 --> 00:48:33,400
you don't hide the mess, you surface it.

1123
00:48:33,400 --> 00:48:38,000
If the doc is outdated, the agent says it's outdated, sides the last reviewed date, and escalates.

1124
00:48:38,000 --> 00:48:41,760
Stale truth is not truth and if the index doesn't contain the answer, the agent refuses,

1125
00:48:41,760 --> 00:48:42,760
no source, no answer.

1126
00:48:42,760 --> 00:48:44,880
The refusal is not, I'm sorry.

1127
00:48:44,880 --> 00:48:46,160
It's operational.

1128
00:48:46,160 --> 00:48:48,280
I can't find an approved source.

1129
00:48:48,280 --> 00:48:51,760
I can open a ticket to the policy owner and include your question.

1130
00:48:51,760 --> 00:48:55,080
Now measuring accuracy because this is where most teams lie to themselves.

1131
00:48:55,080 --> 00:48:59,640
You build an evaluator set, a fixed list of real policy questions that matter.

1132
00:48:59,640 --> 00:49:04,640
Then you score failures with a taxonomy missing doc wrong doc wrong inference stale doc or conflict.

1133
00:49:04,640 --> 00:49:08,240
That taxonomy matters because each failure has a different fix.

1134
00:49:08,240 --> 00:49:12,520
Missing doc is content work, wrong doc is metadata or chunking, wrong inference is response

1135
00:49:12,520 --> 00:49:13,520
constraints.

1136
00:49:13,520 --> 00:49:17,440
Stale doc is lifecycle governance and the demo closes with the proof point your stakeholders

1137
00:49:17,440 --> 00:49:19,000
actually care about.

1138
00:49:19,000 --> 00:49:20,720
You can show the evidence trail.

1139
00:49:20,720 --> 00:49:23,560
Every answer has citations, every escalation has a reason.

1140
00:49:23,560 --> 00:49:27,800
Every I don't know becomes a backlog item to improve knowledge coverage.

1141
00:49:27,800 --> 00:49:31,640
That's the difference between co pilot answer the question and the organization can trust

1142
00:49:31,640 --> 00:49:33,040
what it answered.

1143
00:49:33,040 --> 00:49:37,080
Demo architecture three approvals via teams adaptive cards.

1144
00:49:37,080 --> 00:49:41,720
This third demo is where the agent work force stops sounding like marketing and starts looking

1145
00:49:41,720 --> 00:49:46,320
like a control system because approvals are the moment an agent either earns trust or

1146
00:49:46,320 --> 00:49:47,880
becomes a liability.

1147
00:49:47,880 --> 00:49:52,120
Most organizations try to handle risk with a generic human in the loop rule.

1148
00:49:52,120 --> 00:49:53,520
Someone should approve it.

1149
00:49:53,520 --> 00:49:55,640
It's not control that's delay.

1150
00:49:55,640 --> 00:49:57,560
A real enterprise pattern is tighter.

1151
00:49:57,560 --> 00:50:02,320
The agent runs everything it can deterministically then it poses only a decision boundaries that

1152
00:50:02,320 --> 00:50:05,280
are irreversible, privileged or ordered relevant.

1153
00:50:05,280 --> 00:50:08,240
That boundary becomes visible through adaptive cards and teams.

1154
00:50:08,240 --> 00:50:12,160
And yes teams is the right place for this not because it's trendy but because it's where

1155
00:50:12,160 --> 00:50:14,600
approvals already happen in the real world.

1156
00:50:14,600 --> 00:50:16,800
Managers, service owners, security reviewers.

1157
00:50:16,800 --> 00:50:18,200
They don't want to read paragraphs.

1158
00:50:18,200 --> 00:50:20,200
They want to click a decision and move on.

1159
00:50:20,200 --> 00:50:21,960
So the demo flow starts with detection.

1160
00:50:21,960 --> 00:50:25,840
The user asks for something that crosses a risk threshold, grant access to this share

1161
00:50:25,840 --> 00:50:27,240
point side.

1162
00:50:27,240 --> 00:50:28,240
Approve an exception.

1163
00:50:28,240 --> 00:50:30,200
Reset MFA for a user.

1164
00:50:30,200 --> 00:50:32,040
Create a mailbox delegation.

1165
00:50:32,040 --> 00:50:33,480
Approve a spend request.

1166
00:50:33,480 --> 00:50:34,840
Approve a change.

1167
00:50:34,840 --> 00:50:36,960
It doesn't matter which domain you pick.

1168
00:50:36,960 --> 00:50:39,200
What matters is the shape of the workflow.

1169
00:50:39,200 --> 00:50:41,880
Request, validate, approve, execute, log.

1170
00:50:41,880 --> 00:50:45,280
Step one, the agent classifies the intent and evaluates risk.

1171
00:50:45,280 --> 00:50:46,280
This is not a vibe check.

1172
00:50:46,280 --> 00:50:47,280
It's a rules check.

1173
00:50:47,280 --> 00:50:51,200
If the intent maps to a right action or touches sensitive data or changes permissions,

1174
00:50:51,200 --> 00:50:52,960
the agent flips into approval mode.

1175
00:50:52,960 --> 00:50:56,720
It gathers the minimum context required to make the decision reviewable.

1176
00:50:56,720 --> 00:50:58,320
Who is requesting?

1177
00:50:58,320 --> 00:50:59,840
What resource is being changed?

1178
00:50:59,840 --> 00:51:00,840
Why?

1179
00:51:00,840 --> 00:51:01,840
For how long?

1180
00:51:01,840 --> 00:51:02,840
And what policy applies?

1181
00:51:02,840 --> 00:51:07,040
And it retrieves the relevant policy source because approvals without policy context

1182
00:51:07,040 --> 00:51:09,800
just become whoever clicks first wins.

1183
00:51:09,800 --> 00:51:12,360
Step two, the agent generates the approval payload.

1184
00:51:12,360 --> 00:51:14,560
This is a structured object, not a narrative.

1185
00:51:14,560 --> 00:51:19,000
Request our target resource, requested action, scope, duration, justification, evidence

1186
00:51:19,000 --> 00:51:22,840
link and the downstream action that will execute if approved.

1187
00:51:22,840 --> 00:51:25,840
The agent also includes a deny reason required field.

1188
00:51:25,840 --> 00:51:28,080
Denials without reasons create shadow workflows.

1189
00:51:28,080 --> 00:51:30,360
People just resubmit until someone approves.

1190
00:51:30,360 --> 00:51:31,680
Entropy wins.

1191
00:51:31,680 --> 00:51:34,880
Step three, teams adaptive card is posted to the approver.

1192
00:51:34,880 --> 00:51:35,880
The card format matters.

1193
00:51:35,880 --> 00:51:39,600
It should be short enough that the approver can decide in 10 seconds, but complete enough

1194
00:51:39,600 --> 00:51:41,360
that they don't need a follow-up meeting.

1195
00:51:41,360 --> 00:51:46,160
So the card contains the action summary in one line, the justification in one sentence,

1196
00:51:46,160 --> 00:51:48,920
the policy citation as a link, and three buttons.

1197
00:51:48,920 --> 00:51:51,720
Approved, deny and request more info.

1198
00:51:51,720 --> 00:51:53,480
That third button is not politeness.

1199
00:51:53,480 --> 00:51:58,600
It is how you prevent deny from becoming the default because the approver lacked context.

1200
00:51:58,600 --> 00:52:00,960
Now the important part, the card is not just the UI.

1201
00:52:00,960 --> 00:52:05,160
It is the enforcement mechanism because clicking approved triggers a deterministic workflow

1202
00:52:05,160 --> 00:52:07,280
that is version controlled and logged.

1203
00:52:07,280 --> 00:52:09,400
This is where Power Automate does the heavy lifting.

1204
00:52:09,400 --> 00:52:13,000
It captures the approval decision, stamps who approved when they approved the exact

1205
00:52:13,000 --> 00:52:17,160
payload they approved and then executes the right action through the approved toolpath.

1206
00:52:17,160 --> 00:52:18,280
No ad hoc calls.

1207
00:52:18,280 --> 00:52:20,760
No agent decided to improvise.

1208
00:52:20,760 --> 00:52:25,200
If the approval is denied, the workflow logs the reason and routes it back to the requester

1209
00:52:25,200 --> 00:52:26,360
with the next step.

1210
00:52:26,360 --> 00:52:29,400
What to change, who to contact or what policy blocked it.

1211
00:52:29,400 --> 00:52:32,520
That reduces rework and stops the agent from becoming a dead end.

1212
00:52:32,520 --> 00:52:37,160
If the approver requests more info, the agent re-engages the requester with one targeted question,

1213
00:52:37,160 --> 00:52:39,360
updates the payload and re-issues the card.

1214
00:52:39,360 --> 00:52:40,360
No long chat.

1215
00:52:40,360 --> 00:52:42,040
Just fill the missing field and continue.

1216
00:52:42,040 --> 00:52:45,480
Now the guardrails, you need a risk threshold model, not complex.

1217
00:52:45,480 --> 00:52:46,880
Three tiers.

1218
00:52:46,880 --> 00:52:47,880
No risk.

1219
00:52:47,880 --> 00:52:52,160
Read only actions, status checks, knowledge retrieval, no approvals.

