Stop Building Bots, Start Building Runtimes: A Field Guide to Microsoft Agents


Most organizations believe they are building AI agents, but in reality they are still creating advanced chatbots. In this episode, we explore why the next generation of Microsoft AI is no longer about individual bots, but about intelligent runtimes that coordinate specialized agents across business processes.
You'll learn why a single chatbot cannot effectively manage complex enterprise workflows and how agent runtimes provide the orchestration, memory, governance, and lifecycle management needed for production-ready AI systems. Instead of simply responding to prompts, agents can collaborate, maintain context, trigger actions, and work together to complete end-to-end business tasks.
The episode also explains the architectural shift from isolated conversational interfaces to connected agent ecosystems powered by Microsoft technologies such as Copilot Studio, Azure AI Foundry, Microsoft Graph, and Dataverse. Topics include agent communication, orchestration, long-term memory, security, governance, observability, and human-in-the-loop approval processes.
If you're building AI solutions for Microsoft 365, Power Platform, or Azure, this episode provides a practical guide to designing scalable, secure, and maintainable agent-based systems that deliver real business value beyond traditional chatbots.
You can build enterprise-ready AI agents by using Microsoft Agent 365 and Foundry. This approach changes how you think about building runtimes, moving away from simple chatbots toward operational systems that drive your business. Governance, security, and identity management play a critical role in every agent deployment. For example, strong identity governance helps you control which agents access specific resources, while comprehensive logs and audit records give you full visibility into agent actions. The table below highlights key impacts:
| Aspect | Description |
|---|---|
| Governance Framework | Manages risks and ensures compliance for agents. |
| Security Measures | Protects sensitive data and authenticates agents. |
| Identity Management | Authorizes agents and maintains visibility into all interactions. |
When you build with Microsoft tools, you create a secure, compliant, and scalable runtime for your agents. This process supports both technical and organizational needs as you move to enterprise-grade AI agents.
Key Takeaways
- Use Microsoft Agent 365 to build enterprise-ready AI agents that enhance business operations.
- Implement strong governance and security measures to protect sensitive data and manage agent identities effectively.
- Leverage the four-layer architecture of Agent 365 to organize and scale your agent systems efficiently.
- Adopt a skill-first blueprint for designing agents, allowing for reusable skills and easier updates.
- Utilize CI/CD pipelines for automated testing and deployment, ensuring your agents are always production-ready.
- Conduct thorough user acceptance testing to validate agent performance and align with user needs before deployment.
- Monitor agent activity continuously with logging and performance metrics to maintain reliability and compliance.
- Integrate agents with external services to enhance functionality and access real-time data for improved decision-making.
Agent 365 and the Four-Layer Model

What Is Agent 365
Agent 365 gives you a unified platform for building and running AI agents at scale. You move beyond simple chatbots and create agents that act as secure, governed identities in your organization. Microsoft designed Agent 365 to help you manage agent lifecycles, enforce security, and ensure compliance. You can use low-code tools or developer SDKs to create agents that fit your business needs. The platform integrates with Microsoft Entra for identity, Copilot for orchestration, and Microsoft Foundry for runtime execution.
Tip: Agent 365 treats every agent as a first-class identity. This means you can control, audit, and manage agents just like you do with users.
Here is a table showing what sets Agent 365 apart from other platforms:
| Feature | Description |
|---|---|
| Governance | Built-in governance with focus on agent identity, security, and threat protection. |
| Orchestration | Coordination layer through Copilot, enabling agents to orchestrate workflows across applications. |
| Integration | Seamless integration within the Microsoft ecosystem for comprehensive management of AI agents. |
| Democratized Creation | Low-code tools for business teams and deep extensibility for developers through SDKs and frameworks. |
Overview of the Four Layers
Agent 365 uses a four-layer architecture to organize and manage agents. This structure helps you scale and maintain your agent systems. Each layer has a clear role in the run-time architecture.
Experience Layer
You interact with agents through the Experience Layer. This layer connects agents to users in apps like Teams, Outlook, or custom portals. It handles user input and displays agent responses. You can customize this layer to match your business workflows.
Agent Layer
The Agent Layer holds the intelligence of each agent. Here, you define what the agent knows and how it acts. You can add skills, connect to data, and set up logic. This layer supports both low-code and pro-code approaches, so you can build agents that solve real business problems.
Runtime Layer
The Runtime Layer manages how agents run and coordinate tasks. It provides the run-time architecture that lets agents execute actions, manage state, and recover from errors. You get horizontal scalability and high reliability. The two-layer architecture inside the runtime separates coordination from execution, making updates and debugging easier.
Governance Layer
The Governance Layer keeps your agents secure and compliant. You control access, set policies, and track every action. Microsoft uses Entra and Defender to enforce least-privilege access and monitor agent activity. You can see audit trails and use dashboards to check agent performance.
Note: The four-layer architecture supports integration with existing systems, external services, and custom capabilities. This gives you flexibility and control.
Role of Foundry Agent Service
The Foundry Agent Service powers the run-time architecture for your agents. It connects agents so they can delegate tasks and work together. You can manage complex workflows, handle state, and recover from errors. Microsoft Foundry gives you a strong foundation for building reliable, scalable agent systems.
| Role of Foundry Agent Service | Description |
|---|---|
| Connected Agents | Enable direct communication between agents for task delegation and modular processing. |
| Multi-Agent Workflows | Provide a structured orchestration layer for managing complex workflows, including state management and error recovery. |
You benefit from a unified platform that brings together registry, access control, telemetry, and interoperability. This makes it easy to build, deploy, and manage agents across your organization.
Building Runtimes with the Agent Framework
Planning and Requirements
Use Cases and Stakeholders
You start building runtimes by identifying your use cases and stakeholders. You need to understand the difference between authoring and operating agents. Authoring means you write code, define agent definitions, and create documentation. Operating means you deploy runtime agents to interact with users and use tools in real workflows.
- Define clear business problems that agents will solve.
- Identify stakeholders who will use, manage, or monitor agents.
- Map out workflows that agents will automate or coordinate.
- Gather validation inputs from stakeholders to ensure agent definitions match real needs.
You build an agent by focusing on the impact it will have on your organization. This step sets the foundation for agent development and runtime agent operation.
Tool Selection
You select tools that fit your agent development goals. Microsoft agent framework offers a range of options for building runtimes. You can use low-code tools for simple workflows or developer SDKs for advanced agent definitions.
- Choose Microsoft agent framework for scalable agent development.
- Use Foundry Toolkit for runtime agent orchestration and deployment.
- Select tools that support modular workflows and easy integration.
- Consider deployment choice based on your architecture and business requirements.
Tip: Microsoft agent framework integrates with GitHub for version control and collaboration. This helps you manage agent artifacts and maintain consistency across workflows.
Designing AI Agents
Skill-First Blueprint
You design agents using a skill-first blueprint. This approach lets you create reusable agent skills across multiple agents. When you update a skill, all agents using that skill receive the update. This reduces convention drift and improves maintainability.
You define agent skills as modular components. This makes agent definitions consistent and easy to manage. You build workflows that adapt to changing business needs.
Modular Architecture
You use modular architecture to break down agent definitions into smaller, role-specific components. This increases scalability and makes workflows easier to interpret. You integrate observability tools early to monitor agent performance and behavior.
| Design Principle | Description | Importance |
|---|---|---|
| Modular and Role-Based Design | Breaks the system into smaller, role-specific components, each with a clearly defined role. | Increases scalability, improves interpretability, and avoids complexity in the system. |
| Deep Observability | Integrates observability tools early to monitor agent performance and behavior. | Enables optimization and trust in the system by making it transparent and debuggable. |
| Feedback Loops & Iterative Optimization | Incorporates mechanisms for continuous improvement and adaptation of the agent over time. | Distinguishes intelligent agents from static systems, allowing for evolution and enhancement. |
You build workflows that support human-in-the-loop feedback and iterative optimization. This ensures runtime agents evolve and improve over time.
Coding and Packaging Agents
Using the Agent Framework SDK
You use the Microsoft agent framework SDK to code and package agents. You follow best practices to ensure reliability, maintainability, and scalability in your workflows.
Nine core best practices for designing, developing, and deploying production-grade agentic AI workflows enhance reliability, maintainability, scalability, and Responsible-AI characteristics.
- Start with the OpenSpec propose skill to generate a plan for implementation.
- Delegate coding tasks to the coding agent once the plan is solidified.
- Test the code functionally and review critical code paths in depth.
- Use custom UI components as external dependencies, focusing on the public API.
- Utilize git and GitHub skills for version control and collaboration.
- Create a design skill to maintain brand style and component consistency.
- Prevent deviations from the overall design to enhance user experience.
- Ensure high-quality UI code generation aligned with design direction.
You package agent artifacts for deployment. You maintain agent definitions and workflows in version-controlled repositories.
Containerization for Foundry
You use containerization to simplify deployment and scaling of runtime agents. Foundry manages the underlying infrastructure, so you focus on agent logic and workflows.
- Containerization allows you to concentrate on agent logic rather than infrastructure management.
- Foundry automates deployment, scaling, and management of containers, enhancing efficiency.
- Built-in scaling capabilities simplify resource allocation.
- Isolation provided by containers enhances security for agents.
You select deployment choice based on your architecture and business needs. Microsoft Foundry streamlines building runtimes and agent deployment, making it easier to manage workflows and runtime agent operation.
Testing and Validation
Testing and validation are essential steps when you use the agent framework for building runtimes. You want to make sure your agents work as expected before you move to deployment. This process helps you catch issues early and ensures your agents perform well in real-world scenarios.
Unit and Integration Testing
You start by creating unit tests for each skill and function in your agent. Unit tests check if individual parts of your agent framework code work correctly. Integration tests then verify that different parts of your agent interact as intended. You should develop comprehensive test suites that cover both routine and edge cases.
Here is a table showing effective methods for testing and validating AI agents:
| Testing Method | Description |
|---|---|
| Tool selection accuracy | Checks if the agent picks the right tools for each task. |
| Planning coherence | Assesses if the agent creates logical, sequenced steps to solve problems. |
| Multi-turn conversation handling | Tests if the agent keeps context across several interactions. |
| Error recovery capabilities | Analyzes how the agent responds when its first approach fails. |
| Benchmark datasets | Uses familiar datasets to find weaknesses and measure progress. |
| Simulation and testing | Creates controlled environments to test agents in different scenarios without real-world risks. |
| Safety and security evaluation | Ensures compliance and safety in AI operations. |
| Agentic Evaluations | Uses automated quality checks and metrics before deployment. |
You can also use benchmark datasets to measure progress and spot weaknesses. Simulations let you track agent decisions and outcomes in a safe environment. Safety and compliance metrics protect your organization from risks.
Tip: Always include automated agentic evaluations in your agent framework workflow. These checks help you maintain high quality before you move to the next stage.
User Acceptance
User acceptance testing (UAT) is the final step before deployment. You invite real users to interact with your agent in a controlled setting. UAT ensures your agent framework solution meets user requirements and works well in real-world scenarios.
- UAT checks if your agent aligns with business goals and user workflows.
- It confirms that all critical workflows function correctly under normal usage.
- UAT helps you make sure the user interface is intuitive and responsive.
- By identifying issues before deployment, UAT reduces risks and improves reliability.
You should always gather feedback from users during UAT. This feedback helps you refine your agent and ensures it delivers value to your organization.
Deployment with Foundry
After you finish testing and validation, you move to deployment using Microsoft Foundry. The agent framework and Foundry work together to streamline this process, making it easy to manage building runtimes at scale.
CI/CD Integration
Continuous Integration and Continuous Deployment (CI/CD) are key parts of modern agent framework workflows. CI/CD pipelines automate the process of building, testing, and releasing your agents. This approach helps you catch errors early and ensures your agents are always production-ready.
- CI/CD integration validates your agent specifications before merging changes. This step prevents production failures due to specification violations.
- The pipeline checks that AI-generated code matches agreed specifications, reducing the risk of production breaks.
- CI/CD manages infrastructure assumptions, making sure your agent framework code behaves correctly in the production environment.
You can set up your CI/CD pipeline to trigger on code changes. The pipeline builds your agent, runs tests, and evaluates performance before promoting it to the next environment.
Production Readiness
When you deploy with Foundry, you follow a layered approach to ensure your agent is ready for production. Here is a table outlining the recommended steps:
| Layer | Description |
|---|---|
| Developer Layer | Contains agent code, configurations, and infrastructure as code. |
| CI Pipeline | Triggers on code changes, includes building, testing, and evaluation. |
| CD Pipeline | Promotes agent versions through development, testing, and production environments. |
| Microsoft Foundry Agent Service | Manages runtime and lifecycle operations. |
| Monitoring and Governance | Ensures ongoing quality and compliance through observability and control. |
You should always monitor your agents after deployment. Foundry provides tools for observability, so you can track agent performance and ensure compliance. This layered approach helps you maintain high standards for quality and security.
Note: By following these steps, you can build, test, and deploy agents with confidence. The agent framework and Microsoft Foundry give you the tools you need for successful building runtimes and deployment in any enterprise setting.
Runtime Agent Operation and Management

User Interaction
Experience Layer Integration
You interact with a runtime agent through the experience layer. This layer connects you to the agent using familiar tools like Microsoft Teams, Outlook, or custom web portals. The experience layer captures your input and delivers responses in real time. It supports many types of interactions, including text, voice, and images. This flexibility helps you work with agents in the way that fits your needs.
The experience layer does more than just pass messages. It understands your intent and sends it to the agentic layer for action. You can see dynamic user interfaces and visualizations that help you approve tasks or escalate issues. The experience layer also lets agents start conversations with you, offering personalized suggestions or reminders. You get a consistent experience across all your devices and channels.
Here is a table showing the main capabilities of the experience layer:
| Functionality | Description |
|---|---|
| Multimodal Interaction | Captures text, voice, and visual inputs, delivering relevant responses on any device. |
| User Intent Communication | Passes your intentions to the agentic layer for processing. |
| Dynamic UI and Visualizations | Provides interfaces for approvals and escalations within agent workflows. |
| Proactive Interaction | Agents can start conversations, offering real-time recommendations. |
| Omnichannel Experiences | Keeps your experience consistent across all channels and devices. |
| Multi-Modal Capabilities | Lets you interact using text, voice, or images for efficient information sharing. |
| Context-Aware Personalization | Delivers personalized experiences based on your actions, location, and time. |
Handling Inputs
When you send a message or make a request, the runtime agent processes your input using advanced patterns. You might see different interaction patterns depending on your workflow. Some agents use a supervisor pattern, where one agent manages several worker agents. Others use sequential orchestration, passing information from one agent to the next in a set order. You may also see concurrent orchestration, where multiple agents work on the same task at the same time.
Here is a table showing common user interaction patterns:
| Pattern Type | Description |
|---|---|
| Supervisor Pattern | A central workflow coordinates multiple worker agents, managing their interactions and outputs. |
| Sequential Orchestration | Agents are arranged in a fixed order, passing outputs to the next agent in a linear fashion. |
| Concurrent Orchestration | Multiple agents operate simultaneously on the same task, with outputs collected for processing. |
These patterns help the runtime agent handle complex tasks, coordinate actions, and deliver results quickly. You benefit from smooth, reliable interactions that match your business needs.
Runtime Agent Execution
Task Coordination
A runtime agent uses a powerful orchestration and workflow engine to manage tasks. This engine coordinates the agent loop, which includes getting your input, calling models, using tools, updating state, and making decisions. The agent can handle multi-step tasks, branching workflows, and even ask for human approval when needed.
You see the following key processes in task coordination:
- The agent retrieves your input and decides what action to take.
- It calls models or tools to process information.
- The agent updates its state and records decisions.
- It manages complex workflows, including branching and human-in-the-loop steps.
- The agent supports reliable execution, with checkpoints to recover from failures.
- It scales to handle many tasks at once and coordinates with other agents when needed.
- The agent integrates with external systems, ensuring secure and durable execution.
These capabilities make the runtime agent a strong part of your business operations.
State Management
State management is critical for every runtime agent. You want the agent to remember past actions, keep track of ongoing tasks, and store important data. The agent uses both short-term and long-term memory to manage context and knowledge.
You follow these steps for effective state management:
- Build confidence in agent behavior by adding instrumentation, decision logs, tool call records, and cost tracking.
- Stress-test the agent under real conditions, checking permission scopes and escalation routes.
- Run the agent against legacy systems to find integration issues and misconfigurations.
- Ensure clean, structured data, including detailed logs and cost records, to improve performance.
The agent stores memory, execution history, and working data in external storage like databases or object storage. For each session, the agent uses an ephemeral environment, which is destroyed after use. This prevents state leaks and keeps your data secure. When the agent needs to continue a session, it creates a new environment and re-attaches the stored state.
A runtime agent uses a tiered memory architecture. Short-term memory holds recent actions, while long-term memory uses solutions like vector databases. The agent tracks user interactions and shares state with other agents to keep workflows consistent. This approach ensures reliability and prevents conflicts in multi-agent systems.
Monitoring and Diagnostics
Logging
You need strong logging to understand how a runtime agent works. Logging records every decision, action, and state change. This helps you debug problems, analyze agent behavior, and ensure compliance. You can trace the agent’s execution flow to see how it reasons and makes choices. Continuous monitoring lets you spot unexpected behaviors and fix issues before they affect users.
You should use centralized dashboards to view logs and analyze agent performance. These dashboards help you find patterns, track operational trends, and manage risk. You can set up alerts to get notified about problems right away.
Performance Metrics
Performance metrics show how well a runtime agent operates. You track metrics like response time, task completion rate, and resource usage. These metrics help you measure reliability and efficiency. You can use platforms like Fiddler AI Observability and Rubrik Agent Cloud to get unified analytics and monitor agent-to-agent interactions.
You should test observability tools in staging before deployment. This ensures your telemetry and alerts work as expected. Centralized platforms connect agent behavior with data risk signals, giving you better oversight and control.
Tip: Continuous monitoring, logging, and performance metrics are essential for reliable runtime agent operations. They help you maintain high standards and quickly respond to any issues.
Integrations and Extensibility
External Services
You can extend the power of your runtime agents by connecting them to external services. This approach lets your agents access real-time data, automate workflows, and interact with third-party platforms. You might want your agent to pull customer information from a CRM system, analyze unstructured data from documents, or monitor IoT devices for live updates.
Here are some common integration options for external services:
- Connect to CRM systems for customer data access.
- Access unstructured data sources like PDFs and Word documents.
- Retrieve real-time data from IoT devices and analytics tools.
- Use APIs from third-party applications such as payment gateways and logistics platforms.
You have several methods to integrate external services with your agents. Each method offers unique benefits and trade-offs. The table below shows the main types:
| Integration Type | Pros | Cons |
|---|---|---|
| Embedded iPaaS | Quick Deployment, Scalability, Reduced Costs | Limited Customization, Platform Dependency, Recurring Fees |
| Unified API Solutions | Speed, Full API Coverage, Ease of Use | Limited Customization, Dependency on Unified API Provider |
| Custom Development | Highly Tailored Solutions, Full Control, Complex Use Cases | Resource-Intensive, Time Consuming, Maintenance Required |
You should choose the method that fits your business needs and technical requirements. Embedded iPaaS works well for fast deployment. Unified API solutions help when you need broad coverage. Custom development gives you full control for complex scenarios.
Tip: Test integrations in a controlled environment before deploying them to production. This helps you avoid unexpected issues and ensures your agents work smoothly with external services.
API Management
API management plays a key role in connecting your agents to external systems. You need to design, publish, secure, monitor, and analyze APIs so your agents can interact safely and efficiently. A strong API management strategy helps you scale your agent solutions and adapt to changing demands.
You can improve efficiency and accuracy by using agentic AI to create APIs quickly. AI-driven tools make the developer experience smoother. APIs can scale up or down as your needs change.
Here are some best practices for secure API management:
- Use OAuth 2.0 or OpenID Connect for delegated access.
- Validate JWTs at the gateway.
- Implement API keys for internal tools.
- Enforce CORS policies for frontend access.
You can use platforms like Gravitee Agent Management to extend your API program and support AI agents. This approach transforms trusted APIs into governed tools while keeping security, observability, and operational controls in place.
Block Quote:
"AI agents are becoming an important interface for enterprise software, and enabling them securely is a key part of our strategy. With Gravitee Agent Management, we're able to extend our existing API program to support AI agents, transforming trusted APIs into governed MCP tools while preserving the security, observability, and operational controls our customers expect from Tealium."
You should monitor API usage and set up alerts for unusual activity. This helps you protect your data and maintain compliance. API management gives you the flexibility to connect agents to many services and scale your solutions as your business grows.
Governance, Security, and Compliance
Identity and Access Management
Entra Integration
You need strong identity and access management to keep your AI agent secure. Microsoft Entra gives you a way to manage each agent as a unique identity. This means you can set up secure authentication, so only trusted agents can access your systems. You can use fine-grained authorization to give each agent only the permissions it needs. Entra also helps you monitor agent identities and suspend or revoke access if you see risky behavior. You stay in control of your agent’s lifecycle and reduce the chance of unauthorized access.
| Mechanism | Description |
|---|---|
| Secure Authentication | Each agent has a unique identity tied to enterprise policies. |
| Fine-Grained Authorization | You restrict access based on role and necessity. |
| Identity Protection Mechanisms | You monitor and manage agent credentials. |
| AI Identity Lifecycle Management | You control agent identities with policy-driven frameworks. |
| Regulatory Compliance | You support auditability and meet data protection rules. |
| AI Accountability | You track agent activity to prevent misuse. |
Least-Privilege Access
You should always follow the least-privilege principle. Give each agent only the access it needs for its tasks. This limits risk and keeps sensitive data safe. You can set entitlements and guardrails for every agent. Runtime access controls let you make decisions based on the agent’s state and environment. Human-in-the-loop IAM adds oversight for sensitive actions. You can use analytics to spot unusual agent behavior and respond quickly.
| Strategy Type | Description |
|---|---|
| Unique Persistent Agent Identities | Assign each agent a unique identity based on its purpose and risk. |
| Entitlements and Guardrails | Tailor permissions to the agent’s role and data sensitivity. |
| Runtime Access Controls | Make access decisions dynamically for each agent. |
| Human-in-the-Loop IAM | Add human oversight for sensitive agent actions. |
Auditability and Lifecycle
Audit Trails
You need to track every action your agent takes. Audit trails give you an immutable log for each decision and event. This helps you meet compliance rules and makes it easy to review what happened if something goes wrong. You can use audit logs to show regulators that you follow the right processes. Quality assurance teams can review agent outputs to make sure they meet your standards.
| Feature | Description |
|---|---|
| Audit Logs | Keep complete records of agent activity for transparency. |
| Audit Trails | Store immutable logs for every action to ensure accountability. |
| Human Oversight | Use approval protocols and periodic checks for compliance. |
Conditional Access
Conditional access lets you set rules for when and how agents can use resources. You can define authentication methods, permissions, and policies for each agent. Microsoft Entra treats agents as first-class identities and applies Zero Trust checks. You can tie each agent to a responsible person, called a sponsor, to ensure accountability. If a sponsor leaves, you can transfer or deactivate the agent. This keeps your environment secure and compliant.
- Conditional access uses agent-specific signals to evaluate requests.
- Zero Trust checks apply to agents just like to users.
- Lifecycle workflows automate agent management.
Security Best Practices
Policy Enforcement
You must enforce security policies for every agent. Monitor agent activity to make sure they follow your rules. Use audit trails to catch violations early. Automate workflows to flag risks and support compliance. Regular reviews help you adapt to new laws and keep your runtime environment safe.
Data Privacy
Protecting data is a top priority. Give agents only the data they need. Use privacy-enhancing technologies like encryption and anonymization. Always explain how you use personal data. Support user rights, such as access and deletion requests. Keep detailed records of how agents use and protect data. These steps help you meet privacy laws and build trust.
Tip: Combine strong identity management, auditability, and policy enforcement to create a secure, compliant agent environment.
Best Practices and Quick Start
Actionable Tips
You can build a strong foundation for your agent projects by following practical steps. Start by defining clear goals for each agent. Make sure you understand what you want the agent to accomplish. Use modular design to break tasks into smaller parts. This makes your agent easier to manage and update. Test each skill before you add it to the agent. Use version control to track changes and keep your code organized.
Tip: Document every workflow and decision. Good documentation helps you troubleshoot and improves teamwork.
You should monitor agent performance with dashboards. Set alerts for unusual activity. Review logs regularly to spot problems early. Use feedback from users to improve agent behavior. Update your agent often to keep it reliable and secure.
Common Pitfalls
You may face challenges when building and deploying agents. One common mistake is skipping testing. If you do not test your agent, you risk errors in production. Another pitfall is giving too many permissions. Always follow the least-privilege principle. Avoid hardcoding sensitive information in your agent code. This can lead to security risks.
Some teams forget to monitor agent activity. Without monitoring, you cannot catch issues quickly. Ignoring user feedback can cause your agent to miss important needs. Failing to update your agent leaves it vulnerable to new threats.
| Pitfall | How to Avoid |
|---|---|
| Skipping Testing | Run unit and integration tests |
| Excess Permissions | Use least-privilege access |
| Hardcoded Secrets | Store secrets securely |
| No Monitoring | Set up dashboards and alerts |
| Ignoring Feedback | Collect and act on user input |
| Outdated Agent | Schedule regular updates |
Quick Start Guide
You can launch your first agent quickly by following this checklist:
- Identify a simple use case for your agent.
- Choose the Microsoft agent framework and Foundry toolkit.
- Design the agent with modular skills.
- Write and test each skill separately.
- Package the agent using containerization.
- Set up CI/CD pipelines for automated deployment.
- Deploy the agent in a controlled environment.
- Monitor agent activity and collect user feedback.
- Update the agent based on performance and feedback.
Note: Start small and scale up as you gain experience. A well-planned agent project grows smoothly and delivers value.
Further Resources
You can find many resources to help you build, deploy, and manage agents with Microsoft Agent 365 and Foundry. These tools and guides will support you at every stage of your project. Explore the following options to deepen your knowledge and solve challenges as you work with enterprise AI agents.
📚 Official Documentation
- Agent 365 Documentation
Learn about core concepts, architecture, and setup steps. - Microsoft Foundry Docs
Get details on runtime environments, deployment, and orchestration. - Microsoft Entra Identity Platform
Understand identity and access management for agents.
🛠️ Developer Tools and SDKs
- Agent Framework SDK
Access code samples, API references, and quick-start guides. - Foundry Toolkit
Use CLI tools for packaging, testing, and deploying agents. - Microsoft Copilot Studio
Build and orchestrate agent workflows with low-code tools.
🌐 Community and Support
- Microsoft Tech Community: AI Agents
Ask questions, share ideas, and connect with other builders. - Stack Overflow: Microsoft-Agent365
Find answers to technical questions from the developer community. - GitHub Discussions
Join conversations about best practices and troubleshooting.
Tip: Join webinars and virtual events to stay updated on new features and use cases. You can find event schedules on the Microsoft AI blog.
