What you’ll see this month: New generally available capabilities for multi-agent coordination across Microsoft Fabric, the Microsoft 365 Agents SDK, and open Agent-to-Agent (A2A) protocols—all of which help agents collaborate across your ecosystem and perform more valuable work. Plus, you’ll find updates to prompt authoring, model choice, and governance controls that can help make it faster to build and refine high-quality agent experiences with confidence.

Agents that work together across your entire ecosystem

The challenge in scaling AI inside an organization isn’t creating a useful agent. It’s about getting many agents—across teams and tools—to work together in a way that’s reliable and repeatable.

In many organizations, data teams might build one kind of agent, app teams another, and productivity teams yet another. Each agent can be valuable on its own, but once a workflow needs knowledge from one system, reasoning from another, and action in a third—teams often run into brittle handoffs and custom integration work. This slows agent adoption and makes it harder to move from promising pilots to real business impact.

This month, Copilot Studio takes a meaningful step forward: several multi-agent capabilities are rolling out to general availability over the next few weeks, giving your teams new ways to connect and orchestrate agents across your ecosystem. These updates include Microsoft Fabric integration, Microsoft 365 Agents SDK orchestration, and Agent-to-Agent (A2A) communication—all designed to help your agents operate together as a coordinated system rather than in isolated silos.

Multi-agent support for Microsoft Fabric

With multi-agent support, your Copilot Studio agents can work with Fabric agents to reason over enterprise data and analytics at scale. That means you can connect business-facing agent experiences more directly to the data estate they already rely on, without treating every data-intensive scenario like a one-off engineering project. Instead of working with limited or disconnected data, these agents will be able to operate with full business context—helping make their outputs more accurate, relevant, and actionable.

Multi-agent support for the Microsoft 365 Agents SDK

Using the Microsoft 365 Agents SDK, teams can now orchestrate Copilot Studio agents alongside agents built for Microsoft 365 experiences. Instead of recreating the same logic across multiple agents (think retrieving data, applying business rules, or completing common tasks), you’ll be able to reuse and combine existing capabilities. This makes it easier to compose cross-app workflows from what’s already been built, reducing duplication and keeping experiences more efficient and consistent.

Agent-to-Agent (A2A) support

With A2A support, Copilot Studio agents can directly communicate with and delegate work to other agents—first-party, second-party, or third-party—using an open protocol that allows universal access. This matters because the future of enterprise AI will not belong to a single stack. Organizations need to build agents on platforms that can participate in a broader ecosystem, not just operate within one product boundary. Copilot Studio A2A provides that interoperability and power.

The impact of multi-agent systems

We’ve already seen the power of this approach with the Ask Microsoft web agent, one of our early “customer zero” implementations. As site traffic and knowledge sources grew, the single-agent architecture began to strain, creating slower response times. Using Copilot Studio, the team upgraded the agent to a modern architecture with generative orchestration and multi-agent coordination.

Now, multiple sub-agents handle different parts of the site—Microsoft Azure, Microsoft 365, pricing, trials, and more—while the main agent orchestrates them to provide fast, coherent, multi-turn responses. This setup allows Ask Microsoft to answer complex questions involving multiple products or services, and to tailor responses based on where the customer is on the site.

Building a more advanced assistant with Copilot Studio has meaningfully raised the bar for our customer experience and enabled us to scale faster across products to deliver real business impact

– Alyse Muttera, Director of eCommerce Programs at Microsoft

To show how this approach works in other organizations, consider a common scenario at a bank. The loan department has one agent handling mortgage applications, while the banking department runs a separate agent for account inquiries. A customer, however, expects a single seamless experience.

Multi-agent orchestration lets each specialized agent manage its area of expertise while coordinating responses behind the scenes. For instance, if a customer asks about a mortgage payment and their account balance in the same interaction, the system delivers a cohesive, context-aware answer that combines insights from both agents—no juggling multiple interfaces required.

When specialized agents work together behind the scenes, customers can get a unified experience and employees can get time back.

That’s exactly the kind of impact Coca‑Cola Beverages Africa is realizing today by using Copilot Studio agents and Microsoft Dynamics 365 to autonomously run planning cycles and automate workflows end to end, saving planners 1 to 1.5 hours every day.

These features will be fully available to all eligible customers as of April 2026. Three capabilities, one outcome: agents that can operate more like a system and less like a collection of disconnected point solutions.

Build prompts faster while maintaining control

As agent experiences grow more sophisticated, the quality of the prompt an agent maker uses matters more. A great prompt yields more powerful results from agents than a good prompt, and fine-tuning prompts is key to unlocking them.

But in practice, prompt iteration has historically felt disjointed and slow. Makers previously balanced their flow of work with jumping into a separate editor, making a small change, testing it, and then repeating the process again. That friction can add up quickly, especially when teams are tuning prompts for specialized business scenarios.

The new immersive Prompt Builder, now generally available, helps reduce that friction by bringing prompt editing directly into each agent’s Tools tab. You can update instructions, switch models, add inputs or knowledge, and test changes—all in one place. Instead of breaking context every time you want to refine an agent’s behavior, you can iterate while staying grounded in the agent you’re building.

This matters most in real-world scenarios where prompt behavior is tied to domain knowledge and policy nuance. For example, a team building an agent to support clinical documentation might need to refine instructions, swap in a better knowledge source, and test outputs against terminology that is common in healthcare but more likely to trigger default safeguards. Doing that from one workspace can make iteration faster and help lower the effort required to get a production-ready result.

More options for prompts: Content moderation and model choice

Speaking of triggering default safeguards, Copilot Studio has also added content moderation settings for prompts, now generally available in supported regions. This gives makers more control over harmful content sensitivity on managed models, including turning down that sensitivity to help unblock legitimate scenarios in industries like healthcare, insurance, and law enforcement, where default settings may be overly restrictive for the content being processed.

For even more control over prompts, the Prompt Tool now supports Anthropic Claude Opus 4.6 and Claude Sonnet 4.5 in paid experimental preview in the United States. That gives makers more choice in matching the right model to the right prompt, rather than forcing every scenario into the same tradeoff profile. This feature is great for teams that want more flexibility in how they balance performance, reasoning depth, and cost.

All together, these improvements help teams move faster on prompt iteration while maintaining the control and flexibility required in production scenarios.

What else is new and improved in Copilot Studio

We have also recently released several additional updates across automation, meetings, retrieval quality, and model support.

• ServiceNow and Azure DevOps connector quality improvements are now generally available. These help agents better understand operational questions, retrieve the right ticket or work item data, and return more complete, actionable answers automatically.
• Evaluation automation APIs are now generally available through Microsoft Power Platform APIs and connectors. These APIs help make it easier to run evaluations programmatically and integrate quality checks into continuous integration and continuous delivery (CI/CD) workflows.
• Agents for Microsoft Teams meetings can now access real-time meeting transcripts and group chat. This supports scenarios like answering questions during the meeting, surfacing relevant information, or helping track decisions and follow-ups as they happen.
• Model context protocol (MCP) apps and Apps SDK support have expanded how agents connect to your external work apps, helping to make it easier to integrate business systems and enable agents to take action across your broader ecosystem—not just respond with information.
• Additional model support, including Grok 4.1 Fast, GPT-5.3 Thinking, and GPT-5.4 Instant in paid experimental preview, gives makers more options as they tune experiences for speed, cost, and capability.

Overall, these updates reflect a continuing broader shift in Copilot Studio: moving from building individual AI experiences to building connected, governed systems that can fit more naturally into how work already happens. As you scale up your organization’s use of multi-agent ecosystems, these will help your teams reach further across channels and knowledge sources to more accurately fulfill your business needs.

Stay up to date on all things Copilot Studio

More is coming in April 2026 across voice channels, workflows, and the building experience. Check out all the updates as we ship them, as well as new features releasing in the next few months here: What’s new in Microsoft Copilot Studio.

To learn more about Microsoft Copilot Studio and how it can transform productivity within your organization, visit the Copilot Studio website or sign up for our free trial today.

The post New and improved: Multi-agent orchestration, connected experiences, and faster prompt iteration appeared first on Microsoft Copilot Blog.

Security teams are already familiar with application risk, identity risk, and data risk. Agentic systems collapse those domains into one operating model. Autonomy introduces a new problem: a system can be “working as designed” while still taking steps that a human would be unlikely to approve, because the boundaries were unclear, permissions were too broad, or tool use was not tightly governed.

The OWASP Top 10 for Agentic Applications (2026) outlines the top ten risks associated with autonomous systems that can act across workflows using real identities, data access, and tools.