1220
00:52:52,160 --> 00:52:53,160
Medium risk.

1221
00:52:53,160 --> 00:52:56,800
Write actions that are reversible and low impact, like creating a ticket or updating a

1222
00:52:56,800 --> 00:52:58,600
non-sensitive field.

1223
00:52:58,600 --> 00:52:59,600
Optional approvals.

1224
00:52:59,600 --> 00:53:00,600
High risk.

1225
00:53:00,600 --> 00:53:01,600
Access changes.

1226
00:53:01,600 --> 00:53:02,600
Privileged changes.

1227
00:53:02,600 --> 00:53:03,600
Financial actions.

1228
00:53:03,600 --> 00:53:05,000
External communication.

1229
00:53:05,000 --> 00:53:07,160
Or anything that changes identity.

1230
00:53:07,160 --> 00:53:08,160
Mandatory approvals.

1231
00:53:08,160 --> 00:53:10,840
And you enforce this in orchestration, not in documentation.

1232
00:53:10,840 --> 00:53:12,600
The operational effect is immediate.

1233
00:53:12,600 --> 00:53:16,200
Cycle time drops because the agent does the prep work and routes the decision to the correct

1234
00:53:16,200 --> 00:53:17,680
human with the right context.

1235
00:53:17,680 --> 00:53:22,640
Risk drops because right actions only execute after an explicit, log decision.

1236
00:53:22,640 --> 00:53:25,760
And adoption rises because users see outcomes, not chat.

1237
00:53:25,760 --> 00:53:28,160
This demo also closes an early open loop.

1238
00:53:28,160 --> 00:53:32,560
The design choice that prevents ghost agents later is the same choice that makes approvals

1239
00:53:32,560 --> 00:53:33,560
work.

1240
00:53:33,560 --> 00:53:35,080
Put decision boundaries in the system.

1241
00:53:35,080 --> 00:53:36,080
Not in the slide deck.

1242
00:53:36,080 --> 00:53:37,880
Agents Brawl is predictable.

1243
00:53:37,880 --> 00:53:38,880
Design for it upfront.

1244
00:53:38,880 --> 00:53:40,880
Agents Brawl isn't a later problem.

1245
00:53:40,880 --> 00:53:45,760
It's the default outcome of giving people a new capability with no enforced boundary.

1246
00:53:45,760 --> 00:53:48,120
Most organizations think the risk is too few agents.

1247
00:53:48,120 --> 00:53:51,440
The real risk is too many because users don't want 50 agents.

1248
00:53:51,440 --> 00:53:55,200
They want five that work every time in the same places they already work.

1249
00:53:55,200 --> 00:53:58,080
When the ecosystem turns into a catalog, nobody understands.

1250
00:53:58,080 --> 00:53:59,440
Adoption doesn't fail loudly.

1251
00:53:59,440 --> 00:54:00,520
It just decays.

1252
00:54:00,520 --> 00:54:04,240
People go back to emailing the service desk and forwarding PDFs because it's faster than

1253
00:54:04,240 --> 00:54:06,600
deciding which agent might be correct.

1254
00:54:06,600 --> 00:54:09,200
And sprawl creates a second quieter problem.

1255
00:54:09,200 --> 00:54:10,200
Ghost agents.

1256
00:54:10,200 --> 00:54:14,280
Ghost agents are agents that nobody uses, nobody owns, and nobody remembers.

1257
00:54:14,280 --> 00:54:19,160
But they still exist, still connect to knowledge, still have two permissions, and still generate

1258
00:54:19,160 --> 00:54:20,160
audit surface.

1259
00:54:20,160 --> 00:54:22,360
They're the perfect entropy generators.

1260
00:54:22,360 --> 00:54:24,960
Invisible most days, catastrophic on the wrong day.

1261
00:54:24,960 --> 00:54:29,200
So if leadership wants scale without liability, the program has to treat sprawl as inevitable

1262
00:54:29,200 --> 00:54:31,200
and designed for it upfront.

1263
00:54:31,200 --> 00:54:32,840
Start with the uncomfortable truth.

1264
00:54:32,840 --> 00:54:35,720
Self-service agent creation is not democratization.

1265
00:54:35,720 --> 00:54:37,840
It is distributed risk creation.

1266
00:54:37,840 --> 00:54:42,600
And the platform will happily allow it because platforms optimize for capability, not

1267
00:54:42,600 --> 00:54:44,080
for your audit findings.

1268
00:54:44,080 --> 00:54:45,600
Distinction matters.

1269
00:54:45,600 --> 00:54:49,720
So the first control is a catalog discipline that feels boring and saves the program.

1270
00:54:49,720 --> 00:54:53,760
Every agent needs a name that describes an outcome, an owner that signs the outcome, a

1271
00:54:53,760 --> 00:54:58,400
business sponsor that signs the risk and a life cycle state that reflects reality.

1272
00:54:58,400 --> 00:55:01,080
Pilot, active, deprecated, retired.

1273
00:55:01,080 --> 00:55:04,040
Not V1 and V2 and test final final.

1274
00:55:04,040 --> 00:55:05,120
Life cycle state isn't a label.

1275
00:55:05,120 --> 00:55:06,280
It's a policy trigger.

1276
00:55:06,280 --> 00:55:08,320
Pilot agents can't publish broadly.

1277
00:55:08,320 --> 00:55:10,160
Deprecated agents can't receive new users.

1278
00:55:10,160 --> 00:55:12,280
Retired agents lose tool access and knowledge bindings.

1279
00:55:12,280 --> 00:55:15,920
If those transitions don't remove capability, they aren't life cycle states.

1280
00:55:15,920 --> 00:55:17,840
They are stickers.

1281
00:55:17,840 --> 00:55:21,320
Next adopt a reuse strategy that prevents the agent for everything pattern.

1282
00:55:21,320 --> 00:55:23,120
The right reuse unit isn't the agent.

1283
00:55:23,120 --> 00:55:25,480
It's the tool.

1284
00:55:25,480 --> 00:55:26,640
Agents are experiences.

1285
00:55:26,640 --> 00:55:28,080
Tools are capabilities.

1286
00:55:28,080 --> 00:55:33,920
If the organization standardizes tools, ticket creation, status checks, identity lookup,

1287
00:55:33,920 --> 00:55:39,280
KB retrieval, teams can build small, scoped agents without reinventing integrations.

1288
00:55:39,280 --> 00:55:43,000
If the organization tries to standardize agents, it builds brittle monoliths that nobody

1289
00:55:43,000 --> 00:55:44,800
trusts and everybody forks.

1290
00:55:44,800 --> 00:55:46,880
Forking is how sprawl becomes permanent.

1291
00:55:46,880 --> 00:55:51,840
So the rule is, prefer reusable MCPN points and flows over reusable agents.

1292
00:55:51,840 --> 00:55:52,840
Build once.

1293
00:55:52,840 --> 00:55:53,920
Reuse everywhere.

1294
00:55:53,920 --> 00:55:55,360
Then control publishing.

1295
00:55:55,360 --> 00:55:58,280
This is the simplest governance posture that still allows innovation.

1296
00:55:58,280 --> 00:56:00,120
You can build but you can't publish.

1297
00:56:00,120 --> 00:56:02,240
People can prototype in a constrained environment.

1298
00:56:02,240 --> 00:56:03,520
They can test with themselves.

1299
00:56:03,520 --> 00:56:05,400
They can even share inside a small group.

1300
00:56:05,400 --> 00:56:09,240
But the moment an agent becomes enterprise facing, it enters a publishing world.

1301
00:56:09,240 --> 00:56:16,120
Workflow with review gates, data sources, tools, write permissions, grounding strategy, telemetry

1302
00:56:16,120 --> 00:56:17,920
and owner assignment.

1303
00:56:17,920 --> 00:56:20,720
If you don't separate build from publish, you'll never catch sprawl.

1304
00:56:20,720 --> 00:56:25,480
You'll only discover it when the CEO asks why there are three VPN helpers and none of them

1305
00:56:25,480 --> 00:56:26,480
agree.

1306
00:56:26,480 --> 00:56:28,640
Now define the retirement policy before you need it.

1307
00:56:28,640 --> 00:56:30,680
This is where programs usually lie to themselves.

1308
00:56:30,680 --> 00:56:32,080
We'll clean it up later.

1309
00:56:32,080 --> 00:56:34,120
They won't.

1310
00:56:34,120 --> 00:56:35,720
Retirement needs automatic triggers.

1311
00:56:35,720 --> 00:56:40,120
No usage over a time window, high escalation rates repeated incorrect routing, missing

1312
00:56:40,120 --> 00:56:44,000
owner, missing sponsor or tool access that no longer matches the approved pattern.

1313
00:56:44,000 --> 00:56:49,120
When a trigger hits, the owner gets a review task, improve, merge or retire.

1314
00:56:49,120 --> 00:56:50,840
And retirement must be real.

1315
00:56:50,840 --> 00:56:55,360
Remove it from discovery, revoke tool permissions, archive logs and keep the audit record.

1316
00:56:55,360 --> 00:56:58,680
And if you only hide the agent but leave the permissions, you didn't retire it.

1317
00:56:58,680 --> 00:57:00,120
You just made it harder to notice.

1318
00:57:00,120 --> 00:57:04,360
Finally, the design choice that prevents topic sprawl from turning into agents sprawl,

1319
00:57:04,360 --> 00:57:06,720
create intents as an enterprise registry.