📈 Learning Paths and Tutorials
| Resource Type | Description | Link |
|---|---|---|
| Guided Tutorials | Step-by-step projects for beginners | Start Here |
| Video Walkthroughs | Visual guides for building and deploying | Watch Now |
| Sample Projects | Ready-to-use agent templates | Browse Samples |
📝 Best Practice Guides
- Responsible AI Guidelines
Follow rules for safe and ethical agent development. - Security and Compliance Center
Review checklists for securing your agent environment.
Note: Bookmark these resources for quick access during your project. You can return to them whenever you need help or want to learn more.
You have a strong support network as you build with Agent 365 and Foundry. Use these resources to solve problems, learn new skills, and keep your agents secure and effective.
You can build a strong agent system by following clear steps with Agent 365 and Foundry. Start by planning your agent, designing skills, and testing each agent before deployment. Focus on governance and security to keep every agent safe and compliant. Use best practices to make your agent reliable and scalable. Try a pilot project to see how a runtime agent can improve your business. Explore more resources to deepen your knowledge.
FAQ
What is Microsoft Agent 365?
Agent 365 is a platform from Microsoft. You use it to build, manage, and govern AI agents in your organization. It gives each agent a unique identity and strong security controls.
How does Foundry help with agent deployment?
Foundry provides a runtime environment for your agents. You use it to deploy, scale, and manage agents without worrying about infrastructure. Foundry automates orchestration and monitoring.
Can I integrate Agent 365 with existing Microsoft tools?
Yes, you can connect Agent 365 with Microsoft Teams, Outlook, and other Microsoft 365 apps. This lets your agents interact with users in familiar environments.
How do I ensure my agents are secure?
You use Microsoft Entra for identity management. Assign least-privilege access, monitor agent activity, and enforce security policies. Audit trails and conditional access help you maintain compliance.
What skills do I need to build agents?
You can use low-code tools for simple agents or developer SDKs for advanced features. Basic programming knowledge helps, but you do not need to be an expert to get started.
How do I monitor agent performance?
You track metrics like response time and task completion. Use dashboards and logs to watch agent activity. Set up alerts for unusual behavior.
Can I connect agents to external services?
Yes! You can integrate agents with APIs, CRM systems, and other third-party platforms. Choose the integration method that fits your needs, such as embedded iPaaS or custom development.
🚀 Want to be part of m365.fm?
Then stop just listening… and start showing up.
👉 Connect with me on LinkedIn and let’s make something happen:
- 🎙️ Be a podcast guest and share your story
- 🎧 Host your own episode (yes, seriously)
- 💡 Pitch topics the community actually wants to hear
- 🌍 Build your personal brand in the Microsoft 365 space
This isn’t just a podcast — it’s a platform for people who take action.
🔥 Most people wait. The best ones don’t.
👉 Connect with me on LinkedIn and send me a message:
"I want in"
Let’s build something awesome 👊
1
00:00:00,000 --> 00:00:03,000
Everyone is calling Build 2026, the AI event.
2
00:00:03,000 --> 00:00:05,400
They're focused on the keynotes and the new models.
3
00:00:05,400 --> 00:00:07,000
But the real shift is much quieter.
4
00:00:07,000 --> 00:00:08,760
It isn't happening in the headlines.
5
00:00:08,760 --> 00:00:10,400
It's happening in the structure underneath.
6
00:00:10,400 --> 00:00:11,680
But here's what actually changed.
7
00:00:11,680 --> 00:00:14,520
We moved from chatbots that assist to agents that operate.
8
00:00:14,520 --> 00:00:16,440
That sounds like a small feature update.
9
00:00:16,440 --> 00:00:17,280
It isn't.
10
00:00:17,280 --> 00:00:18,520
It's a fundamental shift in how we build.
11
00:00:18,520 --> 00:00:20,600
It changes identity governance and orchestration.
12
00:00:20,600 --> 00:00:22,040
It's the infrastructure layer.
13
00:00:22,040 --> 00:00:23,840
The stuff you can't see in a demo.
14
00:00:23,840 --> 00:00:26,720
Most organizations are building agents that are fragile.
15
00:00:26,720 --> 00:00:29,360
They pick products without understanding the model.
16
00:00:29,360 --> 00:00:31,040
They deploy without any governance.
17
00:00:31,040 --> 00:00:33,480
They end up with multiple agents doing the exact same work
18
00:00:33,480 --> 00:00:35,120
because they don't know what already exists.
19
00:00:35,120 --> 00:00:36,360
They're about to hit a wall.
20
00:00:36,360 --> 00:00:37,960
We need to move past product names.
21
00:00:37,960 --> 00:00:40,840
We need to look past what's in preview and what's ready now.
22
00:00:40,840 --> 00:00:44,080
We have to look at the structural reality of how agents work.
23
00:00:44,080 --> 00:00:46,320
Because that determines if your deployment scales
24
00:00:46,320 --> 00:00:47,440
or if it fails.
25
00:00:47,440 --> 00:00:50,280
Let's start with the model that makes sense of the noise.
26
00:00:50,280 --> 00:00:52,600
The four layers, how to think about agents.
27
00:00:52,600 --> 00:00:53,880
The problem is simple.
28
00:00:53,880 --> 00:00:55,320
There are too many agent products.
29
00:00:55,320 --> 00:00:57,920
You have security, co-pilot and dynamics agents.
30
00:00:57,920 --> 00:00:59,800
You have Azure agents and co-pilot studio.
31
00:00:59,800 --> 00:01:03,200
Then there's Foundry, GitHub, co-pilot and Microsoft Scout.
32
00:01:03,200 --> 00:01:06,200
Most organizations don't have a mental model for which one to use.
33
00:01:06,200 --> 00:01:08,720
They pick based on a recommendation or a random headline.
34
00:01:08,720 --> 00:01:09,840
That isn't a strategy.
35
00:01:09,840 --> 00:01:11,160
The solution is also simple.
36
00:01:11,160 --> 00:01:13,240
Stop thinking about agents as products.
37
00:01:13,240 --> 00:01:16,040
Start thinking about them as a system with four layers.
38
00:01:16,040 --> 00:01:17,400
Each layer has different needs.
39
00:01:17,400 --> 00:01:20,120
Each layer requires different people to make decisions.
40
00:01:20,120 --> 00:01:23,080
When you confuse these layers, your deployment fails.
41
00:01:23,080 --> 00:01:24,080
Experience layer.
42
00:01:24,080 --> 00:01:25,840
This is where humans talk to agents.
43
00:01:25,840 --> 00:01:27,880
It includes co-pilot and Microsoft Scout,
44
00:01:27,880 --> 00:01:29,400
which is the always on work agent.
45
00:01:29,400 --> 00:01:32,920
It includes GitHub, co-pilot and the agents built into Word or Excel.
46
00:01:32,920 --> 00:01:35,600
You also have computer using agents that click and navigate,
47
00:01:35,600 --> 00:01:36,840
just like a person does.
48
00:01:36,840 --> 00:01:38,520
This layer is about discovery.
49
00:01:38,520 --> 00:01:40,960
Most companies start here, but they also stop here.
50
00:01:40,960 --> 00:01:42,600
And that's why their setup is fragile.
51
00:01:42,600 --> 00:01:43,360
Agent layer.
52
00:01:43,360 --> 00:01:45,080
This is where specific intelligence lives.
53
00:01:45,080 --> 00:01:47,880
Security co-pilot has agents for phishing and threat intelligence.
54
00:01:47,880 --> 00:01:51,280
Dynamics 365 has agents for sales and customer intent.
55
00:01:51,280 --> 00:01:54,160
Azure co-pilot has agents for migration and troubleshooting.
56
00:01:54,160 --> 00:01:55,720
These aren't generic assistants.
57
00:01:55,720 --> 00:01:58,920
They are built for one specific job with one specific context.
58
00:01:58,920 --> 00:02:01,400
An agent that doesn't understand your domain
59
00:02:01,400 --> 00:02:03,560
is just a chatbot that's going to hallucinate.
60
00:02:03,560 --> 00:02:06,200
But once you have a dozen of these running, you hit a problem.
61
00:02:06,200 --> 00:02:09,280
You have to figure out how to control what they can actually access.
62
00:02:09,280 --> 00:02:10,000
Run time layer.
63
00:02:10,000 --> 00:02:11,480
This is where agents execute.
64
00:02:11,480 --> 00:02:14,560
It's where they keep track of their state and call other tools.
65
00:02:14,560 --> 00:02:17,400
Foundry agent service is the platform that manages this.
66
00:02:17,400 --> 00:02:21,320
You define the logic and Microsoft handles the scaling and the networking.
67
00:02:21,320 --> 00:02:24,320
The run time manages memory, including how to do things
68
00:02:24,320 --> 00:02:25,720
and what the user prefers.
69
00:02:25,720 --> 00:02:29,200
Multiple agents live in the same run time and call each other as tools.
70
00:02:29,200 --> 00:02:31,960
A coordinator agent can delegate tasks to a specialist.
71
00:02:31,960 --> 00:02:32,880
This is infrastructure.
72
00:02:32,880 --> 00:02:34,880
It isn't a feature you just bolt on at the end.
73
00:02:34,880 --> 00:02:35,800
Governance layer.
74
00:02:35,800 --> 00:02:37,680
This is the part most organizations are missing.
75
00:02:37,680 --> 00:02:40,000
It covers identity, policy and audits.
76
00:02:40,000 --> 00:02:42,600
Agent 365 is the governance plane for all of it.
77
00:02:42,600 --> 00:02:44,920
Every agent gets its own identity in Entra.
78
00:02:44,920 --> 00:02:46,720
It isn't a shared account or a human account.
79
00:02:46,720 --> 00:02:48,080
It's a unique principle.
80
00:02:48,080 --> 00:02:50,120
That means you can use least privilege access.
81
00:02:50,120 --> 00:02:51,560
You can revoke an agent's power.
82
00:02:51,560 --> 00:02:54,200
You can audit an agent just like any other system.
83
00:02:54,200 --> 00:02:57,880
Because of purview, every action an agent takes goes into an audit log.
84
00:02:57,880 --> 00:03:01,280
You can apply the same policies to agents that you apply to your users.
85
00:03:01,280 --> 00:03:03,800
Before Agent 365, these agents were invisible.
86
00:03:03,800 --> 00:03:05,720
Now they are governed like infrastructure.
87
00:03:05,720 --> 00:03:07,160
Each layer has different owners.
88
00:03:07,160 --> 00:03:08,640
They have different controls.
89
00:03:08,640 --> 00:03:11,280
Most projects fail because the team is building in one layer
90
00:03:11,280 --> 00:03:12,760
while they think they're in another.
91
00:03:12,760 --> 00:03:14,440
Or they just skip governance entirely.
92
00:03:14,440 --> 00:03:16,080
When you understand these four layers,
93
00:03:16,080 --> 00:03:17,760
you can navigate the whole ecosystem.
94
00:03:17,760 --> 00:03:19,880
It's the difference between picking products at random
95
00:03:19,880 --> 00:03:21,920
and making a real architectural decision.
96
00:03:21,920 --> 00:03:24,800
So let's look at what actually changed at Build 2026
97
00:03:24,800 --> 00:03:26,640
to make this model real.
98
00:03:26,640 --> 00:03:29,760
Build 2026, the moment agents became infrastructure.
99
00:03:29,760 --> 00:03:32,600
Everyone heard the same headlines coming out of Build 2026.
100
00:03:32,600 --> 00:03:35,760
Computer using agents when GA, Copilot Studio got a redesign.
101
00:03:35,760 --> 00:03:39,040
Voice agents arrived and teams got a fresh set of agent features.
102
00:03:39,040 --> 00:03:40,400
It is a solid product roadmap.
103
00:03:40,400 --> 00:03:43,400
It is exactly what you would expect to see at a major conference.
104
00:03:43,400 --> 00:03:45,640
But there is a quieter headline underneath that one.
105
00:03:45,640 --> 00:03:47,160
Nobody opened the show with it.
106
00:03:47,160 --> 00:03:49,040
It did not get the keynote spotlight.
107
00:03:49,040 --> 00:03:53,920
Agent 365 moved from preview to general availability on May 1, 2026
108
00:03:53,920 --> 00:03:56,600
and Foundry Agent Service hit GA back in March.
109
00:03:56,600 --> 00:03:58,760
For the first time, you have a governance plane
110
00:03:58,760 --> 00:04:01,280
and a runtime plane actually talking to each other.
111
00:04:01,280 --> 00:04:02,680
That is not just a new feature.
112
00:04:02,680 --> 00:04:04,880
That is the moment the infrastructure became real.
113
00:04:04,880 --> 00:04:07,200
Let's look at what Agent 365 actually does.
114
00:04:07,200 --> 00:04:09,280
It treats agents as first class identities.
115
00:04:09,280 --> 00:04:13,040
Not features, not capabilities bolted onto your existing systems.
116
00:04:13,040 --> 00:04:14,040
Identities.
117
00:04:14,040 --> 00:04:16,200
Every agent gets its own identity in Entra,
118
00:04:16,200 --> 00:04:20,400
which means it is not a shared service account or a human user account mapped to a bot.
119
00:04:20,400 --> 00:04:21,520
It is its own principle.
120
00:04:21,520 --> 00:04:23,240
It has its own identity in your directory,
121
00:04:23,240 --> 00:04:25,000
just like any other actor in your system.
122
00:04:25,000 --> 00:04:27,440
That changes everything about what is actually possible.
123
00:04:27,440 --> 00:04:29,640
Because once an agent has its own identity,
124
00:04:29,640 --> 00:04:32,120
it can have its own permissions and its own audit trail.
125
00:04:32,120 --> 00:04:34,440
You can apply conditional access policies to it,
126
00:04:34,440 --> 00:04:37,840
put it through regular access reviews or revoke its credentials in an instant.
127
00:04:37,840 --> 00:04:41,600
You can see exactly what it accessed when it happened and why it was there.
128
00:04:41,600 --> 00:04:43,560
The shift here is subtle but fundamental.
129
00:04:43,560 --> 00:04:45,320
You are not just using an agent anymore.
130
00:04:45,320 --> 00:04:46,320
You are hiring one.
131
00:04:46,320 --> 00:04:50,680
It comes with all the governance machinery that you would expect when hiring any other system.
132
00:04:50,680 --> 00:04:53,560
You get purview audit logs that track every move it makes,
133
00:04:53,560 --> 00:04:56,280
and entrapolices that constrain exactly what it can reach.
134
00:04:56,280 --> 00:04:57,880
It is not a feature you just turn on.
135
00:04:57,880 --> 00:04:59,920
It is a system you are now accountable for.
136
00:04:59,920 --> 00:05:02,440
Foundry agent service hit GA in March.
137
00:05:02,440 --> 00:05:04,360
And that is the runtime piece of the puzzle.
138
00:05:04,360 --> 00:05:08,280
This is the managed platform where agents actually execute and maintain their state.
139
00:05:08,280 --> 00:05:11,560
It is where they coordinate with other agents and call tools at scale.
140
00:05:11,560 --> 00:05:15,640
You get procedural memory that lets agents learn how to do things across different sessions.
141
00:05:15,640 --> 00:05:19,720
You get user memory that persists, preferences and session memory for context.
142
00:05:19,720 --> 00:05:23,000
These agents run in sandbox sessions that Microsoft manages for you.
143
00:05:23,000 --> 00:05:28,120
Scaling is handled automatically, so you define the logic while Microsoft handles the heavy lifting.
144
00:05:28,120 --> 00:05:31,560
Before Bill 2026, Foundry was just an experimental platform.
145
00:05:31,560 --> 00:05:35,960
It was interesting but it was not enterprise grade because the governance layer did not exist yet.
146
00:05:35,960 --> 00:05:40,040
You could build agents but you had no way to govern them at the organizational level.
147
00:05:40,040 --> 00:05:42,120
Now both pieces are GA and production ready.
148
00:05:42,120 --> 00:05:44,600
They are designed to work together from the ground up.
149
00:05:44,600 --> 00:05:48,360
Agent 365 discovers and governs while Foundry hosts and executes.
150
00:05:48,360 --> 00:05:51,880
One gives you identity and policy and the other gives you runtime and orchestration.
151
00:05:51,880 --> 00:05:54,120
Neither one works without the other in a real deployment.
152
00:05:54,120 --> 00:05:55,640
That is the convergence that matters.
153
00:05:55,640 --> 00:06:00,840
For the first time, organizations have the actual infrastructure required to run agents at scale with governance baked in.
154
00:06:00,840 --> 00:06:02,360
It is not bolted on after the fact.
155
00:06:02,360 --> 00:06:05,800
It is identity first, policy driven and fully auditable.
156
00:06:05,800 --> 00:06:07,480
This is why the change is structural.
157
00:06:07,480 --> 00:06:10,600
Before Bill 2026, agents were just features.
158
00:06:10,600 --> 00:06:14,520
They were advanced features but you still just built one and hoped it did not break anything.
159
00:06:14,520 --> 00:06:16,760
You had no visibility into what it was accessing.
160
00:06:16,760 --> 00:06:19,480
If it went rogue, you had no clean way to shut it down.
161
00:06:19,480 --> 00:06:24,120
After Bill 2026 agents are infrastructure, they have identities, policies and audit trails.
162
00:06:24,120 --> 00:06:27,720
They run on managed platforms that scale and coordinate with other agents.
163
00:06:27,720 --> 00:06:30,680
They are governed, like any other system in your environment.
164
00:06:30,680 --> 00:06:32,360
That is not just a product announcement.
165
00:06:32,360 --> 00:06:37,400
That is the moment when building agents stopped being experimental and started being operational.
166
00:06:37,400 --> 00:06:39,960
The four layers we talked about are no longer just concepts.
167
00:06:39,960 --> 00:06:41,640
They are an architectural reality.
168
00:06:41,640 --> 00:06:44,440
This changes how you should be thinking about your agent strategy right now.
169
00:06:44,440 --> 00:06:47,080
The question is no longer which agent product you should try.
170
00:06:47,080 --> 00:06:51,560
The real question is how you architect agents across your entire organization.
171
00:06:51,560 --> 00:06:53,960
The experience layer, where work begins.
172
00:06:53,960 --> 00:06:55,560
So we have established the model.
173
00:06:55,560 --> 00:06:57,720
Now let's look at what each layer actually does.
174
00:06:57,720 --> 00:07:01,720
We will start with the experience layer because this is where most people encounter agents.
175
00:07:01,720 --> 00:07:02,920
This is the surface.
176
00:07:02,920 --> 00:07:04,920
This is what you interact with every day.
177
00:07:04,920 --> 00:07:07,160
The experience layer is straightforward and concept.
178
00:07:07,160 --> 00:07:11,640
It is where humans interact with agents directly without needing to think about infrastructure or governance.
179
00:07:11,640 --> 00:07:13,720
It is just you and an agent getting work done.
180
00:07:13,720 --> 00:07:16,200
But even this surface level thinking has changed.
181
00:07:16,200 --> 00:07:19,320
Microsoft Scout is the clearest example of how this works now.
182
00:07:19,320 --> 00:07:21,960
Scout is positioned as an always on personal work agent.
183
00:07:21,960 --> 00:07:23,880
It is not a chatbot you ask questions,
184
00:07:23,880 --> 00:07:26,040
and it is not something you have to manually invoke.
185
00:07:26,040 --> 00:07:28,680
It is an agent that watches what you are doing across teams,
186
00:07:28,680 --> 00:07:31,160
outlook, one drive and share point.
187
00:07:31,160 --> 00:07:32,520
It acts proactively.
188
00:07:32,520 --> 00:07:35,400
You are in a meeting and Scout monitors the conversation.
189
00:07:35,400 --> 00:07:38,040
You are preparing a document and Scout watches the context.
190
00:07:38,040 --> 00:07:39,160
Without being asked,
191
00:07:39,160 --> 00:07:42,920
it surfaces relevant information and flags decisions you need to make.
192
00:07:42,920 --> 00:07:44,760
It does not wait for you to formulate a question
193
00:07:44,760 --> 00:07:48,120
because it understands your context and anticipates what you need
194
00:07:48,120 --> 00:07:50,760
compared that to traditional co-pilot, which is reactive.
195
00:07:50,760 --> 00:07:54,040
You open word and type a prompt to write an introduction to a report.
196
00:07:54,040 --> 00:07:55,880
Co-pilot responds, and it is helpful,
197
00:07:55,880 --> 00:07:57,400
but it is still a Q&A model.
198
00:07:57,400 --> 00:07:58,600
You ask and it answers.
199
00:07:58,600 --> 00:07:59,960
Scout flips that entirely.
200
00:07:59,960 --> 00:08:01,320
It observes and then it acts.
201
00:08:01,320 --> 00:08:04,200
That is a fundamentally different way to interact with software.
202
00:08:04,200 --> 00:08:06,920
GitHub co-pilot CLI brings that same agent concept
203
00:08:06,920 --> 00:08:09,160
to developers in a completely different environment.
204
00:08:09,160 --> 00:08:12,120
You are in a terminal and you need help with a Git workflow
205
00:08:12,120 --> 00:08:13,880
or a command you cannot remember.
206
00:08:13,880 --> 00:08:16,200
Instead of switching to a browser to look at documentation,
207
00:08:16,200 --> 00:08:18,200
the agent operates right there in your terminal.
208
00:08:18,200 --> 00:08:21,400
It is the same principle as Scout, just on a different surface.
209
00:08:21,400 --> 00:08:24,440
Then you have agents embedded in the applications themselves.
210
00:08:24,440 --> 00:08:26,840
Word has an agent that understands the tone and audience
211
00:08:26,840 --> 00:08:28,200
of the document you are writing.
212
00:08:28,200 --> 00:08:30,280
Excel has an agent that knows your data structure
213
00:08:30,280 --> 00:08:31,720
and helps you analyze it.
214
00:08:31,720 --> 00:08:35,480
PowerPoint has an agent that understands the story you are telling with your slides.
215
00:08:35,480 --> 00:08:37,320
These are not generic assistance.
216
00:08:37,320 --> 00:08:40,200
They understand the specific context of the work happening
217
00:08:40,200 --> 00:08:41,400
in that specific application.
218
00:08:41,400 --> 00:08:44,760
Co-pilot Studio sits somewhere different on this layer.
219
00:08:44,760 --> 00:08:48,920
It is the tool that lets teams build custom agents without writing any code.
220
00:08:48,920 --> 00:08:51,800
You use a low-code interface to define the behavior you want
221
00:08:51,800 --> 00:08:53,080
and connect your knowledge sources.
222
00:08:53,080 --> 00:08:54,600
You test it and then you launch it.
223
00:08:54,600 --> 00:08:58,600
Most organizations start here because the bar to entry is genuinely low.
224
00:08:58,600 --> 00:09:01,320
Computer using agents take a different approach entirely.
225
00:09:01,320 --> 00:09:03,880
Instead of understanding natural language and calling APIs,
226
00:09:03,880 --> 00:09:05,480
these agents see your screen.
227
00:09:05,480 --> 00:09:07,080
They watch your UI, click like you do,
228
00:09:07,080 --> 00:09:09,080
and navigate exactly like a human would.
229
00:09:09,080 --> 00:09:12,360
This matters for legacy systems that do not have clean integrations.
230
00:09:12,360 --> 00:09:15,320
A computer using agent can work with any system a human can work with.
231
00:09:15,320 --> 00:09:17,960
Here is the pattern you see across the experience layer.
232
00:09:17,960 --> 00:09:21,320
It is all about accessibility and meeting people where they already work.
233
00:09:21,320 --> 00:09:24,120
Whether it is in teams, a terminal, or a calendar,
234
00:09:24,120 --> 00:09:25,800
the infrastructure is not the focus.
235
00:09:25,800 --> 00:09:29,080
The experience is, you want to know how quickly you can get value
236
00:09:29,080 --> 00:09:31,960
and how well the agent fits into your existing workflow.
237
00:09:31,960 --> 00:09:33,560
Most organizations start right here.
238
00:09:33,560 --> 00:09:36,200
They try Scout, build something in co-pilot studio,
239
00:09:36,200 --> 00:09:38,200
and enable co-pilot in their apps.
240
00:09:38,200 --> 00:09:40,200
They see the value and they think they are done.
241
00:09:40,200 --> 00:09:42,120
And that is where the fragility comes in.
242
00:09:42,120 --> 00:09:44,200
Because the experience layer is only one layer.
243
00:09:44,200 --> 00:09:46,520
It is the visible part, but underneath,
244
00:09:46,520 --> 00:09:50,040
there is a whole architecture that determines whether this actually scales.
245
00:09:50,040 --> 00:09:52,360
It determines whether your data stays secure
246
00:09:52,360 --> 00:09:56,280
and whether you can actually manage these agents according to your company policies.
247
00:09:56,280 --> 00:09:59,320
The agent layer, domain-specific intelligence.
248
00:09:59,320 --> 00:10:02,120
Under the surface experience, something else is operating.
249
00:10:02,120 --> 00:10:04,600
The agents themselves, and this is where the model matters.
250
00:10:04,600 --> 00:10:08,360
Because an agent built for security is fundamentally different from an agent built for sales.
251
00:10:08,360 --> 00:10:11,320
They have different training, different constraints, different context.
252
00:10:11,320 --> 00:10:12,440
They serve a different purpose.
253
00:10:12,440 --> 00:10:13,640
That is the agent layer.
254
00:10:13,640 --> 00:10:16,840
The agent layer is where domain-specific intelligence actually lives.
255
00:10:16,840 --> 00:10:18,280
These are not generic assistants.
256
00:10:18,280 --> 00:10:20,280
They are not chatbots that sort of help with anything.
257
00:10:20,280 --> 00:10:24,600
These are agents built for a specific job in a specific context with specific constraints.
258
00:10:24,600 --> 00:10:25,880
They understand deeply.
259
00:10:25,880 --> 00:10:28,360
Take security co-pilot agents as an example.
260
00:10:28,360 --> 00:10:31,400
These are not general-purpose assistants that happen to work on security.
261
00:10:31,400 --> 00:10:34,360
They were built from the ground up to understand security signals,
262
00:10:34,360 --> 00:10:36,760
threat patterns, and remediation workflows.
263
00:10:36,760 --> 00:10:39,960
There is a phishing triage agent that analyzes suspicious messages.
264
00:10:39,960 --> 00:10:42,200
It separates likely phishing from legitimate mail
265
00:10:42,200 --> 00:10:44,840
and helps analysts prioritize what to investigate.
266
00:10:44,840 --> 00:10:47,480
That is not a generic language model answering questions.
267
00:10:47,480 --> 00:10:51,960
It is a specialist agent that understands email signals the way security teams understand them.
268
00:10:51,960 --> 00:10:54,040
Alert triage agents work the same way.
269
00:10:54,040 --> 00:10:56,440
Security teams get flooded with alerts every day.
270
00:10:56,440 --> 00:10:58,040
Most are noise, but some are signals.