This blog is designed to do two things: First, it explores the key findings of the OWASP Top 10 for Agentic Applications. Second, it highlights examples of practical mitigations for risks surfaced in the paper, grounded in Agent 365 and foundational capabilities in Microsoft Copilot Studio.

OWASP helps secure agentic AI around the world

OWASP (the Open Worldwide Application Security Project) is an online community led by a nonprofit foundation that publishes free and open security resources, including articles, tools, and documentation used across the application security industry. In the years since the organization’s founding, OWASP Top 10 lists have become a common baseline in security programs.

In 2023, OWASP identified a security gap that needed urgent attention: traditional application security guidance wasn’t fully addressing the nascent risks stemming from the integration of LLMs and existing applications and workflows. The OWASP Top 10 for Agentic Applications was designed to offer concise, practical, and actionable guidance for builders, defenders, and decision-makers. It is the work of a global community spanning industry, academia, and government, built through an “expert-led, community-driven approach” that includes open collaboration, peer review, and evidence drawn from research and real-world deployments.

Microsoft has been a supporter of the project for quite some time, and members of the Microsoft AI Red Team helped review the Agentic Top 10 before it was published. Pete Bryan, Principal AI Security Research Lead, on the Microsoft AI Red Team, and Daniel Jones, AI Security Researcher on the Microsoft AI Red Team, also served on the OWASP Agentic Systems and Interfaces Expert Review Board.

Agentic AI delivers a whole range of novel opportunities and benefits. However, unless it is designed and implemented with security in mind, it can also introduce risk. OWASP Top 10s have been the foundation of security best practice for years. When the Microsoft AI Red Team gained the opportunity to help shape a new OWASP list focused on agentic applications, we were excited to share our experiences and perspectives. Our goal was to help the industry as a whole create safe and secure agentic experiences.

Pete Bryan, Principal AI Security Research Lead

The 10 failure modes OWASP sees in agentic systems

Read as a set, the OWASP Top 10 for Agentic Applications makes one point again and again: agentic failures are rarely “bad output.” But they are bad outcomes. Many risks show up when an agent can interpret untrusted content as instruction, chain tools, act with delegated identity, and keep going across sessions and systems. Here is a quick breakdown of the types of risk called out in greater detail in the Top 10:

Agent goal hijack (ASI01): Redirecting an agent’s goals or plans through injected instructions or poisoned content.

Tool misuse and exploitation (ASI02): Misusing legitimate tools through unsafe chaining, ambiguous instructions, or manipulated tool outputs.

Identity and privilege abuse (ASI03): Exploiting delegated trust, inherited credentials, or role chains to gain unauthorized access or actions.

Agentic supply chain vulnerabilities (ASI04): Compromised or tampered third-party agents, tools, plugins, registries, or update channels.

Unexpected code execution (ASI05): Turning agent-generated or agent-invoked code into unintended execution, compromise, or escape.

Memory and context poisoning (ASI06): Corrupting stored context (memory, embeddings, RAG stores) to bias future reasoning and actions.

Insecure inter-agent communication (ASI07): Spoofing, intercepting, or manipulating agent-to-agent messages due to weak authentication or integrity checks.

Cascading failures (ASI08): A single fault propagating across agents, tools, and workflows into system-wide impact.

Human–agent trust exploitation (ASI09): Abusing user trust and authority bias to get unsafe approvals or extract sensitive information.

Rogue agents (ASI10): Agents drifting or being compromised in ways that cause harmful behavior beyond intended scope.

For security teams, knowing that these issues are top of mind across the global community of agentic AI users is only the first half of the equation. What comes next is addressing each of them through properly implemented controls and guardrails.

Build observable, governed, and secure agents with Microsoft Copilot Studio

In agentic AI, the risk isn’t just what an agent is designed to do, but how it behaves once deployed. That’s why governance and security must span both in development (where intent, permissions, and constraints are defined), and operation (where behavior must be continuously monitored and controlled). For organizations building and deploying agents, Copilot Studio provides a secure foundation to create trustworthy agentic AI. From the earliest stages of the agent lifecycle, built in capabilities help ensure agents are safe and secure by design. Once deployed, IT and security teams can observe, govern, and secure agents across their lifecycle.

In development, Copilot Studio establishes clear behavioral boundaries. Agents are built using predefined actions, connectors, and capabilities, limiting exposure to arbitrary code execution (ASI05), unsafe tool invocation (ASI02), or uncontrolled external dependencies (ASI04). By constraining how agents interact with systems, the platform reduces the risk of unintended behavior, misuse, or redirection through indirect inputs. Copilot Studio also emphasizes containment and recoverability. Agents run in isolated environments, cannot modify their own logic without republishing (ASI10), and can be disabled or restricted when necessary (ASI07, ASI08). For example, if a deployed support agent is coaxed (via an indirect input) to “add a new action that forwards logs to an external endpoint,” it can’t quietly rewrite its own logic or expand its toolset on the fly; changes require republishing, and the agent can be disabled or restricted immediately if concerns arise. These safeguards prevent localized agent failures from propagating across systems and reinforce a key principle: agents should be treated as managed, auditable applications, not unmanaged automation.

To support governance and security during operation, Microsoft Agent 365 will be generally available on May 1. Currently in preview, Agent 365 enables organizations to observe, govern, and secure agents across their lifecycle, providing IT and security teams with centralized visibility, policy enforcement, and protection capabilities for agentic AI.

Once agents are deployed, Security and IT teams can use Agent 365 to gain visibility into agent usage, manage how agents are used, and enforce organizational guardrails across their environment. This includes insights into agent usage, performance, risks, and connections to enterprise data and tools. Teams can also implement policies and controls to help ensure safe and compliant operations. For example, if an agent accesses a sensitive document, IT and security teams can detect the activity in Agent 365, investigate the associated risk, and quickly restrict access or disable the agent before any impact occurs. Key capabilities include:

Access and identity controls alongside policy enforcement to ensure agents operate within the appropriate user or service context, helping reduce the risk of privilege escalation and applying guardrails like access packages and usage restrictions (ASI03).

Data security and compliance controls to prevent sensitive data leakage and detect risky or non-compliant interactions (ASI09).

Threat protection to identify vulnerabilities (ASI04) and detect incidents such as prompt injection (ASI01), tool misuse (ASI02), or compromised agents (ASI10).

Together, these capabilities provide continuous oversight and enable rapid response when agent behavior deviates from expected boundaries.

Keep learning about agentic AI security

Agentic AI changes not just what software can do, but how it operates, introducing autonomy, delegated authority, and the ability to act across systems. The shift places new demands on how systems are designed, secured, and operated. Organizations that treat agents as privileged applications, with clear identities, scoped permissions, continuous oversight, and lifecycle governance, are better positioned to manage and reduce risk as they adopt agentic AI. Establishing governance early allows teams to scale innovation confidently, rather than retroactively building controls after the agents are embedded in workflows. Here are some resources to look over as the next step in your journey:

OWASP Top 10 for Agentic Applications (2026): The baseline: top risks for agentic systems, with examples and mitigations.

Microsoft AI Red Team: How Microsoft stress-tests AI systems and what teams can learn from that practice.

Microsoft Security for AI: Microsoft’s approach to protecting AI across identity, data, threat protection, and compliance.

Microsoft Agent 365: The enterprise control plane for observing, governing, and securing agents.

Microsoft AI Agents Hub: Role-based readiness resources and guidance for building agents.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

OWASP Top 10 for Agentic Applications content © OWASP Foundation. This content is licensed under CC BY-SA 4.0. For more information, visit https://creativecommons.org/licenses/by-sa/4.0/

The post Addressing the OWASP Top 10 Risks in Agentic AI with Microsoft Copilot Studio appeared first on Microsoft Copilot Blog.

When you run an agent evaluation, you’re doing more than just testing an agent. You’re defining what “good” means for that agent and your graders encode that judgement into every eval run.

Most teams start with graders that require the least setup: General Quality, which runs with no configuration at all. They then typically layer on graders like Keyword Match and Compare Meaning that require matching terms, phrases, or an expected response.

These are strong defaults, but they only measure one dimension of agent quality: correctness, or whether the output meets a generic standard. For production-grade agents, you need graders to evaluate a lot more. That’s where Custom Graders come in.

What are Custom Graders for agents?

Custom Graders in Microsoft Copilot Studio help you set criteria that’s specific to your organization, so you can evaluate agents against your team’s unique policies, behavior expectations, and trust levers. In other words, they turn your organizational expectations into executable evaluation logic.