1320
00:57:06,720 --> 00:57:08,760
One intent taxonomy shared across agents.

1321
00:57:08,760 --> 00:57:12,880
If each team invents its own intent set, the ecosystem fragments immediately.

1322
00:57:12,880 --> 00:57:17,240
Password reset becomes account unlock, becomes login problem, becomes access issue.

1323
00:57:17,240 --> 00:57:19,760
And now routing quality collapses across every agent.

1324
00:57:19,760 --> 00:57:21,680
The user doesn't care which team built it.

1325
00:57:21,680 --> 00:57:23,840
They care that the system behaves consistently.

1326
00:57:23,840 --> 00:57:27,320
So make intent to shared asset make tools reusable and make publishing gated.

1327
00:57:27,320 --> 00:57:29,320
That's how you get scale without panic.

1328
00:57:29,320 --> 00:57:31,840
Because the platform will not stop you from creating entropy.

1329
00:57:31,840 --> 00:57:35,360
You have to enter agent ID identity for nonhumans.

1330
00:57:35,360 --> 00:57:40,720
Once agents sprawl becomes visible, most organizations reach for governance as paperwork, a spreadsheet,

1331
00:57:40,720 --> 00:57:44,200
a review meeting, a naming convention and a promise to be careful.

1332
00:57:44,200 --> 00:57:45,360
That is not governance.

1333
00:57:45,360 --> 00:57:47,080
That's documentation of drift.

1334
00:57:47,080 --> 00:57:51,280
The only governance that holds in an enterprise is enforced identity because identity is the

1335
00:57:51,280 --> 00:57:56,120
anchor point for permissions, conditional access, audit, trails and incident response.

1336
00:57:56,120 --> 00:58:00,880
Without it, your agent ecosystem is just anonymous tool chains acting on real systems.

1337
00:58:00,880 --> 00:58:03,640
So enter agent ID matters for one blunt reason.

1338
00:58:03,640 --> 00:58:06,280
Agents become actors, actors need identities.

1339
00:58:06,280 --> 00:58:10,200
In intra terms, an agent identity is the non-human principle that represents the agent

1340
00:58:10,200 --> 00:58:12,480
when it touches data or invokes tools.

1341
00:58:12,480 --> 00:58:15,560
It's the thing that answers the question auditors always ask.

1342
00:58:15,560 --> 00:58:17,560
And your team's always struggle to answer.

1343
00:58:17,560 --> 00:58:18,560
Who did what?

1344
00:58:18,560 --> 00:58:21,960
When using what permissions and under which policy controls?

1345
00:58:21,960 --> 00:58:24,200
If the answer is the agent did it, you don't have an answer.

1346
00:58:24,200 --> 00:58:25,200
You have a story.

1347
00:58:25,200 --> 00:58:27,560
Entra agent ID turns that story into a record.

1348
00:58:27,560 --> 00:58:30,320
Now here's the part most organizations miss.

1349
00:58:30,320 --> 00:58:33,160
Agent ID isn't about whether a user can chat with the agent.

1350
00:58:33,160 --> 00:58:35,440
That surface access.

1351
00:58:35,440 --> 00:58:38,600
Agent ID is about what the agent can do once it's engaged.

1352
00:58:38,600 --> 00:58:43,120
What data it can read, what systems it can call and what actions it can execute.

1353
00:58:43,120 --> 00:58:47,280
That distinction matters because most early rollouts over focus on user access lists and

1354
00:58:47,280 --> 00:58:49,560
under focus on agent capability boundaries.

1355
00:58:49,560 --> 00:58:52,120
Over time, user access stays roughly stable.

1356
00:58:52,120 --> 00:58:54,000
Agent capabilities always expand.

1357
00:58:54,000 --> 00:58:57,680
They expand because someone adds just one more connector, just one more tool, just one

1358
00:58:57,680 --> 00:59:00,560
more right action and those exceptions accumulate.

1359
00:59:00,560 --> 00:59:02,200
Entropy always wins through exceptions.

1360
00:59:02,200 --> 00:59:06,000
So the first architectural law for agent ID is least privileged by default.

1361
00:59:06,000 --> 00:59:07,920
Not least privileged for users.

1362
00:59:07,920 --> 00:59:09,680
Least privileged for the agent as an actor.

1363
00:59:09,680 --> 00:59:13,720
That means the agent identity gets only the permissions needed for its defined outcome

1364
00:59:13,720 --> 00:59:16,600
in its defined scope, in its defined environment.

1365
00:59:16,600 --> 00:59:20,720
If the agent triages it issues, it does not need permissions to create accounts.

1366
00:59:20,720 --> 00:59:24,200
If it answers policy questions, it does not need permissions to grant access.

1367
00:59:24,200 --> 00:59:29,040
If it can read device compliance state, it does not need the ability to update device configuration.

1368
00:59:29,040 --> 00:59:33,200
Read and write must stay separate identities or at least separate permission sets because

1369
00:59:33,200 --> 00:59:36,200
write permissions are how experiments become incidents.

1370
00:59:36,200 --> 00:59:39,120
Next, conditional access becomes your control surface.

1371
00:59:39,120 --> 00:59:42,000
Most people treat conditional access as user security.

1372
00:59:42,000 --> 00:59:46,440
In architectural terms, conditional access is an execution policy layer for identities.

1373
00:59:46,440 --> 00:59:51,480
If the agent identity exists, you can constrain when and where that identity can be used.

1374
00:59:51,480 --> 00:59:56,280
To comply and devices, restrict to trusted locations, restrict session behavior,

1375
00:59:56,280 --> 00:59:59,040
and block high-risk sign-in conditions.

1376
00:59:59,040 --> 01:00:02,200
This is how you stop toolchains from becoming shadow admins.

1377
01:00:02,200 --> 01:00:04,920
And you don't wait until after the first scary incident.

1378
01:00:04,920 --> 01:00:08,080
You design the baseline policy the same way you design the agent.

1379
01:00:08,080 --> 01:00:10,080
Start restrictive then loosen with evidence.

1380
01:00:10,080 --> 01:00:14,040
Now the thing leadership actually cares about isn't the identity object, it's the audit

1381
01:00:14,040 --> 01:00:15,040
anchor.

1382
01:00:15,040 --> 01:00:19,120
Agent ID gives you a stable principle that shows up in logs across the stack.

1383
01:00:19,120 --> 01:00:24,720
A sign-in activity where applicable, power platform activity, tool invocation, approvals,

1384
01:00:24,720 --> 01:00:27,360
ticket creation, and downstream system changes.

1385
01:00:27,360 --> 01:00:31,160
When something goes wrong, you can trace the chain without that you're debugging a ghost.

1386
01:00:31,160 --> 01:00:33,920
And this is where the escalation model becomes real.

1387
01:00:33,920 --> 01:00:37,240
Privileged actions require stronger boundaries than normal actions.

1388
01:00:37,240 --> 01:00:39,840
So your orchestration needs a privileged tier model.

1389
01:00:39,840 --> 01:00:42,640
Standard actions run under the base agent identity.

1390
01:00:42,640 --> 01:00:47,600
Privileged actions either require step-up authentication, explicit approvals, or a separate

1391
01:00:47,600 --> 01:00:52,320
privileged agent identity that can only be used through an approval workflow.

1392
01:00:52,320 --> 01:00:56,840
You don't let the same agent casually move from reading a runbook to changing access

1393
01:00:56,840 --> 01:00:57,840
controls.

1394
01:00:57,840 --> 01:00:59,160
That's not autonomy.

1395
01:00:59,160 --> 01:01:01,920
That's uncontrolled privilege drift.

1396
01:01:01,920 --> 01:01:06,120
Finally, agent ID is how you make ownership enforceable.

1397
01:01:06,120 --> 01:01:09,680
Earlier the system required every agent to have an owner and a sponsor.

1398
01:01:09,680 --> 01:01:12,440
Agent ID ties that to an identity life cycle.

1399
01:01:12,440 --> 01:01:16,840
When the owner changes roles, the sponsor changes, or the agent gets deprecated, you can

1400
01:01:16,840 --> 01:01:22,320
change access, rotate secrets, revoke permissions, and retire the identity.

1401
01:01:22,320 --> 01:01:26,360
That's what stops ghost agents from retaining power after everyone forgot they exist.

1402
01:01:26,360 --> 01:01:29,800
So the simple version is "entra agent ID" makes agents accountable.

1403
01:01:29,800 --> 01:01:33,280
And an enterprise system's accountability is the only thing that scales.

1404
01:01:33,280 --> 01:01:37,200
Because as soon as non-humans can act, you're no longer managing chatbots, you're managing

1405
01:01:37,200 --> 01:01:39,120
identities with tools.

1406
01:01:39,120 --> 01:01:40,920
Governance that doesn't kill innovation.

1407
01:01:40,920 --> 01:01:45,000
Most leaders hear governance and picture a committee that meets monthly to approve nothing.

1408
01:01:45,000 --> 01:01:46,000
That's not governance.

1409
01:01:46,000 --> 01:01:48,280
It's delay disguised as control.

1410
01:01:48,280 --> 01:01:52,080
Real governance is a design constraint that lets building happen fast while keeping the

1411
01:01:52,080 --> 01:01:53,360
blast radius small.