271
00:10:58,040 --> 00:11:00,760
The alert triage agent learns to distinguish between them
272
00:11:00,760 --> 00:11:02,520
because it understands context.
273
00:11:02,520 --> 00:11:05,480
It knows which alerts cluster together to suggest a larger incident
274
00:11:05,480 --> 00:11:07,960
and surfaces what actually requires human attention.
275
00:11:07,960 --> 00:11:09,800
It was built for that specific problem.
276
00:11:09,800 --> 00:11:12,680
Conditional access agents, vulnerability remediation agents,
277
00:11:12,680 --> 00:11:14,840
and threat intelligence agents are all specialized.
278
00:11:14,840 --> 00:11:17,960
Each one has been trained on domain-specific data and workflows.
279
00:11:17,960 --> 00:11:19,560
Each one has constraints built in
280
00:11:19,560 --> 00:11:22,920
because security people understand what bad output looks like
281
00:11:22,920 --> 00:11:24,040
and what could cause harm.
282
00:11:24,040 --> 00:11:25,800
Then look at Dynamics 365 agents.
283
00:11:25,800 --> 00:11:27,320
This is a completely different domain.
284
00:11:27,320 --> 00:11:29,640
The sales qualification agent is not a chatbot.
285
00:11:29,640 --> 00:11:31,720
It was built to understand lead scoring criteria,
286
00:11:31,720 --> 00:11:33,640
customer fit, and pipeline progression.
287
00:11:33,640 --> 00:11:36,840
It assesses inbound leads against what your sales team actually cares about
288
00:11:36,840 --> 00:11:39,240
and surfaces high-probability opportunities
289
00:11:39,240 --> 00:11:40,840
instead of everything that comes in.
290
00:11:40,840 --> 00:11:43,560
The account reconciliation agent solves a different problem.
291
00:11:43,560 --> 00:11:46,120
Finance teams spend enormous amounts of time matching records
292
00:11:46,120 --> 00:11:49,080
like invoices to payments or purchase orders to receipts.
293
00:11:49,080 --> 00:11:50,920
The agent understands matching logic
294
00:11:50,920 --> 00:11:52,520
and knows what constitutes a match.
295
00:11:52,520 --> 00:11:55,000
It flags exceptions and reduces the hours human spend
296
00:11:55,000 --> 00:11:56,360
on purely mechanical work.
297
00:11:56,360 --> 00:11:59,000
The customer intent agent works across multiple channels.
298
00:11:59,000 --> 00:12:01,800
Sales and service teams have interactions through email, calls,
299
00:12:01,800 --> 00:12:03,480
web forms, and social media.
300
00:12:03,480 --> 00:12:05,720
The agent analyzes those signals to understand
301
00:12:05,720 --> 00:12:07,320
what the customer actually wants
302
00:12:07,320 --> 00:12:09,560
underneath what they explicitly asked for.
303
00:12:09,560 --> 00:12:11,240
This helps teams respond with better timing
304
00:12:11,240 --> 00:12:12,360
and better solutions.
305
00:12:12,360 --> 00:12:14,360
Supplyer communications and field service
306
00:12:14,360 --> 00:12:16,840
each have their own agents built for specific domains
307
00:12:16,840 --> 00:12:18,360
with specific workflows.
308
00:12:18,360 --> 00:12:20,120
Azure brings its own set to the table.
309
00:12:20,120 --> 00:12:23,800
There are migration agents for assessing and planning complex Azure migrations
310
00:12:23,800 --> 00:12:26,200
and deployment agents that guide implementation
311
00:12:26,200 --> 00:12:27,960
once the architecture is decided.
312
00:12:27,960 --> 00:12:30,200
Optimization agents run on existing environments
313
00:12:30,200 --> 00:12:32,600
to improve cost, performance, and utilization.
314
00:12:32,600 --> 00:12:35,240
Observability agents connect disparate telemetry signals
315
00:12:35,240 --> 00:12:37,880
to surface what is actually happening in your infrastructure.
316
00:12:37,880 --> 00:12:40,120
Resiliency agents strengthen fault tolerance
317
00:12:40,120 --> 00:12:41,320
before failure happens.
318
00:12:41,320 --> 00:12:44,680
And troubleshooting agents diagnose problems faster than humans can.
319
00:12:44,680 --> 00:12:46,040
And then there is the open category.
320
00:12:46,040 --> 00:12:48,440
Copilot Studio lets teams build custom agents
321
00:12:48,440 --> 00:12:50,200
for business specific workflows
322
00:12:50,200 --> 00:12:52,280
that do not fit any pre-built pattern.
323
00:12:52,280 --> 00:12:54,040
These are processes unique to your industry
324
00:12:54,040 --> 00:12:56,280
or workflows specific to your organization.
325
00:12:56,280 --> 00:12:58,040
And those agents are built by business teams
326
00:12:58,040 --> 00:12:59,800
who understand that context deeply.
327
00:12:59,800 --> 00:13:02,120
The key distinction is that these are not generic assistance
328
00:13:02,120 --> 00:13:04,040
with domain knowledge bolted on.
329
00:13:04,040 --> 00:13:06,200
They were built from the ground up for a specific job.
330
00:13:06,200 --> 00:13:08,280
They have constraints, they have specialized training.
331
00:13:08,280 --> 00:13:10,040
They understand the specific signals
332
00:13:10,040 --> 00:13:11,400
that matter in that domain.
333
00:13:11,400 --> 00:13:14,040
This means an agent that does not understand your domain
334
00:13:14,040 --> 00:13:16,200
is just a chatbot with hallucination risk.
335
00:13:16,200 --> 00:13:18,360
A security agent applied to sales is useless.
336
00:13:18,360 --> 00:13:20,760
A sales agent applied to operations is worse than useless
337
00:13:20,760 --> 00:13:22,680
because it will be confidently wrong.
338
00:13:22,680 --> 00:13:24,520
But this creates a governance problem.
339
00:13:24,520 --> 00:13:27,960
Once you have dozens of specialized agents running across your organization,
340
00:13:27,960 --> 00:13:29,640
you have to control what they access.
341
00:13:29,640 --> 00:13:32,520
Some are pre-built, some are custom, and some are from vendors.
342
00:13:32,520 --> 00:13:34,280
You need to keep them aligned with policy
343
00:13:34,280 --> 00:13:35,960
and you need to know they even exist.
344
00:13:35,960 --> 00:13:39,240
That is where the runtime and governance layers become critical.
345
00:13:39,240 --> 00:13:42,200
The runtime layer, where agents actually execute,
346
00:13:42,200 --> 00:13:44,520
the infrastructure where agents actually run
347
00:13:44,520 --> 00:13:45,880
is a different problem entirely.
348
00:13:45,880 --> 00:13:48,040
Once you have agents with specialized capabilities,
349
00:13:48,040 --> 00:13:49,320
they need somewhere to live.
350
00:13:49,320 --> 00:13:52,680
They need a place to maintain state, call tools and connect to data.
351
00:13:52,680 --> 00:13:55,240
They need to coordinate with other agents doing related work.
352
00:13:55,240 --> 00:13:56,680
That is the runtime layer.
353
00:13:56,680 --> 00:13:59,000
Foundry agent service is the manage platform for this.
354
00:13:59,000 --> 00:14:00,120
Think of it like this.
355
00:14:00,120 --> 00:14:02,440
You write the agent logic and define what it should do.
356
00:14:02,440 --> 00:14:04,680
You specify what tools it needs access to
357
00:14:04,680 --> 00:14:06,040
and then you hand it to Foundry.
358
00:14:06,040 --> 00:14:07,800
Foundry handles everything underneath,
359
00:14:07,800 --> 00:14:10,840
including scaling, isolation, networking, and identity.
360
00:14:10,840 --> 00:14:13,240
It manages session management and state persistence
361
00:14:13,240 --> 00:14:16,760
so you can focus on the logic while Microsoft manages the infrastructure.
362
00:14:16,760 --> 00:14:18,920
That distinction matters more than it sounds.
363
00:14:18,920 --> 00:14:21,400
Building agents yourself means managing containers,
364
00:14:21,400 --> 00:14:23,640
scaling groups, and databases for state.
365
00:14:23,640 --> 00:14:25,720
You have to manage memory and networking.
366
00:14:25,720 --> 00:14:28,680
Building agents on Foundry means you are not managing any of that
367
00:14:28,680 --> 00:14:30,120
because the platform does it for you.
368
00:14:30,120 --> 00:14:33,000
You define the agent and deploy it, and then it runs.
369
00:14:33,000 --> 00:14:35,560
This is what managed actually means in practice.
370
00:14:35,560 --> 00:14:39,160
Agents run in hosted sessions where each session gets its own sandbox.
371
00:14:39,160 --> 00:14:41,800
The session has file system access and persistent state
372
00:14:41,800 --> 00:14:43,560
that survives across interactions.
373
00:14:43,560 --> 00:14:46,840
When a user talks to an agent that conversation maintains context,
374
00:14:46,840 --> 00:14:50,760
when the agent needs to do work, it has a place to store intermediate results.
375
00:14:50,760 --> 00:14:52,600
When another agent needs to call this agent,
376
00:14:52,600 --> 00:14:54,600
the call goes through a standard protocol.
377
00:14:54,600 --> 00:14:57,240
Microsoft handles the isolation and the scaling.
378
00:14:57,240 --> 00:15:00,040
If traffic spikes, the platform scales automatically,
379
00:15:00,040 --> 00:15:02,680
and if one agent fails, it does not cascade.
380
00:15:02,680 --> 00:15:05,560
Memory is built into the runtime instead of being bolted on.
381
00:15:05,560 --> 00:15:07,800
This is where the model shows its maturity.
382
00:15:07,800 --> 00:15:10,520
Procedural memory means agents remember how to do things.
383
00:15:10,520 --> 00:15:13,400
Once they have executed a workflow, they remember the steps,
384
00:15:13,400 --> 00:15:16,040
which makes them faster and more accurate the second time.
385
00:15:16,040 --> 00:15:18,040
User memory persists across sessions,
386
00:15:18,040 --> 00:15:20,280
so an agent learns your preferences, your constraints,
387
00:15:20,280 --> 00:15:21,480
and your typical patterns.
388
00:15:21,480 --> 00:15:22,440
It carries that forward.
389
00:15:22,440 --> 00:15:25,480
Session memory holds context for the current conversation,
390
00:15:25,480 --> 00:15:27,320
but only the current conversation.
391
00:15:27,320 --> 00:15:29,720
Once the session ends, session memory goes away,
392
00:15:29,720 --> 00:15:31,880
but procedural and user memory stick around.
393
00:15:31,880 --> 00:15:34,120
Multi-agent orchestration happens in the runtime.
394
00:15:34,120 --> 00:15:36,440
One agent can call another agent as a tool.
395
00:15:36,440 --> 00:15:39,560
You have a coordinator agent that breaks down a complex task
396
00:15:39,560 --> 00:15:41,640
and calls a data retrieval agent.
397
00:15:41,640 --> 00:15:43,240
That agent goes to fetch information
398
00:15:43,240 --> 00:15:44,920
and then calls an analysis agent.
399
00:15:44,920 --> 00:15:46,840
That agent processes what was retrieved
400
00:15:46,840 --> 00:15:49,320
and calls a communication agent to draft a response.
401
00:15:49,320 --> 00:15:51,240
The coordinator stitches it all together
402
00:15:51,240 --> 00:15:53,400
while the runtime handles the choreography.
403
00:15:53,400 --> 00:15:54,920
Each agent knows what tool it is calling
404
00:15:54,920 --> 00:15:56,200
and what response to expect.
405
00:15:56,200 --> 00:15:59,480
If one agent fails, the coordinator can retry or escalate.
406
00:15:59,480 --> 00:16:02,280
The agent to agent protocol standardizes this process.
407
00:16:02,280 --> 00:16:04,200
Agents do not just work within foundry.
408
00:16:04,200 --> 00:16:06,120
They can call agents built on other frameworks
409
00:16:06,120 --> 00:16:08,680
as long as they speak the A2A protocol.
410
00:16:08,680 --> 00:16:11,880
Agents built on semantic kernel can call agents built on auto-gen.
411
00:16:11,880 --> 00:16:13,800
Custom agents can call pre-built agents.
412
00:16:13,800 --> 00:16:16,440
They do not all have to run on the same platform
413
00:16:16,440 --> 00:16:18,280
as long as they understand the protocol.
414
00:16:18,280 --> 00:16:19,960
Toolboxes are the discovery mechanism.
415
00:16:19,960 --> 00:16:22,680
Instead of hard-coding every tool an agent might need,
416
00:16:22,680 --> 00:16:25,400
toolboxes let agents discover tools at runtime.
417
00:16:25,400 --> 00:16:28,600
A toolbox is a collection of tools, integrations, and data sources.
418
00:16:28,600 --> 00:16:30,680
An agent looks at the task it is facing
419
00:16:30,680 --> 00:16:32,840
and checks what is available in the toolbox.
420
00:16:32,840 --> 00:16:34,920
It selects what is relevant and uses it.
421
00:16:34,920 --> 00:16:37,080
If new tools get added to the toolbox,
422
00:16:37,080 --> 00:16:39,080
every agent automatically has access
423
00:16:39,080 --> 00:16:41,720
without any redeployment or reconfiguration.
424
00:16:41,720 --> 00:16:44,120
Foundry IQ is the knowledge layer underneath.
425
00:16:44,120 --> 00:16:47,160
It unifies retrieval across documents, data warehouses,
426
00:16:47,160 --> 00:16:49,160
web content, and enterprise sources.
427
00:16:49,160 --> 00:16:51,240
An agent that needs to answer a question
428
00:16:51,240 --> 00:16:53,560
does not have to know where the answer lives.
429
00:16:53,560 --> 00:16:55,800
It asks Foundry IQ and the platform finds it.
430
00:16:55,800 --> 00:16:57,240
It returns relevant context
431
00:16:57,240 --> 00:17:00,360
and the agent uses that context to construct a response.
432
00:17:00,360 --> 00:17:02,040
There are no custom rag pipelines
433
00:17:02,040 --> 00:17:04,280
to build a no-vector databases to manage.
434
00:17:04,280 --> 00:17:06,120
Foundry IQ handles the orchestration
435
00:17:06,120 --> 00:17:07,960
of multiple retrieval sources.
436
00:17:07,960 --> 00:17:09,880
The reason runtime matters is simple.
437
00:17:09,880 --> 00:17:11,240
Without a managed runtime,
438
00:17:11,240 --> 00:17:14,040
you are building agents that run in your own infrastructure.
439
00:17:14,040 --> 00:17:15,480
You are responsible for scaling,
440
00:17:15,480 --> 00:17:17,480
state management, and keeping them secure.
441
00:17:17,480 --> 00:17:20,600
You have to make sure they do not break other systems.
442
00:17:20,600 --> 00:17:22,120
With Foundry, you are building agents
443
00:17:22,120 --> 00:17:23,960
that scale automatically and maintain
444
00:17:23,960 --> 00:17:25,160
state without your involvement.
445
00:17:25,160 --> 00:17:26,520
They coordinate with other agents
446
00:17:26,520 --> 00:17:28,760
without custom orchestration and access tools
447
00:17:28,760 --> 00:17:30,760
without hard-coded integrations.
448
00:17:30,760 --> 00:17:31,960
The runtime is what lets you move
449
00:17:31,960 --> 00:17:35,080
from experimental agents to operational agents at scale.
450
00:17:35,080 --> 00:17:37,480
The governance layer sits on top and controls all of this
451
00:17:37,480 --> 00:17:39,960
but the runtime layer is what makes it actually work.
452
00:17:39,960 --> 00:17:42,200
The governance layer, the missing piece,
453
00:17:42,200 --> 00:17:44,440
the runtime layer gives you the basics.
454
00:17:44,440 --> 00:17:47,000
Hosting, memory, scaling.
455
00:17:47,000 --> 00:17:49,480
But infrastructure without control is just chaos.
456
00:17:49,480 --> 00:17:51,480
That is where the governance layer comes in.
457
00:17:51,480 --> 00:17:54,920
Before agent 365 agents were essentially invisible.
458
00:17:54,920 --> 00:17:57,080
You would build an agent in Co-Pilot Studio
459
00:17:57,080 --> 00:17:58,600
and it would just run somewhere.
460
00:17:58,600 --> 00:17:59,960
It might be in the power platform
461
00:17:59,960 --> 00:18:01,240
or a custom environment
462
00:18:01,240 --> 00:18:03,240
or even on a laptop running a local script.
463
00:18:03,240 --> 00:18:04,440
Nobody knew it was there.
464
00:18:04,440 --> 00:18:05,400
It did not know.
465
00:18:05,400 --> 00:18:06,520
Security did not know.
466
00:18:06,520 --> 00:18:08,520
The organization had no idea what was operating,
467
00:18:08,520 --> 00:18:09,880
what data it was touching
468
00:18:09,880 --> 00:18:11,560
or who was even responsible for it.
469
00:18:11,560 --> 00:18:14,840
That invisibility was fine when agents were just experiments.
470
00:18:14,840 --> 00:18:18,120
It became dangerous the moment they started calling real APIs
471
00:18:18,120 --> 00:18:19,800
and making decisions at scale.
472
00:18:19,800 --> 00:18:21,160
The governance layer changes that.
473
00:18:21,160 --> 00:18:22,600
It makes agents visible.
474
00:18:22,600 --> 00:18:24,840
More importantly, it makes them manageable.
475
00:18:24,840 --> 00:18:27,320
Agent 365 acts as a central registry.
476
00:18:27,320 --> 00:18:29,400
It discovers every agent in your tenant
477
00:18:29,400 --> 00:18:31,320
not just the ones you officially deployed.
478
00:18:31,320 --> 00:18:33,640
It finds the agents in power platform environments
479
00:18:33,640 --> 00:18:35,320
that have not been touched in six months
480
00:18:35,320 --> 00:18:37,720
and it surfaces the Co-Pilot Studio bot someone built
481
00:18:37,720 --> 00:18:38,760
in a private workspace.
482
00:18:38,760 --> 00:18:41,480
It discovers shadow agents that nobody told it about.
483
00:18:41,480 --> 00:18:43,880
For the first time, you can actually see what is running.
484
00:18:43,880 --> 00:18:45,240
But discovery is only the start.
485
00:18:45,240 --> 00:18:47,000
Once you see an agent, you have to control it.
486
00:18:47,000 --> 00:18:49,400
And that is where EntraAgentID changes the model.
487
00:18:49,400 --> 00:18:52,040
Every agent gets its own identity in your EntraDirectory.
488
00:18:52,040 --> 00:18:53,640
This is not a shared service account
489
00:18:53,640 --> 00:18:55,400
or a human account mapped to a bot.
490
00:18:55,400 --> 00:18:56,760
It is its own principle.
491
00:18:56,760 --> 00:18:58,680
When an agent acts, it acts as itself.
492
00:18:58,680 --> 00:19:00,440
It has its own permissions, its own audit trail
493
00:19:00,440 --> 00:19:01,400
and its own life cycle.
494
00:19:01,400 --> 00:19:03,000
That sounds like a minor detail.
495
00:19:03,000 --> 00:19:04,600
It is not. It is foundational.
496
00:19:04,600 --> 00:19:08,040
Because an agent with its own identity
497
00:19:08,040 --> 00:19:09,640
can follow the rule of least privilege.
498
00:19:09,640 --> 00:19:11,080
If an agent only needs to read
499
00:19:11,080 --> 00:19:12,840
from one specific SharePoint library,
500
00:19:12,840 --> 00:19:15,640
it gets read-only access to that library and nothing else.
501
00:19:15,640 --> 00:19:18,280
It does not get broad access to all of SharePoint.
502
00:19:18,280 --> 00:19:19,640
It does not use a service account
503
00:19:19,640 --> 00:19:21,400
that can read every file in the company.
504
00:19:21,400 --> 00:19:23,320
It gets exactly what it needs to do the job.
505
00:19:23,320 --> 00:19:25,800
That is the opposite of how agents usually work today.
506
00:19:25,800 --> 00:19:27,800
Right now, they either have no identity at all
507
00:19:27,800 --> 00:19:29,880
or they run under a service account with permissions
508
00:19:29,880 --> 00:19:32,440
that were set once and never checked again.
509
00:19:32,440 --> 00:19:35,720
With EntraEgentID, every agent is secure by design.
510
00:19:35,720 --> 00:19:37,720
Because every agent has its own identity,
511
00:19:37,720 --> 00:19:40,440
you can scope that identity with total precision.
512
00:19:40,440 --> 00:19:42,520
If an agent goes rogue or gets compromised,
513
00:19:42,520 --> 00:19:44,360
you simply revoke its identity.
514
00:19:44,360 --> 00:19:45,560
It stops immediately.
515
00:19:45,560 --> 00:19:48,280
It does not wait for a manual shutdown or a service restart.
516
00:19:48,280 --> 00:19:50,280
It dies the moment the identity is gone.
517
00:19:50,280 --> 00:19:53,000
Every action an agent takes is logged under its own name.
518
00:19:53,000 --> 00:19:54,360
Because of Pervue integration,
519
00:19:54,360 --> 00:19:56,280
that audit trail flows into the same logs
520
00:19:56,280 --> 00:19:58,040
that track everything else in your environment.
521
00:19:58,040 --> 00:19:59,640
You can see what every agent accessed
522
00:19:59,640 --> 00:20:00,840
and exactly what it did.
523
00:20:00,840 --> 00:20:03,080
For compliance or for figuring out what went wrong,
524
00:20:03,080 --> 00:20:04,760
the trail is finally complete.
525
00:20:04,760 --> 00:20:07,320
The same conditional access policies you apply to humans
526
00:20:07,320 --> 00:20:08,760
now apply to agents.
527
00:20:08,760 --> 00:20:10,600
If your policy says sensitive data
528
00:20:10,600 --> 00:20:12,600
must only come from a managed device
529
00:20:12,600 --> 00:20:14,520
that rule applies to your agents too.
530
00:20:14,520 --> 00:20:16,680
If you restrict access based on risk or location,
531
00:20:16,680 --> 00:20:18,520
agents have to follow those rules.
532
00:20:18,520 --> 00:20:20,440
You are no longer managing agent security
533
00:20:20,440 --> 00:20:21,400
in a separate silo.
534
00:20:21,400 --> 00:20:22,520
It is all one system.
535
00:20:22,520 --> 00:20:24,040
The agent control specification
536
00:20:24,040 --> 00:20:26,280
lets you define what agents are allowed to do.
537
00:20:26,280 --> 00:20:27,800
This is different from access control.
538
00:20:27,800 --> 00:20:28,680
It is about actions.
539
00:20:28,680 --> 00:20:31,480
Maybe an agent can read documents but cannot modify them.
540
00:20:31,480 --> 00:20:33,640
Maybe it can send a message but cannot delete one.
541
00:20:33,640 --> 00:20:35,080
You define the boundaries.
542
00:20:35,080 --> 00:20:36,680
And the runtime enforces them.
543
00:20:36,680 --> 00:20:37,880
This is the structural shift.
544
00:20:37,880 --> 00:20:41,400
Before agent 365 agents were invisible and uncontrolled.
545
00:20:41,400 --> 00:20:43,400
Now, they are governed like any other system.
546
00:20:43,400 --> 00:20:44,600
They have identity.
547
00:20:44,600 --> 00:20:45,560
They have audits.
548
00:20:45,560 --> 00:20:46,760
They have a life cycle.
549
00:20:46,760 --> 00:20:48,120
Governance is not an add-on.
550
00:20:48,120 --> 00:20:49,560
It is infrastructure.
551
00:20:49,560 --> 00:20:50,840
The decision framework,
552
00:20:50,840 --> 00:20:52,520
Azure and GitHub agents.
553
00:20:52,520 --> 00:20:53,960
We have covered the layers.
554
00:20:53,960 --> 00:20:55,080
You understand the model.
555
00:20:55,080 --> 00:20:58,040
But the model does not tell you which agent to actually use.
556
00:20:58,040 --> 00:20:59,640
That requires a decision framework.
557
00:20:59,640 --> 00:21:01,320
And it starts with a simple question.
558
00:21:01,320 --> 00:21:03,560
Is the work you are doing focused on infrastructure
559
00:21:03,560 --> 00:21:04,680
or on developers?
560
00:21:04,680 --> 00:21:07,080
If the work is about deployment, operations,
561
00:21:07,080 --> 00:21:08,680
or cloud optimization,
562
00:21:08,680 --> 00:21:10,280
you are looking at Azure agents.
563
00:21:10,280 --> 00:21:11,800
These are specialized for the cloud.
564
00:21:11,800 --> 00:21:13,160
They understand the specific problems
565
00:21:13,160 --> 00:21:15,240
that operations teams deal with every day.
566
00:21:15,240 --> 00:21:16,600
Take the migration agent.
567
00:21:16,600 --> 00:21:18,520
You use this when you are planning a move to Azure
568
00:21:18,520 --> 00:21:19,960
with complex dependencies.
569
00:21:19,960 --> 00:21:21,480
Your environment likely has systems
570
00:21:21,480 --> 00:21:23,720
that talk to each other in ways you do not fully see.
571
00:21:23,720 --> 00:21:26,200
The migration agent understands those relationships.
572
00:21:26,200 --> 00:21:27,960
It maps what is connected to what
573
00:21:27,960 --> 00:21:29,800
and finds the dependencies you might miss
574
00:21:29,800 --> 00:21:31,000
during a manual check.
575
00:21:31,000 --> 00:21:32,920
It surfaces the risks of moving system A
576
00:21:32,920 --> 00:21:34,040
before system B.
577
00:21:34,040 --> 00:21:35,560
This speeds up the assessment phase
578
00:21:35,560 --> 00:21:37,000
where most companies waste months
579
00:21:37,000 --> 00:21:38,280
just documenting what they own.
580
00:21:38,280 --> 00:21:40,440
The deployment agent is for a different stage.
581
00:21:40,440 --> 00:21:43,160
Use this when the architecture decisions are already made.
582
00:21:43,160 --> 00:21:44,520
You know where the workloads are going
583
00:21:44,520 --> 00:21:45,880
and what services you need.
584
00:21:45,880 --> 00:21:47,560
Now you need a guide for implementation.
585
00:21:47,560 --> 00:21:49,000
How do you deploy this at scale?
586
00:21:49,000 --> 00:21:50,040
How do you make it repeatable
587
00:21:50,040 --> 00:21:52,120
to the fifth deployment is as clean as the first?
588
00:21:52,120 --> 00:21:53,640
It helps you build a process
589
00:21:53,640 --> 00:21:55,560
so someone else can deploy the same setup
590
00:21:55,560 --> 00:21:57,560
without needing the knowledge inside your head.
591
00:21:57,560 --> 00:21:59,320
The optimization agent runs on environments
592
00:21:59,320 --> 00:22:00,520
that are already live.
593
00:22:00,520 --> 00:22:02,280
Use it when you are past the setup phase
594
00:22:02,280 --> 00:22:03,720
and into a steady state.