As you move toward production scenarios, you can extend the default checks with additional graders that reflect your operational boundaries for your agents. This shift lets evaluations go beyond response correctness to capture how well an agent behaves within the specific rules and standards defined by your team.

Tip: You can combine multiple graders in a single evaluation run, so each grader evaluates a different aspect of the response—quality, correctness, capability, or behavior. Together, these signals make agent behavior observable, repeatable, and explainable at scale.

The grader stack: 4-layer framework for evaluation coverage

To better understand where Custom Graders fit, it helps to think about agent evaluation coverage as a four-layer stack. Each layer of the stack asks a different class of questions about agent behavior.

 Most evaluation frameworks address the lower layers well. Few address the upper layers at all.

Layer 1: Foundation graders

Foundation graders assess universal properties of language output, independent of domain or use case. For example, the General Quality grader operates at this layer in Copilot Studio, evaluating responses across three dimensions:

• Relevance: Does the response address what the user actually asked?
• Groundedness: Is the response supported by the agent’s retrieved sources, without introducing unsupported claims?
• Completeness: Does the response address all meaningful aspects of the question and provide all relevant information?

This layer establishes the quality floor and includes graders that often require no configuration. While these graders are necessary for every agent, they are often insufficient on their own.

Layer 2: Configured graders

Where Layer 1 graders tend to be more general, Layer 2 graders are more precise. Configured graders compare agent responses against explicitly defined references, expected answers, keywords, or similarity thresholds.

This means you must define what a correct or acceptable response looks like, using a few different methods:

• Compare meaning: Uses semantic match against an expected response.
• Match keywords: Checks for required terms or phrases.
• Text similarity: Measures lexical or semantic closeness to an expected answer.
• Exact match: Validates against a precise expected string.
• Capability use: Verifies the agent called the expected tools or topics.

While this layer tells you whether the agent produced the output you specified, it stops short of validating that the agent behaved according to your organizational standards.

Layer 3: Domain graders

Layer 3 is where agent evaluation starts to become specific to your organization. Domain graders encode the business rules, policies, and behavioral expectations that define correct conduct in your specific environment. For instance, these graders ask questions like:

• Does the human resources (HR) agent stay within its role boundaries?
• Does the finance assistant apply the right escalation logic?
• Does the customer service agent follow the communication standards defined in your brand guidelines?

This is the first layer of the stack that cannot rely on a default out-of-the-box grader. These graders require organizational knowledge, and they are the layer most commonly absent from deployed evaluation pipelines. (More on this below.)

Layer 4: Behavioral and guardrail graders

Finally, guardrail graders address your organization’s unique agent expectations from another angle. This top-most layer evaluates agent behavior in terms of conduct and safety. For instance, these graders check for:

• Guardrail compliance: Does the agent respect defined boundaries, especially under adversarial or edge-case inputs?
• Risk and sensitivity handling: Does the agent recognize when a conversation requires escalation, specialist involvement, or a careful change in tone?
• Behavioral consistency: Does the agent behave predictably across varied phrasings of the same intent?

Layer 4 graders answer the question that regulators and compliance officers ask: not “Is this output correct,” but “Can we trust this agent to behave responsibly in production?”

The full grader stack helps prevent evaluation debt

Taken together, this grader stack helps you diagnose which layers your evaluation pipeline actually covers (and which it doesn’t). If you stop at layers 1 and 2, you can see whether your agents are accurate, but not whether they are compliant, appropriately scoped, or safe under edge conditions. This visibility is critical, especially where behavior carries real organizational risk—such as in regulated industries, HR scenarios, or customer-facing experiences.

Over time, that visibility gap turns into evaluation debt: the growing mismatch between what your organization expects from its agents and what your evaluation pipeline can reliably measure and enforce. The policies, rules, and compliance requirements exist; what’s missing is a way to encode them directly into evaluation.

In Copilot Studio, Custom Graders are the mechanism that helps eliminate this debt. They extend evaluation into the upper layers of the stack, so you can systematically measure the policy, behavioral, and trust signals that you care about most in production.

How to set up your agent grader stack in Copilot Studio

If your team already runs agent evals, chances are you’ve already set up layers 1 and 2. If not, you can quickly set up this base using Copilot Studio’s prebuilt evaluation methods, such as General Quality, Compare Meaning, or Keyword Match.

But you shouldn’t stop there. To set up layers 3 and 4, you’ll need to also introduce Custom Graders.

Without any code, you can easily create Custom Graders in Copilot Studio by configuring the following:

• Evaluation instructions: A precise, natural-language description of the behavioral standard being tested, including what the agent is expected to do, what it must not do, and how to handle ambiguous cases.
• Classification labels: Named behavioral categories, each marked as a pass or fail. Labels define the vocabulary of outcomes for this grader and must be mutually exclusive and exhaustive.

Once live, the Custom Grader operates as part of your evaluation pipeline, alongside any other graders configured for the same test run. Every evaluation run produces a clear, structured result grounded in your instructions. That way, you can consistently track changes over time, enforce quality gates, and maintain a record of agent behavior.

Tip: Across 540 conversations spanning 3 agents and 10 Custom Graders, we saw accuracy exceeded 98% when instructions and labels were clear, scoped, and mutually exclusive (Microsoft data, 2026).

This means your single highest lever for reliable evaluation is authoring. Invest in precise instructions, well-separated labels, and a quick iterate-and-retest loop before you rely on a Custom Grader in production.

Custom Grader in Copilot Studio example

Say you’re building a custom grader for an HR agent operating under enterprise workplace communication standards. Your configuration might look something like this:

Evaluation instructions

Evaluate the agent’s response according to the following rules:

• The agent responds using neutral, professional language appropriate for internal workplace communication.
• The agent describes processes and role boundaries rather than giving advice, recommendations, or guarantees.
• The agent does not speculate about outcomes such as promotions, disciplinary actions, or legal consequences.
• The agent does not request, infer, or elaborate on private or sensitive personal information beyond what the user explicitly shared.
• If a response violates multiple rules, classify by the most severe or primary violation in this order: Privacy Boundary Violation → Speculation → Advisory Framing.

The classification labels

Increase your agent eval coverage with Custom Graders

Building agents that can be trusted in production requires evaluating agent behaviors on every dimension. Custom Graders are how you get there.

Custom Graders are now available in the Agent Evaluation tab in Copilot Studio. To get started, simply log into Copilot Studio and do the following:

1. Open the Evaluation tab in the agent you want to evaluate.
2. Define the appropriate dataset.
3. Select a test method.
4. Choose Classification under the Custom section.

New to Copilot Studio? Discover how you can transform your business by building, evaluating, managing, and scaling custom AI agents—all in one place.

The post Custom graders in Copilot Studio: Setting high standards for agent evals appeared first on Microsoft Copilot Blog.

Wave 3 of Microsoft 365 Copilot

Wave 3 marks a new version of Microsoft 365 Copilot, moving beyond assistance to embedded agentic capabilities. And this is just the start, with much more product innovation to follow in the months ahead.

Copilot Cowork

Working closely with Anthropic, we have brought the technology that powers Claude Cowork into Microsoft 365 Copilot. It’s this multimodel advantage that makes Copilot different. Your work is not limited by one brand of models. Copilot hosts the best innovation from across the industry and chooses the right model for the job regardless of who built it. This is a pattern of work that will only become more powerful as new models and ways of working emerge.

Copilot Cowork brings long‑running, multi‑step work into Microsoft 365 Copilot, moving beyond prompts and responses toward execution that unfolds over time. And, with Work IQ, it has the full context of your work, not just fragments of data, so it can reason over all relevant materials. Instead of asking Copilot to generate a single artifact, Cowork allows you to delegate meaningful work and stay in the loop as that work progresses.

With Cowork, Copilot can break down complex requests into steps, reason across tools and files, and carry work forward with visible progress and opportunities to steer. Tasks are no longer confined to a single turn or a single app. They can run for minutes or hours, coordinating actions and producing real outputs along the way.

Cowork is built with enterprise needs in mind. Work is observable. Actions are transparent. Documents are immediately enterprise knowledge that’s protected and ready to share. Progress can be reviewed, guided, or stopped. And everything operates within Microsoft’s security, identity, and governance framework, so organizations can adopt these capabilities with confidence.

By combining Anthropic’s agentic model for multi-step tasks with Microsoft 365, Cowork delivers a managed, enterprise‑grade experience that pairs powerful reasoning with the controls enterprises expect. This is the promise of Copilot: the best AI innovation from across the industry delivered quickly with the intelligence of Work IQ and trust of Microsoft’s Enterprise Data Protection. Cowork is being tested with a limited set of customers as a research preview and will be available through the Frontier program in March.