1412
01:01:53,360 --> 01:01:58,000
So the program starts with a posture that feels restrictive but actually accelerates delivery.

1413
01:01:58,000 --> 01:02:01,000
Retrieval only first, then control dried operations.

1414
01:02:01,000 --> 01:02:03,480
Retrieval only agents are where innovation should be cheap.

1415
01:02:03,480 --> 01:02:07,040
They read approved knowledge, site sources, and escalate when they can't.

1416
01:02:07,040 --> 01:02:11,360
That gives you immediate deflection and reduces human workload without risking state changes

1417
01:02:11,360 --> 01:02:12,880
in downstream systems.

1418
01:02:12,880 --> 01:02:15,960
And it trains your organization on how to build with discipline.

1419
01:02:15,960 --> 01:02:20,480
And ownership, metadata, evaluation sets, and no source, no answer.

1420
01:02:20,480 --> 01:02:23,320
If you can't govern retrieval, you have no business governing actions.

1421
01:02:23,320 --> 01:02:27,720
Then you introduce right operations as a gated capability, not a default feature.

1422
01:02:27,720 --> 01:02:31,520
Create ticket, update ticket, trigger and approval, send a templated email.

1423
01:02:31,520 --> 01:02:34,640
These are controlled actions with audit logs and rollbacks.

1424
01:02:34,640 --> 01:02:39,560
Anything beyond that, privilege changes, access grants, deletions, lives behind higher gates

1425
01:02:39,560 --> 01:02:41,200
or separate identities.

1426
01:02:41,200 --> 01:02:44,440
Autonomy expands only when observability proves it's safe.

1427
01:02:44,440 --> 01:02:47,400
Now the scaling mechanism is environment strategy.

1428
01:02:47,400 --> 01:02:51,560
Not because power platform needs more environments for fun, but because environments are your safety

1429
01:02:51,560 --> 01:02:52,560
lanes.

1430
01:02:52,560 --> 01:02:54,440
You need three lanes and they are not optional.

1431
01:02:54,440 --> 01:02:56,000
Lane one is personal productivity.

1432
01:02:56,000 --> 01:02:58,040
This is where experimentation lives.

1433
01:02:58,040 --> 01:02:59,400
People can build, test and learn.

1434
01:02:59,400 --> 01:03:00,760
They can't publish broadly.

1435
01:03:00,760 --> 01:03:02,080
Tool access is minimal.

1436
01:03:02,080 --> 01:03:03,360
Knowledge access is constrained.

1437
01:03:03,360 --> 01:03:06,200
The purpose is skill building without enterprise liability.

1438
01:03:06,200 --> 01:03:07,400
Lane two is departmental.

1439
01:03:07,400 --> 01:03:11,440
This is where teams solve real workflow problems with a bounded audience.

1440
01:03:11,440 --> 01:03:13,520
Publishing is limited to the department or group.

1441
01:03:13,520 --> 01:03:17,120
Tool access expands, but only to approved connectors and MCP tools.

1442
01:03:17,120 --> 01:03:19,840
This is where you prove adoption without creating global sprawl.

1443
01:03:19,840 --> 01:03:21,320
Lane three is business critical.

1444
01:03:21,320 --> 01:03:22,320
This is production.

1445
01:03:22,320 --> 01:03:23,320
ALM exists.

1446
01:03:23,320 --> 01:03:24,320
Dev test.

1447
01:03:24,320 --> 01:03:25,320
Prod separation exists.

1448
01:03:25,320 --> 01:03:26,320
Owners exist.

1449
01:03:26,320 --> 01:03:27,320
Sponsors exist.

1450
01:03:27,320 --> 01:03:28,320
Audit logging is on.

1451
01:03:28,320 --> 01:03:29,320
Tool allow lists are enforced.

1452
01:03:29,320 --> 01:03:33,560
And if an agent touches sensitive data or performs right actions, it passes review gates

1453
01:03:33,560 --> 01:03:36,000
before anyone outside the build team can use it.

1454
01:03:36,000 --> 01:03:40,960
That lane structure is how you scale without turning every cool idea into enterprise risk.

1455
01:03:40,960 --> 01:03:45,160
Now for the part that makes or breaks governance, data boundary enforcement, DLP and connector

1456
01:03:45,160 --> 01:03:46,760
policies aren't paperwork.

1457
01:03:46,760 --> 01:03:52,720
They're the only thing standing between useful automation and accidental data exfiltration.

1458
01:03:52,720 --> 01:03:57,040
If a builder can casually connect an agent to a personal mailbox, a consumer storage

1459
01:03:57,040 --> 01:04:01,800
service and a high trust internal system in the same flow, you didn't build an agent platform,

1460
01:04:01,800 --> 01:04:05,160
you built a leakage machine so you define connector boundaries by lane.

1461
01:04:05,160 --> 01:04:08,760
In personal productivity, block out bound and high risk connectors.

1462
01:04:08,760 --> 01:04:14,000
And departmental allow a curated set in business critical allow what's needed, but only through

1463
01:04:14,000 --> 01:04:18,520
approved tool surfaces with identities you can audit cross boundary data movement becomes

1464
01:04:18,520 --> 01:04:23,120
a design decision not a maker decision human in the loop also needs to be used correctly

1465
01:04:23,120 --> 01:04:24,120
here.

1466
01:04:24,120 --> 01:04:26,240
The governance mistake is to force approvals everywhere.

1467
01:04:26,240 --> 01:04:28,000
That's how you kill adoption.

1468
01:04:28,000 --> 01:04:32,280
The correct placement is still the same decision boundaries with risk approvals for right

1469
01:04:32,280 --> 01:04:37,160
actions above a threshold approvals for privilege approvals for external communications

1470
01:04:37,160 --> 01:04:38,840
everything else runs.

1471
01:04:38,840 --> 01:04:42,360
And this is the principle that stops chaos without stopping builders.

1472
01:04:42,360 --> 01:04:45,520
You can build, but you can't publish that posture sounds cynical.

1473
01:04:45,520 --> 01:04:47,200
It is, it's also true.

1474
01:04:47,200 --> 01:04:48,840
Builders don't need permission to explore.

1475
01:04:48,840 --> 01:04:53,360
They need a path to graduate their work into production without bypassing controls.

1476
01:04:53,360 --> 01:04:56,320
So the governance model gives them a clear graduation path.

1477
01:04:56,320 --> 01:04:57,720
Prove rooting stability.

1478
01:04:57,720 --> 01:04:59,040
Prove grounded accuracy.

1479
01:04:59,040 --> 01:05:00,040
Prove tool discipline.

1480
01:05:00,040 --> 01:05:01,040
Prove logging.

1481
01:05:01,040 --> 01:05:02,040
Assign an owner.

1482
01:05:02,040 --> 01:05:03,040
Then publish.

1483
01:05:03,040 --> 01:05:04,800
The gates are explicit and the gates are fast.

1484
01:05:04,800 --> 01:05:07,320
If you hide the gates behind meetings, people root around them.

1485
01:05:07,320 --> 01:05:10,880
If you enforce the gates in design, people ship safely.

1486
01:05:10,880 --> 01:05:13,480
Governance that doesn't kill innovation is simple.

1487
01:05:13,480 --> 01:05:16,880
Constraint where agents can act, constrain what they can touch and make publishing the

1488
01:05:16,880 --> 01:05:18,360
only real checkpoint.

1489
01:05:18,360 --> 01:05:22,560
Then the system can scale because control that depends on memory always erodes.

1490
01:05:22,560 --> 01:05:24,800
Control that depends on design holds.

1491
01:05:24,800 --> 01:05:25,800
Observability.

1492
01:05:25,800 --> 01:05:27,600
The flight recorder problem.

1493
01:05:27,600 --> 01:05:31,200
Governance without observability is just optimism with a meeting invite.

1494
01:05:31,200 --> 01:05:34,400
Most organizations can describe what they intended an agent to do.

1495
01:05:34,400 --> 01:05:36,720
They cannot describe what it actually did.

1496
01:05:36,720 --> 01:05:37,720
Not reliably.

1497
01:05:37,720 --> 01:05:38,800
Not at scale.

1498
01:05:38,800 --> 01:05:43,480
Not after the first incident review when legal asks for the exact sequence of actions.

1499
01:05:43,480 --> 01:05:44,960
This is the flight recorder problem.

1500
01:05:44,960 --> 01:05:47,800
In aviation, nobody debates whether they need logs after a crash.

1501
01:05:47,800 --> 01:05:51,520
In enterprise AI, teams still treat logs like a premium feature.

1502
01:05:51,520 --> 01:05:53,560
Nice later, not required now.

1503
01:05:53,560 --> 01:05:56,760
That's how you end up with agents that can act but can't be explained.

1504
01:05:56,760 --> 01:05:59,800
And an agent that can't be explained is an agent you can't defend.

1505
01:05:59,800 --> 01:06:04,480
Your observability becomes the third pillar of control alongside grounding and identity.

1506
01:06:04,480 --> 01:06:07,160
It is what makes intent enforceable over time.

1507
01:06:07,160 --> 01:06:08,360
Start with the minimum.

1508
01:06:08,360 --> 01:06:09,360
Decision logs.

1509
01:06:09,360 --> 01:06:10,920
Not chat transcripts.