595
00:22:03,720 --> 00:22:05,160
Your infrastructure is running
596
00:22:05,160 --> 00:22:07,000
but you might be spending too much on compute
597
00:22:07,000 --> 00:22:08,600
or leaving performance on the table.
598
00:22:08,600 --> 00:22:11,000
This agent analyzes what you are actually using
599
00:22:11,000 --> 00:22:12,600
versus what you are paying for.
600
00:22:12,600 --> 00:22:14,360
It finds right sizing opportunities
601
00:22:14,360 --> 00:22:15,720
and unused resources.
602
00:22:15,720 --> 00:22:17,400
It is not about changing the architecture.
603
00:22:17,400 --> 00:22:20,040
It is about making what you have run more efficiently.
604
00:22:20,040 --> 00:22:22,760
The observability agent is for when you have plenty of data
605
00:22:22,760 --> 00:22:24,760
but the signal is buried in noise.
606
00:22:24,760 --> 00:22:27,000
Your systems are producing logs, metrics
607
00:22:27,000 --> 00:22:27,880
and traces.
608
00:22:27,880 --> 00:22:30,040
Connecting those signals into a real understanding
609
00:22:30,040 --> 00:22:32,200
of what is happening is the hard part.
610
00:22:32,200 --> 00:22:34,840
The observability agent looks across all your data sources
611
00:22:34,840 --> 00:22:36,120
to correlate events.
612
00:22:36,120 --> 00:22:38,520
It helps you understand not just that something failed
613
00:22:38,520 --> 00:22:39,480
but why it happened.
614
00:22:39,480 --> 00:22:42,360
The resiliency agent works before things break.
615
00:22:42,360 --> 00:22:45,000
Use this when you want to strengthen your fall tolerance.
616
00:22:45,000 --> 00:22:46,760
What happens if a database goes down?
617
00:22:46,760 --> 00:22:48,680
What happens if a network connection fails?
618
00:22:48,680 --> 00:22:51,320
The resiliency agent looks for weak points in your architecture.
619
00:22:51,320 --> 00:22:52,680
It suggests improvements
620
00:22:52,680 --> 00:22:54,280
so you can build in redundancy
621
00:22:54,280 --> 00:22:55,320
where it actually matters.
622
00:22:56,120 --> 00:22:58,120
The troubleshooting agent is for when things go wrong.
623
00:22:58,120 --> 00:23:00,120
Something broke and you need a diagnosis fast.
624
00:23:00,120 --> 00:23:02,760
The problem could be in the network, the app or the database.
625
00:23:02,760 --> 00:23:05,080
This agent pulls signals from every source at once.
626
00:23:05,080 --> 00:23:06,920
It diagnosis faster than a human
627
00:23:06,920 --> 00:23:09,080
because it does not have to switch between different tools
628
00:23:09,080 --> 00:23:09,880
and documentation.
629
00:23:09,880 --> 00:23:11,560
It sees everything at the same time.
630
00:23:11,560 --> 00:23:14,040
GitHub Copilot CLI is the version for developers.
631
00:23:14,040 --> 00:23:17,320
Use this when teams need help without leaving their workflow.
632
00:23:17,320 --> 00:23:19,160
They are in the terminal and they need a command
633
00:23:19,160 --> 00:23:20,760
or help with an error message.
634
00:23:20,760 --> 00:23:22,280
Instead of switching to a browser,
635
00:23:22,280 --> 00:23:24,280
the agent operates right there in the environment
636
00:23:24,280 --> 00:23:25,560
where the work is happening.
637
00:23:25,560 --> 00:23:28,280
The modernization agent helps teams update old code
638
00:23:28,280 --> 00:23:29,720
without starting from scratch.
639
00:23:29,720 --> 00:23:33,000
You have legacy systems that need to move toward a new architecture.
640
00:23:33,000 --> 00:23:34,840
This agent understands those patterns.
641
00:23:34,840 --> 00:23:36,120
It suggests the best approach
642
00:23:36,120 --> 00:23:38,440
and can even help with the actual refactoring.
643
00:23:38,440 --> 00:23:41,080
The code review agent improves quality at scale.
644
00:23:41,080 --> 00:23:42,920
When humans review every pull request,
645
00:23:42,920 --> 00:23:44,840
the process is slow and inconsistent.
646
00:23:44,840 --> 00:23:46,840
You can add an agent to do the first pass.
647
00:23:46,840 --> 00:23:49,480
It checks for security floors and performance issues.
648
00:23:49,480 --> 00:23:51,080
Humans still do the final review,
649
00:23:51,080 --> 00:23:53,400
but they are looking at code that has already been cleaned up.
650
00:23:53,400 --> 00:23:54,920
The pattern here is clarity.
651
00:23:54,920 --> 00:23:57,640
You are not asking which agent is the most advanced.
652
00:23:57,640 --> 00:24:00,440
You are asking what specific problem you need to solve.
653
00:24:00,440 --> 00:24:02,600
And which agent is built for that task?
654
00:24:02,600 --> 00:24:07,080
The decision framework, Dynamics 365 and M365 agents,
655
00:24:07,080 --> 00:24:09,560
as your agents operate on your infrastructure.
656
00:24:09,560 --> 00:24:13,000
But Dynamics and Microsoft 365 agents operate on your business.
657
00:24:13,000 --> 00:24:16,040
That distinction matters because the decision point is different.
658
00:24:16,040 --> 00:24:18,920
You aren't asking what technical problem you need to solve.
659
00:24:18,920 --> 00:24:21,480
You're asking where intelligence is already sitting inside
660
00:24:21,480 --> 00:24:23,000
the way your people actually work.
661
00:24:23,000 --> 00:24:24,760
Take the sales qualification agent.
662
00:24:24,760 --> 00:24:27,400
It exists because your sales team is drowning in leads.
663
00:24:27,400 --> 00:24:28,760
Your inbound volume is high,
664
00:24:28,760 --> 00:24:31,000
but most of those leads are low probability.
665
00:24:31,000 --> 00:24:33,080
Your reps spend their entire day assessing people
666
00:24:33,080 --> 00:24:34,280
instead of selling to them.
667
00:24:34,280 --> 00:24:37,480
This agent looks at every lead against your specific criteria.
668
00:24:37,480 --> 00:24:39,720
It understands what a qualified opportunity looks like
669
00:24:39,720 --> 00:24:40,680
for your business.
670
00:24:40,680 --> 00:24:43,320
It separates the high probability wins from the noise.
671
00:24:43,320 --> 00:24:45,080
Because the agent handles the filtering,
672
00:24:45,080 --> 00:24:47,560
your reps can finally focus on the opportunities
673
00:24:47,560 --> 00:24:49,160
that are actually worth their time.
674
00:24:49,160 --> 00:24:51,960
The account reconciliation agent solves a different problem.
675
00:24:51,960 --> 00:24:54,840
Finance teams spend hours matching invoices to payments.
676
00:24:54,840 --> 00:24:57,160
Operations teams reconcile orders to shipments.
677
00:24:57,160 --> 00:24:58,280
It is mechanical work.
678
00:24:58,280 --> 00:24:59,560
It is time consuming.
679
00:24:59,560 --> 00:25:02,200
And because humans get tired doing repetitive tasks,
680
00:25:02,200 --> 00:25:03,880
it is incredibly error prone.
681
00:25:03,880 --> 00:25:05,720
The agent understands your matching logic.
682
00:25:05,720 --> 00:25:07,320
It knows what a valid match looks like
683
00:25:07,320 --> 00:25:09,560
and flags the exceptions for a human to review.
684
00:25:09,560 --> 00:25:11,720
This reduces hours of pure manual labor.
685
00:25:11,720 --> 00:25:13,560
Now your finance team audits the results
686
00:25:13,560 --> 00:25:15,640
instead of doing the reconciliation themselves.
687
00:25:15,640 --> 00:25:18,440
The customer intent agent listens across every interaction.
688
00:25:18,440 --> 00:25:19,800
A customer sends an email.
689
00:25:19,800 --> 00:25:22,760
They call support. They fill out a form or post on social media.
690
00:25:22,760 --> 00:25:25,480
Those interactions contain signals about what they actually want
691
00:25:25,480 --> 00:25:27,400
even if they don't say it explicitly.
692
00:25:27,400 --> 00:25:30,120
The intent agent analyzes those signals to surface patterns.
693
00:25:30,120 --> 00:25:33,080
It helps your team understand what the customer is signaling
694
00:25:33,080 --> 00:25:34,680
so you can respond at the right time.
695
00:25:34,680 --> 00:25:36,360
You aren't just answering a question.
696
00:25:36,360 --> 00:25:37,960
You're understanding what is really needed.
697
00:25:37,960 --> 00:25:39,720
The supplier communications agent handles
698
00:25:39,720 --> 00:25:41,400
a very specific friction point.
699
00:25:41,400 --> 00:25:43,800
Supplier interactions are frequent and operational.
700
00:25:43,800 --> 00:25:45,960
They usually follow the same repeatable patterns.
701
00:25:45,960 --> 00:25:47,640
Someone asks to expedite an order.
702
00:25:47,640 --> 00:25:50,200
Someone else wants a delivery status or an inventory check
703
00:25:50,200 --> 00:25:51,560
on a specific SKU.
704
00:25:51,560 --> 00:25:53,400
The agent handles these routine inquiries
705
00:25:53,400 --> 00:25:56,280
and only escalates the genuinely complex issues to a person.
706
00:25:56,280 --> 00:25:57,880
It cuts out the operational overhead
707
00:25:57,880 --> 00:25:59,800
of that constant back and forth.
708
00:25:59,800 --> 00:26:02,040
The field service agent coordinates complexity.
709
00:26:02,040 --> 00:26:03,720
When a technician is dispatched to a job,
710
00:26:03,720 --> 00:26:06,040
the agent pulls all the contacts together.
711
00:26:06,040 --> 00:26:08,360
It looks at the service history on the equipment,
712
00:26:08,360 --> 00:26:09,800
known issues with that model,
713
00:26:09,800 --> 00:26:11,240
and the availability of parts.
714
00:26:11,240 --> 00:26:13,080
It even estimates the time to repair.
715
00:26:13,080 --> 00:26:14,920
The agent coordinates the next appointment
716
00:26:14,920 --> 00:26:16,840
before the current one is even finished.
717
00:26:16,840 --> 00:26:18,520
It ensures the follow-up actually happens.
718
00:26:18,520 --> 00:26:20,360
This reduces the coordination overhead
719
00:26:20,360 --> 00:26:23,400
that usually requires a dispatch team to manage by hand.
720
00:26:23,400 --> 00:26:25,320
Agents in Word, Excel, and PowerPoint
721
00:26:25,320 --> 00:26:27,160
embed intelligence directly into the tools
722
00:26:27,160 --> 00:26:28,360
where knowledge work happens.
723
00:26:28,360 --> 00:26:29,560
If a writer is working in Word,
724
00:26:29,560 --> 00:26:31,720
the agent understands the tone and the audience.
725
00:26:31,720 --> 00:26:34,840
It helps them without pulling them out of their flow.
726
00:26:34,840 --> 00:26:36,760
If an analyst is building a spreadsheet,
727
00:26:36,760 --> 00:26:38,680
the agent understands the data structure.
728
00:26:38,680 --> 00:26:40,920
It helps build formulas, finds errors,
729
00:26:40,920 --> 00:26:42,920
and suggests the right visualizations.
730
00:26:42,920 --> 00:26:44,760
A presenter building slides can use an agent
731
00:26:44,760 --> 00:26:47,400
to maintain narrative flow and story coherence.
732
00:26:47,400 --> 00:26:49,080
None of this requires leaving the app.
733
00:26:49,080 --> 00:26:50,360
None of it breaks your focus.
734
00:26:50,360 --> 00:26:53,240
Co-Pilot Studio is the catch-all for custom agents.
735
00:26:53,240 --> 00:26:55,640
When your business process doesn't fit a pre-built pattern,
736
00:26:55,640 --> 00:26:56,680
you build it here.
737
00:26:56,680 --> 00:26:58,520
If your workflow is specific to your industry
738
00:26:58,520 --> 00:26:59,880
or how your company operates,
739
00:26:59,880 --> 00:27:01,000
you can create what you need
740
00:27:01,000 --> 00:27:03,160
without writing code or hiring developers.
741
00:27:03,160 --> 00:27:06,280
It allows business teams to build for their own specific needs.
742
00:27:06,280 --> 00:27:07,800
The pattern here is fundamentally different
743
00:27:07,800 --> 00:27:08,840
from the Azure side.
744
00:27:08,840 --> 00:27:11,480
Azure agents solve infrastructure problems.
745
00:27:11,480 --> 00:27:13,640
Dynamics and M365 agents
746
00:27:13,640 --> 00:27:17,160
embed intelligence into the systems your teams use every single day.
747
00:27:17,160 --> 00:27:18,760
You aren't bolting on new tools.
748
00:27:18,760 --> 00:27:20,840
You're making your existing tools smarter.
749
00:27:20,840 --> 00:27:23,160
You aren't asking teams to learn a new interface.
750
00:27:23,160 --> 00:27:26,040
You're putting the help exactly where the work is already happening.
751
00:27:26,040 --> 00:27:27,480
That is why the scale is differently.
752
00:27:27,480 --> 00:27:30,840
An IT ops team might have to learn a new platform like Foundry
753
00:27:30,840 --> 00:27:33,000
but a sales rep doesn't have to learn anything new at all.
754
00:27:33,000 --> 00:27:35,480
Their existing CRM just suddenly has intelligence.
755
00:27:35,480 --> 00:27:37,960
A finance person doesn't need software training
756
00:27:37,960 --> 00:27:40,440
because their spreadsheet now helps them work faster.
757
00:27:40,440 --> 00:27:42,360
Your support team doesn't need a new system.
758
00:27:42,360 --> 00:27:44,360
Their existing tools just got better.
759
00:27:44,360 --> 00:27:46,760
The advantage is obvious but the challenge is deeper.
760
00:27:46,760 --> 00:27:48,600
Embedding intelligence into business systems
761
00:27:48,600 --> 00:27:51,240
requires a deep understanding of how those systems work.
762
00:27:51,240 --> 00:27:52,840
You have to understand the workflows,
763
00:27:52,840 --> 00:27:55,400
the data models, and the rules your people live by.
764
00:27:55,400 --> 00:27:56,920
A generic agent cannot do that.
765
00:27:56,920 --> 00:27:59,560
The agent has to be built for your specific business.
766
00:27:59,560 --> 00:28:01,720
This is why governance and orchestration matter.
767
00:28:01,720 --> 00:28:03,800
You aren't just running one or two tools anymore.
768
00:28:03,800 --> 00:28:05,720
You're managing dozens of specialized agents
769
00:28:05,720 --> 00:28:07,160
across your entire company.
770
00:28:07,160 --> 00:28:09,320
Without a framework, that becomes chaos.
771
00:28:09,320 --> 00:28:10,760
The shadow agent problem.
772
00:28:10,760 --> 00:28:12,520
Why governance isn't optional?
773
00:28:12,520 --> 00:28:15,160
Most organizations haven't confronted this reality yet.
774
00:28:15,160 --> 00:28:17,720
You likely have agents running in your tenant right now
775
00:28:17,720 --> 00:28:19,480
that IT doesn't even know about.
776
00:28:19,480 --> 00:28:21,640
This isn't because IT is bad at their job.
777
00:28:21,640 --> 00:28:24,360
It's because building agents has become trivially easy
778
00:28:24,360 --> 00:28:25,960
while governance remains hard.
779
00:28:25,960 --> 00:28:28,600
Teams would rather build first and ask for permission never.
780
00:28:28,600 --> 00:28:30,200
These agents are hiding everywhere.
781
00:28:30,200 --> 00:28:32,120
Someone spins up a co-pilot studio environment
782
00:28:32,120 --> 00:28:33,720
to build a tool for their department.
783
00:28:33,720 --> 00:28:36,600
They don't tell IT because they don't see it as infrastructure.
784
00:28:36,600 --> 00:28:39,560
To them, it's just a feature in a platform they already use.
785
00:28:39,560 --> 00:28:42,440
A power platform team creates a bot for their own automation.
786
00:28:42,440 --> 00:28:45,080
A Teams channel has a bot handling admin tasks.
787
00:28:45,080 --> 00:28:47,080
Someone else is running a custom Python script
788
00:28:47,080 --> 00:28:48,280
that calls an API.
789
00:28:48,280 --> 00:28:50,440
Even your vendors are bringing their own agents bundled
790
00:28:50,440 --> 00:28:51,320
into their software.
791
00:28:51,320 --> 00:28:53,400
By the time IT realizes these exist,
792
00:28:53,400 --> 00:28:55,240
dozens of them are already in production.
793
00:28:55,240 --> 00:28:57,000
They are accessing data and making decisions,
794
00:28:57,000 --> 00:28:59,320
but nobody is officially responsible for them.
795
00:28:59,320 --> 00:29:01,160
The risks start to compound quickly.
796
00:29:01,160 --> 00:29:03,720
You might have an agent reading your entire sharepoint tenant
797
00:29:03,720 --> 00:29:05,640
because someone granted it broad permissions
798
00:29:05,640 --> 00:29:07,480
without thinking about security.
799
00:29:07,480 --> 00:29:09,800
Another agent might be sending emails from a shared mailbox
800
00:29:09,800 --> 00:29:11,800
with no audit trail to show who actually sent them.
801
00:29:11,800 --> 00:29:15,160
You could have agents calling APIs with credentials stored in plain text.
802
00:29:15,160 --> 00:29:17,560
Often, a dozen different agents are doing the same work,
803
00:29:17,560 --> 00:29:20,040
but nobody knows it because they aren't registered anywhere.
804
00:29:20,040 --> 00:29:21,960
The access restricted data duplicate effort
805
00:29:21,960 --> 00:29:23,960
and create massive data quality problems.
806
00:29:23,960 --> 00:29:26,440
This happens because the friction is asymmetrical.
807
00:29:26,440 --> 00:29:27,960
Building an agent is frictionless.
808
00:29:27,960 --> 00:29:29,560
It takes hours instead of weeks.
809
00:29:29,560 --> 00:29:31,080
Governance is the exact opposite.
810
00:29:31,080 --> 00:29:34,680
It requires planning, coordination, and policy definitions.
811
00:29:34,680 --> 00:29:36,840
Most organizations haven't built that process yet,
812
00:29:36,840 --> 00:29:39,160
so teams take the path of least resistance.
813
00:29:39,160 --> 00:29:40,840
They build, they test, and they deploy.
814
00:29:40,840 --> 00:29:43,080
They just skip the governance part entirely.
815
00:29:43,080 --> 00:29:46,040
This is where agent 365 changes the structure of the problem.
816
00:29:46,040 --> 00:29:49,320
It doesn't require you to have a perfect governance process in place before you start.
817
00:29:49,320 --> 00:29:50,680
Instead, it provides visibility.
818
00:29:50,680 --> 00:29:52,680
It discovers the agents that are already running.
819
00:29:52,680 --> 00:29:54,120
Every agent talking to enter,
820
00:29:54,120 --> 00:29:56,600
every agent accessing M365 data,
821
00:29:56,600 --> 00:29:58,840
and every bot in the power platform is surfaced.
822
00:29:58,840 --> 00:30:00,840
It doesn't depend on teams registering themselves.
823
00:30:00,840 --> 00:30:02,360
It finds what already exists.
824
00:30:02,360 --> 00:30:04,040
But discovery is only half the battle.
825
00:30:04,040 --> 00:30:06,600
Once you find an agent, you have to be able to control it.
826
00:30:06,600 --> 00:30:09,800
The Entra agent ID requirement changes the baseline for security.
827
00:30:09,800 --> 00:30:12,440
Every agent gets its own identity in your directory.
828
00:30:12,440 --> 00:30:14,600
When IT finds an agent with too much access,
829
00:30:14,600 --> 00:30:17,160
they don't have to shut it down or beg the creators to fix it.
830
00:30:17,160 --> 00:30:19,160
It can scope that identity themselves.
831
00:30:19,160 --> 00:30:21,960
They can apply access controls directly to the agent.
832
00:30:21,960 --> 00:30:24,520
If it only needs to read one specific SharePoint library,
833
00:30:24,520 --> 00:30:27,080
IT grants access to that library and nothing else.
834
00:30:27,080 --> 00:30:29,880
The agent can't accidentally or maliciously touch anything else.
835
00:30:29,880 --> 00:30:31,080
The scope is locked.
836
00:30:31,080 --> 00:30:32,680
If an agent starts misbehaving,
837
00:30:32,680 --> 00:30:34,440
you can revoke its access instantly.
838
00:30:34,440 --> 00:30:36,760
You don't need to have a meeting with the team that built it.
839
00:30:36,760 --> 00:30:38,440
You just revoke the identity.
840
00:30:38,440 --> 00:30:40,360
The agent stops working right then and there.
841
00:30:40,360 --> 00:30:43,240
Every single action that agent takes is logged under its own identity.
842
00:30:43,240 --> 00:30:45,240
When something goes wrong, your logs won't just show
843
00:30:45,240 --> 00:30:47,320
that a system account accessed the data.
844
00:30:47,320 --> 00:30:50,040
You will see exactly which agent did it and when it happened.
845
00:30:50,040 --> 00:30:51,880
The audit trail leads directly to the source.
846
00:30:51,880 --> 00:30:54,280
This is why governance isn't an optional add-on.
847
00:30:54,280 --> 00:30:57,560
It isn't something you bolt on after you have 50 agents running.
848
00:30:57,560 --> 00:30:59,320
It is the foundation that makes visibility
849
00:30:59,320 --> 00:31:01,080
and control possible in the first place.
850
00:31:01,080 --> 00:31:02,520
You cannot govern what you cannot see.
851
00:31:02,520 --> 00:31:04,440
Agent 365 makes those agents visible.
852
00:31:04,440 --> 00:31:06,200
You cannot have control without identity.
853
00:31:06,200 --> 00:31:09,000
Entra agent ID makes those agents controllable.
854
00:31:09,000 --> 00:31:11,400
Together, these tools solve the shadow agent problem.
855
00:31:11,400 --> 00:31:13,240
The goal isn't to stop teams from building.
856
00:31:13,240 --> 00:31:15,480
The goal is to make sure those agents are manageable,
857
00:31:15,480 --> 00:31:17,400
auditable and secure by design.
858
00:31:17,400 --> 00:31:19,960
If you skip this piece, you are building a fragile system.
859
00:31:19,960 --> 00:31:22,920
Foundry agent service, the production runtime.
860
00:31:22,920 --> 00:31:24,680
Governance is the control plane.
861
00:31:24,680 --> 00:31:27,480
But control only matters if there is something to manage.
862
00:31:27,480 --> 00:31:29,480
The runtime is what gives governance a purpose.
863
00:31:29,480 --> 00:31:32,760
It is the infrastructure where your agents actually live and operate.
864
00:31:32,760 --> 00:31:35,160
Foundry agent service is a managed platform.
865
00:31:35,160 --> 00:31:37,560
In practice, this means the division of labor is very clear.
866
00:31:37,560 --> 00:31:38,360
You write the logic.
867
00:31:38,360 --> 00:31:40,200
You define the goals, you pick the tools,
868
00:31:40,200 --> 00:31:41,880
then you deploy it into Foundry.
869
00:31:41,880 --> 00:31:43,080
Microsoft handles the rest.
870
00:31:43,080 --> 00:31:44,920
They manage the scaling, the isolation,
871
00:31:44,920 --> 00:31:47,080
the networking and the persistent state.
872
00:31:47,080 --> 00:31:48,680
You focus on how the agent behaves
873
00:31:48,680 --> 00:31:51,880
while the platform handles the operational heavy lifting.
874
00:31:51,880 --> 00:31:53,240
Agents run in hosted sessions.
875
00:31:53,240 --> 00:31:55,000
Every session gets its own sandbox.
876
00:31:55,000 --> 00:31:56,600
When a user starts a conversation,
877
00:31:56,600 --> 00:31:59,000
that interaction is placed in an isolated container.
878
00:31:59,400 --> 00:32:02,680
The agent can read and write files within that specific session.
879
00:32:02,680 --> 00:32:04,520
It maintains state across multiple turns.
880
00:32:04,520 --> 00:32:07,000
If the session ends, that local state disappears.
881
00:32:07,000 --> 00:32:08,840
But you can design agents to remember things
882
00:32:08,840 --> 00:32:11,400
across sessions if the use case requires it.
883
00:32:11,400 --> 00:32:14,280
This isolation ensures that if one agent misbehaves,
884
00:32:14,280 --> 00:32:16,440
it won't crash your other executions.
885
00:32:16,440 --> 00:32:19,480
The responses API is the single entry point for everything.
886
00:32:19,480 --> 00:32:21,240
When a system needs to call an agent,
887
00:32:21,240 --> 00:32:22,600
it hits this one endpoint.
888
00:32:22,600 --> 00:32:25,240
The API is agnostic to how you build the agent.
889
00:32:25,240 --> 00:32:26,600
It works with semantic kernel.
890
00:32:26,600 --> 00:32:27,720
It works with autogen.
891
00:32:27,720 --> 00:32:29,240
It works with the agent framework.
892
00:32:29,240 --> 00:32:31,960
Even custom code is fine as long as it follows the protocol.
893
00:32:31,960 --> 00:32:34,440
This is a big deal because it prevents vendor lock-in.
894
00:32:34,440 --> 00:32:36,200
Different teams can use different frameworks,
895
00:32:36,200 --> 00:32:38,440
but they all converge at the same runtime.
896
00:32:38,440 --> 00:32:40,040
Memory and Foundry is a core feature.
897
00:32:40,040 --> 00:32:41,080
It isn't bolted on.
898
00:32:41,080 --> 00:32:42,520
There are three distinct types.
899
00:32:42,520 --> 00:32:45,080
Procedural memory is how the agent learns workflows.
900
00:32:45,080 --> 00:32:47,400
It does a task once, remembers the steps,
901
00:32:47,400 --> 00:32:49,320
and becomes faster the second time.
902
00:32:49,320 --> 00:32:51,480
User memory stays active across sessions.
903
00:32:51,480 --> 00:32:54,760
The agent learns your preferences and constraints over time.
904
00:32:54,760 --> 00:32:56,600
Session memory is strictly contextual.
905
00:32:56,600 --> 00:32:58,200
It lives for the current conversation
906
00:32:58,200 --> 00:33:00,360
and vanishes the moment you close the window.
907
00:33:00,360 --> 00:33:03,560
This distinction changes how agents actually feel to the user.
908
00:33:03,560 --> 00:33:06,360
A sales agent with user memory knows your industry
909
00:33:06,360 --> 00:33:07,880
and your typical deal size.
910
00:33:07,880 --> 00:33:10,680
It uses that history to calibrate every suggestion it makes.
911
00:33:10,680 --> 00:33:12,920
But session memory keeps the current thread clean.
912
00:33:12,920 --> 00:33:14,040
When you start a new topic,
913
00:33:14,040 --> 00:33:16,520
you aren't fighting irrelevant history from three days ago.