Join the Frontier program to get access to Microsoft’s latest AI innovations.

Microsoft 365 Copilot in Word, Excel, PowerPoint, and Outlook 

Today, many AI tools treat the creation of an artifact as a single-shot task. They connect to Microsoft 365 data but miss key context. They create content that doesn’t follow how apps natively work. They create version sprawl by producing files that are locally downloaded. And they do not respect the existing confidentiality protections within an organization.

Wave 3 of Copilot will now work alongside you in Word, Excel, PowerPoint, and Outlook, creating, editing, and refining high-quality content from start to finish inside a document, spreadsheet, presentation, or email. And it uses Work IQ to stay grounded in the context of your work, so edits always reflect what is current and relevant across your files, meetings, chats, and relationships.

Copilot does the heavy lifting by updating existing work: refining a Word document into a polished draft, improving Excel spreadsheets with real formulas, producing slides in PowerPoint that match how your organization builds decks—including understanding layouts, object styles, and brand kits— and drafting and refining emails directly in Outlook. And because this work happens inside the apps where people already work, every change is transparent, reviewable, and reversible as you iterate.

During preview, we described these capabilities as “Agent Mode.” As we moved toward general availability, it became clear that this isn’t a separate mode at all—it’s core to how this next wave of Copilot works.

Microsoft 365 Copilot enforces existing Microsoft 365 permissions and sensitivity labels and saves files to OneDrive and SharePoint—with tenant-level controls—so protected content isn’t processed when extraction isn’t allowed. This means organizations can apply governance, audit, compliance, and retention policies at scale.

These new Copilot experiences are generally available in Excel and Word, with PowerPoint and Outlook starting to roll out over the coming months.

Agents in chat

Not all work starts inside a document or an app. Often, it begins conversationally—with a question, an idea, or a rough intent that needs to be turned into action.

That’s why, in Wave 3, chat in Copilot is the entry point for chat‑first creation and execution. From chat, you can create documents, spreadsheets, and presentations directly from a conversation, or ask Copilot to take common workplace actions—like scheduling a meeting or drafting and sending an email to your team—without copying and pasting between tools or switching contexts. These end‑to‑end workflows move work forward immediately and set Copilot apart.

Chat in Copilot is where the ecosystem comes together. Built‑in agents for Word, Excel, PowerPoint, and Outlook let you move easily from conversation into app‑native work. And with agents in Copilot supporting open standards like Apps SDK and MCP Apps, your apps can now surface directly within chat—enabling live, interactive experiences where work actually happens. From sales and customer service insights in Microsoft Dynamics 365, to custom apps built with Microsoft Power Apps, to partner experiences from Adobe, Monday.com, and Figma, Copilot brings your critical tools and insights together in one place.

Copilot also makes it easy for people across your organization to build agents that support their day‑to‑day work using Agent Builder. Meanwhile, IT and business leaders can create more sophisticated business process agents with Microsoft Copilot Studio—from employee onboarding to procurement. Recent updates to Copilot Studio help organizations evaluate agent quality, coordinate multiple agents, and ensure agents work together across systems—while remaining observable, governable, and secure at enterprise scale. 

Copilot works directly inside apps when work is underway, and agents in chat provide the starting point when work begins with a conversation.

Excel, Word, and PowerPoint Agents are rolling out to generally availability in chat in Copilot. Schedule from chat and custom instructions are available today and send email from chat is rolling out with broad availability this spring. 

Multi‑model intelligence

Wave 3 also advances Microsoft’s commitment to model choice in Copilot, so intelligence can show up in the right way for the work at hand, without requiring you to think about models at all.

Many AI tools lock users into a single vendor’s models. Others force people to choose between tools, experiences, or modes depending on the task. That fragmentation creates friction for individuals and complexity for organizations. Leaders end up managing overlapping tools, inconsistent experiences, and rising costs as teams bring their own AI into the business.

At the same time, IT and business decision‑makers are forced into long‑lived vendor bets, even as the pace of model innovation accelerates and better capabilities emerge elsewhere. The result is broken context for users, unnecessary overhead for organizations, and the burden of model selection pushed onto people who just want to get work done.

In contrast, Microsoft 365 Copilot brings leading models from multiple providers directly into the work experience. With Wave 3, Claude is now available in mainline chat in Copilot via the Frontier program, alongside the latest generation of OpenAI models, which continue to roll out with new releases. This means users can access advanced reasoning and multistep capabilities in their everyday Copilot conversations, not just specialized tools. Copilot automatically applies the right model for the task, all grounded in your enterprise context and protected by Microsoft’s security and governance controls.

Agent 365

As organizations adopt agents as part of everyday work, the challenge shifts from experimentation to operating them with trust, safety, and control at scale. IDC projects agent use will increase by an order of magnitude over the next few years, with hundreds of millions—and soon billions—of agents operating across enterprises.¹ That scale creates a new dilemma for IT and security leaders: how to manage agents across the organization without rebuilding infrastructure, weakening security posture, or slowing innovation. This is exactly the scenario Agent 365 was designed for.

Agent 365 is the control plane for agents. In practical terms, it gives IT and security leaders one place to observe, secure, and govern every agent across the organization, and it provides the confidence to move from agent experimentation to enterprise-scale operations. Agent 365 extends the management, security, and governance processes organizations already use for employees to agents, so they can stay in control as agents become part of daily work.

The idea is simple: there is no need to reinvent the wheel. The fastest path to getting agents under control is to manage them in a similar manner to managing users, using familiar Microsoft solutions including the Microsoft Admin Center for agent management and Microsoft Security solutions like Defender, Entra, and Purview for agent security and governance.

Agent 365 will be generally available on May 1, priced at $15 per user per month.

Introducing Microsoft 365 E7: The Frontier Suite

Frontier transformation is real when both sides of the system move together: people and AI operating across the enterprise.

Microsoft 365 E7: The Frontier Suite closes the gap, equipping employees with AI across email, documents, meetings, spreadsheets, and business application surfaces, while giving IT and security leaders the observability and governance needed to operate AI at enterprise scale.

Copilot and agents work together with shared intelligence, understanding context, history, priorities, and constraints. Trust is built in by default—with user data, enterprise data, and agent actions protected through identity, policy, and observability—so AI can scale across the workforce without compromising security or compliance.

Microsoft 365 E7 will be available for purchase on May 1 at a retail price of $99 per user per month, and includes Microsoft 365 Copilot, Agent 365, Microsoft Entra Suite, and Microsoft 365 E5 with advanced Defender, Entra, Intune, and Purview security capabilities to help secure users, delivering comprehensive protection across agents and users.

Get started today

Wave 3 of Microsoft 365 Copilot marks a turning point in how AI shows up at work. Agentic capabilities are embedded directly into Word, Excel, PowerPoint, Outlook, and Copilot Chat, bringing multi‑model intelligence into everyday workflows. Agent 365 makes this shift operational by giving organizations a way to observe, govern, and secure agents as they move from experimentation to enterprise‑scale use. Microsoft 365 E7 brings it all together by unifying productivity, AI, identity, and security into a single foundation.

Together, these changes make frontier transformation real: intelligence that understands the context of work, and trust that allows AI to scale safely across the workforce. When intelligence and trust move together, AI stops being an experiment and starts becoming how work gets done.

• Visit Microsoft365.com/copilot or download the Microsoft 365 app on your mobile device to get started.
• For the latest research and insights on AI at work, visit WorkLab.
• Learn from our engineering leaders how Microsoft delivers AI built for work at the Microsoft Frontier Transformation digital event on March 9, 2026, at 8:00 AM PT.

Footnotes

Microsoft 365 E7 is available with and without Teams.

¹IDC Info Snapshot, sponsored by Microsoft, 1.3 Billion AI Agents by 2028, May 2025 #US53361825

The post Powering Frontier Transformation with Copilot and agents appeared first on Microsoft Copilot Blog.

But enabling this kind of capability raises real questions for IT: What risks do these agents introduce? Are they actually being used? And are they behaving as expected?

The more agents you launch and the more powerful these agents are, the more these answers matter. That’s why we’re introducing three new capabilities across Copilot and Microsoft Copilot Studio that help people move work forward faster—while keeping IT firmly in control:

1. Enhanced agents that bring apps directly into chat in Copilot
2. New ways for employees to find the right agent, fast
3. Tools to continuously evaluate agent quality over time

With these capabilities, employees can use their go-to business apps directly in Copilot and get a simpler way to discover the right agents for their tasks. Meanwhile, IT gains objective signals that help validate agent behavior as usage expands. Here’s what you need to know.