1510
01:06:10,920 --> 01:06:11,920
Decision logs.

1511
01:06:11,920 --> 01:06:13,720
A transcript tells you what the user said.

1512
01:06:13,720 --> 01:06:17,800
It does not tell you why the agent chose an intent, why it called a tool, why it escalated

1513
01:06:17,800 --> 01:06:18,960
or why it refused.

1514
01:06:18,960 --> 01:06:21,400
You need a record of the agent's decision points.

1515
01:06:21,400 --> 01:06:22,400
Classification result.

1516
01:06:22,400 --> 01:06:23,400
Confidence.

1517
01:06:23,400 --> 01:06:24,400
Retrieved sources.

1518
01:06:24,400 --> 01:06:25,400
Tool calls attempted.

1519
01:06:25,400 --> 01:06:26,400
Tool results.

1520
01:06:26,400 --> 01:06:27,880
Verification outcomes.

1521
01:06:27,880 --> 01:06:31,400
Proofers requested approvals received and the final disposition.

1522
01:06:31,400 --> 01:06:34,960
That means every meaningful step produces a log event you can query.

1523
01:06:34,960 --> 01:06:36,600
Not an export you have to dig up later.

1524
01:06:36,600 --> 01:06:39,040
A queryable record.

1525
01:06:39,040 --> 01:06:43,280
And yes, the platform gives you pieces, power platform admin views, agent registries, purview

1526
01:06:43,280 --> 01:06:46,120
DSPM for AI and defender signals.

1527
01:06:46,120 --> 01:06:50,800
But those surfaces only help if you treat observability as a design requirement, not a retrospective

1528
01:06:50,800 --> 01:06:51,800
cleanup task.

1529
01:06:51,800 --> 01:06:53,520
Audit logging is the first non-negotiable.

1530
01:06:53,520 --> 01:06:57,980
If the agent can access enterprise data or execute actions, its activity must land in

1531
01:06:57,980 --> 01:07:00,120
audit logs with a stable identity anchor.

1532
01:07:00,120 --> 01:07:02,360
This is where agent ID stops being theoretical.

1533
01:07:02,360 --> 01:07:06,200
It becomes the principle you can search for when you need to know what happened.

1534
01:07:06,200 --> 01:07:07,840
The next surface is monitoring.

1535
01:07:07,840 --> 01:07:10,000
Not just is it up, but is it behaving?

1536
01:07:10,000 --> 01:07:12,600
So the metrics that matter are not messages sent.

1537
01:07:12,600 --> 01:07:16,200
Their operational outcomes, containment rate, how often the interaction ends without a

1538
01:07:16,200 --> 01:07:20,280
human, escalation rate, how often it puns to a human, and why.

1539
01:07:20,280 --> 01:07:24,280
And then, the first thing you need to know is the data.

1540
01:07:24,280 --> 01:07:29,120
And then, the first thing you need to know is the data.

1541
01:07:29,120 --> 01:07:32,480
And then, the second thing you need to know is the data.

1542
01:07:32,480 --> 01:07:36,160
And then, the second thing you need to know is the data.

1543
01:07:36,160 --> 01:07:39,920
And then, the second thing you need to know is the data.

1544
01:07:39,920 --> 01:07:43,920
And then, the second thing you need to know is the data.

1545
01:07:43,920 --> 01:07:46,920
And then, the second thing you need to know is the data.

1546
01:07:46,920 --> 01:07:49,920
And then, the second thing you need to know is the data.

1547
01:07:49,920 --> 01:07:52,840
And then, the second thing you need to know is the data.

1548
01:07:52,840 --> 01:07:56,600
And then, the second thing you need to know is the data.

1549
01:07:56,600 --> 01:08:00,000
And then, the second thing you need to know is the data.

1550
01:08:00,000 --> 01:08:03,280
And then, the second thing you need to know is the data.

1551
01:08:03,280 --> 01:08:06,960
And then, the second thing you need to know is the data.

1552
01:08:06,960 --> 01:08:09,560
And then, the second thing you need to know is the data.

1553
01:08:09,560 --> 01:08:12,600
And then, the second thing you need to know is the data.

1554
01:08:12,600 --> 01:08:15,560
And then, the second thing you need to know is the data.

1555
01:08:15,560 --> 01:08:18,560
And then, the second thing you need to know is the data.

1556
01:08:18,560 --> 01:08:21,480
And then, the second thing you need to know is the data.

1557
01:08:21,480 --> 01:08:24,440
And then, the second thing you need to know is the data.

1558
01:08:24,440 --> 01:08:27,440
And then, the second thing you need to know is the data.

1559
01:08:27,440 --> 01:08:30,040
And then, the second thing you need to know is the data.

1560
01:08:30,040 --> 01:08:32,440
And then, the second thing you need to know is the data.

1561
01:08:32,440 --> 01:08:35,000
And then, the second thing you need to know is the data.

1562
01:08:35,000 --> 01:08:37,400
And then, the second thing you need to know is the data.

1563
01:08:37,400 --> 01:08:40,200
And then, the second thing you need to know is the data.

1564
01:08:40,200 --> 01:08:42,840
And then, the second thing you need to know is the data.

1565
01:08:42,840 --> 01:08:46,040
And then, the second thing you need to know is the data.

1566
01:08:46,040 --> 01:08:48,280
And then, the second thing you need to know is the data.

1567
01:08:48,280 --> 01:08:51,200
And then, the second thing you need to know is the data.

1568
01:08:51,200 --> 01:08:54,160
And then, the second thing you need to know is the data.

1569
01:08:54,160 --> 01:08:57,160
And then, the second thing you need to know is the data.

1570
01:08:57,160 --> 01:08:59,760
And then, the second thing you need to know is the data.

1571
01:08:59,760 --> 01:09:02,920
And then, the second thing you need to know is the data.

1572
01:09:02,920 --> 01:09:05,960
And then, the second thing you need to know is the data.

1573
01:09:05,960 --> 01:09:08,640
And then, the second thing you need to know is the data.

1574
01:09:08,640 --> 01:09:11,680
And then, the second thing you need to know is the data.

1575
01:09:11,680 --> 01:09:14,920
And then, the second thing you need to know is the data.

1576
01:09:14,920 --> 01:09:17,920
And then, the third thing you need to know is the data.

1577
01:09:17,920 --> 01:09:20,840
And then, the third thing you need to know is the data.

1578
01:09:20,840 --> 01:09:23,800
And then, the third thing you need to know is the data.

1579
01:09:23,800 --> 01:09:26,800
And then, the third thing you need to know is the data.

1580
01:09:26,800 --> 01:09:29,400
And then, the third thing you need to know is the data.

1581
01:09:29,400 --> 01:09:32,560
And then, the third thing you need to know is the data.

1582
01:09:32,560 --> 01:09:35,560
And then, the third thing you need to know is the data.

1583
01:09:35,560 --> 01:09:38,280
And then, the third thing you need to know is the data.

1584
01:09:38,280 --> 01:09:41,320
And then, the third thing you need to know is the data.

1585
01:09:41,320 --> 01:09:44,560
And then, the third thing you need to know is the data.

1586
01:09:44,560 --> 01:09:47,560
And then, the third thing you need to know is the data.

1587
01:09:47,560 --> 01:09:50,200
Turns all of this into a working enterprise system.

1588
01:09:50,200 --> 01:09:52,520
Days one, 10, build the first working system.

1589
01:09:52,520 --> 01:09:54,840
Days one through 10 aren't for vision decks.

1590
01:09:54,840 --> 01:09:57,120
Therefore, forcing a working system into existence

1591
01:09:57,120 --> 01:09:59,800
with constraints tight enough that it can't lie to you.

1592
01:09:59,800 --> 01:10:03,000
Days one and two, pick the use case, lock the KPI targets,

1593
01:10:03,000 --> 01:10:04,720
and draw the escalation boundary in ink.

1594
01:10:04,720 --> 01:10:07,120
You're not selecting AI opportunities.

1595
01:10:07,120 --> 01:10:09,000
You're selecting one operational flow,

1596
01:10:09,000 --> 01:10:12,520
where deflection and cycle time can move inside 30 days.

1597
01:10:12,520 --> 01:10:15,720
IT Ticket triage wins because it's measurable, high volume,

1598
01:10:15,720 --> 01:10:17,800
and politically survivable.

1599
01:10:17,800 --> 01:10:20,000
Then you set targets that can't be gamed.

1600
01:10:20,000 --> 01:10:23,040
20% to 40% deflection for the chosen intake channel,

1601
01:10:23,040 --> 01:10:26,120
15% to 30% SLA reduction for the subset of tickets

1602
01:10:26,120 --> 01:10:29,680
the agent touches and 10% to 25% fewer escalations

1603
01:10:29,680 --> 01:10:31,320
caused by mis-routing.

1604
01:10:31,320 --> 01:10:34,440
You also define the hard line, what the agent must never do.

1605
01:10:34,440 --> 01:10:37,160
Anything involving access grants, privilege, changes,

1606
01:10:37,160 --> 01:10:39,880
or policy exceptions escalates by design.

1607
01:10:39,880 --> 01:10:41,160
No debates later.

1608
01:10:41,160 --> 01:10:43,160
The agent doesn't try.

1609
01:10:43,160 --> 01:10:45,080
It routes.