914
00:33:16,520 --> 00:33:18,520
It prevents the context from getting polluted.
915
00:33:18,520 --> 00:33:20,920
Multi-agent orchestration happens naturally here.
916
00:33:20,920 --> 00:33:23,960
One agent can call another agent just like it would call a tool.
917
00:33:23,960 --> 00:33:26,520
You might have a coordinator agent talking to the user.
918
00:33:26,520 --> 00:33:29,560
When a complex request comes in, the coordinator breaks it down.
919
00:33:29,560 --> 00:33:31,160
It calls a retrieval agent for data.
920
00:33:31,160 --> 00:33:33,720
It calls an analysis agent to process that data.
921
00:33:33,720 --> 00:33:36,760
It calls a communication agent to draft the final text.
922
00:33:36,760 --> 00:33:38,840
The runtime manages this entire flow.
923
00:33:38,840 --> 00:33:41,480
Each agent knows what to call and what to expect back.
924
00:33:41,480 --> 00:33:44,760
If a step fails, the coordinator can retry or escalate the issue.
925
00:33:44,760 --> 00:33:47,400
Toolboxes are how agents find new skills at runtime.
926
00:33:47,400 --> 00:33:50,280
You don't have to hard-code every tool into the agent itself.
927
00:33:50,280 --> 00:33:51,960
Instead, you create a managed library.
928
00:33:51,960 --> 00:33:54,280
When an agent hits a problem, it checks the toolbox
929
00:33:54,280 --> 00:33:56,120
and picks the right tool for the job.
930
00:33:56,120 --> 00:33:57,800
When you add a new tool to the library,
931
00:33:57,800 --> 00:33:59,880
every agent gets access to it immediately.
932
00:33:59,880 --> 00:34:02,040
There is no redeployment and no configuration change.
933
00:34:02,040 --> 00:34:03,880
It is just instant availability.
934
00:34:03,880 --> 00:34:07,720
MCP support allows agents to talk to model context protocol servers.
935
00:34:07,720 --> 00:34:10,680
These are external data sources that speak a standard language.
936
00:34:10,680 --> 00:34:14,280
You don't need to build custom connectors for every legacy system in your stack.
937
00:34:14,280 --> 00:34:16,200
The agent just needs to understand MCP.
938
00:34:16,200 --> 00:34:18,840
If a tool exposes that protocol, the agent can use it.
939
00:34:18,840 --> 00:34:21,240
Private networking is the final piece of the puzzle.
940
00:34:21,240 --> 00:34:24,840
For regulated industries, public endpoints are a non-starter.
941
00:34:24,840 --> 00:34:27,160
Foundry supports end-to-end private networking.
942
00:34:27,160 --> 00:34:29,400
Your agents run entirely inside your vnet.
943
00:34:29,400 --> 00:34:31,880
There are no public endpoints and no outside exposure.
944
00:34:31,880 --> 00:34:33,640
If you work in banking or healthcare,
945
00:34:33,640 --> 00:34:36,440
this is the feature that makes agent infrastructure possible.
946
00:34:36,440 --> 00:34:37,240
The outcome is simple.
947
00:34:37,240 --> 00:34:38,440
You aren't managing clusters.
948
00:34:38,440 --> 00:34:40,120
You aren't writing scaling logic.
949
00:34:40,120 --> 00:34:43,160
You aren't designing database schemas for conversation state.
950
00:34:43,160 --> 00:34:46,200
You define the behavior and let the platform handle the execution.
951
00:34:46,200 --> 00:34:48,680
Multi-agent orchestration, the real complexity.
952
00:34:48,680 --> 00:34:50,600
The runtime gives you a place to run your code,
953
00:34:50,600 --> 00:34:52,040
but running one agent is easy.
954
00:34:52,040 --> 00:34:53,880
Running dozens of agents that have to cooperate
955
00:34:53,880 --> 00:34:55,160
is where most projects fail.
956
00:34:55,160 --> 00:34:56,760
That coordination is the real challenge.
957
00:34:56,760 --> 00:34:59,240
It isn't that the agents are broken, they work fine.
958
00:34:59,240 --> 00:35:02,200
The problem is that orchestration is structurally difficult.
959
00:35:02,200 --> 00:35:04,840
Most organizations haven't built a model to handle it.
960
00:35:04,840 --> 00:35:07,800
The connected agent's pattern is the simplest place to start.
961
00:35:07,800 --> 00:35:10,280
This is where one agent calls another as a tool.
962
00:35:10,280 --> 00:35:12,520
Think of a coordinator agent facing the user.
963
00:35:12,520 --> 00:35:15,480
It receives a request and breaks it into smaller tasks.
964
00:35:15,480 --> 00:35:19,160
It tells a retrieval agent to get information on a specific topic.
965
00:35:19,160 --> 00:35:22,120
It tells an analysis agent to find patterns in that data.
966
00:35:22,120 --> 00:35:25,000
Finally, it tells a communication agent to write the response.
967
00:35:25,000 --> 00:35:26,760
The coordinator then takes those pieces
968
00:35:26,760 --> 00:35:28,600
and stitches them together for the user.
969
00:35:28,600 --> 00:35:30,680
This model works, but it is sequential.
970
00:35:30,680 --> 00:35:33,400
One agent has to finish before the next one can start.
971
00:35:33,400 --> 00:35:34,840
That is fine for basic tasks,
972
00:35:34,840 --> 00:35:37,640
but for complex work, you are wasting time waiting on steps
973
00:35:37,640 --> 00:35:39,080
that could be happening at once.
974
00:35:39,080 --> 00:35:40,920
This is why we use multi-agent workflows.
975
00:35:40,920 --> 00:35:43,480
This is a stateful layer that sits above the runtime.
976
00:35:43,480 --> 00:35:46,760
It coordinates agents over long, multi-step processes.
977
00:35:46,760 --> 00:35:48,120
It isn't just a chain of calls.
978
00:35:48,120 --> 00:35:50,600
It involves branching logic and parallel execution.
979
00:35:50,600 --> 00:35:54,040
It handles errors and keeps state alive over long periods of time.
980
00:35:54,040 --> 00:35:57,240
Durable orchestration handles the most complex scenarios.
981
00:35:57,240 --> 00:35:59,640
Imagine an agent preparing a legal proposal.
982
00:35:59,640 --> 00:36:01,240
It submits the document for approval,
983
00:36:01,240 --> 00:36:01,960
and then it waits.
984
00:36:01,960 --> 00:36:03,640
This might take days or even weeks.
985
00:36:03,640 --> 00:36:05,160
When a human finally approves it,
986
00:36:05,160 --> 00:36:07,960
the workflow resumes with the full context intact.
987
00:36:07,960 --> 00:36:09,880
The agent doesn't have to reread the file.
988
00:36:09,880 --> 00:36:11,480
The state remembers everything.
989
00:36:11,480 --> 00:36:14,040
The execution just continues as if the pause never happened.
990
00:36:14,040 --> 00:36:15,800
Group chat is a completely different model.
991
00:36:15,800 --> 00:36:17,400
Instead of a top-down coordinator,
992
00:36:17,400 --> 00:36:19,320
multiple agents see the same message thread.
993
00:36:19,320 --> 00:36:20,600
They collaborate and they debate.
994
00:36:20,600 --> 00:36:23,400
The control shifts based on the needs of the conversation.
995
00:36:23,400 --> 00:36:25,960
If the group decides to try one approach and it fails,
996
00:36:25,960 --> 00:36:27,320
they can pivot to another.
997
00:36:27,320 --> 00:36:29,160
They are working the problem out together,
998
00:36:29,160 --> 00:36:31,000
rather than following a fixed script.
999
00:36:31,000 --> 00:36:33,800
The choice between sequential and concurrent is about efficiency.
1000
00:36:33,800 --> 00:36:36,440
You use sequential when step B depends on step A.
1001
00:36:36,440 --> 00:36:38,440
You can't analyze data you haven't found yet.
1002
00:36:38,440 --> 00:36:40,760
But you use concurrent when tasks are independent.
1003
00:36:40,760 --> 00:36:43,640
You can pull data from three different databases at the same time
1004
00:36:43,640 --> 00:36:45,080
and then merge the results.
1005
00:36:45,080 --> 00:36:47,480
A good orchestration layer lets you mix both patterns
1006
00:36:47,480 --> 00:36:48,760
in the same workflow.
1007
00:36:48,760 --> 00:36:50,040
Then you have the handoff pattern.
1008
00:36:50,040 --> 00:36:52,680
When a task moves from one agent to another,
1009
00:36:52,680 --> 00:36:54,120
the transition has to be clean.
1010
00:36:54,120 --> 00:36:55,960
It isn't enough to just pass the data.
1011
00:36:55,960 --> 00:36:57,320
You have to transfer the context.
1012
00:36:57,320 --> 00:37:00,040
The second agent needs to know what the first agent already tried.
1013
00:37:00,040 --> 00:37:01,320
It needs to know what failed,
1014
00:37:01,320 --> 00:37:03,160
so it doesn't repeat the same mistakes.
1015
00:37:03,160 --> 00:37:05,480
It picks up exactly where the last agent left off.
1016
00:37:05,480 --> 00:37:08,600
The real complexity starts when you combine these ideas.
1017
00:37:08,600 --> 00:37:10,760
You might have a workflow that is mostly sequential
1018
00:37:10,760 --> 00:37:12,680
but has parallel steps in the middle.
1019
00:37:12,680 --> 00:37:14,680
You might have agents collaborating in a chat
1020
00:37:14,680 --> 00:37:17,480
while a human approval step pauses the whole thing.
1021
00:37:17,480 --> 00:37:20,360
Context has to flow through all these different patterns without breaking.
1022
00:37:20,360 --> 00:37:23,800
Most deployments fail here because the orchestration wasn't planned.
1023
00:37:23,800 --> 00:37:26,600
Someone builds three great agents that work in isolation
1024
00:37:26,600 --> 00:37:28,760
but getting them to work together with proper,
1025
00:37:28,760 --> 00:37:31,320
error handling and audit trails is the actual work.
1026
00:37:31,320 --> 00:37:32,920
A single agent is a useful tool
1027
00:37:32,920 --> 00:37:35,960
but multiple agents working in a coordinated system are transformative.
1028
00:37:35,960 --> 00:37:38,760
They can solve problems that no single model can touch.
1029
00:37:38,760 --> 00:37:40,440
Understanding these orchestration patterns
1030
00:37:40,440 --> 00:37:42,600
is the difference between a toy and a production system.
1031
00:37:42,600 --> 00:37:46,440
The identity shift, agents as principles, not features.
1032
00:37:46,440 --> 00:37:49,800
The structural foundation of everything we've talked about comes down to one thing.
1033
00:37:49,800 --> 00:37:50,840
Identity.
1034
00:37:50,840 --> 00:37:54,920
And how Microsoft fundamentally changed what an agent identity actually means.
1035
00:37:54,920 --> 00:37:56,920
In most organizations building agents today,
1036
00:37:56,920 --> 00:37:57,960
there's an old pattern.
1037
00:37:57,960 --> 00:38:00,280
The agent runs under a shared service account.
1038
00:38:00,280 --> 00:38:01,960
Maybe it's a generic automation account
1039
00:38:01,960 --> 00:38:03,720
or maybe it's a human user account
1040
00:38:03,720 --> 00:38:06,680
that was mapped to the agent because someone needed a quick solution.
1041
00:38:06,680 --> 00:38:09,560
The account has broad permissions because nobody wanted to be granular.
1042
00:38:09,560 --> 00:38:13,240
When the agent acts, the audit log shows that generic account doing the work.
1043
00:38:13,240 --> 00:38:14,760
You can't see which agent did what.
1044
00:38:14,760 --> 00:38:16,200
You can't revoke just that agent.
1045
00:38:16,200 --> 00:38:18,280
You can't apply policies to just that agent.
1046
00:38:18,280 --> 00:38:19,800
It's invisible in the identity system.
1047
00:38:19,800 --> 00:38:21,640
The new model is fundamentally different.
1048
00:38:21,640 --> 00:38:23,880
Every agent gets its own entry agent ID.
1049
00:38:23,880 --> 00:38:25,880
Not a service account, not a user account.
1050
00:38:25,880 --> 00:38:27,400
It's own principle in your directory.
1051
00:38:27,400 --> 00:38:29,400
It shows up in an entry like any other actor.
1052
00:38:29,400 --> 00:38:30,600
It has its own credentials.
1053
00:38:30,600 --> 00:38:31,480
It's own audit trail.
1054
00:38:31,480 --> 00:38:33,240
It's own life cycle.
1055
00:38:33,240 --> 00:38:34,760
That sounds like a technical detail.
1056
00:38:34,760 --> 00:38:37,560
It's actually the foundation that makes governance possible.
1057
00:38:37,560 --> 00:38:38,440
Start with credentials.
1058
00:38:38,440 --> 00:38:40,440
In the old model, agents either had credentials
1059
00:38:40,440 --> 00:38:42,120
hard coded in configuration files
1060
00:38:42,120 --> 00:38:45,160
or they inherited them from whatever account was running the process.
1061
00:38:45,160 --> 00:38:46,600
Both approaches are vulnerable.
1062
00:38:46,600 --> 00:38:49,320
Hard coded credentials and files get checked into repositories
1063
00:38:49,320 --> 00:38:51,720
where they get exposed and shared across multiple agents.
1064
00:38:51,720 --> 00:38:53,160
If one agent is compromised,
1065
00:38:53,160 --> 00:38:56,120
the credential is compromised for every single agent using it.
1066
00:38:56,120 --> 00:38:57,160
With EntraAgentID,
1067
00:38:57,160 --> 00:38:59,240
credential management changes completely.
1068
00:38:59,240 --> 00:39:00,840
The agent doesn't store credentials.
1069
00:39:00,840 --> 00:39:02,040
It doesn't even know them.
1070
00:39:02,040 --> 00:39:03,640
It requests a token from Azure.
1071
00:39:03,640 --> 00:39:05,720
Azure validates the agent's identity.
1072
00:39:05,720 --> 00:39:08,120
If the identity is legitimate and hasn't been revoked,
1073
00:39:08,120 --> 00:39:09,240
the agent gets a token.
1074
00:39:09,240 --> 00:39:10,440
That token is short-lived.
1075
00:39:10,440 --> 00:39:11,240
It expires.
1076
00:39:11,240 --> 00:39:12,760
It's tied to that specific agent.
1077
00:39:12,760 --> 00:39:14,120
If the agent is compromised,
1078
00:39:14,120 --> 00:39:15,240
the token is compromised,
1079
00:39:15,240 --> 00:39:17,720
but only for that agent, other agents are unaffected.
1080
00:39:17,720 --> 00:39:20,440
More importantly, credentials stay in Azure Key Vault.
1081
00:39:20,440 --> 00:39:21,960
They aren't in files or code.
1082
00:39:21,960 --> 00:39:24,680
They're in a secured vault that's separate from the agent itself.
1083
00:39:24,680 --> 00:39:26,760
If the agent requests what it needs from Key Vault
1084
00:39:26,760 --> 00:39:28,520
which then validates the agent's identity
1085
00:39:28,520 --> 00:39:29,800
and returns the secret.
1086
00:39:29,800 --> 00:39:31,080
If you need to rotate a credential,
1087
00:39:31,080 --> 00:39:32,120
you do it in Key Vault.
1088
00:39:32,120 --> 00:39:35,240
Every agent that uses that secret automatically gets the new version.
1089
00:39:35,240 --> 00:39:37,240
No redeployment, no configuration changes.
1090
00:39:37,240 --> 00:39:39,240
The audit trail changes too.
1091
00:39:39,240 --> 00:39:41,960
Every action an agent takes is logged with its identity.
1092
00:39:41,960 --> 00:39:44,920
Not a generic account, not a human user, the specific agent.
1093
00:39:44,920 --> 00:39:49,080
When an audit log shows agent X access this data at this time,
1094
00:39:49,080 --> 00:39:50,680
you know exactly which agent did it.
1095
00:39:50,680 --> 00:39:52,120
You can trace back to who built it,
1096
00:39:52,120 --> 00:39:53,800
who deployed it, and who owns it.
1097
00:39:53,800 --> 00:39:56,040
For regulated industries, this is transformative.
1098
00:39:56,040 --> 00:39:57,240
You can prove compliance.
1099
00:39:57,240 --> 00:39:59,160
You can show that access was controlled.
1100
00:39:59,160 --> 00:40:01,080
You can demonstrate that unintended access
1101
00:40:01,080 --> 00:40:03,560
was impossible because the agent's permissions were scope
1102
00:40:03,560 --> 00:40:04,360
to prevent it.
1103
00:40:04,360 --> 00:40:05,400
Revocation is immediate.
1104
00:40:05,400 --> 00:40:08,280
If an agent is compromised or misbehaving,
1105
00:40:08,280 --> 00:40:09,720
you revoke its identity.
1106
00:40:09,720 --> 00:40:13,320
Not let's shut down the process or let's escalate this to the team that built it.
1107
00:40:13,320 --> 00:40:15,160
You revoke the identity in Entra.
1108
00:40:15,160 --> 00:40:17,000
The agent stops operating immediately.
1109
00:40:17,000 --> 00:40:20,440
Any request it makes is rejected because its identity is no longer valid.
1110
00:40:20,440 --> 00:40:23,000
Everything downstream knows this agent is revoked.
1111
00:40:23,000 --> 00:40:27,160
Conditional access policies work for agents the same way they work for humans.
1112
00:40:27,160 --> 00:40:31,160
If you have a policy that says access to sensitive data requires a managed device,
1113
00:40:31,160 --> 00:40:33,000
that policy applies to agents too.
1114
00:40:33,000 --> 00:40:36,040
If you've set risk-based access controls, agents are subject to them.
1115
00:40:36,040 --> 00:40:37,880
Access reviews include agents.
1116
00:40:37,880 --> 00:40:42,120
If someone leaves the company, you don't have to hunt down every agent they built and disable it.
1117
00:40:42,120 --> 00:40:45,800
If their identity is in a group that's being reviewed, agents they created show up,
1118
00:40:45,800 --> 00:40:48,200
they get audited, they get disabled if necessary.
1119
00:40:48,200 --> 00:40:49,320
The shift is structural.
1120
00:40:49,320 --> 00:40:52,200
Agents stop being invisible infrastructure
1121
00:40:52,200 --> 00:40:54,680
and become managed principles in your identity system.
1122
00:40:54,680 --> 00:40:55,560
That's why it matters.
1123
00:40:55,560 --> 00:40:57,640
You can't have governance without identity.
1124
00:40:57,640 --> 00:41:00,120
With Entra agent ID, governance becomes possible.
1125
00:41:00,120 --> 00:41:03,640
Security agents, reducing analyst fatigue.
1126
00:41:03,640 --> 00:41:05,960
Now that we understand the structural foundation,
1127
00:41:05,960 --> 00:41:07,480
how agents get identity,
1128
00:41:07,480 --> 00:41:09,880
how they're governed and how they orchestrate,
1129
00:41:09,880 --> 00:41:12,280
let's look at what this actually enables in practice.
1130
00:41:12,280 --> 00:41:17,400
Security is where agents start delivering immediate value because the problem they solve is acute and measurable.
1131
00:41:17,400 --> 00:41:19,320
The problem is straightforward.
1132
00:41:19,320 --> 00:41:22,360
Alert volume in most organizations is overwhelming.
1133
00:41:22,360 --> 00:41:24,760
Your team generates thousands of alerts per day.
1134
00:41:24,760 --> 00:41:26,920
Your email system flags suspicious messages,
1135
00:41:26,920 --> 00:41:29,640
your endpoint detection tools, flag anomalous behavior,
1136
00:41:29,640 --> 00:41:31,560
your vulnerability scanner's find issues.
1137
00:41:31,560 --> 00:41:32,920
The volume is relentless.
1138
00:41:32,920 --> 00:41:35,880
And security analysts who are expensive and in short supply
1139
00:41:35,880 --> 00:41:39,160
spend their time waiting through alerts that are 80% noise.
1140
00:41:39,160 --> 00:41:41,480
They're looking for the 20% that actually matter.
1141
00:41:41,480 --> 00:41:43,320
That's not security work, that's filtering.
1142
00:41:43,320 --> 00:41:47,000
The fishing triage agent handles that filtering at the email layer.
1143
00:41:47,000 --> 00:41:49,880
An organization gets hundreds of suspicious messages every week
1144
00:41:49,880 --> 00:41:52,520
and while some are legitimate, many are phishing attempts.
1145
00:41:52,520 --> 00:41:55,880
The agent analyzes incoming messages flagged as potentially malicious
1146
00:41:55,880 --> 00:41:58,360
by looking at sender reputation and message structure.
1147
00:41:58,360 --> 00:42:00,120
It checks for common fishing indicators
1148
00:42:00,120 --> 00:42:02,360
and separates likely phishing from legitimate mail.
1149
00:42:02,360 --> 00:42:03,880
Not perfectly, nothing is perfect,
1150
00:42:03,880 --> 00:42:06,600
but accurately enough that you're reducing the email analysts'
1151
00:42:06,600 --> 00:42:08,360
review workload significantly.
1152
00:42:08,360 --> 00:42:12,040
Instead of reviewing 50 messages to find five that actually need escalation,
1153
00:42:12,040 --> 00:42:16,200
the analyst reviews 20 because the agent already filtered out the obvious cases.
1154
00:42:16,200 --> 00:42:18,360
Alert triage agents work the same principle
1155
00:42:18,360 --> 00:42:20,200
but across the security infrastructure.
1156
00:42:20,200 --> 00:42:21,960
Your tools are generating alerts.
1157
00:42:21,960 --> 00:42:24,760
Some indicate real threats, some are false positives,
1158
00:42:24,760 --> 00:42:27,160
some are legitimate findings but low priority.
1159
00:42:27,160 --> 00:42:30,360
The alert triage agent understands the relationships between alerts.
1160
00:42:30,360 --> 00:42:32,120
It knows which ones cluster together
1161
00:42:32,120 --> 00:42:33,800
and suggests a larger incident.
1162
00:42:33,800 --> 00:42:36,200
It prioritizes based on risk context.
1163
00:42:36,200 --> 00:42:38,920
It surfaces what actually needs immediate attention.
1164
00:42:38,920 --> 00:42:42,040
If you had a thousand alerts yesterday and 500 required investigation
1165
00:42:42,040 --> 00:42:43,560
but only 50 actually mattered,
1166
00:42:43,560 --> 00:42:47,960
the agent helps security teams see the 50 instead of drowning in the 500.
1167
00:42:47,960 --> 00:42:50,360
The conditional access agent operates differently.
1168
00:42:50,360 --> 00:42:54,680
It's not triaging, it's helping security teams manage identity policy at scale.
1169
00:42:54,680 --> 00:42:57,240
Most organizations have conditional access policies.
1170
00:42:57,240 --> 00:43:00,440
Rules that say things like require multi-factor authentication
1171
00:43:00,440 --> 00:43:04,760
for sensitive data access or block access from unusual locations
1172
00:43:04,760 --> 00:43:06,600
but conditional access is complex.
1173
00:43:06,600 --> 00:43:08,760
A change to one policy can have cascading effects
1174
00:43:08,760 --> 00:43:10,600
across other policies and systems.
1175
00:43:10,600 --> 00:43:12,840
The agent helps teams understand policy impact
1176
00:43:12,840 --> 00:43:14,280
before they deploy changes.
1177
00:43:14,280 --> 00:43:16,040
What happens if we modify this rule?
1178
00:43:16,040 --> 00:43:17,000
Who gets affected?
1179
00:43:17,000 --> 00:43:17,880
What breaks?
1180
00:43:17,880 --> 00:43:19,560
Where's the risk?
1181
00:43:19,560 --> 00:43:22,840
The agent helps teams operate their identity policies more safely.
1182
00:43:22,840 --> 00:43:26,440
Vulnerability, remediation agents address the backlog problem.
1183
00:43:26,440 --> 00:43:29,880
Every organization has more vulnerabilities than resources to fix them.
1184
00:43:29,880 --> 00:43:31,640
The agent doesn't just find vulnerabilities.
1185
00:43:31,640 --> 00:43:32,840
That's what scanners do.
1186
00:43:32,840 --> 00:43:36,920
It prioritizes by risk, it connects vulnerability data with threat intelligence.
1187
00:43:36,920 --> 00:43:41,240
It understands which vulnerabilities are actually being exploited in the wild right now
1188
00:43:41,240 --> 00:43:43,000
versus theoretical vulnerabilities.
1189
00:43:43,000 --> 00:43:44,280
It helps plan remediation.
1190
00:43:44,280 --> 00:43:45,240
What should we fix first?
1191
00:43:45,240 --> 00:43:46,280
What can we defer?
1192
00:43:46,280 --> 00:43:48,600
What do we need to monitor while we're waiting to patch?
1193
00:43:48,600 --> 00:43:52,200
The agent reduces the time analysts spend prioritizing and planning.
1194
00:43:52,200 --> 00:43:55,880
The threat intelligence agent connects internal signals with external context.
1195
00:43:55,880 --> 00:43:58,520
Your organization has internal logs and observations
1196
00:43:58,520 --> 00:44:01,000
but threat intelligence, information about campaigns,
1197
00:44:01,000 --> 00:44:03,960
threat actors and emerging techniques, lives outside your network.
1198
00:44:03,960 --> 00:44:05,320
The agent pulls those together.
1199
00:44:05,320 --> 00:44:08,680
It helps analysts understand what they're seeing in that external context.
1200
00:44:08,680 --> 00:44:10,040
This alert you're investigating.
1201
00:44:10,040 --> 00:44:11,800
Is it related to a known campaign?
1202
00:44:11,800 --> 00:44:13,880
Are other organizations seeing similar activity?
1203
00:44:13,880 --> 00:44:15,240
What's the likely motivation?
1204
00:44:15,240 --> 00:44:16,280
How should we respond?
1205
00:44:16,280 --> 00:44:17,800
M-Dash is the testing layer.
1206
00:44:17,800 --> 00:44:19,640
Security agents make decisions that matter.
1207
00:44:19,640 --> 00:44:22,520
You need to validate those decisions before they go into production.
1208
00:44:22,520 --> 00:44:25,400
M-Dash is a security harness that tests agent workflows.
1209
00:44:25,400 --> 00:44:26,760
It runs scenarios.
1210
00:44:26,760 --> 00:44:29,320
It validates that agents are making the right calls.
1211
00:44:29,320 --> 00:44:30,760
It ensures consistency.
1212
00:44:30,760 --> 00:44:33,320
The pattern across all of these is identical.
1213
00:44:33,320 --> 00:44:34,760
Analysts are expensive.
1214
00:44:34,760 --> 00:44:36,120
Agents are cheap.
1215
00:44:36,120 --> 00:44:39,000
If an agent can handle routine assessment and prioritization
1216
00:44:39,000 --> 00:44:41,640
accurately enough that analysts focus their time on
1217
00:44:41,640 --> 00:44:44,040
investigation and response instead of filtering
1218
00:44:44,040 --> 00:44:45,560
that changes the economics.