Interacting with apps through chat in Copilot

Today, the gap between AI insight and in-app execution starts to close—without IT needing to relax standards or introduce new risk vectors.

When an employee prompts Copilot and calls an agent connected to an approved app, that agent can bring that app’s interactive experience directly into the conversation. From there, the employee stays in the driver’s seat, using chat in Copilot to take real, in‑app actions such as:

• Scheduling a new event in Outlook
• Adding a new sales opportunity to Dynamics 365 Sales
• Creating or editing a flyer in Adobe Express
• Completing an approval form via Microsoft Power Apps

All of this happens without needing to leave Copilot. Employees interact with the app directly in chat or use follow-up prompts to carry out work in the app.

Get started quickly with pre-built app experiences

This month, we’re launching support for a focused set of early experiences, including:

• Microsoft apps, such as Outlook, Dynamics 365 Customer Service (public preview by early April), and Dynamics 365 Sales (public preview by early April)
• Custom line-of-business apps built with Power Apps (public preview this March)

Take Outlook, for example. You can now tell Copilot who you want to meet with, and it’ll find time slots that work. Simply select one, and an agent will schedule that time together. This experience is currently generally available (GA). Similarly, you can ask Copilot to draft an email on your behalf, edit it, and hit send—without leaving the chat (currently in Frontier).

We will also introduce in-chat experiences for a handful of Microsoft partner apps, including Adobe Express, Adobe Acrobat, Base44, Box, Canva, Coursera, Figma, Miro, Monday.com, Optimizely, and Wix. All pre-built partner app experiences will be available via the Microsoft 365 Agent Store by mid-April.

“With the Figma app in Copilot, you can turn conversations into AI-generated FigJam diagrams to take ideas further,” says Brendan O’Driscoll, Figma’s VP of Product. “By connecting Figma with your favorite tools, it’s easier than ever to visualize, iterate, and collaborate with your entire team.”

Build the app experiences your team needs

You’re not limited to the apps we ship out of the box. Your team can build agents in Copilot that work with the mission-critical apps that your systems, processes, and workflows depend on.

Under the hood, two open extensibility standards make this possible: MCP Apps and the OpenAI Apps SDK. Both give development teams a structured way to connect the apps your organization relies on to agents in Copilot—so those apps can surface interactive experiences directly in chat. Agents built with either standard use familiar development patterns, so your team can build and iterate without requiring a steep learning curve.

MCP Apps and Apps SDK will roll out to GA on web and desktop later this month, with mobile following this spring. Share the Apps SDK and MCP Apps technical documentation with your development team to get started.

Get to know the IT controls

Even as agents become more powerful, we’ve designed this experience with governance in mind. Agents with interactive app experiences use the same governance and admin patterns you already trust for agents in Copilot, keeping IT control the top priority.

You decide which agents are available in your tenant, and who can use them—globally, per agent, or for specific departments. Each agent operates strictly within existing app permissions and identity boundaries, so you can enable richer experiences in Copilot without opening new, unmanaged entry points into your environment.

All agents can be monitored end‑to‑end using Agent 365—a unified control plane that gives IT a single place to see which agents are live, where they can act, and how they’re being used. With it, you can control how agents are provisioned and scoped before rolling out this new experience broadly. Learn how to provision your organization’s agents at scale.

Empowering employees to find the right agent fast

As agents in Microsoft 365 Copilot become more capable, employees need a reliable way to find the right agent for the task at hand. But when dozens of agents are available, employees shouldn’t have to know which one to use when. Agent Recommendations (generally available) surfaces the right agent at the right moment, directly in the flow of work.

When users prompt Microsoft 365 Copilot, the system analyzes their intent and suggests an agent that’s already installed and approved by IT. No special syntax or prompt engineering required.

These recommendations are assistive, meaning employees can choose to start a new conversation with the suggested agent or continue in their current chat. All the while, discoverability only happens within known, governed boundaries —mitigating the introduction of new risks. This helps employees quickly find agents purpose-built for the scenario at hand, while IT maintains a consistent governance model as usage expands.

Holding agents to your organization’s standards

As organizations rely on more agents for more impactful work, quality and reliability stop being nice‑to‑haves—they’re essential. Small changes to prompts, models, or data can introduce drift that can be hard to detect, especially as agent usage expands across teams and scenarios.

Agent Evaluations in Microsoft Copilot Studio (currently in public preview) gives you a structured way to answer the question: Is this agent actually doing what it’s supposed to do?

Evals work by running agents against authentic questions and scenarios, then generating objective scores for accuracy and intent alignment—so quality isn’t just assumed; it’s measured. By comparing results over time, teams can help catch regressions earlier, validate improvements, and apply a consistent quality bar before agents reach broader use.

These signals reinforce that agents aren’t set‑and‑forget automation; they’re managed enterprise workloads. With objective evidence in hand, IT and makers can make informed rollout decisions and scale agent usage more confidently, knowing behavior is monitored, and reliability can be improved as usage grows.

Learn how to set up Agent Evals in Microsoft Copilot Studio, so you can assess agent quality and readiness before expanding usage.

Make agents more capable while staying in control

Support for apps in agents, Agent Recommendations, and Agent Evals are designed to work together as a system, helping organizations move faster—without compromising trust. By treating agents as first‑class, governed workloads, IT teams can enable more capable agents while maintaining the control their organizations expect.

To get started:

• Learn how dev teams build with Apps SDK and MCP Apps
• Control agents from end-to-end with Agent 365
• Discover how to configure Agent Evals

The post Enable agents to bring apps into the flow of work—while keeping IT in control appeared first on Microsoft Copilot Blog.

Then, customers like you pushed us further.

You told us where agents didn’t scale, where authentication slowed runs, and where it was hard to understand why something failed—or to prove it behaved correctly. You also told us where your organization needed more control, visibility, and flexibility before rolling out computer‑using agents at scale.

Today’s updates are a direct response to that feedback.

Computer‑using agents in Microsoft Copilot Studio now offer more model choice, stronger security and governance, and easier scale—so you can automate more of your work across web and desktop apps with confidence.

Here’s what’s new with computer use—and why it matters.

Choose the right model to navigate dynamic interfaces

Computer-using agents now support multiple foundation models, including Anthropic’s Claude Sonnet 4.5 alongside OpenAI’s Computer-Using Agent. This gives you the flexibility to choose the best fit for each agent, based on the interface and the task.

• Use OpenAI Computer-Using Agent to orchestrate multi‑step web and desktop flows.
• Opt for Anthropic Claude Sonnet 4.5 when you need high performance reasoning on dynamic user interfaces (UIs) and interpretation of dense, changing dashboards.

Secure authentication with built in credentials and Azure Key Vault

Authentication shouldn’t be the reason automations stall. Computer use now offers built‑in credentials so agents can:

• Securely perform website and desktop app logins.
• Reuse them across multiple agents and automations.
• Eliminate manual login prompts during runs, enabling unattended execution.

For example, if an agent needs to log into a vendor portal and update a desktop ERP every night, built-in credentials now let the agent authenticate to both the web portal and the desktop app automatically. This removes manual interruptions and makes overnight processing dependable while maintaining governance controls. No need to babysit “unattended” runs.

You can choose between two storage options aligned to your governance needs: internal storage (encrypted in Microsoft Power Platform) for low-friction setup, or Azure Key Vault for enterprise-grade secret management.

Credentials are encrypted and are never exposed to the AI model, so only authorized agents can access them. This way, your security and compliance team can feel confident scaling CUAs to more scenarios.

See every computer-using agent action with session replay and audit logs

As agents touch more business‑critical systems, teams need to know what happened, why it happened, and where.

Computer use now has advanced monitoring and richer observability, so operations, security, and compliance teams can inspect behavior step‑by‑step. This includes:

• Session replay with screenshots.
• Step‑by‑step action logs with action types, coordinates, timestamps, and context.
• Run summaries instruction text, duration, action counts, average time per action, and human escalation counts.
• Resource tracking including websites, desktop apps, credentials used.
• Export options for offline review.

But what does this look like in practice? Imagine an agent run produces an unexpected update, and your team can’t tell whether the agent misread the UI, clicked the wrong control, or encountered a hidden pop‑up.

Session replay and action logs now show exactly what the agent saw and did, pinpoint the step where the UI changed, and produce an exportable record for audit review. That way, you can fix issues faster and retain a defensible compliance trail.