1610
01:10:45,080 --> 01:10:48,040
Days three through five, design the intents and topics,

1611
01:10:48,040 --> 01:10:50,120
then implement the fail-safe behaviors.

1612
01:10:50,120 --> 01:10:52,440
This is the week where topics brawl either starts

1613
01:10:52,440 --> 01:10:53,680
or gets prevented.

1614
01:10:53,680 --> 01:10:56,280
You create 10 to 15 intents, not departments,

1615
01:10:56,280 --> 01:10:59,120
not everything users might ask, stable intents

1616
01:10:59,120 --> 01:11:01,040
that map to a containment boundary.

1617
01:11:01,040 --> 01:11:03,160
For each intent, you write three things.

1618
01:11:03,160 --> 01:11:06,320
Success criteria, allowed actions, and escalation triggers.

1619
01:11:06,320 --> 01:11:08,640
If you can't express those in one screen of text,

1620
01:11:08,640 --> 01:11:11,400
the intent is too broad, then you implement fallback.

1621
01:11:11,400 --> 01:11:12,480
One fallback.

1622
01:11:12,480 --> 01:11:14,520
Fallback is not be helpful.

1623
01:11:14,520 --> 01:11:16,840
Fallback is controlled uncertainty.

1624
01:11:16,840 --> 01:11:19,720
Ask one clarifying question, then escalate.

1625
01:11:19,720 --> 01:11:21,760
If your fallback tries to answer anyway,

1626
01:11:21,760 --> 01:11:23,960
you're building confident wrongness into the core.

1627
01:11:23,960 --> 01:11:26,440
And you set kill criteria now, not after the pilot

1628
01:11:26,440 --> 01:11:29,720
embarrasses you, low usage, high confusion, high escalation

1629
01:11:29,720 --> 01:11:30,720
rate, low containment.

1630
01:11:30,720 --> 01:11:33,000
If a topic fails, it gets merged or retired.

1631
01:11:33,000 --> 01:11:34,320
Dead topics aren't harmless.

1632
01:11:34,320 --> 01:11:36,640
They create ambiguous rooting forever.

1633
01:11:36,640 --> 01:11:38,920
Days six through eight, implement orchestration

1634
01:11:38,920 --> 01:11:42,120
and enrichment, connect ITSM with deterministic automation.

1635
01:11:42,120 --> 01:11:44,400
This is where you build the actual loop, classify,

1636
01:11:44,400 --> 01:11:48,760
enrich, retrieve, propose, confirm, execute, verify,

1637
01:11:48,760 --> 01:11:49,640
handoff.

1638
01:11:49,640 --> 01:11:51,640
The orchestration lives in co-pilot studio

1639
01:11:51,640 --> 01:11:54,800
because you need a control plane, not just a chat interface.

1640
01:11:54,800 --> 01:11:57,800
The enrichment is minimal, identity, device state,

1641
01:11:57,800 --> 01:12:01,000
if relevant, recent incidents, and service status.

1642
01:12:01,000 --> 01:12:02,000
Don't horde context.

1643
01:12:02,000 --> 01:12:05,040
Context hoarding becomes privacy risk and retrieval confusion.

1644
01:12:05,040 --> 01:12:07,680
Then you connect your ITSM system with power automate,

1645
01:12:07,680 --> 01:12:10,240
not because it's pretty, but because it's deterministic.

1646
01:12:10,240 --> 01:12:12,760
Ticket creation, assignment, notifications,

1647
01:12:12,760 --> 01:12:14,720
and logging belong in a workflow engine,

1648
01:12:14,720 --> 01:12:16,520
not in an LLM's improvisation.

1649
01:12:16,520 --> 01:12:19,520
At this stage, tool discipline matters more than cleverness.

1650
01:12:19,520 --> 01:12:21,080
Start read only where possible.

1651
01:12:21,080 --> 01:12:23,760
Check service health, list known incidents,

1652
01:12:23,760 --> 01:12:25,320
pull user ticket history.

1653
01:12:25,320 --> 01:12:28,480
If you must write, keep it reversible, create a ticket,

1654
01:12:28,480 --> 01:12:32,800
add a note, post an update, anything privileged waits.

1655
01:12:32,800 --> 01:12:36,280
Days nine and ten, pilot users create an evaluation set

1656
01:12:36,280 --> 01:12:38,400
and baseline containment and accuracy.

1657
01:12:38,400 --> 01:12:41,280
Pick a small pilot group that represents real usage,

1658
01:12:41,280 --> 01:12:42,280
not enthusiasts.

1659
01:12:42,280 --> 01:12:44,280
You want normal people with normal impatience,

1660
01:12:44,280 --> 01:12:47,320
give them one clear instruction, use this for these issues

1661
01:12:47,320 --> 01:12:49,200
and if it escalates, that's expected.

1662
01:12:49,200 --> 01:12:52,160
Now build the evaluation set, this is not test cases.

1663
01:12:52,160 --> 01:12:53,960
It's a fixed list of the top questions

1664
01:12:53,960 --> 01:12:55,920
and intends the agent must handle.

1665
01:12:55,920 --> 01:12:59,360
VPN access, password resets, device compliance questions,

1666
01:12:59,360 --> 01:13:02,920
known outages, ticket status, and basic how-to procedures.

1667
01:13:02,920 --> 01:13:05,320
You run the same set every week to see drift

1668
01:13:05,320 --> 01:13:07,400
and you measure three numbers immediately,

1669
01:13:07,400 --> 01:13:09,840
containment rate, escalation reasons,

1670
01:13:09,840 --> 01:13:12,640
and grounded accuracy for anything that produced an answer

1671
01:13:12,640 --> 01:13:13,480
with a source.

1672
01:13:13,480 --> 01:13:15,320
If you don't have sources yet, you still measure

1673
01:13:15,320 --> 01:13:18,120
refusal correctness, did it escalate when it should?

1674
01:13:18,120 --> 01:13:19,400
Now the gate to proceed.

1675
01:13:19,400 --> 01:13:21,600
You do not advance to days 11 through 20

1676
01:13:21,600 --> 01:13:23,200
because the team feels good.

1677
01:13:23,200 --> 01:13:26,240
You advance because the system meets three conditions.

1678
01:13:26,240 --> 01:13:29,760
Measureable lift against the baseline, no access violations,

1679
01:13:29,760 --> 01:13:32,080
and logging turned on with traceable outcomes.

1680
01:13:32,080 --> 01:13:35,480
Lift means the pilot produced a real reduction in human touches

1681
01:13:35,480 --> 01:13:37,680
for the selected intents, even if it's small.

1682
01:13:37,680 --> 01:13:40,200
No access violations means the agent didn't retrieve

1683
01:13:40,200 --> 01:13:42,880
restricted content or execute actions outside boundary.

1684
01:13:42,880 --> 01:13:45,040
Logging means you can explain every escalation

1685
01:13:45,040 --> 01:13:45,960
and every tool call.

1686
01:13:45,960 --> 01:13:48,200
If you can't pass that gate in 10 days,

1687
01:13:48,200 --> 01:13:50,120
the program doesn't need more features.

1688
01:13:50,120 --> 01:13:52,680
It needs tighter scope because the first 10 days

1689
01:13:52,680 --> 01:13:55,000
are about proving the system boundary holds.

1690
01:13:55,000 --> 01:13:57,240
Once it does, you're allowed to solve the next problem,

1691
01:13:57,240 --> 01:13:58,360
trust at scale.

1692
01:13:58,360 --> 01:14:01,040
And trust only comes from grounding plus tool discipline,

1693
01:14:01,040 --> 01:14:02,360
enforced relentlessly.

1694
01:14:02,360 --> 01:14:06,000
Days 11 to 20, ground stabilize and reduce entropy.

1695
01:14:06,000 --> 01:14:09,520
Days 11 through 20 are where most programs either become a system

1696
01:14:09,520 --> 01:14:12,600
or become a clever demo that everyone quietly stops using.

1697
01:14:12,600 --> 01:14:15,200
Week 2 proved you can root and contain within a boundary.

1698
01:14:15,200 --> 01:14:17,320
Now you have to make the answers defensible,

1699
01:14:17,320 --> 01:14:20,480
the tools predictable, and the failure modes measurable.

1700
01:14:20,480 --> 01:14:23,800
This is the phase where entropy shows up as small exceptions.

1701
01:14:23,800 --> 01:14:26,440
And small exceptions are how agent programs die.

1702
01:14:26,440 --> 01:14:29,800
Days 11 through 13, build the Azure AI search index

1703
01:14:29,800 --> 01:14:32,200
and make the chunking strategy non-negotiable.

1704
01:14:32,200 --> 01:14:33,760
You're not connecting SharePoint,

1705
01:14:33,760 --> 01:14:35,920
you're building an operational knowledge index,

1706
01:14:35,920 --> 01:14:38,360
so you start by choosing what qualifies as truth.

1707
01:14:38,360 --> 01:14:41,440
Approved runbooks, SOPs, known issue articles and policies

1708
01:14:41,440 --> 01:14:43,760
with owners, if it's a draft it doesn't go in.

1709
01:14:43,760 --> 01:14:45,320
If it's ownerless it doesn't go in.

1710
01:14:45,320 --> 01:14:47,920
If it changes without change control it doesn't go in.