1219
00:44:45,560 --> 00:44:47,400
Not by replacing analysts.
1220
00:44:47,400 --> 00:44:49,960
By letting them do the actual security work.
1221
00:44:49,960 --> 00:44:53,640
Business process agents embedding intelligence where work happens.
1222
00:44:53,640 --> 00:44:56,440
The security example works because the boundaries are clear.
1223
00:44:56,440 --> 00:44:59,880
Security agents live in a specific domain with specific tools
1224
00:44:59,880 --> 00:45:01,160
and specific workflows.
1225
00:45:01,160 --> 00:45:03,880
But most work doesn't happen in a vacuum.
1226
00:45:03,880 --> 00:45:07,400
It happens inside the business systems your teams use every single day.
1227
00:45:07,400 --> 00:45:08,760
That's where the real scale is.
1228
00:45:08,760 --> 00:45:12,760
The shift from security agents to business process agents is fundamental.
1229
00:45:12,760 --> 00:45:15,160
Security agents reduce the noise for an analyst.
1230
00:45:15,160 --> 00:45:17,960
Business process agents actually become part of how the work gets done.
1231
00:45:17,960 --> 00:45:20,280
They aren't separate tools you open when you need a hand.
1232
00:45:20,280 --> 00:45:23,080
They live inside the systems where the work is already happening.
1233
00:45:23,080 --> 00:45:24,200
Take sales qualification.
1234
00:45:25,240 --> 00:45:27,640
Most sales teams are drowning in inbound leads.
1235
00:45:27,640 --> 00:45:31,720
A campaign runs, the leads pour in, and then sales development reps
1236
00:45:31,720 --> 00:45:36,360
spend hours trying to figure out which ones are actually worth passing to an account executive.
1237
00:45:36,360 --> 00:45:38,760
Some leads are high probability, some are low probability,
1238
00:45:38,760 --> 00:45:41,320
but at the right company others are just a waste of time.
1239
00:45:41,320 --> 00:45:43,880
The sales qualification agent sits right in your CRM.
1240
00:45:43,880 --> 00:45:46,520
The moment a lead arrives the agent assesses it.
1241
00:45:46,520 --> 00:45:49,080
It understands your specific sales criteria.
1242
00:45:49,080 --> 00:45:52,680
Deal size, industry, company profile, and use case fit.
1243
00:45:52,680 --> 00:45:55,480
It scores leads against what actually matters to your business.
1244
00:45:55,480 --> 00:45:59,880
The result is that sales reps see the high probability leads in their queue first.
1245
00:45:59,880 --> 00:46:02,680
They spend their time on opportunities that deserve their attention
1246
00:46:02,680 --> 00:46:05,640
rather than triaging every single person who filled out a form.
1247
00:46:05,640 --> 00:46:08,280
A counter-conciliation is similar but it lives in finance.
1248
00:46:08,280 --> 00:46:10,600
Finance teams upload transactions every day.
1249
00:46:10,600 --> 00:46:12,840
They have to match them against existing records.
1250
00:46:12,840 --> 00:46:14,200
Invoice to payment.
1251
00:46:14,200 --> 00:46:15,320
PO to receipt.
1252
00:46:15,320 --> 00:46:16,360
Shipment to invoice.
1253
00:46:16,360 --> 00:46:20,280
Historically this meant someone sitting at a spreadsheet matching rows.
1254
00:46:20,280 --> 00:46:21,880
It's mechanical work. It's slow.
1255
00:46:21,880 --> 00:46:23,320
And it's prone to human error.
1256
00:46:23,320 --> 00:46:26,360
The account reconciliation agent understands the matching logic.
1257
00:46:26,360 --> 00:46:27,960
It knows what a valid match looks like.
1258
00:46:27,960 --> 00:46:31,880
It connects the transaction data and flags the exceptions that don't match automatically.
1259
00:46:31,880 --> 00:46:34,200
The finance team still reviews the work they have to,
1260
00:46:34,200 --> 00:46:37,160
but they're reviewing the outliers and validating the results
1261
00:46:37,160 --> 00:46:39,000
instead of doing the manual labor.
1262
00:46:39,000 --> 00:46:41,240
The customer intent agent operates on a broader scale.
1263
00:46:41,240 --> 00:46:42,440
Your customer calls support.
1264
00:46:42,440 --> 00:46:43,240
They send an email.
1265
00:46:43,240 --> 00:46:44,680
They post on social media.
1266
00:46:44,680 --> 00:46:48,360
Every one of those interactions contains a signal about what they actually want.
1267
00:46:48,360 --> 00:46:49,960
But finding that signal is hard.
1268
00:46:49,960 --> 00:46:53,960
The agent analyzes these interactions across every channel and surfaces the patterns.
1269
00:46:53,960 --> 00:46:56,760
It tells your team what the customer is actually signaling
1270
00:46:56,760 --> 00:46:59,000
underneath what they explicitly asked for.
1271
00:46:59,000 --> 00:47:00,760
It's not just about answering the question.
1272
00:47:00,760 --> 00:47:02,520
It's about understanding what's really needed
1273
00:47:02,520 --> 00:47:05,400
so you can respond with better timing and better solutions.
1274
00:47:05,400 --> 00:47:07,240
Supply Communications works the same way.
1275
00:47:07,240 --> 00:47:10,600
If you're a large buyer, you get supplier questions constantly.
1276
00:47:10,600 --> 00:47:13,160
They want to know if you can expedite an order, what the status is,
1277
00:47:13,160 --> 00:47:15,320
or if you have inventory on a specific SKU.
1278
00:47:15,320 --> 00:47:18,040
The supplier communications agent handles the routine stuff.
1279
00:47:18,040 --> 00:47:20,120
It knows your inventory, it knows your lead times,
1280
00:47:20,120 --> 00:47:21,800
it knows your escalation procedures.
1281
00:47:21,800 --> 00:47:23,640
It answers the straightforward questions.
1282
00:47:23,640 --> 00:47:25,640
When an inquiry requires human judgment,
1283
00:47:25,640 --> 00:47:28,840
like a special request or a complex issue, it hands it off.
1284
00:47:28,840 --> 00:47:32,600
Your supplier relations team can then focus on the actual relationships
1285
00:47:32,600 --> 00:47:35,320
rather than answering the same three questions over and over.
1286
00:47:35,320 --> 00:47:36,840
Field service takes that coordination
1287
00:47:36,840 --> 00:47:38,280
and pushes it out to the edge.
1288
00:47:38,280 --> 00:47:40,040
A technician gets sent to a job.
1289
00:47:40,040 --> 00:47:42,920
The Field Service agent pulls together everything that person needs
1290
00:47:42,920 --> 00:47:44,120
before they even arrive.
1291
00:47:44,120 --> 00:47:45,800
Service history on the equipment.
1292
00:47:45,800 --> 00:47:47,560
Known issues with that specific model,
1293
00:47:47,560 --> 00:47:49,960
current parts inventory, estimated time to repair.
1294
00:47:49,960 --> 00:47:51,560
It can even schedule the next appointment
1295
00:47:51,560 --> 00:47:53,240
while the current one is still happening.
1296
00:47:53,240 --> 00:47:54,600
It flags the follow-up is needed
1297
00:47:54,600 --> 00:47:57,160
and coordinates the logistics around the actual fieldwork.
1298
00:47:57,160 --> 00:47:58,520
The advantage here is obvious.
1299
00:47:58,520 --> 00:48:01,240
These agents live in the systems your teams already use.
1300
00:48:01,240 --> 00:48:02,680
A sales rep stays in the CRM,
1301
00:48:02,680 --> 00:48:04,680
a finance person stays in Excel or the ERP.
1302
00:48:04,680 --> 00:48:06,760
A support person stays in the ticket system.
1303
00:48:06,760 --> 00:48:09,080
The agent helps them without pulling them out of their flow,
1304
00:48:09,080 --> 00:48:10,040
but here's the problem.
1305
00:48:10,040 --> 00:48:11,240
This is harder than it sounds.
1306
00:48:11,240 --> 00:48:12,760
These agents can't be generic.
1307
00:48:12,760 --> 00:48:14,200
They require a deep understanding
1308
00:48:14,200 --> 00:48:15,720
of the business logic and data models
1309
00:48:15,720 --> 00:48:17,560
that are specific to your organization.
1310
00:48:17,560 --> 00:48:19,000
What counts as a qualified lead for you
1311
00:48:19,000 --> 00:48:21,320
might be junk for another company?
1312
00:48:21,320 --> 00:48:23,800
What a valid match looks like in your finance department
1313
00:48:23,800 --> 00:48:25,560
depends on your specific processes.
1314
00:48:25,560 --> 00:48:27,240
The agent has to understand your rules,
1315
00:48:27,240 --> 00:48:29,560
your workflows, and your constraints.
1316
00:48:29,560 --> 00:48:31,000
That's where governance and identity
1317
00:48:31,000 --> 00:48:32,520
become the priority again.
1318
00:48:32,520 --> 00:48:33,800
You aren't just running software.
1319
00:48:33,800 --> 00:48:35,320
You're embedding agents into systems
1320
00:48:35,320 --> 00:48:36,360
where they make recommendations
1321
00:48:36,360 --> 00:48:38,360
and decisions that affect real-world operations.
1322
00:48:38,360 --> 00:48:39,480
They have to be auditable.
1323
00:48:39,480 --> 00:48:40,680
They have to be scoped.
1324
00:48:40,680 --> 00:48:41,960
And they need clear ownership.
1325
00:48:41,960 --> 00:48:43,880
This is the moment where agents stop being
1326
00:48:43,880 --> 00:48:44,840
an optional upgrade.
1327
00:48:44,840 --> 00:48:47,240
This is where they become the way work gets done.
1328
00:48:47,240 --> 00:48:51,400
Integration, how agents connect to everything.
1329
00:48:51,400 --> 00:48:53,560
An agent sitting by itself is useless.
1330
00:48:53,560 --> 00:48:54,920
It doesn't matter how smart it is
1331
00:48:54,920 --> 00:48:56,200
or how well it was built.
1332
00:48:56,200 --> 00:48:57,480
If it can't get to the data
1333
00:48:57,480 --> 00:48:59,000
and the systems it needs to do the work,
1334
00:48:59,000 --> 00:49:00,760
it's just a language model having a conversation.
1335
00:49:00,760 --> 00:49:02,520
That's the integration problem.
1336
00:49:02,520 --> 00:49:04,920
Every organization has data scattered everywhere.
1337
00:49:04,920 --> 00:49:07,400
SharePoint, Teams, Outlook, OneDrive,
1338
00:49:07,400 --> 00:49:09,160
Data Warehouses, DataBases.
1339
00:49:09,160 --> 00:49:11,240
Every single one of those has different APIs,
1340
00:49:11,240 --> 00:49:12,840
different security requirements,
1341
00:49:12,840 --> 00:49:14,600
and different ways to access the data.
1342
00:49:14,600 --> 00:49:16,120
An agent needs to connect to all of it
1343
00:49:16,120 --> 00:49:18,360
without being custom-built for every single system.
1344
00:49:18,360 --> 00:49:20,920
Toolbox is solved this by creating a discovery mechanism.
1345
00:49:20,920 --> 00:49:23,800
Think of a toolbox as a managed library of tools,
1346
00:49:23,800 --> 00:49:25,480
integrations, and data sources.
1347
00:49:25,480 --> 00:49:27,240
It's all catalogued and ready to go.
1348
00:49:27,240 --> 00:49:28,680
When an agent has a task,
1349
00:49:28,680 --> 00:49:30,680
it checks the toolbox to see what's available.
1350
00:49:30,680 --> 00:49:32,280
It picks the right tool and uses it.
1351
00:49:32,280 --> 00:49:33,960
When you add a new tool to the toolbox,
1352
00:49:33,960 --> 00:49:36,120
every agent gets access to it immediately.
1353
00:49:36,120 --> 00:49:37,720
You don't have to redeploy the agent.
1354
00:49:37,720 --> 00:49:39,320
You don't have to change the configuration.
1355
00:49:39,320 --> 00:49:41,320
The new capability is just there on day one.
1356
00:49:41,320 --> 00:49:44,840
Microsoft Graph is the main bridge for your Microsoft 365 data.
1357
00:49:44,840 --> 00:49:47,080
Through Graph and Agent can see Teams conversations,
1358
00:49:47,080 --> 00:49:48,840
read and send emails, check calendars,
1359
00:49:48,840 --> 00:49:50,360
and pull documents from SharePoint.
1360
00:49:50,360 --> 00:49:53,240
Graph provides a single, consistent interface for all of it.
1361
00:49:53,240 --> 00:49:55,080
Instead of needing one connector for Teams
1362
00:49:55,080 --> 00:49:57,240
and another for email, the agent just talks to Graph.
1363
00:49:57,240 --> 00:49:58,920
The complexity is handled underneath.
1364
00:49:58,920 --> 00:50:02,040
Azure AI Search is what powers the knowledge-heavy scenarios.
1365
00:50:02,040 --> 00:50:03,800
If an agent needs to find information
1366
00:50:03,800 --> 00:50:05,240
across a massive data set,
1367
00:50:05,240 --> 00:50:06,920
it doesn't try to read everything at once.
1368
00:50:06,920 --> 00:50:08,280
That would overwhelm the model.
1369
00:50:08,280 --> 00:50:10,600
Instead, Azure AI Search handles the indexing
1370
00:50:10,600 --> 00:50:11,560
and the retrieval.
1371
00:50:11,560 --> 00:50:12,760
The agent asks the question,
1372
00:50:12,760 --> 00:50:14,200
"Search finds the relevant parts."
1373
00:50:14,200 --> 00:50:15,880
The agent uses those parts to think.
1374
00:50:15,880 --> 00:50:18,040
The agent doesn't need to know how the search works.
1375
00:50:18,040 --> 00:50:19,400
It just needs the results.
1376
00:50:19,400 --> 00:50:21,400
Fabric data agents work a bit differently.
1377
00:50:21,400 --> 00:50:22,920
They aren't just for finding files.
1378
00:50:22,920 --> 00:50:24,120
They're analytical.
1379
00:50:24,120 --> 00:50:26,120
If an agent needs to query a data warehouse
1380
00:50:26,120 --> 00:50:27,880
or understand a complex data set,
1381
00:50:27,880 --> 00:50:30,120
the fabric agents handle that heavy lifting.
1382
00:50:30,120 --> 00:50:31,720
They understand the data schemers.
1383
00:50:31,720 --> 00:50:32,680
They write the queries.
1384
00:50:32,680 --> 00:50:35,480
They return the results in a way the agent can actually use.
1385
00:50:35,480 --> 00:50:37,560
For everything else, they are MCP servers.
1386
00:50:37,560 --> 00:50:39,800
The model context protocol creates a common language
1387
00:50:39,800 --> 00:50:41,800
for agents to talk to external tools.
1388
00:50:41,800 --> 00:50:43,400
It doesn't matter if you're connecting to Slack
1389
00:50:43,400 --> 00:50:45,160
or a custom internal system.
1390
00:50:45,160 --> 00:50:47,720
If it has an MCP server, the agent can use it.
1391
00:50:47,720 --> 00:50:49,000
This is a big deal because it means
1392
00:50:49,000 --> 00:50:50,600
you can build an integration once
1393
00:50:50,600 --> 00:50:52,600
and let agents on different platforms use it.
1394
00:50:52,600 --> 00:50:54,040
Custom connectors are for the systems
1395
00:50:54,040 --> 00:50:55,880
that don't fit the standard patterns.
1396
00:50:55,880 --> 00:50:57,960
Maybe you have a legacy system from 10 years ago
1397
00:50:57,960 --> 00:50:59,720
that doesn't have an MCP server.
1398
00:50:59,720 --> 00:51:00,920
You build a custom connector
1399
00:51:00,920 --> 00:51:02,520
that translates between that system
1400
00:51:02,520 --> 00:51:03,800
and what the agent understands.
1401
00:51:03,800 --> 00:51:05,880
Now, every agent can use that legacy system.
1402
00:51:05,880 --> 00:51:08,120
You aren't writing custom code for every agent.
1403
00:51:08,120 --> 00:51:10,280
You're building a connector that the agents can discover
1404
00:51:10,280 --> 00:51:11,800
and use on their own.
1405
00:51:11,800 --> 00:51:13,880
The governance layer sits on top of all of this.
1406
00:51:13,880 --> 00:51:15,640
Your data policies don't stop at the agent.
1407
00:51:15,640 --> 00:51:17,240
They flow through the integrations.
1408
00:51:17,240 --> 00:51:18,920
If a document is marked as confidential,
1409
00:51:18,920 --> 00:51:21,480
the agency is that metadata and knows it's restricted.
1410
00:51:21,480 --> 00:51:23,480
If you've set sensitivity labels in SharePoint,
1411
00:51:23,480 --> 00:51:24,760
the agents respect them.
1412
00:51:24,760 --> 00:51:27,320
They won't expose information they aren't supposed to see.
1413
00:51:27,320 --> 00:51:29,960
The security you've already built doesn't get bypassed.
1414
00:51:29,960 --> 00:51:31,640
It becomes part of how the agent functions.
1415
00:51:31,640 --> 00:51:33,400
This is why integration isn't just a feature.
1416
00:51:33,400 --> 00:51:35,320
It's the point where agents stop being assistance
1417
00:51:35,320 --> 00:51:36,600
and start being useful.
1418
00:51:36,600 --> 00:51:39,000
Without integration, an agent can only talk.
1419
00:51:39,000 --> 00:51:40,840
With integration, an agent can act.
1420
00:51:40,840 --> 00:51:42,280
The knowledge problem.
1421
00:51:42,280 --> 00:51:44,120
Grounding agents in reality.
1422
00:51:44,120 --> 00:51:45,640
Imagine what happens when an agent
1423
00:51:45,640 --> 00:51:47,640
doesn't have real information to work with.
1424
00:51:47,640 --> 00:51:49,160
Someone asks a question.
1425
00:51:49,160 --> 00:51:51,800
The agent generates a response that sounds reasonable.
1426
00:51:51,800 --> 00:51:52,600
The words flow.
1427
00:51:52,600 --> 00:51:53,560
The grammar is correct.
1428
00:51:53,560 --> 00:51:54,600
The tone is confident.
1429
00:51:54,600 --> 00:51:55,960
And the answer is completely made up.
1430
00:51:55,960 --> 00:51:57,000
This is hallucination.
1431
00:51:57,000 --> 00:51:58,360
The agent isn't being deceptive.
1432
00:51:58,360 --> 00:51:59,800
It's not intentionally lying.
1433
00:51:59,800 --> 00:52:01,240
It's just doing what language models do
1434
00:52:01,240 --> 00:52:02,840
when they don't have actual data.
1435
00:52:02,840 --> 00:52:04,680
They generate plausible sounding text
1436
00:52:04,680 --> 00:52:06,680
based on patterns they learned during training.
1437
00:52:06,680 --> 00:52:08,120
The result feels authoritative.
1438
00:52:08,120 --> 00:52:09,240
And it's often wrong.
1439
00:52:09,240 --> 00:52:10,920
In a security context, that's dangerous.
1440
00:52:10,920 --> 00:52:13,880
In a business context, it's expensive.
1441
00:52:13,880 --> 00:52:16,040
A sales agent tells a customer you have inventory
1442
00:52:16,040 --> 00:52:17,320
you don't actually have.
1443
00:52:17,320 --> 00:52:18,760
A finance agent makes assumptions
1444
00:52:18,760 --> 00:52:21,320
about reconciliation rules that turn out to be incorrect.
1445
00:52:21,320 --> 00:52:23,320
A support agent confidently explains a feature
1446
00:52:23,320 --> 00:52:24,600
that actually works differently.
1447
00:52:24,600 --> 00:52:25,880
These aren't minor issues.
1448
00:52:25,880 --> 00:52:27,000
They erode trust.
1449
00:52:27,000 --> 00:52:28,200
They create rework.
1450
00:52:28,200 --> 00:52:31,000
They undermine the entire value proposition of using agents.
1451
00:52:31,000 --> 00:52:34,600
The solution is grounding, retrieval, augmented generation.
1452
00:52:34,600 --> 00:52:37,080
Our ag is the pattern that makes this work.
1453
00:52:37,080 --> 00:52:39,640
Instead of letting an agent generate responses from memory,
1454
00:52:39,640 --> 00:52:42,680
the agent first retrieves actual relevant documents or data.
1455
00:52:42,680 --> 00:52:44,760
Then it answers based on what it actually found.
1456
00:52:44,760 --> 00:52:47,720
The response is grounded in reality, not in pattern matching.
1457
00:52:47,720 --> 00:52:50,440
Foundry IQ is the managed implementation of rag
1458
00:52:50,440 --> 00:52:52,040
across your entire organization.
1459
00:52:52,040 --> 00:52:53,640
It's a unified knowledge plane.
1460
00:52:53,640 --> 00:52:55,880
Documents, data from your warehouse.
1461
00:52:55,880 --> 00:52:57,560
Web content, enterprise sources,
1462
00:52:57,560 --> 00:52:59,240
all indexed and available for retrieval.
1463
00:52:59,240 --> 00:53:00,600
When an agent needs information,
1464
00:53:00,600 --> 00:53:03,000
it doesn't ask you to point it to the right place.
1465
00:53:03,000 --> 00:53:04,440
It searches across everything.
1466
00:53:04,440 --> 00:53:05,560
It finds what's relevant.
1467
00:53:05,560 --> 00:53:07,080
It uses that to answer.
1468
00:53:07,080 --> 00:53:08,920
The difference between old rag approaches
1469
00:53:08,920 --> 00:53:11,240
and Foundry IQ is operational.
1470
00:53:11,240 --> 00:53:13,480
Building rag five years ago meant custom pipelines.
1471
00:53:13,480 --> 00:53:15,960
You'd set up document ingestion, you'd configure indexing,
1472
00:53:15,960 --> 00:53:18,440
you'd build retrieval logic, you'd monitor embeddings.
1473
00:53:18,440 --> 00:53:19,960
It was infrastructure.
1474
00:53:19,960 --> 00:53:21,800
Now, it's a platform feature.
1475
00:53:21,800 --> 00:53:23,320
Upload your documents.
1476
00:53:23,320 --> 00:53:25,080
Foundry IQ handles the rest.
1477
00:53:25,080 --> 00:53:27,080
Multiple agents use the same knowledge base,
1478
00:53:27,080 --> 00:53:29,000
updates flow through automatically.
1479
00:53:29,000 --> 00:53:31,400
Semantic search is what makes retrieval work accurately.
1480
00:53:31,400 --> 00:53:33,400
You don't ask an agent to match keywords
1481
00:53:33,400 --> 00:53:34,520
that fails constantly.
1482
00:53:34,520 --> 00:53:36,600
Someone asks, what's our return policy?
1483
00:53:36,600 --> 00:53:38,440
And a keyword search returns documents
1484
00:53:38,440 --> 00:53:41,160
about policy documents because the word policy matched.
1485
00:53:41,160 --> 00:53:43,480
Semantic search understands meaning.
1486
00:53:43,480 --> 00:53:46,200
It knows that the question is asking about refunds and returns.
1487
00:53:46,200 --> 00:53:47,880
It retrieves the right policy document
1488
00:53:47,880 --> 00:53:49,800
even if that document uses different words.
1489
00:53:49,800 --> 00:53:51,320
The agent gets relevant information,
1490
00:53:51,320 --> 00:53:52,600
not just keyword matches.
1491
00:53:52,600 --> 00:53:54,440
Procedural memory layers on top of this.
1492
00:53:54,440 --> 00:53:56,200
The agent retrieves information once.
1493
00:53:56,200 --> 00:53:57,400
It learns from that retrieval.
1494
00:53:57,400 --> 00:53:59,080
The next time it faces a similar question,
1495
00:53:59,080 --> 00:54:00,600
it doesn't need to retrieve again.
1496
00:54:00,600 --> 00:54:02,440
It remembers the approach it used before.
1497
00:54:02,440 --> 00:54:05,240
This reduces both hallucination and token consumption.
1498
00:54:05,240 --> 00:54:07,240
Less retrieval, less uncertainty.
1499
00:54:07,240 --> 00:54:09,800
But retrieval without governance creates a different problem.
1500
00:54:09,800 --> 00:54:11,400
What if an agent retrieves data?
1501
00:54:11,400 --> 00:54:12,520
It shouldn't have access to.
1502
00:54:12,520 --> 00:54:14,440
What if it bypasses your data classification?
1503
00:54:14,440 --> 00:54:15,640
This is where the governance layer
1504
00:54:15,640 --> 00:54:18,120
becomes operational, not just theoretical.
1505
00:54:18,120 --> 00:54:19,960
Sensitivity labels flow through retrieval.
1506
00:54:19,960 --> 00:54:21,960
If a document is marked confidential
1507
00:54:21,960 --> 00:54:24,680
and your agent doesn't have access to confidential material,
1508
00:54:24,680 --> 00:54:26,280
that document won't be retrieved.
1509
00:54:26,280 --> 00:54:28,680
Access controls don't just prevent direct access.
1510
00:54:28,680 --> 00:54:31,880
They prevent incidental exposure through agent retrieval.
1511
00:54:31,880 --> 00:54:33,640
The data governance you've already built
1512
00:54:33,640 --> 00:54:35,000
doesn't get circumvented.
1513
00:54:35,000 --> 00:54:36,440
Grounding is the difference between
1514
00:54:36,440 --> 00:54:38,280
interesting agents and trustworthy agents.
1515
00:54:38,280 --> 00:54:40,040
Interesting is when the agent sounds smart.
1516
00:54:40,040 --> 00:54:41,960
Trustworthy is when the agent is actually right,
1517
00:54:41,960 --> 00:54:44,440
that matters enormously when agents start making decisions
1518
00:54:44,440 --> 00:54:45,640
that affect your business.
1519
00:54:45,640 --> 00:54:48,760
When agents recommend actions that depend on accurate information,
1520
00:54:48,760 --> 00:54:52,040
when ordered trails depend on agents knowing what they're talking about.
1521
00:54:52,040 --> 00:54:54,840
This is why knowledge integration isn't an optional enhancement.
1522
00:54:54,840 --> 00:54:55,880
It's foundational.
1523
00:54:55,880 --> 00:54:58,680
Agents without grounding are worse than no agents at all.
1524
00:54:58,680 --> 00:54:59,880
They're confident errors.
1525
00:54:59,880 --> 00:55:01,880
With grounding agents become reliable.
1526
00:55:01,880 --> 00:55:05,000
Cost and efficiency, the real ROI.
1527
00:55:05,000 --> 00:55:06,920
Organizations always ask the same question
1528
00:55:06,920 --> 00:55:08,200
before committing to agents.
1529
00:55:08,200 --> 00:55:09,880
We can build these, but should we?
1530
00:55:09,880 --> 00:55:11,320
What's actually the financial case?