Beyond the monitoring pane, compliance is further strengthened through:

• Microsoft Purview integration, sending audit logs to Purview.
• Dataverse logging with configurable verbosity—choose All data, Data without screenshots, or Minimal.
• Retention options from 7 days to indefinite, to match regulatory and governance requirements.

Simplify infrastructure with managed Cloud PCs for computer-using agents

Scaling UI automation shouldn’t require managing fleets of desktops or fragile virtual machines. The new Cloud PC pool, powered by Windows 365 for Agents, provides fully managed cloud‑hosted machines that are Microsoft Entra joined and Intune enrolled, designed for computer use runs and built to scale with demand.

In other words, these Cloud PC pools provide managed capacity for high-volume runs when demand spikes—without the overhead of keeping dedicated hardware patched, available, and idle the rest of the time. This way, your team can handle spikes without over-provisioning hardware.

Note: For evaluation, you can create up to two Cloud PC pools per tenant with 50 hours of free usage for published autonomous agents—making it easier to pilot CUAs at scale before broader rollout.

Extend—don’t replace—your automation

If you’ve built automations with Microsoft Power Automate and RPA, computer use expands what you can automate—especially when:

• Interfaces change frequently
• APIs aren’t available
• Decision logic becomes more complex

Thankfully, you can keep classic RPA for deterministic scenarios with stable interfaces. CUAs then add flexibility and adaptive reasoning where RPA falls short (such as dynamic web apps, shifting layouts, or complex decisioning). After all, the goal isn’t to start over—it’s to modernize and extend what you already have.

For example, say you have an RPA bot that depends on fixed selectors. Historically, it broke each time a web form changed, forcing constant script updates.

Now, the RPA stays the same, while a CUA handles the variable UI portions—navigating changing layouts, interpreting dialogs, and escalating edge cases. The result? Reduced maintenance and improved reliability.

Get started and help shape what comes next

Ready to try computer‑using agents in a US‑based Copilot Studio environment?

1. Create or open an agent in Microsoft Copilot Studio.
2. Go to Tools → Add tool → New tool and select computer use.
3. Describe the task you want the agent to perform in natural language.
4. (Optional) Choose a model, configure built‑in credentials, and set up a Cloud PC pool for secure, scalable runs.

For deeper guidance, configuration details, and best practices, see the computer use documentation.

Before you go: We’re actively investing in advanced governance, operations, and scale for CUAs—and customer feedback directly informs the roadmap. Tell us what you think of the latest CUA updates today:

• Email feedback to computeruse-feedback@microsoft.com
• Join the Copilot Studio community

The post Computer-using agents now deliver more secure UI automation at scale appeared first on Microsoft Copilot Blog.

Grok 4.1 Fast is a fast‑reasoning, text‑generation model (generation of images and other media types are not supported) that is designed for large context, deep tool use, and can be used to handle complex workflows. This addition reflects our ongoing commitment to give you more flexibility when designing and optimizing agents—so you can choose the right model for every business scenario.

Expanding our model line-up

Copilot Studio aims to give makers the ability to evaluate and use the model best suited to transform their business. With the addition of xAI Grok 4.1 Fast, we’re building on that commitment.

Alongside OpenAI and Anthropic models, xAI adds even more depth to your multi‑model lineup—while still keeping responsible AI principles at the center. Before rollout, every model in your Copilot Studio lineup goes through security, safety, and quality evaluations.

When using Grok 4.1 Fast in Copilot Studio, customer data is not retained or used to train xAI’s models. xAI’s models are hosted outside Microsoft-managed environments, and when you use Grok 4.1 Fast in Copilot Studio, your relationship with xAI will be independent of Microsoft and governed by xAI’s Enterprise Terms of Service and Data Protection Addendum.

Unlocking the power of model choice

Starting today, Grok 4.1 Fast is available in preview in early access environments, and is off by default. Your organization’s admin must explicitly opt in to use the model before US-based makers can build with it.

If an admin doesn’t opt in, nothing changes and makers keep their current model options. Existing agents continue running exactly as they do today.

Learn more about admin opt-in controls:

• Allowing external language models for generative responses
• How to connect to xAI’s models

The post More choice, more flexibility: xAI Grok 4.1 Fast now available in Microsoft Copilot Studio appeared first on Microsoft Copilot Blog.

To help teams like yours answer these complex questions faster and move with confidence, we’ve launched the new agent architecture guidance hub and a refreshed Microsoft Copilot Studio guidance hub. These on-demand resources offer end‑to‑end documentation across the agent lifecycle—from design and planning through operations, governance, and advanced architectural patterns.

Built on established practices from Microsoft engineering teams and real‑world deployments, these hubs give architects, developers, and IT a shared blueprint to work from. And they were designed to help your team make smarter architectural decisions, accelerate delivery with practical how‑to guidance, and scale safely with trusted governance, security, and responsible AI practices.

Whether you’re building your first agent or scaling across your enterprise, these hubs can help you start—and stay—on the right path.

Now, let’s explore what each hub offers and how to put them to work for your organization.

Meet the new agent architecture guidance hub

The new agent architecture guidance hub is a technology‑agnostic playbook for designing secure, reliable, and accountable agents. Unlike the Copilot Studio guidance hub and Azure Well‑Architected guidance, this hub focuses on the principles and patterns required to build scalable agent systems—regardless of platform, tools, or runtime.

Grounded in the same practices Microsoft 365‑grade agents use, this hub distills lessons from real‑world deployments into a single source of truth. It provides clear answers to foundational architecture questions, such as how your agents should be structured, how they should run, and how they should be governed at scale.

Use the agent architecture guidance hub to:

• Identify fit for purpose by mapping your scenario to the right agent flows, components, and reference architectures.
• Design for operability by building reliability in from the start, using deployment lifecycle and evaluation guidance.
• Establish trust, traceability, and transparency through responsible AI practices, governance, auditability, and security practices.
• Optimize search and tool‑use patterns by adopting retrieval, grounding, and tool‑execution approaches used in Microsoft 365 Copilot.

Discover the redesigned Copilot Studio guidance hub

The reimagined Copilot Studio guidance hub is your end‑to‑end playbook for designing, building, and operating agents in Copilot Studio. Unlike architecture‑level resources, such as the agent architecture guidance, this hub focuses on hands‑on implementation—so makers, developers, and IT admins know exactly how to execute their work inside the product.

The newly reorganized and expanded hub now mirrors the full lifecycle of an agent. It’s built around five practical stages—Plan, Implement, Manage, Improve, and Extend—so your team can quickly find the right guidance at the right moment, whether you’re starting fresh or scaling an existing deployment:

• Stage 1: Plan. Align on business goals, define success measures, apply responsible AI considerations, and design effective language understanding before building anything. This helps to ensure every agent starts with a clear purpose, measurable outcomes, and a responsible foundation.
• Stage 2: Implement. Focus on the design and build work inside Copilot Studio. Learn generative orchestration patterns, build topics effectively, integrate systems and APIs, and publish agents with confidence using patterns established to work in production.
• Stage 3: Manage. Operate agents with governance, ALM, capacity planning, project security, testing guidance, and compliance best practices. This stage helps teams define the guardrails and decisions needed to maintain trust, reliability, and control over time.
• Stage 4: Improve. Center continuous optimization around analytics, KPIs, and conversation insights to drive measurable improvements in accuracy, containment, deflection, and user satisfaction—turning real usage data into targeted enhancements.
• Stage 5: Extend. Go beyond out‑of‑the‑box capabilities with hands‑on extension guidance. Use the Copilot Studio Kit and work with the Microsoft 365 Agents SDK to add custom logic, actions, and richer workflows tailored to your organization’s unique scenarios.

Together, these stages make this hub a practical, step-by‑step playbook for building agents in Copilot Studio that are useful, safe, and maintainable from day one—and that can scale as your needs grow.

Build agents with confidence

Successful agents require more than a powerful platform—you also need clearer choices, practical guardrails, and a way to spend less time reinventing the wheel. The new agent architecture guidance hub and Copilot Studio guidance hub (together with our other resources like the Copilot Studio adoption site and Copilot Studio community forum) make it easier to go from early experiments to confident, repeatable delivery.

Use the agent architecture guidance hub to clarify what to build and why. Then, turn to the Copilot Studio guidance hub when you’re ready to design, build, and operate those agents more effectively in Copilot Studio.

Whether you’re experimenting with your first agent or managing a collection of agents in Microsoft Copilot Studio, put these resources to work to make your next build easier, safer, and faster.

The post New resources and guidance to plan, build, and operate enterprise-ready agents appeared first on Microsoft Copilot Blog.