1711
01:14:47,920 --> 01:14:49,880
Then chunking, don't overthink it.

1712
01:14:49,880 --> 01:14:52,440
The unit of retrieval is the decision unit.

1713
01:14:52,440 --> 01:14:55,760
One procedure, one exception clause, one policy section.

1714
01:14:55,760 --> 01:14:57,760
If your chunk contains multiple outcomes,

1715
01:14:57,760 --> 01:14:59,960
you've created ambiguity on purpose.

1716
01:14:59,960 --> 01:15:02,760
Metadata follows, service, audience, region,

1717
01:15:02,760 --> 01:15:04,720
risk tier and last reviewed date.

1718
01:15:04,720 --> 01:15:06,920
Make metadata mandatory in the content pipeline

1719
01:15:06,920 --> 01:15:08,600
because optional metadata is metadata

1720
01:15:08,600 --> 01:15:10,200
that won't exist where you need it.

1721
01:15:10,200 --> 01:15:12,280
Finally, design refresh cadence like you mean it.

1722
01:15:12,280 --> 01:15:15,520
Policies refresh on publish, known issues refresh frequently,

1723
01:15:15,520 --> 01:15:19,280
runbooks refresh on change, and you keep last indexed.

1724
01:15:19,280 --> 01:15:21,680
Visible in telemetry, because stale answers

1725
01:15:21,680 --> 01:15:24,200
and hallucinations look identical to the user.

1726
01:15:24,200 --> 01:15:28,080
Days 14 through 16 integrate MCP tools in read-only mode

1727
01:15:28,080 --> 01:15:30,560
and enforce no source, no answer.

1728
01:15:30,560 --> 01:15:32,680
This is where programs get tempted to move fast

1729
01:15:32,680 --> 01:15:34,760
by making the agent do things.

1730
01:15:34,760 --> 01:15:36,560
Don't, not yet.

1731
01:15:36,560 --> 01:15:40,080
Start with MCP tools that only read check service health,

1732
01:15:40,080 --> 01:15:42,880
list known incidents, look up a user's open tickets,

1733
01:15:42,880 --> 01:15:45,920
retrieve a service catalog entry, pull a ticket template.

1734
01:15:45,920 --> 01:15:47,320
This makes the agent more accurate

1735
01:15:47,320 --> 01:15:49,200
without letting it change state.

1736
01:15:49,200 --> 01:15:52,040
And it gives you tool telemetry without operational risk.

1737
01:15:52,040 --> 01:15:54,520
Then you enforce the grounding rule with teeth.

1738
01:15:54,520 --> 01:15:57,520
If the response is non-trivial and there's no retrieved source

1739
01:15:57,520 --> 01:15:59,280
it refuses and escalates.

1740
01:15:59,280 --> 01:16:01,880
Not a friendly guess, not based on my knowledge.

1741
01:16:01,880 --> 01:16:04,720
A controlled refusal with an escalation path.

1742
01:16:04,720 --> 01:16:06,760
This is also where you explicitly separate knowledge

1743
01:16:06,760 --> 01:16:07,440
from action.

1744
01:16:07,440 --> 01:16:09,480
The agent can answer from grounded content.

1745
01:16:09,480 --> 01:16:12,080
The agent can propose an action, but execution only happens

1746
01:16:12,080 --> 01:16:15,160
through a tool call and only after you hit a decision boundary.

1747
01:16:15,160 --> 01:16:17,480
That separation is what stops healthfulness

1748
01:16:17,480 --> 01:16:20,440
from becoming unauthorized change.

1749
01:16:20,440 --> 01:16:23,160
Days 17 and 18 add approvals for write actions

1750
01:16:23,160 --> 01:16:24,960
and introduce adaptive cards.

1751
01:16:24,960 --> 01:16:26,560
Now you're allowed to add write tools

1752
01:16:26,560 --> 01:16:28,400
but only inside a governed pattern.

1753
01:16:28,400 --> 01:16:31,320
Propose, confirm, approve, execute, log, pick one

1754
01:16:31,320 --> 01:16:34,080
or two write actions that are low risk and reversible.

1755
01:16:34,080 --> 01:16:35,600
Ticket creation is the obvious one.

1756
01:16:35,600 --> 01:16:37,560
Updating a ticket with context is another.

1757
01:16:37,560 --> 01:16:41,280
Anything involving identity, access, finance or deletion stays out.

1758
01:16:41,280 --> 01:16:43,560
Adaptive cards and teams become the approval surface

1759
01:16:43,560 --> 01:16:45,200
because they force clarity.

1760
01:16:45,200 --> 01:16:47,840
The approver sees who requested, what will change, why,

1761
01:16:47,840 --> 01:16:49,040
and which policy applies.

1762
01:16:49,040 --> 01:16:51,520
They click approve, deny or request more info,

1763
01:16:51,520 --> 01:16:53,640
no paragraph debates, no hidden side channels.

1764
01:16:53,640 --> 01:16:55,960
And the card isn't just UX, it's control.

1765
01:16:55,960 --> 01:16:58,600
The approval decision triggers a deterministic workflow,

1766
01:16:58,600 --> 01:17:01,240
records the payload, stamps who approved,

1767
01:17:01,240 --> 01:17:03,520
and then executes through the approved two path.

1768
01:17:03,520 --> 01:17:05,160
If you can't show the approval record,

1769
01:17:05,160 --> 01:17:07,320
you didn't approve anything, you just delayed it.

1770
01:17:07,320 --> 01:17:08,840
Days 19 and 20.

1771
01:17:08,840 --> 01:17:11,920
Red team prompts, injection tests and tighten fallbacks.

1772
01:17:11,920 --> 01:17:14,240
This is where you stop pretending users behave nicely.

1773
01:17:14,240 --> 01:17:16,360
You test prompt injection, you test instructions

1774
01:17:16,360 --> 01:17:17,760
that try to override policy,

1775
01:17:17,760 --> 01:17:20,040
you test ignore previous instructions patterns,

1776
01:17:20,040 --> 01:17:22,560
you test misleading inputs designed to force retrieval

1777
01:17:22,560 --> 01:17:23,680
of restricted content,

1778
01:17:23,680 --> 01:17:25,360
you test social engineering prompts

1779
01:17:25,360 --> 01:17:27,120
that try to get the agent to generate an action

1780
01:17:27,120 --> 01:17:28,200
it should never take.

1781
01:17:28,200 --> 01:17:30,320
And you don't treat failures as model problems,

1782
01:17:30,320 --> 01:17:32,080
you treat them as boundary problems.

1783
01:17:32,080 --> 01:17:33,880
If the agent retrieved the wrong content,

1784
01:17:33,880 --> 01:17:35,440
fixed chunking and metadata,

1785
01:17:35,440 --> 01:17:37,280
if it answered without sources,

1786
01:17:37,280 --> 01:17:38,680
tighten the response policy.

1787
01:17:38,680 --> 01:17:40,000
If it tried to call a write tool

1788
01:17:40,000 --> 01:17:41,880
when it shouldn't, tighten orchestration.

1789
01:17:41,880 --> 01:17:43,920
If it got stuck in two retry loops,

1790
01:17:43,920 --> 01:17:46,600
add hard stop conditions and escalation triggers.

1791
01:17:46,600 --> 01:17:49,120
Now the gate to proceed in today's 21 through 30

1792
01:17:49,120 --> 01:17:52,080
is strict because this is where scale becomes liability.

1793
01:17:52,080 --> 01:17:54,640
You proceed only when three conditions are true.

1794
01:17:54,640 --> 01:17:58,160
Grounded accuracy in your evaluator set is above 85%,

1795
01:17:58,160 --> 01:18:00,520
rooting stability holds under real usage,

1796
01:18:00,520 --> 01:18:03,320
and escalation rates are trending down for the right reasons.

1797
01:18:03,320 --> 01:18:05,040
Not because the agent refuses everything,

1798
01:18:05,040 --> 01:18:06,400
because it retrieves correctly,

1799
01:18:06,400 --> 01:18:08,960
sites correctly and escalates only at real boundaries.

1800
01:18:08,960 --> 01:18:10,400
Once you pass that gate,

1801
01:18:10,400 --> 01:18:13,600
you're ready for the final phase, scale without panic.

1802
01:18:13,600 --> 01:18:16,040
That means identity alignment, publishing discipline

1803
01:18:16,040 --> 01:18:18,280
and life cycle controls that stop the ecosystem

1804
01:18:18,280 --> 01:18:20,400
from rotting the moment it grows.

1805
01:18:20,400 --> 01:18:22,840
Days 21 30 scale to a workforce

1806
01:18:22,840 --> 01:18:24,480
without creating a liability.

1807
01:18:24,480 --> 01:18:28,120
Days 21 through 30 are where leadership usually ruins the win.

1808
01:18:28,880 --> 01:18:31,400
Week one and two produced a working system boundary,

1809
01:18:31,400 --> 01:18:33,600
week three proved grounding and approvals.

1810
01:18:33,600 --> 01:18:36,960
Now leadership sees momentum and asks for more agents

1811
01:18:36,960 --> 01:18:39,520
across more domains, more connectors, more autonomy,

1812
01:18:39,520 --> 01:18:40,320
more channels.

1813
01:18:40,320 --> 01:18:43,160
That request is how liability gets invited into production.