1531
00:55:11,320 --> 00:55:12,840
The answer starts with efficiency.
1532
00:55:12,840 --> 00:55:15,240
Foundry's orchestration layer cuts token consumption
1533
00:55:15,240 --> 00:55:18,120
by about 50% compared to naive approaches.
1534
00:55:18,120 --> 00:55:20,280
That matters because tokens are your cost driver.
1535
00:55:20,280 --> 00:55:23,000
Every request to the model, every retrieval, every response,
1536
00:55:23,000 --> 00:55:24,440
each one consumes tokens,
1537
00:55:24,440 --> 00:55:26,360
reduce token consumption in half,
1538
00:55:26,360 --> 00:55:28,280
and you've fundamentally changed the economics.
1539
00:55:28,280 --> 00:55:29,160
How does that work?
1540
00:55:29,160 --> 00:55:31,400
It's not magic. It's orchestration discipline.
1541
00:55:31,400 --> 00:55:33,560
When you're building agents without a managed platform,
1542
00:55:33,560 --> 00:55:35,640
you tend to do things inefficiently.
1543
00:55:35,640 --> 00:55:38,600
You retrieve more data than you need because retrieval is expensive.
1544
00:55:38,600 --> 00:55:41,000
You reprocess the same information multiple times
1545
00:55:41,000 --> 00:55:42,680
because you're not managing state well.
1546
00:55:42,680 --> 00:55:46,360
You make redundant model calls because you don't have clear orchestration patterns.
1547
00:55:46,360 --> 00:55:47,880
A managed platform like Foundry,
1548
00:55:47,880 --> 00:55:49,480
bakes inefficiency patterns.
1549
00:55:49,480 --> 00:55:51,480
State management reduces reprocessing,
1550
00:55:51,480 --> 00:55:53,000
caching prevents redundant calls.
1551
00:55:53,000 --> 00:55:55,080
Orchestration ensures you're retrieving what you need,
1552
00:55:55,080 --> 00:55:56,360
not everything you might need.
1553
00:55:56,360 --> 00:55:58,440
The result is fewer tokens per task.
1554
00:55:58,440 --> 00:56:00,600
Same output, half the consumption.
1555
00:56:00,600 --> 00:56:02,440
Cost transparency is equally important.
1556
00:56:02,440 --> 00:56:04,600
You need granular metrics that show cost per agent,
1557
00:56:04,600 --> 00:56:06,040
per task, per tool call.
1558
00:56:06,040 --> 00:56:08,520
Old approaches buried costs across infrastructure.
1559
00:56:08,520 --> 00:56:10,920
You couldn't tell whether agents were actually efficient
1560
00:56:10,920 --> 00:56:13,640
or whether they were just invisible drains on your budget.
1561
00:56:13,640 --> 00:56:16,280
With granular metrics, you see exactly what's happening.
1562
00:56:16,280 --> 00:56:18,200
Agent A costs 50 cents per execution.
1563
00:56:18,200 --> 00:56:20,360
Agent B costs $2 per execution.
1564
00:56:20,360 --> 00:56:21,240
Now you can ask why.
1565
00:56:21,240 --> 00:56:23,320
Did agent B retrieve more data?
1566
00:56:23,320 --> 00:56:24,920
Did it make more tool calls?
1567
00:56:24,920 --> 00:56:26,440
Is there a pattern worth optimizing?
1568
00:56:26,440 --> 00:56:28,040
You can't manage what you can't measure.
1569
00:56:28,040 --> 00:56:30,920
But the real financial impact comes from what agents replace.
1570
00:56:30,920 --> 00:56:32,120
Look at security co-pilot,
1571
00:56:32,120 --> 00:56:33,880
security analysts are expensive.
1572
00:56:33,880 --> 00:56:36,120
A mid-level analyst costs your organization something
1573
00:56:36,120 --> 00:56:40,200
like $120 to $180,000 per year in full cost.
1574
00:56:40,200 --> 00:56:42,200
The fishing triage agent reduces the time
1575
00:56:42,200 --> 00:56:44,360
and analyst spends reviewing suspicious messages
1576
00:56:44,360 --> 00:56:46,200
by 70 to 80%.
1577
00:56:46,200 --> 00:56:48,760
That analyst now spends time on actual investigation
1578
00:56:48,760 --> 00:56:49,640
instead of filtering.
1579
00:56:49,640 --> 00:56:51,160
That's not replacing the analyst.
1580
00:56:51,160 --> 00:56:53,960
That's deploying them where they actually add value.
1581
00:56:53,960 --> 00:56:55,800
If you have 10 analysts doing triage work
1582
00:56:55,800 --> 00:56:57,560
that could be reduced by 70%,
1583
00:56:57,560 --> 00:56:59,800
you've freed up seven analysts worth of capacity.
1584
00:56:59,800 --> 00:57:02,360
That's roughly $1.2 million in annual cost.
1585
00:57:02,360 --> 00:57:03,320
That's still there.
1586
00:57:03,320 --> 00:57:04,600
The analysts still work.
1587
00:57:04,600 --> 00:57:06,840
But you've deployed them to work that's actually valuable.
1588
00:57:06,840 --> 00:57:08,440
The same math applies to sales.
1589
00:57:08,440 --> 00:57:11,160
Sales development reps spend roughly a quarter of their time
1590
00:57:11,160 --> 00:57:13,480
assessing leads that aren't actually qualified.
1591
00:57:13,480 --> 00:57:15,800
The sales qualification agent handles that assessment.
1592
00:57:15,800 --> 00:57:19,320
75% improvement in rep productivity on lead evaluation
1593
00:57:19,320 --> 00:57:22,280
means more qualified leads getting to account executives faster.
1594
00:57:22,280 --> 00:57:23,480
More deals in the pipeline.
1595
00:57:23,480 --> 00:57:24,520
Same headcount.
1596
00:57:24,520 --> 00:57:25,480
Better output.
1597
00:57:25,480 --> 00:57:27,960
Account reconciliation in finance looks similar.
1598
00:57:27,960 --> 00:57:31,240
Finance staff spend somewhere between 10 and 15 hours per week
1599
00:57:31,240 --> 00:57:32,840
on manual record matching.
1600
00:57:32,840 --> 00:57:35,800
The account reconciliation agent handles that matching.
1601
00:57:35,800 --> 00:57:37,480
You're not eliminating the role,
1602
00:57:37,480 --> 00:57:40,040
but you're eliminating the lowest value part of it.
1603
00:57:40,040 --> 00:57:41,960
The person who was matching records all day
1604
00:57:41,960 --> 00:57:44,280
now orders exceptions and validates results.
1605
00:57:44,280 --> 00:57:45,240
They work smarter.
1606
00:57:45,240 --> 00:57:45,880
Same cost.
1607
00:57:45,880 --> 00:57:47,080
Better use of their time.
1608
00:57:47,080 --> 00:57:49,320
Error reduction has its own cost profile.
1609
00:57:49,320 --> 00:57:50,760
Manual processes fail.
1610
00:57:50,760 --> 00:57:53,240
Someone matches the wrong invoice to the wrong payment.
1611
00:57:53,240 --> 00:57:54,920
Someone assesses a lead incorrectly.
1612
00:57:54,920 --> 00:57:58,040
Someone misses a security alert because they've reviewed too many.
1613
00:57:58,040 --> 00:58:00,120
Those failures create downstream costs.
1614
00:58:00,120 --> 00:58:01,000
Rework.
1615
00:58:01,000 --> 00:58:02,040
Mist opportunities.
1616
00:58:02,040 --> 00:58:03,320
Security incidents.
1617
00:58:03,320 --> 00:58:06,680
An agent that makes fewer errors reduces those downstream costs.
1618
00:58:06,680 --> 00:58:08,520
Not zero errors. Nothing's perfect.
1619
00:58:08,520 --> 00:58:11,000
But better accuracy than humans under time pressure.
1620
00:58:11,000 --> 00:58:12,520
The scaling piece is crucial.
1621
00:58:12,520 --> 00:58:14,520
As volume grows agents scale with it.
1622
00:58:14,520 --> 00:58:15,400
You don't need to hire.
1623
00:58:15,400 --> 00:58:16,520
You don't need more headcount.
1624
00:58:16,520 --> 00:58:17,880
You need more API calls.
1625
00:58:17,880 --> 00:58:19,960
That's a fundamentally different cost structure.
1626
00:58:19,960 --> 00:58:22,760
Your first analyst costs you 150,000.
1627
00:58:22,760 --> 00:58:25,320
Your second analyst costs another 150,000.
1628
00:58:25,320 --> 00:58:27,560
But once you have agents handling baseline work,
1629
00:58:27,560 --> 00:58:29,880
your first and second analyst both cost less
1630
00:58:29,880 --> 00:58:32,920
because they're focusing on work that only humans should do.
1631
00:58:32,920 --> 00:58:34,760
Volume scales without headcount scaling.
1632
00:58:34,760 --> 00:58:37,400
The model shifts from cost per person to cost per task.
1633
00:58:37,400 --> 00:58:39,320
That changes everything financially.
1634
00:58:39,320 --> 00:58:41,960
An analyst can only process so many leads per day.
1635
00:58:41,960 --> 00:58:43,560
An agent processes them instantly.
1636
00:58:43,560 --> 00:58:45,400
That leverage is where the ROI lives.
1637
00:58:45,400 --> 00:58:47,560
This is how you justify agents to CFOs.
1638
00:58:47,560 --> 00:58:49,000
Not AI is cool.
1639
00:58:49,000 --> 00:58:51,160
But this agent saves us this much per month.
1640
00:58:51,160 --> 00:58:52,600
And here's how we measured it.
1641
00:58:52,600 --> 00:58:55,000
Getting started, the practical path.
1642
00:58:55,000 --> 00:58:57,160
You don't need a six month planning cycle to start.
1643
00:58:57,160 --> 00:58:58,600
You need one working agent.
1644
00:58:58,600 --> 00:59:01,800
And the discipline to avoid trying to solve everything at once.
1645
00:59:01,800 --> 00:59:03,400
Stage one is about picking scope.
1646
00:59:03,400 --> 00:59:05,400
Don't say let's use agents everywhere.
1647
00:59:05,400 --> 00:59:08,600
Pick one domain, one process, one clear problem,
1648
00:59:08,600 --> 00:59:10,600
where an agent adds measurable value.
1649
00:59:10,600 --> 00:59:13,800
Maybe it's security triage, or sales qualification,
1650
00:59:13,800 --> 00:59:15,400
or account reconciliation.
1651
00:59:15,400 --> 00:59:17,400
Pick the spot where people are spending time on work
1652
00:59:17,400 --> 00:59:19,800
that's mechanical but still requires judgment.
1653
00:59:19,800 --> 00:59:21,800
That's where agents create immediate impact.
1654
00:59:21,800 --> 00:59:24,600
Copilot Studio is your entry point because it's low code.
1655
00:59:24,600 --> 00:59:25,800
You don't need developers.
1656
00:59:25,800 --> 00:59:27,800
You don't need infrastructure expertise.
1657
00:59:27,800 --> 00:59:29,800
And you definitely don't need months of planning.
1658
00:59:29,800 --> 00:59:32,200
You open it, you describe what you want the agent to do.
1659
00:59:32,200 --> 00:59:33,800
You give it data, you deploy it.
1660
00:59:33,800 --> 00:59:35,400
That's the foundation.
1661
00:59:35,400 --> 00:59:37,400
From the first idea to a working agent,
1662
00:59:37,400 --> 00:59:39,000
you're looking at weeks, not months.
1663
00:59:39,000 --> 00:59:41,400
Ground it specifically in your organization's data.
1664
00:59:41,400 --> 00:59:42,600
This is non-negotiable.
1665
00:59:42,600 --> 00:59:45,400
A generic agent is worthless because it hallucinates.
1666
00:59:45,400 --> 00:59:47,000
Users stop trusting it.
1667
00:59:47,000 --> 00:59:48,600
And it becomes a curiosity instead of a tool.
1668
00:59:48,600 --> 00:59:50,600
But when you upload your company's documents
1669
00:59:50,600 --> 00:59:52,200
and connect your SharePoint libraries,
1670
00:59:52,200 --> 00:59:53,000
something changes.
1671
00:59:53,000 --> 00:59:54,600
The agent understands your business.
1672
00:59:54,600 --> 00:59:56,800
It answers questions about your specific processes
1673
00:59:56,800 --> 00:59:58,200
and your specific rules.
1674
00:59:58,200 --> 00:59:59,400
It's not generic anymore.
1675
00:59:59,400 --> 01:00:00,400
It's useful.
1676
01:00:00,400 --> 01:00:01,400
Don't launch to everyone.
1677
01:00:01,400 --> 01:00:03,000
That's the mistake organizations make.
1678
01:00:03,000 --> 01:00:04,600
They build something in Copilot Studio.
1679
01:00:04,600 --> 01:00:05,400
It works in testing.
1680
01:00:05,400 --> 01:00:06,800
So they enable it for the whole company.
1681
01:00:06,800 --> 01:00:07,800
Now it's in production.
1682
01:00:07,800 --> 01:00:08,800
Now it's breaking.
1683
01:00:08,800 --> 01:00:10,800
Now it's creating problems instead of solving them.
1684
01:00:10,800 --> 01:00:13,000
Instead run it with a small pilot team first.
1685
01:00:13,000 --> 01:00:15,400
10 people, a sales team, a support group.
1686
01:00:15,400 --> 01:00:16,200
Let them use it.
1687
01:00:16,200 --> 01:00:16,800
Get feedback.
1688
01:00:16,800 --> 01:00:17,600
Learn where it breaks.
1689
01:00:17,600 --> 01:00:20,400
Understand what people actually need versus what you build.
1690
01:00:20,400 --> 01:00:21,600
Iterate.
1691
01:00:21,600 --> 01:00:23,200
Once you've done three rounds of feedback
1692
01:00:23,200 --> 01:00:25,000
and improvements, then you start expanding.
1693
01:00:25,000 --> 01:00:26,600
Stage 2 is making it governable.
1694
01:00:26,600 --> 01:00:29,800
Register that agent in agent 365 assign clear ownership.
1695
01:00:29,800 --> 01:00:31,600
Someone responsible for that agent's behavior
1696
01:00:31,600 --> 01:00:33,600
and maintenance set access policies.
1697
01:00:33,600 --> 01:00:34,800
This isn't bureaucracy.
1698
01:00:34,800 --> 01:00:36,600
It's the difference between managing the agent
1699
01:00:36,600 --> 01:00:37,600
and losing control of it.
1700
01:00:37,600 --> 01:00:39,600
Once it's registered, you can revoke access
1701
01:00:39,600 --> 01:00:40,600
if something breaks.
1702
01:00:40,600 --> 01:00:41,800
You can audit what it's doing.
1703
01:00:41,800 --> 01:00:43,800
And you know exactly what data it touches.
1704
01:00:43,800 --> 01:00:44,800
This is the invisible work
1705
01:00:44,800 --> 01:00:46,600
that prevents problems downstream.
1706
01:00:46,600 --> 01:00:48,400
Stage 3 is knowing when to graduate it.
1707
01:00:48,400 --> 01:00:49,600
If the pilot is working.
1708
01:00:49,600 --> 01:00:51,000
If users are actually using it.
1709
01:00:51,000 --> 01:00:53,000
And if it's reducing work in measurable ways.
1710
01:00:53,000 --> 01:00:54,400
That's when you move it to Foundry.
1711
01:00:54,400 --> 01:00:55,800
Not because co-pilot studio is bad,
1712
01:00:55,800 --> 01:00:57,400
it's a perfectly good place to build.
1713
01:00:57,400 --> 01:00:59,000
But Foundry is where you build at scale.
1714
01:00:59,000 --> 01:01:01,000
Co-pilot studio is where you prototype.
1715
01:01:01,000 --> 01:01:02,200
Foundry is where you operate.
1716
01:01:02,200 --> 01:01:03,600
The move gets your orchestration.
1717
01:01:03,600 --> 01:01:04,800
Memory across sessions.
1718
01:01:04,800 --> 01:01:06,600
And multi agent capabilities.
1719
01:01:06,600 --> 01:01:09,200
It's the infrastructure layer that lets a single agent scale
1720
01:01:09,200 --> 01:01:11,200
to thousands of users without degrading.
1721
01:01:11,200 --> 01:01:13,000
Stage 4 is velocity.
1722
01:01:13,000 --> 01:01:14,600
Now you have one agent in production.
1723
01:01:14,600 --> 01:01:15,800
You understand the patterns.
1724
01:01:15,800 --> 01:01:17,000
You've built the governance.
1725
01:01:17,000 --> 01:01:18,200
You've connected the data.
1726
01:01:18,200 --> 01:01:20,000
The second agent is radically faster.
1727
01:01:20,000 --> 01:01:21,800
You reuse the tool integrations.
1728
01:01:21,800 --> 01:01:23,400
You reuse knowledge bases.
1729
01:01:23,400 --> 01:01:25,000
And you reuse governance templates.
1730
01:01:25,000 --> 01:01:27,800
What took weeks the first time takes days the second time.
1731
01:01:27,800 --> 01:01:30,600
By agent number five, you have repeatable patterns.
1732
01:01:30,600 --> 01:01:32,000
You have infrastructure.
1733
01:01:32,000 --> 01:01:33,800
You're not starting from scratch each time.
1734
01:01:33,800 --> 01:01:36,200
The timeline is the part that surprises people.
1735
01:01:36,200 --> 01:01:37,000
Not months.
1736
01:01:37,000 --> 01:01:39,200
Weeks. That's genuinely what managed platforms enable.
1737
01:01:39,200 --> 01:01:40,400
You're not building infrastructure.
1738
01:01:40,400 --> 01:01:42,000
You're not configuring databases.
1739
01:01:42,000 --> 01:01:43,600
And you're not managing containers.
1740
01:01:43,600 --> 01:01:45,600
You're defining logic and letting the platform
1741
01:01:45,600 --> 01:01:47,400
handle the operational complexity.
1742
01:01:47,400 --> 01:01:49,000
None of this requires a perfect plan.
1743
01:01:49,000 --> 01:01:50,000
No organization has that.
1744
01:01:50,000 --> 01:01:51,600
You need a working agent.
1745
01:01:51,600 --> 01:01:53,800
You need the ability to measure if it's working.
1746
01:01:53,800 --> 01:01:56,400
And you need the discipline to improve it before scaling it.
1747
01:01:56,400 --> 01:01:57,800
That's it. Start there.
1748
01:01:57,800 --> 01:01:59,400
Common failures. What not to do?
1749
01:01:59,400 --> 01:02:01,800
Most agent deployments fail in predictable ways.
1750
01:02:01,800 --> 01:02:03,400
Not because the technology doesn't work,
1751
01:02:03,400 --> 01:02:05,400
but because organizations build without thinking
1752
01:02:05,400 --> 01:02:07,400
about what agents actually require.
1753
01:02:07,400 --> 01:02:09,800
Failure one is building without any governance at all.
1754
01:02:09,800 --> 01:02:11,200
You spin up co-pilot studio.
1755
01:02:11,200 --> 01:02:12,200
You build something.
1756
01:02:12,200 --> 01:02:12,800
It works.
1757
01:02:12,800 --> 01:02:14,200
You deploy it to your department.
1758
01:02:14,200 --> 01:02:16,200
Now it's reading from your entire SharePoint tenant
1759
01:02:16,200 --> 01:02:19,000
because you granted broad permissions and never revisited it.
1760
01:02:19,000 --> 01:02:21,000
It's calling APIs with credentials stored
1761
01:02:21,000 --> 01:02:22,400
in configuration files.
1762
01:02:22,400 --> 01:02:24,200
It's accessing data it shouldn't touch.
1763
01:02:24,200 --> 01:02:27,200
And nobody knows it exists except the three people who use it.
1764
01:02:27,200 --> 01:02:29,600
When IT finally discovers it six months later,
1765
01:02:29,600 --> 01:02:31,800
it's running production workloads with zero oversight,
1766
01:02:31,800 --> 01:02:33,200
shutting it down breaks things,
1767
01:02:33,200 --> 01:02:35,600
keeping it running, violates security policy,
1768
01:02:35,600 --> 01:02:37,000
your stuck.
1769
01:02:37,000 --> 01:02:39,400
The agent became a liability instead of an asset
1770
01:02:39,400 --> 01:02:41,800
because governance was never part of the conversation.
1771
01:02:41,800 --> 01:02:44,200
Failure two is different, but equally costly.
1772
01:02:44,200 --> 01:02:47,000
You build an agent without grounding it in actual data.
1773
01:02:47,000 --> 01:02:48,200
The agent sounds intelligent.
1774
01:02:48,200 --> 01:02:50,800
It answers questions fluently and it's making things up.
1775
01:02:50,800 --> 01:02:52,600
When a customer asks about product features,
1776
01:02:52,600 --> 01:02:55,200
it invents specifications that don't exist.
1777
01:02:55,200 --> 01:02:57,200
When finance asks about reconciliation rules,
1778
01:02:57,200 --> 01:02:58,700
it hallucinates policies.
1779
01:02:58,700 --> 01:03:00,000
Users stop trusting it.
1780
01:03:00,000 --> 01:03:01,400
It becomes useless.
1781
01:03:01,400 --> 01:03:02,900
The agent had potential.
1782
01:03:02,900 --> 01:03:04,900
You killed it by skipping the most critical step,
1783
01:03:04,900 --> 01:03:06,600
connecting it to real information,
1784
01:03:06,600 --> 01:03:09,600
treating agents as features instead of systems is failure three.
1785
01:03:09,600 --> 01:03:11,600
You build an agent it works for a few months,
1786
01:03:11,600 --> 01:03:12,600
then something breaks.
1787
01:03:12,600 --> 01:03:13,800
Nobody remembers who built it.
1788
01:03:13,800 --> 01:03:16,100
Nobody knows who owns it and nobody maintains it.
1789
01:03:16,100 --> 01:03:17,900
The data it was trained on is stale.
1790
01:03:17,900 --> 01:03:20,700
The integrations it relied on changed and nobody updated them.
1791
01:03:20,700 --> 01:03:23,200
The agent becomes a ghost running but not useful.
1792
01:03:23,200 --> 01:03:26,100
Too expensive to maintain, but too embedded to shut down.
1793
01:03:26,100 --> 01:03:28,300
This happens because nobody assigned clear ownership,
1794
01:03:28,300 --> 01:03:30,200
nobody planned for life cycle management.
1795
01:03:30,200 --> 01:03:33,200
It was treated as a feature you build once and then forget.
1796
01:03:33,200 --> 01:03:35,100
But agents need care.
1797
01:03:35,100 --> 01:03:36,800
Failure four is over scoping.
1798
01:03:36,800 --> 01:03:39,200
You decide the first agent should solve everything.
1799
01:03:39,200 --> 01:03:41,800
It should handle sales qualification and lead follow-up
1800
01:03:41,800 --> 01:03:44,200
and opportunity scoring and deal analysis.
1801
01:03:44,200 --> 01:03:45,600
It becomes unwieldy.
1802
01:03:45,600 --> 01:03:47,100
It's trying to be good at too many things.
1803
01:03:47,100 --> 01:03:48,700
It's actually good at none of them.
1804
01:03:48,700 --> 01:03:51,200
The agent fails because you gave it an impossible scope.
1805
01:03:51,200 --> 01:03:52,000
Pick one job.
1806
01:03:52,000 --> 01:03:52,700
Do that job well.
1807
01:03:52,700 --> 01:03:55,600
At other jobs later, not measuring impact is failure five.
1808
01:03:55,600 --> 01:03:57,000
You can't justify the investment.
1809
01:03:57,000 --> 01:03:58,700
You don't know if users are actually using it.
1810
01:03:58,700 --> 01:04:01,400
You don't know if it's saving time or just shifting work around.
1811
01:04:01,400 --> 01:04:04,400
You can't answer whether this agent is worth the infrastructure cost.
1812
01:04:04,400 --> 01:04:07,100
You should have defined what success looks like before deployment.
1813
01:04:07,100 --> 01:04:08,800
How many lead assessments per day?
1814
01:04:08,800 --> 01:04:11,100
How much time saved per finance reconciliation?
1815
01:04:11,100 --> 01:04:13,000
Without that baseline, you're running blind.
1816
01:04:13,000 --> 01:04:14,800
Failure six is ignoring orchestration.
1817
01:04:14,800 --> 01:04:16,000
You build three agents.
1818
01:04:16,000 --> 01:04:18,400
They work independently, but they need to work together.
1819
01:04:18,400 --> 01:04:20,100
You don't have orchestration patterns.
1820
01:04:20,100 --> 01:04:22,500
So you're calling them sequentially through manual scripts.
1821
01:04:22,500 --> 01:04:23,900
Each agent does its job.
1822
01:04:23,900 --> 01:04:25,800
Nobody's coordinating them.
1823
01:04:25,800 --> 01:04:27,900
The value multiplies when agents work together.
1824
01:04:27,900 --> 01:04:31,300
If you skip orchestration, you stay stuck at single agent utility.
1825
01:04:31,300 --> 01:04:32,800
You miss the compounding returns.
1826
01:04:32,800 --> 01:04:34,600
Failure seven is not planning for scale.
1827
01:04:34,600 --> 01:04:37,300
An agent works brilliantly when ten people use it.
1828
01:04:37,300 --> 01:04:38,000
You're confident.
1829
01:04:38,000 --> 01:04:39,100
You enable it for everyone.
1830
01:04:39,100 --> 01:04:41,000
Now it's running on ten thousand users.
1831
01:04:41,000 --> 01:04:42,500
Token costs explode.
1832
01:04:42,500 --> 01:04:45,200
Response time degrades.
1833
01:04:45,200 --> 01:04:47,700
The infrastructure that worked for pilots breaks.
1834
01:04:47,700 --> 01:04:49,800
You didn't think about scale from the start.
1835
01:04:49,800 --> 01:04:51,800
You didn't measure token consumption early.
1836
01:04:51,800 --> 01:04:53,200
And you didn't design for concurrency.
1837
01:04:53,200 --> 01:04:55,400
Now you're in crisis mode trying to optimize something
1838
01:04:55,400 --> 01:04:56,900
that was never designed to scale.
1839
01:04:56,900 --> 01:04:59,200
The pattern across all of these is identical.
1840
01:04:59,200 --> 01:05:02,800
Most failures come from treating agents as simple tools
1841
01:05:02,800 --> 01:05:05,100
instead of systems that need governance, maintenance,
1842
01:05:05,100 --> 01:05:06,600
architecture and oversight.
1843
01:05:06,600 --> 01:05:09,700
You wouldn't deploy infrastructure without planning for scale.
1844
01:05:09,700 --> 01:05:11,900
You wouldn't access data without identity and audit.
1845
01:05:11,900 --> 01:05:13,600
You wouldn't skip integration planning.
1846
01:05:13,600 --> 01:05:15,800
But with agents, organizations do all those things
1847
01:05:15,800 --> 01:05:18,700
because agents feel like software features, not infrastructure.