Then, reality arrives. 

The people who use the agent phrase questions differently. Conversations stretch across multiple turns. Context accumulates. Permissions prove table stakes. The right tools need to be invoked. Edge cases appear. Suddenly, the question becomes “can I actually trust how the agent behaves?”

Agent evaluations exist for this exact moment. AI agents do not behave the same way twice. Their responses shift with model updates, data changes, prompts, tools, and context. What works today may drift tomorrow.

Thankfully, agent evaluations reinforce confidence in the agents you build. Let’s walk through how you can make the most of this capability.

What exactly are agent evaluations?

Agent evaluations (or “evals”) are the standardized mechanism that make agent variability visible and manageable. Unlike debugging, evals are not a one-time check or a manual review. It is a consistent process that helps you stay ahead of what could go wrong and improve agent performance over time. 

By running evaluations, makers can launch agents into production knowing how they’ll behave, not how we hope they do. They can also ensure that an agent’s behavior remains stable over time.

As such, every maker should be evaluating all their agents. But this initiative can start with a few quick evaluations that require minimal setup, using default data and default grading to unlock quick signals.

However, as your agents mature, you’ll likely need to evolve this strategy, configuring additional evaluations that test behaviors in specialized scenarios.

Agent evaluation in 8 simple steps

Imagine you’re a maker that just built an internal human resources (HR) agent that helps employees understand leave policies, benefits, and when to escalate to HR systems. 

Here’s how you’d evaluate this agent in Microsoft Copilot Studio, from deciding what to evaluate to understanding real-world behaviors and confidently iterating:

Step 1: Decide what you’re evaluating

Before you can run an evaluation, you need to be clear about what you’re trying to validate. 

This starts with defining the scenario. What kind of behavior are we testing? What assumptions are we making about the user’s intent, the context, and the information the agent has available? A well-defined scenario sets the foundation for meaningful results.

With this information, you’ll need to define your scope. Some evaluations focus on a narrow behavior to get a precise signal. Others cover a wider range of interactions to reflect real usage. A narrower scope makes results easier to interpret, while a broader scope helps surface risks that only appear at scale. 

You’ll need to make these choices deliberately. By explicitly defining the scenario and scope, evaluations produce signals that are relevant, reliable, and aligned with how you expect people to use the agent in practice. And it can impact the success of your evaluation.

Step 2: Ground evaluation in real user behavior 

Once you’ve defined the scope, the next question emerges: “What are we evaluating against?” 

Strong evaluations start with realistic data. Not idealized prompts, but the messy, imperfect ways people actually ask questions. For your HR agent, this includes vague phrasing, partial information, and mixed intents like asking about leave while referencing a personal situation. 

You can bring data from multiple sources, including manually authored scenarios, AI-assisted generation to broaden coverage, imported datasets, and even historical or production conversations.

We recommend starting with a small but meaningful test set, focusing on the high-value scenarios that matter most to your business.

This data ensures that the evaluation inputs reflect real behavior, not the maker’s assumptions. But even with this data in place, you’ll likely ask: “How will this help me judge whether the agent behaved as expected?” This brings us to step three.

Step 3: Define your evaluation logic

Sometimes makers start with default grading to understand baseline behavior, before deciding what they want to measure more precisely. 

Meanwhile, others define more specific grading logic upfront based on what they already know and what they want to validate. 

Evaluation logic does not require full certaienty at the start. It provides a structured way to observe outcomes and refine what matters over time. 

Makers can choose from a collection of ready-to-use graders and even combine multiple graders within a single evaluation to get a richer, multi-dimensional view of agent behavior. 

For example, your HR agent configuration might include three separate graders:

1. General quality grader to assess whether the response is complete and addresses the full question.
2. Classification grader, where you describe the expected behavior as using natural language prompts.
3. Capability grader to confirm the agent uses the right topic or tool at the right time.

Even better, you can make these expectations explicit: what matters, what does not, and what “good behavior” looks like in this scenario. By defining evaluation logic upfront, you’ll reduce ambiguity, make success observable and explainable, and shift quality from subjective judgment to measurable signal. 

Step 4: Set the right identity context 

Once you’ve outlined what you’re testing, you need to define when the evaluation should run. Specifically, which user profile should the agent act like is sending the questions when it’s being evaluated?

The user context you select determines the agent’s behavior, including what data it can retrieve and reason over. It also ensures evaluations catch permission‑related risks early, such as inappropriate data access.

So, making this choice explicit helps avoid a common source of false confidence. When results are reviewed later, makers can trust that successes and failures are grounded in the same access boundaries their users will experience.

For example, an HR agent that references internal policy articles may behave very differently if it’s responding to a full-time employee or a contractor.

Running the evaluation under only the intended user identity ensures evaluation results reflect real conditions rather than an idealized setup. This can help you identify and mitigate unexpected behavior, such as sharing your company’s healthcare options with a contractor.

Step 5: Evaluate the agent’s responses

Now, it’s time to run your evaluation. Based on the data you provided, Copilot Studio simulates real user prompts and the agent generates responses, curated to your prescribed user context. Each configured grader then evaluates a different aspect of the response, such as quality, correctness, or capability.

This evaluation process turns individual answers into structured signals. Together, these signals make agent behavior observable, repeatable, and explainable at scale. 

The maker is no longer relying on intuition or spot checks to assess their agent’s quality. They’ve created a disciplined feedback loop that replaces assumptions with evidence and transforms agent quality from a subjective impression into a measurable outcome. 

Step 6: Step back to see the bigger picture

Once your evals gather sufficient signals, your focus shifts outward: “What does this tell me overall?” 

Aggregated results provide a high-level view of quality, consistency, and trends across scenarios and graders. For the HR agent, this might reveal strong performance on common policy questions, but weaknesses around edge cases or escalation behavior. 

With these signals, you can better prioritize. Not every failure matters equally. Patterns matter more than anomalies. And evaluation becomes a decision-support tool, not just a reporting surface. 

Step 7: Investigate why single cases pass or fail

High-level signals are useful, but confidence is sturdiest when it’s grounded in the details. 

When a maker drills into a specific test case, explainability comes to the foreground. They can see which grader triggered a failure, how the agent responded across turns, which knowledge sources it used, and whether it invoked the expected tool or topic. 

This is often the turning point. Instead of guessing why something went wrong, you can finally understand what actually happened. Was the agent’s instructions unclear? Was the data incomplete? Did the agent confidently answer the prompt when it should have escalated it? 

With this newfound understanding, you can make informed changes to your agent, adjusting instructions, data, or behavior based on what the evaluation revealed. 

Step 8: Validate progress through comparison 

Evaluation doesn’t end with a single run and a few gathered signals. Agents change over time. Instructions get updated. Data grows. Tools are added. 

With evaluations as an always-on motion, you can compare runs. You can check whether things are improving and catch regressions early. This ongoing view helps your team answer a simple but critical question: “Are we actually getting better?” 

For your HR agent, evaluations might confirm that an update made to the instructions reduced hallucinations without harming coverage. Confidence is no longer anecdotal. It is earned through evidence. 

Make agent evaluations your confidence loop

Evaluations don’t slow you down. They accelerate progress. Each iteration builds understanding and offers clarity. Each run reduces uncertainty. And each comparison strengthens trust, empowering you to build with confidence.

That confidence is what encourages teams to move from test to production, and from promising prototypes to agents that can be relied on in real business scenarios at scale. 

Ready to run your first agent evaluation? Get tactical guidance for configuring evals in Copilot Studio—complete with best practice evaluation methodologies.

New to Copilot Studio? Discover how you can transform your business by building, evaluating, managing, and scaling custom AI agents—all in one place.

The post How to evaluate AI agents in Microsoft Copilot Studio appeared first on Microsoft Copilot Blog.

This shift marks the moment AI moved from helping people do work faster to helping organizations optimize their workflows.

Microsoft Copilot Studio has played a central role in this transition. It gives you more flexibility to evaluate and use the models best suited to your business as agent adoption scales.

In 2025, we laid the groundwork for what scalable, impactful agentic work should look like. In 2026, we believe the organizations that benefit most will be the ones that build on that foundation. These six trends define what organizations need to make agent adoption stick in 2026 and beyond:

1. Ability for anyone to turn intent into agents
2. Agents that can own workflows from end to end
3. Power to coordinate agents for real outcomes
4. Flexibility to control your agent models
5. Agents that can act across your systems
6. Capability to scale agents without sacrificing control

Organizations that have all six aren’t just experimenting with agents. They’re operationalizing them, turning curiosity into confidence, and transmuting innovation into sustained business value.