1814
01:18:43,160 --> 01:18:45,520
So this final phase is not build more.

1815
01:18:45,520 --> 01:18:47,400
It's make the first one survivable,

1816
01:18:47,400 --> 01:18:49,200
then expand with discipline.

1817
01:18:49,200 --> 01:18:50,960
Days 21 through 23.

1818
01:18:50,960 --> 01:18:53,960
Align the agent with enterprise identity and least privilege.

1819
01:18:53,960 --> 01:18:56,200
This is where entry agent ID stops being conceptual

1820
01:18:56,200 --> 01:18:57,360
and becomes a dependency.

1821
01:18:57,360 --> 01:18:59,520
The agent needs a stable identity anchor

1822
01:18:59,520 --> 01:19:02,320
for audit, conditional access and incident response.

1823
01:19:02,320 --> 01:19:04,760
That identity also forces the uncomfortable question.

1824
01:19:04,760 --> 01:19:07,040
What permissions does this agent actually need?

1825
01:19:07,040 --> 01:19:09,240
And what permissions did it accidentally inherit

1826
01:19:09,240 --> 01:19:11,240
because someone clicked allow all?

1827
01:19:11,240 --> 01:19:13,200
So you do a least privilege review as a gate,

1828
01:19:13,200 --> 01:19:14,280
not as a cleanup task.

1829
01:19:14,280 --> 01:19:17,320
You separate read capability from write capability.

1830
01:19:17,320 --> 01:19:19,800
You keep write actions behind approvals.

1831
01:19:19,800 --> 01:19:21,920
And if the agent touches sensitive systems,

1832
01:19:21,920 --> 01:19:23,720
you apply conditional access constraints

1833
01:19:23,720 --> 01:19:27,280
that match reality, restrict where the identity can be used,

1834
01:19:27,280 --> 01:19:31,320
restrict session behavior and block high-risk sign-in conditions.

1835
01:19:31,320 --> 01:19:33,280
This is where you prevent the classic failure.

1836
01:19:33,280 --> 01:19:35,520
A helpful agent becomes a privileged actor

1837
01:19:35,520 --> 01:19:37,960
without anyone explicitly deciding it should.

1838
01:19:37,960 --> 01:19:39,880
Days 24 through 26.

1839
01:19:39,880 --> 01:19:42,040
Production ALM and controlled publishing.

1840
01:19:42,040 --> 01:19:43,400
If the agent is business critical,

1841
01:19:43,400 --> 01:19:45,000
it doesn't ship like a maker project.

1842
01:19:45,000 --> 01:19:47,560
You enforce dev, test and proc separation

1843
01:19:47,560 --> 01:19:50,440
so you can change behavior without gambling in production.

1844
01:19:50,440 --> 01:19:52,120
You publish through a controlled path,

1845
01:19:52,120 --> 01:19:54,840
so builders can't accidentally make something global.

1846
01:19:54,840 --> 01:19:57,000
You lock down who can update the production agent

1847
01:19:57,000 --> 01:19:58,640
and you keep rollback real.

1848
01:19:58,640 --> 01:20:00,960
If containment drops or escalation spike,

1849
01:20:00,960 --> 01:20:02,440
you revert and investigate.

1850
01:20:02,440 --> 01:20:05,520
No hero debugging, no late night prompt edits in prod.

1851
01:20:05,520 --> 01:20:07,640
And you formalize the, you can build,

1852
01:20:07,640 --> 01:20:10,880
but you can't publish posture into a workflow.

1853
01:20:10,880 --> 01:20:12,480
Publishing requires a named owner,

1854
01:20:12,480 --> 01:20:14,840
named sponsor, tool-allow-list confirmation,

1855
01:20:14,840 --> 01:20:16,400
grounding policy confirmation,

1856
01:20:16,400 --> 01:20:18,360
and audit logging verification.

1857
01:20:18,360 --> 01:20:19,760
Not to slow teams down,

1858
01:20:19,760 --> 01:20:23,280
to keep the system deterministic as its scales.

1859
01:20:23,280 --> 01:20:26,200
Days 27 and 28, roll out to a target group

1860
01:20:26,200 --> 01:20:28,720
with adoption tied to workflows, not training theatre.

1861
01:20:28,720 --> 01:20:30,800
This is where most orgs waste time.

1862
01:20:30,800 --> 01:20:33,560
They run a co-pilot training, teach people how to prompt,

1863
01:20:33,560 --> 01:20:35,600
and then wonder why adoption stalls.

1864
01:20:35,600 --> 01:20:38,360
People don't adopt prompts, they adopt outcomes.

1865
01:20:38,360 --> 01:20:39,960
So you roll out by workflow,

1866
01:20:39,960 --> 01:20:41,400
you put the agent in the channel

1867
01:20:41,400 --> 01:20:43,080
where the work already starts.

1868
01:20:43,080 --> 01:20:45,920
You give users three things, what issues it handles,

1869
01:20:45,920 --> 01:20:47,120
what it will escalate,

1870
01:20:47,120 --> 01:20:50,080
and what evidence it will show when it answers, that's it.

1871
01:20:50,080 --> 01:20:51,720
Then you measure real usage,

1872
01:20:51,720 --> 01:20:53,160
task completion without handoff,

1873
01:20:53,160 --> 01:20:55,000
containment rate and escalation reasons.

1874
01:20:55,000 --> 01:20:57,640
If adoption is low, you don't fix it with more training.

1875
01:20:57,640 --> 01:20:59,000
You fix it by tightening, rooting,

1876
01:20:59,000 --> 01:21:00,280
shortening the answer format

1877
01:21:00,280 --> 01:21:03,200
and adding the next action buttons that remove friction.

1878
01:21:03,200 --> 01:21:04,920
Days 29 and 30,

1879
01:21:04,920 --> 01:21:08,040
executive readout in the next 90-day plan.

1880
01:21:08,040 --> 01:21:10,080
The executive readout isn't we built an agent,

1881
01:21:10,080 --> 01:21:10,920
that get up to,

1882
01:21:10,920 --> 01:21:12,280
it's KPI deltas,

1883
01:21:12,280 --> 01:21:14,480
risk posture and operational truth.

1884
01:21:14,480 --> 01:21:17,120
Show the baseline and the change, deflection,

1885
01:21:17,120 --> 01:21:20,160
SLA impact, escalation reduction, and time saved,

1886
01:21:20,160 --> 01:21:23,520
show grounded accuracy and the evaluator set results,

1887
01:21:23,520 --> 01:21:24,920
show audit readiness,

1888
01:21:24,920 --> 01:21:27,080
logging enabled, tool usage tracked,

1889
01:21:27,080 --> 01:21:29,400
approvals captured and identity anchored.

1890
01:21:29,400 --> 01:21:31,600
Then show what you refuse to do on purpose,

1891
01:21:31,600 --> 01:21:33,960
no custom LLMs, no broad-right permissions,

1892
01:21:33,960 --> 01:21:36,160
no uncontrolled connectors, no agent sprawl.

1893
01:21:36,160 --> 01:21:38,960
Executives need to hear that restraint created the result

1894
01:21:38,960 --> 01:21:41,800
because the instinct will be to remove restraint next quarter.

1895
01:21:41,800 --> 01:21:44,720
Finally, define exit criteria before you declare victory.

1896
01:21:44,720 --> 01:21:46,440
Success is measurable ROI

1897
01:21:46,440 --> 01:21:48,960
plus audit-ready telemetry plus life cycle controls

1898
01:21:48,960 --> 01:21:50,000
that prevent sprawl.

1899
01:21:50,000 --> 01:21:51,520
If any one of those is missing,

1900
01:21:51,520 --> 01:21:53,160
you didn't build an agente workforce.

1901
01:21:53,160 --> 01:21:56,640
You built a short-lived demo with a future incident attached

1902
01:21:56,640 --> 01:21:58,520
and the last transition is the simplest truth

1903
01:21:58,520 --> 01:21:59,680
in the entire roadmap.

1904
01:21:59,680 --> 01:22:02,080
Agents don't scale because they're intelligent.

1905
01:22:02,080 --> 01:22:05,120
They scale because you made their decisions enforceable.

1906
01:22:05,120 --> 01:22:08,560
Conclusion, the law replace work, don't imitate chat.

1907
01:22:08,560 --> 01:22:09,640
The law is simple,

1908
01:22:09,640 --> 01:22:12,400
co-pilot succeeds when orchestration replaces work,

1909
01:22:12,400 --> 01:22:15,320
grounding enforces truth and identity enforces boundaries.

1910
01:22:15,320 --> 01:22:17,600
Everything else is just sparkling automation.

1911
01:22:17,600 --> 01:22:18,720
If you want the next step,

1912
01:22:18,720 --> 01:22:21,480
listen to the next M365FM episode

1913
01:22:21,480 --> 01:22:23,360
on building an enterprise agent catalog

1914
01:22:23,360 --> 01:22:25,840
that prevents sprawl without stalling delivery.

1915
01:22:25,840 --> 01:22:28,240
Subscribe for more uncomfortable architecture truths

1916
01:22:28,240 --> 01:22:29,880
about Entra, co-pilot studio,

1917
01:22:29,880 --> 01:22:31,440
and the systems that quietly break

1918
01:22:31,440 --> 01:22:33,160
when governance stays optional.