1848
01:05:18,700 --> 01:05:19,500
They're not.
1849
01:05:19,500 --> 01:05:21,200
The sooner you stop treating them that way,
1850
01:05:21,200 --> 01:05:23,300
the sooner your deployments stop failing.
1851
01:05:23,300 --> 01:05:26,400
The organizational shift from assistance to automation.
1852
01:05:26,400 --> 01:05:29,000
Everything we've talked about, the layers, the governance,
1853
01:05:29,000 --> 01:05:31,100
the orchestration, this is all infrastructure,
1854
01:05:31,100 --> 01:05:34,000
but infrastructure only matters because of what it enables.
1855
01:05:34,000 --> 01:05:35,800
And what it enables is fundamentally different
1856
01:05:35,800 --> 01:05:37,600
from how organizations work today.
1857
01:05:37,600 --> 01:05:39,600
Right now, the model is assistance.
1858
01:05:39,600 --> 01:05:40,600
AI helps humans.
1859
01:05:40,600 --> 01:05:41,800
A human sees the results.
1860
01:05:41,800 --> 01:05:45,000
A human makes the decision and a human executes the action.
1861
01:05:45,000 --> 01:05:46,600
The human is still the primary actor.
1862
01:05:46,600 --> 01:05:47,700
The agent is secondary.
1863
01:05:47,700 --> 01:05:50,400
It's just a tool that makes that human faster or more informed.
1864
01:05:50,400 --> 01:05:51,700
The new model inverts that.
1865
01:05:51,700 --> 01:05:52,900
The agent executes.
1866
01:05:52,900 --> 01:05:53,900
The human oversees.
1867
01:05:53,900 --> 01:05:55,400
The human intervenes only when needed.
1868
01:05:55,400 --> 01:05:57,000
The agent becomes the primary actor.
1869
01:05:57,000 --> 01:05:58,500
The human becomes the supervisor.
1870
01:05:58,500 --> 01:06:00,400
That shift seems subtle when you describe it.
1871
01:06:00,400 --> 01:06:02,500
In practice, it rewires everything.
1872
01:06:02,500 --> 01:06:03,600
Think about a sales team.
1873
01:06:03,600 --> 01:06:06,800
Today, a sales development rep spends their day assessing leads
1874
01:06:06,800 --> 01:06:09,000
to see who is qualified, who has the budget,
1875
01:06:09,000 --> 01:06:10,300
and who fits the target.
1876
01:06:10,300 --> 01:06:13,800
It's work that requires judgment, but happens repetitively.
1877
01:06:13,800 --> 01:06:16,300
The sales qualification agent does this assessment now.
1878
01:06:16,300 --> 01:06:17,600
The rep reviews the results.
1879
01:06:17,600 --> 01:06:19,000
The rep focuses on the leads.
1880
01:06:19,000 --> 01:06:20,800
The agent flagged as high probability.
1881
01:06:20,800 --> 01:06:22,900
They spend their time on relationships and closing
1882
01:06:22,900 --> 01:06:24,500
instead of filtering through data.
1883
01:06:24,500 --> 01:06:26,400
That's not the same job with better tools.
1884
01:06:26,400 --> 01:06:27,300
That's a different job.
1885
01:06:27,300 --> 01:06:29,000
The skills matter differently now.
1886
01:06:29,000 --> 01:06:31,200
The person who was good at quickly assessing leads
1887
01:06:31,200 --> 01:06:33,000
might not be as good at relationship building.
1888
01:06:33,000 --> 01:06:34,700
The person who was average at assessment
1889
01:06:34,700 --> 01:06:37,300
but excellent at building trust gets to spend their time
1890
01:06:37,300 --> 01:06:38,800
where they're actually strong.
1891
01:06:38,800 --> 01:06:40,200
Job descriptions change.
1892
01:06:40,200 --> 01:06:41,800
Hiring requirements change.
1893
01:06:41,800 --> 01:06:43,600
How you measure performance changes.
1894
01:06:43,600 --> 01:06:46,200
Everything flows from that one shift in what the agent does.
1895
01:06:46,200 --> 01:06:47,900
Finance teams look similar.
1896
01:06:47,900 --> 01:06:50,500
Controllers right now spend their time on reconciliation.
1897
01:06:50,500 --> 01:06:51,900
Three transactions don't match.
1898
01:06:51,900 --> 01:06:52,900
Find why.
1899
01:06:52,900 --> 01:06:54,500
Fix it manually.
1900
01:06:54,500 --> 01:06:56,600
It's detailed work that requires attention,
1901
01:06:56,600 --> 01:06:58,500
but doesn't require strategic thinking.
1902
01:06:58,500 --> 01:07:00,600
The account reconciliation agent does the matching.
1903
01:07:00,600 --> 01:07:03,000
The controller reviews exceptions and validates.
1904
01:07:03,000 --> 01:07:05,300
But the bulk of their day shifts from reconciliation
1905
01:07:05,300 --> 01:07:08,500
to analysis, to variance investigation, to strategy.
1906
01:07:08,500 --> 01:07:09,600
That's higher value work.
1907
01:07:09,600 --> 01:07:11,400
It's work that only a human should do.
1908
01:07:11,400 --> 01:07:13,600
And now a human can do it because an agent is handling
1909
01:07:13,600 --> 01:07:14,400
the baseline.
1910
01:07:14,400 --> 01:07:16,400
Security teams face the same inversion.
1911
01:07:16,400 --> 01:07:18,800
Analyst right now spend their time triaging alerts.
1912
01:07:18,800 --> 01:07:20,100
Is this a real threat?
1913
01:07:20,100 --> 01:07:21,000
Is this noise?
1914
01:07:21,000 --> 01:07:22,500
What matters?
1915
01:07:22,500 --> 01:07:24,700
The alert triage agents do this assessment.
1916
01:07:24,700 --> 01:07:26,700
The analyst reviews what the agent flagged as critical.
1917
01:07:26,700 --> 01:07:28,100
The analyst investigates.
1918
01:07:28,100 --> 01:07:30,200
The analyst makes decisions about response.
1919
01:07:30,200 --> 01:07:33,000
The analyst's time moves from filtering to investigation.
1920
01:07:33,000 --> 01:07:34,400
From assessment to action.
1921
01:07:34,400 --> 01:07:36,800
That's the job security actually wants to hire for anyway.
1922
01:07:36,800 --> 01:07:38,700
Now they can.
1923
01:07:38,700 --> 01:07:42,600
IT operations shifts to engineers handle routine troubleshooting.
1924
01:07:42,600 --> 01:07:43,800
Why is this service slow?
1925
01:07:43,800 --> 01:07:44,800
Restart it.
1926
01:07:44,800 --> 01:07:46,000
Why is this discful?
1927
01:07:46,000 --> 01:07:47,700
Clear the cache.
1928
01:07:47,700 --> 01:07:49,800
These are operational tasks that someone needs to do
1929
01:07:49,800 --> 01:07:51,700
but don't require engineering judgment.
1930
01:07:51,700 --> 01:07:53,300
Agents do these now.
1931
01:07:53,300 --> 01:07:56,200
Engineers focus on architecture, on optimization,
1932
01:07:56,200 --> 01:07:58,600
on designing systems that need less firefighting.
1933
01:07:58,600 --> 01:08:01,200
They become architects instead of on-call responders.
1934
01:08:01,200 --> 01:08:02,900
The patent is consistent across every domain.
1935
01:08:02,900 --> 01:08:05,300
Work becomes more strategic, less routine,
1936
01:08:05,300 --> 01:08:07,500
more human judgment required, less data entry,
1937
01:08:07,500 --> 01:08:10,400
less filtering, less mechanical repetition.
1938
01:08:10,400 --> 01:08:12,200
The things that made people tired and bored
1939
01:08:12,200 --> 01:08:13,200
those go to agents.
1940
01:08:13,200 --> 01:08:15,600
The things that require intuition, judgment,
1941
01:08:15,600 --> 01:08:18,200
relationship and strategy, those stay with humans.
1942
01:08:18,200 --> 01:08:20,000
And that's where the ROI actually lives.
1943
01:08:20,000 --> 01:08:21,400
It's not in replacing people.
1944
01:08:21,400 --> 01:08:23,000
It's not in doing more with fewer people.
1945
01:08:23,000 --> 01:08:25,900
It's in deploying people to work that only they can do.
1946
01:08:25,900 --> 01:08:28,400
The analyst you're paying $150,000 a year
1947
01:08:28,400 --> 01:08:31,200
is worth that investment when they're investigating threats.
1948
01:08:31,200 --> 01:08:33,500
They're not worth that investment triaging alerts.
1949
01:08:33,500 --> 01:08:35,800
Agents doing triage and analysts investigating.
1950
01:08:35,800 --> 01:08:36,800
That's the leverage.
1951
01:08:36,800 --> 01:08:39,600
This is why understanding the four layers matters organizationally,
1952
01:08:39,600 --> 01:08:40,800
not just technically.
1953
01:08:40,800 --> 01:08:42,800
Because the people implications flow directly
1954
01:08:42,800 --> 01:08:44,700
from how agents are built and governed.
1955
01:08:44,700 --> 01:08:48,300
An agent with clear ownership and audit trails is one team's can trust.
1956
01:08:48,300 --> 01:08:50,000
An agent that's orchestrated well,
1957
01:08:50,000 --> 01:08:52,900
complements human work instead of creating new problems.
1958
01:08:52,900 --> 01:08:55,400
An agent that's properly scoped does one job well
1959
01:08:55,400 --> 01:08:58,100
instead of trying to do everything and failing at all of it.
1960
01:08:58,100 --> 01:09:00,100
The shift from assistance to automation
1961
01:09:00,100 --> 01:09:01,300
isn't about technology.
1962
01:09:01,300 --> 01:09:03,000
It's about organizational design.
1963
01:09:03,000 --> 01:09:06,000
It's about what humans do when machines handle the baseline.
1964
01:09:06,000 --> 01:09:07,200
That's the actual outcome.
1965
01:09:07,200 --> 01:09:07,900
What's coming?
1966
01:09:07,900 --> 01:09:10,800
The 2026/2027 road map.
1967
01:09:10,800 --> 01:09:13,800
The platform right now is still in consolidation mode.
1968
01:09:13,800 --> 01:09:16,400
Things work, but they don't fit together smoothly yet.
1969
01:09:16,400 --> 01:09:18,900
By the end of 2026, that changes.
1970
01:09:18,900 --> 01:09:21,500
Hosted agents are approaching full general availability.
1971
01:09:21,500 --> 01:09:22,800
They're in preview now.
1972
01:09:22,800 --> 01:09:24,900
But the investment in data centers and orchestration
1973
01:09:24,900 --> 01:09:26,700
infrastructure is already committed.
1974
01:09:26,700 --> 01:09:28,400
More regions are coming online.
1975
01:09:28,400 --> 01:09:30,900
Performance is improving.
1976
01:09:30,900 --> 01:09:33,400
What started as a feature preview is becoming a standard way
1977
01:09:33,400 --> 01:09:34,800
to deploy agents at scale.
1978
01:09:34,800 --> 01:09:37,500
If you've been waiting for hosting to be stable and fully supported,
1979
01:09:37,500 --> 01:09:38,800
that window is closing.
1980
01:09:38,800 --> 01:09:43,000
By late 2026, you shouldn't think twice about hosting agents in Foundry.
1981
01:09:43,000 --> 01:09:44,400
It's the default.
1982
01:09:44,400 --> 01:09:47,000
Memory is getting smarter.
1983
01:09:47,000 --> 01:09:50,000
Right now, procedural memory exists, but it's basic.
1984
01:09:50,000 --> 01:09:52,300
The agent learns that when it encounters problem X,
1985
01:09:52,300 --> 01:09:53,400
approach Y works.
1986
01:09:53,400 --> 01:09:55,100
Useful, but limited.
1987
01:09:55,100 --> 01:09:58,200
Over the next year, procedural memory gets more sophisticated.
1988
01:09:58,200 --> 01:09:59,800
Cross-session learning is coming.
1989
01:09:59,800 --> 01:10:01,600
When an agent solves something on day one,
1990
01:10:01,600 --> 01:10:03,300
it remembers that approach on day 30.
1991
01:10:03,300 --> 01:10:04,900
Context retention improves.
1992
01:10:04,900 --> 01:10:07,100
An agent doesn't start from scratch each conversation.
1993
01:10:07,100 --> 01:10:08,900
It carries relevant context forward.
1994
01:10:08,900 --> 01:10:11,100
This matters because it reduces hallucination
1995
01:10:11,100 --> 01:10:13,100
and token consumption simultaneously.
1996
01:10:13,100 --> 01:10:15,300
An agent that remembers what it learned
1997
01:10:15,300 --> 01:10:17,800
doesn't need to retrieve the same information again.
1998
01:10:17,800 --> 01:10:19,800
Orchestration patterns are moving from preview
1999
01:10:19,800 --> 01:10:21,300
to general availability.
2000
01:10:21,300 --> 01:10:23,900
Multi-agent workflows, the stateful coordination layer,
2001
01:10:23,900 --> 01:10:24,800
is in preview.
2002
01:10:24,800 --> 01:10:25,800
That's moving to GA.
2003
01:10:25,800 --> 01:10:29,200
Group chat patterns, sequential orchestration with parallel branches,
2004
01:10:29,200 --> 01:10:32,300
handoff patterns where context flows clearly between agents.
2005
01:10:32,300 --> 01:10:33,800
These aren't experimental anymore.
2006
01:10:33,800 --> 01:10:35,200
They're supported paths.
2007
01:10:35,200 --> 01:10:37,900
That means more organizations can adopt complex workflows
2008
01:10:37,900 --> 01:10:40,800
without worrying about building on unstable foundations.
2009
01:10:40,800 --> 01:10:43,700
Integration is expanding aggressively.
2010
01:10:43,700 --> 01:10:44,700
More connectors.
2011
01:10:44,700 --> 01:10:47,400
More MCP servers registered in the ecosystem,
2012
01:10:47,400 --> 01:10:51,000
but more importantly, easier integration for organizations building their own.
2013
01:10:51,000 --> 01:10:53,900
The friction of connecting agents to custom systems is dropping.
2014
01:10:53,900 --> 01:10:56,800
By next year, integrating with your proprietary back-office system
2015
01:10:56,800 --> 01:10:58,000
should be straightforward.
2016
01:10:58,000 --> 01:11:00,200
That removes one of the barriers to scaling agents
2017
01:11:00,200 --> 01:11:02,400
across your entire technology stack.
2018
01:11:02,400 --> 01:11:05,000
Right now, agents access what's easy to access.
2019
01:11:05,000 --> 01:11:07,300
Soon, they access what matters to your business
2020
01:11:07,300 --> 01:11:09,300
regardless of how old the system is.
2021
01:11:09,300 --> 01:11:11,000
Governance is hardening.
2022
01:11:11,000 --> 01:11:14,200
Agent 365 started with discovery and identity.
2023
01:11:14,200 --> 01:11:16,500
Over the next year, more policy options arrive,
2024
01:11:16,500 --> 01:11:18,600
more granular control, better visibility
2025
01:11:18,600 --> 01:11:20,800
into what agents are accessing and why.
2026
01:11:20,800 --> 01:11:23,100
This matters because it's what lets organizations
2027
01:11:23,100 --> 01:11:24,800
deploy agents more aggressively.
2028
01:11:24,800 --> 01:11:26,800
The governance isn't a constraint anymore.
2029
01:11:26,800 --> 01:11:28,300
It's an enabler.
2030
01:11:28,300 --> 01:11:30,700
Teams can move faster because they have confidence
2031
01:11:30,700 --> 01:11:33,300
that agents are operating within appropriate bounds.
2032
01:11:33,300 --> 01:11:35,000
Cost optimization gets better tooling.
2033
01:11:35,000 --> 01:11:37,300
Right now, you measure agent costs after the fact.
2034
01:11:37,300 --> 01:11:40,600
Next year, you'll have models that predict costs before execution.
2035
01:11:40,600 --> 01:11:43,700
Cost-aware routing that picks cheaper models when quality allows.
2036
01:11:43,700 --> 01:11:46,800
Better tools for understanding where token consumption is happening.
2037
01:11:46,800 --> 01:11:48,000
For most organizations,
2038
01:11:48,000 --> 01:11:51,400
this is the difference between running one agent and running 20.
2039
01:11:51,400 --> 01:11:53,900
When you can see costs and optimize them in real time,
2040
01:11:53,900 --> 01:11:55,900
the business case changes dramatically.
2041
01:11:55,900 --> 01:11:57,900
Windows agent runtime is coming out of preview.
2042
01:11:57,900 --> 01:11:59,600
Agents running natively on Windows,
2043
01:11:59,600 --> 01:12:02,400
local execution for workloads that need to stay on premise.
2044
01:12:02,400 --> 01:12:04,700
For regulated industries, this is transformative.
2045
01:12:04,700 --> 01:12:06,500
You don't need cloud infrastructure.
2046
01:12:06,500 --> 01:12:08,900
You don't need to move data around agents run locally
2047
01:12:08,900 --> 01:12:10,600
with full access to your systems.
2048
01:12:10,600 --> 01:12:12,400
Cross-platform agents are the next step.
2049
01:12:12,400 --> 01:12:16,100
The same agent code running on Windows, Azure, and on-premises.
2050
01:12:16,100 --> 01:12:17,500
True portability.
2051
01:12:17,500 --> 01:12:19,600
Right once, deploy anywhere.
2052
01:12:19,600 --> 01:12:22,100
That's not quite here yet, but the architecture is being built.
2053
01:12:22,100 --> 01:12:23,700
By 2027, it's realistic.
2054
01:12:23,700 --> 01:12:25,900
The pattern across all of this is consistency.
2055
01:12:25,900 --> 01:12:27,500
The platform isn't getting more complex.
2056
01:12:27,500 --> 01:12:32,000
It's getting more coherent, more patterns, more frameworks, more tools.
2057
01:12:32,000 --> 01:12:34,200
But all of it building on the same foundation,
2058
01:12:34,200 --> 01:12:37,300
identity, runtime, governance, and orchestration.
2059
01:12:37,300 --> 01:12:38,700
By the end of 2026,
2060
01:12:38,700 --> 01:12:41,500
the ecosystem looks dramatically different from today,
2061
01:12:41,500 --> 01:12:43,300
not because it's fundamentally new,
2062
01:12:43,300 --> 01:12:45,800
but because it finally works as an integrated system
2063
01:12:45,800 --> 01:12:48,100
instead of a collection of separate components.
2064
01:12:48,100 --> 01:12:50,800
The structural reality, why this matters.
2065
01:12:50,800 --> 01:12:53,000
Everything we've walked through over the last hour
2066
01:12:53,000 --> 01:12:55,400
comes down to one thing, understanding the model,
2067
01:12:55,400 --> 01:12:59,400
not the products, not which agent you pick for which task, the model.
2068
01:12:59,400 --> 01:13:00,600
Because there's a shift happening
2069
01:13:00,600 --> 01:13:02,900
that doesn't make headlines the way new features do,
2070
01:13:02,900 --> 01:13:05,000
it's quieter, more structural,
2071
01:13:05,000 --> 01:13:07,700
and it determines whether your agent investments actually work.
2072
01:13:07,700 --> 01:13:10,800
The shift is from AI as a feature to AI as infrastructure.
2073
01:13:10,800 --> 01:13:12,800
Features are things you add to existing products.
2074
01:13:12,800 --> 01:13:14,400
You add copilot to your office apps.
2075
01:13:14,400 --> 01:13:17,100
It's useful, but it's still word, word is the system.
2076
01:13:17,100 --> 01:13:18,900
And copilot is just the feature bolted on.
2077
01:13:18,900 --> 01:13:20,100
Infrastructure is different.
2078
01:13:20,100 --> 01:13:22,000
Infrastructure is what systems are built on.
2079
01:13:22,000 --> 01:13:23,100
It's the foundation.
2080
01:13:23,100 --> 01:13:25,800
It's what everything else rests on and operates through.
2081
01:13:25,800 --> 01:13:28,800
Agents are transitioning from the first to the second
2082
01:13:28,800 --> 01:13:31,200
and that changes what organizations actually need to do.
2083
01:13:31,200 --> 01:13:32,200
When agents were features,
2084
01:13:32,200 --> 01:13:33,700
you didn't need to think about layers.
2085
01:13:33,700 --> 01:13:34,900
You didn't need governance.
2086
01:13:34,900 --> 01:13:37,100
You didn't need to worry about identity or orchestration.
2087
01:13:37,100 --> 01:13:38,300
You turned on copilot.
2088
01:13:38,300 --> 01:13:40,000
It worked and you were done.
2089
01:13:40,000 --> 01:13:42,200
But the moment agents start operating in your systems,
2090
01:13:42,200 --> 01:13:43,300
they stop being features.
2091
01:13:43,300 --> 01:13:44,300
They call your APIs.
2092
01:13:44,300 --> 01:13:45,400
They access your data.
2093
01:13:45,400 --> 01:13:47,200
They make decisions that affect your business.
2094
01:13:47,200 --> 01:13:48,200
They become infrastructure.
2095
01:13:48,200 --> 01:13:50,300
And infrastructure requires thinking about foundations.
2096
01:13:50,300 --> 01:13:52,400
That's what the four layers actually represent.
2097
01:13:52,400 --> 01:13:54,500
The experience layer is where humans interact.
2098
01:13:54,500 --> 01:13:55,400
That's the interface.
2099
01:13:55,400 --> 01:13:56,400
That's the front door.
2100
01:13:56,400 --> 01:13:58,700
Most organizations start here because they see a team's
2101
01:13:58,700 --> 01:14:01,300
bought or a scout agent and think that's the whole picture.
2102
01:14:01,300 --> 01:14:01,800
But it's not.
2103
01:14:01,800 --> 01:14:04,900
It's the symptom, not the system.
2104
01:14:04,900 --> 01:14:07,600
The agent layer is where domain expertise operates.
2105
01:14:07,600 --> 01:14:10,100
This is where you define what an agent actually does.
2106
01:14:10,100 --> 01:14:12,300
Security agent, sales agent, finance agent.
2107
01:14:12,300 --> 01:14:15,100
Each one specializes because specialization means accuracy.
2108
01:14:15,100 --> 01:14:17,200
But this layer by itself is just logic.
2109
01:14:17,200 --> 01:14:19,700
It can't execute anything without what comes next.
2110
01:14:19,700 --> 01:14:22,600
The runtime layer is where execution actually happens.
2111
01:14:22,600 --> 01:14:24,300
Your logic needs somewhere to run,
2112
01:14:24,300 --> 01:14:25,500
somewhere to maintain state,
2113
01:14:25,500 --> 01:14:28,200
somewhere to call tools and coordinate with other agents,
2114
01:14:28,200 --> 01:14:29,200
somewhere to scale.
2115
01:14:29,200 --> 01:14:30,300
That's the runtime.
2116
01:14:30,300 --> 01:14:32,800
It's the infrastructure the experience layer depends on
2117
01:14:32,800 --> 01:14:34,400
and the agent layer operates within.
2118
01:14:34,400 --> 01:14:37,100
The governance layer is what keeps everything safe and visible.
2119
01:14:37,100 --> 01:14:39,700
Identity, policy, audit, life cycle.
2120
01:14:39,700 --> 01:14:42,200
These aren't optional add-ons once you're operating at scale.
2121
01:14:42,200 --> 01:14:43,400
They're foundational.
2122
01:14:43,400 --> 01:14:45,500
An agent without identity is invisible.
2123
01:14:45,500 --> 01:14:47,200
An agent without policy is uncontrolled.
2124
01:14:47,200 --> 01:14:49,700
An agent without audit is unmeasurable.
2125
01:14:49,700 --> 01:14:51,600
These are the constraints that transform agents
2126
01:14:51,600 --> 01:14:55,000
from experimental features into systems organizations contrast.
2127
01:14:55,000 --> 01:14:56,100
Here's what actually matters.
2128
01:14:56,100 --> 01:14:57,800
Each layer has different concerns.
2129
01:14:57,800 --> 01:14:59,700
Each layer requires different thinking.
2130
01:14:59,700 --> 01:15:01,900
Confusing them is where most deployments break.
2131
01:15:01,900 --> 01:15:04,200
Organizations that succeed understand this.
2132
01:15:04,200 --> 01:15:06,200
They know that an agent is the experience
2133
01:15:06,200 --> 01:15:08,800
plus the logic plus the infrastructure plus the governance.
2134
01:15:08,800 --> 01:15:12,100
All four, not one, not two, all four working together.
2135
01:15:12,100 --> 01:15:14,200
Identity is the foundation because you can't govern
2136
01:15:14,200 --> 01:15:15,500
what you can't identify.
2137
01:15:15,500 --> 01:15:18,300
Entra agent ID makes agents first class principles.
2138
01:15:18,300 --> 01:15:19,300
That sounds technical.
2139
01:15:19,300 --> 01:15:22,000
What it actually means is agents become manageable.
2140
01:15:22,000 --> 01:15:22,700
You know what they are.
2141
01:15:22,700 --> 01:15:24,000
You can control what they do.
2142
01:15:24,000 --> 01:15:25,400
You can audit what they did.
2143
01:15:25,400 --> 01:15:28,500
Orchestration is the multiplier because a single agent is useful.
2144
01:15:28,500 --> 01:15:31,000
But multiple agents coordinating are transformative.
2145
01:15:31,000 --> 01:15:34,600
But coordination only works if you have infrastructure designed for it.
2146
01:15:34,600 --> 01:15:35,600
That's the runtime layer.
2147
01:15:35,600 --> 01:15:37,700
Foundry isn't just a place to host agents.
2148
01:15:37,700 --> 01:15:39,500
It's where orchestration becomes possible.
2149
01:15:39,500 --> 01:15:41,300
Understanding this model isn't optional.
2150
01:15:41,300 --> 01:15:43,800
It's what separates organizations building agent infrastructure
2151
01:15:43,800 --> 01:15:46,500
from organizations experimenting with agent features.
2152
01:15:46,500 --> 01:15:48,100
One scales, the other doesn't.
2153
01:15:48,100 --> 01:15:50,200
The real question isn't which agent you should use.
2154
01:15:50,200 --> 01:15:51,800
It's what your agent architecture looks like.
2155
01:15:51,800 --> 01:15:53,400
You're not choosing between products.
2156
01:15:53,400 --> 01:15:56,100
You're choosing how AI operates in your organization.
2157
01:15:56,100 --> 01:15:58,800
Start with one agent, ground it in your data,
2158
01:15:58,800 --> 01:16:02,800
register it in governance, measure what it does, then scale.
2159
01:16:02,800 --> 01:16:05,200
The teams that understand the four layers move faster
2160
01:16:05,200 --> 01:16:06,500
and make better decisions.
2161
01:16:06,500 --> 01:16:08,600
Everything else is just picking the right tool
2162
01:16:08,600 --> 01:16:09,800
for the layer you're building.