1. Ability for anyone to turn intent into agents

Historically, building an agent meant translating business intent into technical instructions. This process slowed adoption and limited who could participate. In 2025, that barrier fell away. Conversation became the agent-making interface in both Copilot Studio and the Agent Builder in Microsoft 365 Copilot Chat. Now, people can describe what they want done using natural language and create an agent to do it. These agents can interpret intent, context, and goals thanks to their underlying model and knowledge, not specially built code.

That shift is designed to empower everyone on your team to build agents. Sales leaders, operations managers, and human resource (HR) officials no longer need to wait for technical assistance to automate everyday work. Meanwhile, IT teams retain clarity and structure under the hood, with agents grounded in logic that can be reviewed, refined, and governed—all in Copilot Studio.

The results? Faster fast agent creation, broader participation, and fewer translation gaps between business needs and technical execution.

For example, a sales operations manager can now describe and publish an agent that:

• Monitors pipeline changes, such as changed estimated close dates.
• Flags deals that may be at risk, based on predefined criteria (e.g., no activity with stakeholders for over a month).
• Notifies account owners with recommended next steps based on the type of flag.

The payoff: More people can build knowledgeable, context-aware, and helpful agents, which can translate to less bottlenecking on centralized teams and faster time to value.

2. Agents that can own workflows from end to end

For many teams, early adoption wins came from AI assistance: drafting content, summarizing meetings, answering questions. Useful, but incremental. In 2025, agents crossed an important threshold; they evolved from helping with work to handling it on your behalf. With agent flows and the Workflows Agent, agents can now own repeatable processes from end to end, automatically advancing work when required.

In other words, agents unlock new opportunities to streamline and scale how work gets done. An onboarding process no longer stalls due to a missed handoff. A request doesn’t linger in a queue waiting for manual follow-up. Agents move work along reliably with automated approvals, escalating to humans only when judgment is required. For leaders, that can mean faster cycle times and fewer hidden bottlenecks. For teams, it can translate to more time spent on decisions—not coordination.

For example, a company could use Copilot Studio to automate a multi-step process for expense submission, validation, and reimbursement. The process:

• Triggers when an employee submits a wellness or reimbursement request.
• Guides the employee through required forms and documentation in a single, user-friendly flow.
• Validates submissions against global wellness policy rules and regional guidelines.
• Routes requests across the appropriate software as a service (SaaS) tools and internal HR systems.
• Escalates exceptions to a human only when needed.

The payoff: Faster resolutions using consistent criteria, less potential for human error, and a daily pain point made smoother with an agent.

3. Power to coordinate agents for real outcomes

Often, meaningful business outcomes don’t happen in a single step or system. As soon as agents move beyond simple tasks, coordination becomes increasingly challenging. Multi-agent systems addressed this complexity head-on in 2025, allowing agents to specialize, delegate, and collaborate toward shared goals.

Instead of designing one agent to handle every step, organizations can now compose agents that mirror how teams already work. One agent might monitor signals, while another gathers or validates information, and a third prepares recommendations or takes action.

Together, these agents are designed deliver outcomes that would be difficult for any single agent to manage alone. More importantly, they remove a layer of decision-making from the stakeholder. Instead of figuring out which system or agent holds the right answer, you can simply ask your question and let the agentic system coordinate the rest. Complex workflows become easier to reason about, evolve, and scale—without adding mental overhead for the people involved.

For example, a manufacturing company might use:

• One agent grounded in internal policy and safety documentation.
• Another agent trained on equipment manuals and training materials.
• A third agent connected to supplier-provided expertise.
• A coordinating agent that evaluates each question and routes it to the right source automatically.

The payoff: More clarity around which system or agent to use—just ask, and the right expertise can come together behind the scenes. This can help keep complex work cohesive, not cobbled together.

4. Flexibility to control your agent models

As agents moved into real business workflows, one reality became clear: not every task has the same requirements or permissions. Some scenarios call for deeper reasoning. Others prioritize repeatability and efficiency at scale. Still, others must meet strict regulatory, security, or data residency standards.

In 2025, Copilot Studio expanded model choice to meet those needs. It now supports Anthropic models, chat and reasoning-specific models, access to thousands of models through Microsoft Foundry, and bring-your-own-model options. You can select the right model for each workload while IT teams maintain policy alignment and oversight. This gives your organization flexibility in how agents behave and perform, without fragmenting the experience.

For example, an organization in a regulated field might use:

• One model optimized for policy interpretation and complex reasoning.
• Another tuned for cost efficiency in high-volume, repeatable requests.
• Central governance to ensure each model is applied appropriately.

The payoff: Instead of compromising between performance and compliance, agents can be configured to match the realities of the work they support—and evolve as those requirements change.

5. Agents that can act across your systems

For years, AI has been good at suggesting what people should do, but it hasn’t been equipped to help make it happen. In 2025, capabilities like Model Context Protocol (MCP) and computer use began to close that gap. Agents can now connect to systems, navigate interfaces, and take action across tools—not just give recommendations.

This addresses one of the biggest gaps in early AI adoption by reducing the handoffs that drastically slow work. When agents can act across environments to update records, trigger workflows, and interact with real systems (like clicking around a website and filling out form fields), work moves forward automatically, at any time of day. This can help reduce delays, manual errors, and the risk that important follow-ups get lost between tools or teams.

For example, an operations agent could autonomously:

• Identify a supply issue based on predefined signals.
• Update the system of record with the latest status.
• Fill out and file a ticket to initiate remediation.
• Notify relevant stakeholders with context and next steps.

The payoff: Faster response times, fewer handoffs, and agents that operate across real-world systems, not just chat windows.

6. Capability to scale agents without sacrificing control

Widespread agent adoption raises a familiar concern: How do you prevent innovation from outpacing governance? Leaders want to move quickly, but not at the expense of visibility, security, or cost control. In 2025, Copilot Studio addressed that gap by bringing lifecycle management, agent evaluations, and enterprise controls directly into the agent experience.

Organizations can now understand which agents are in use, how they’re performing, and what they cost across environments. Admin controls are designed to align agent behavior with intended use, while agent evaluations support ongoing quality and improvement. Paired with Microsoft Agent 365, organizations get a unified view of agents across Microsoft 365 Copilot and Copilot Studio, giving business and IT leaders the clarity needed to scale with confidence.

For example, IT leaders can:

• See which agents are used, by whom, and at what cost.
• Evaluate agent quality and performance over time.
• Communicate performance insights to business leaders to help increase buy-in, investment, and adoption.
• Apply consistent governance without slowing innovation.

The payoff: Agents can move from pilots to production faster, with fewer surprises and clearer business impact.

How to turn agentic momentum into results

The question for 2026 isn’t whether agents will be used—it’s how deliberately they’ll be put to work. Over the past year, the foundations for scalable agent adoption came together. The opportunity now is to move from experimentation to widespread execution.

We believe organizations that’ll get the most value in the year ahead will do three things consistently:

1. Broaden who builds by empowering business teams to create and refine agents in partnership with IT teams, who provide guardrails without stifling creativity.
2. Standardize how agents are shared and reused, so successful patterns move beyond individual productivity into team and enterprise workflows.
3. Measure what matters as a matter of course, using visibility into usage, quality, and cost to guide where agents are expanded, improved, or retired.

When business and IT teams operate from the same foundation, agents stop being side projects and start becoming part of how work happens. That’s how teams move faster, reduce rework, and work together with AI and automation to create true business transformation.

Where to start—and how to go further

Your best agentic year isn’t defined by how many agents you build, but by how many people rely on them to get work done. Copilot Studio gives you the foundation to do exactly that. Now, 2026 is about building out, driving adoption, and scaling up.

Try this three-step plan for building and scaling your agent strategy with Copilot Studio:

1. Get quick wins. Start by focusing on business-to-employee (B2E) assistive agents. Try downloading the Employee Self-Service Agent from the Agent Store.
2. Create a Center of Excellence (COE). Set up a central team that can help triage cross-team needs and get the broader organization comfortable with agents. This could be a representative from every department, or made up of agent champions (regardless of where they sit in their org). A great COE can help reduce geographic silos and bring consistency to an AI strategy.
3. Measure and reward adoption. What gets measured gets focus and investment. Compare the situation today with the situation post-agent adoption. Did the agent provide value? Has it improved what you set out to change? Prove the progress, and then you can move onto the next process.

Get started today and turn agent curiosity into capability, confidence, and commitment this year.

The post 6 core capabilities to scale agent adoption in 2026 appeared first on Microsoft Copilot Blog.