• Introduction
• Chapter 1: Building your agent governance strategy
• Chapter 2: Establishing a solid data foundation for agent governance
• Chapter 3: A matrixed approach to agent governance
• Chapter 4: Tracking, impact, and value
• Conclusion: Governing the frontier

Empowering employees and protecting your organization through agent governance

Welcome to the agentic frontier

Agents are expanding the frontier of enterprise AI. By creating tools that surface knowledge, take actions, and even reinvent workflows, organizations can apply the power of AI to business processes in new and innovative ways.

But this shift raises questions for business and IT leaders: How do you get the benefits of agents without putting your organization and employees at risk? How do you encourage citizen developers to create agents freely while maintaining control, security, privacy, and compliance?

At Microsoft Digital, the company’s IT organization, we’re putting practical governance structures in place to ensure our internal agents are useful, safe, and properly scoped. Through a deliberate strategy of empowerment with established guardrails, we’re unlocking the potential of agentic transformation while maintaining the trust that defines our work.

Read and prepare

Check out our complete guide to deploying and adopting agents across the enterprise, based on our own experience here at Microsoft.

The AI maturity model and frontier transformation

Agentic AI has made a new operational model possible, one that blends machine intelligence with human judgment, creating AI-operated, human-led teams.

We call organizations that enact this model Frontier Firms.

As organizations move toward this new operational state, they progress from foundational AI assistance through escalating levels of agentic maturity and complexity. First, humans operate with help from an AI assistant like Microsoft 365 Copilot. Then, human-agent teams work together. But the future lies with humans leading teams of agent users: AI agents that perform core labor with relative autonomy.

Capturing the benefits of this model relies on many factors, but in our experience as Microsoft Digital, two main tenets are instrumental to a successful transformation:

1. Empowering employees and teams to create and experiment with their own agents
2. Properly governing those agents to protect the enterprise

It’s a balance. If you set agent builders free without the proper guardrails, you risk data overexposure, agent sprawl, and security vulnerabilities. However, being too restrictive about governance stifles individual imagination, workflow reinvention, and innovation that can come from agentic AI.

“At Microsoft, we’ve moved beyond envisioning the agentic future into operating within it every day. Our experience as Customer Zero gives us a unique perspective on what it takes to govern AI agents at scale, turning early lessons into proven practices that help organizations innovate with confidence.”

Brian Fielder, vice president, Microsoft Digital

We’re here to help you find the right balance for your organization.

This guide shares what we’ve learned along the way. As you read, you’ll follow our journey as Customer Zero at Microsoft, and you’ll gain access to tips and resources that we’ve assembled to help you apply our expertise to your own agent governance practice.

Every organization is different, and your experience will differ from ours in terms of risk tolerance, technical capability, resourcing, and more. This guide highlights some principles and best practices you can apply to your own business context, needs, and objectives.

“At Microsoft, we’ve moved beyond envisioning the agentic future into operating within it every day,” says Brian Fielder, vice president of Microsoft Digital. “Our experience as Customer Zero gives us a unique perspective on what it takes to govern AI agents at scale, turning early lessons into proven practices that help organizations innovate with confidence.”

Now is the time to seize this opportunity. Follow along to start your own journey toward frontier transformation and capture the benefits of trusted, connected agentic intelligence.

Learn from our experience governing agents

Within Microsoft Digital, we’ve been acting as Customer Zero for frontier transformation by creating the tools, infrastructure, and processes that power agents at Microsoft.

Our goal is to make it easy for employees to engage with agentic tools freely and adaptably while maintaining safety and responsibility. The path to this objective relies on a three-pronged approach to governance:

• Embedded governance functionality: Agent creation and publishing tools should incorporate good guidance, governance, and guardrails out of the box, making agents people create essentially self-governing.
• IT oversight: This is a new space and a new way of working, so it isn’t feasible for all agents to self-govern at this point. As an IT organization, we fill gaps in governance through reviews and oversight. We establish risk-based policies around types of agents, exposure and sharing, and other pivots.
• User education: It’s almost impossible to predict every governance gap and need, so educating our users helps them avoid accidentally increasing risk. Our Agents at Microsoft team and individual change managers are the guides for these efforts. Employees can also refer to resources like Microsoft Learn courses and the Agent Builders SharePoint hub.

Throughout this journey, we’ve empowered our employees to create all kinds of agents, ranging from simple personal tools built by people working in every function, with every level of technical skill, all the way to AI-powered enterprise tools designed by professional developers for use across lines of business and even the entire company.

As part of the process, we’ve incorporated guardrails to ensure less technical employees are limited to tools that simply retrieve enterprise knowledge, such as SharePoint Agent Builder or Copilot Studio, while software engineers get the full power of any tool they need that can take action or automate workflows, including Microsoft Foundry and Microsoft 365 Agent Toolkit.

Over the course of this journey, we’ve learned valuable lessons about effective agent governance, including:

• How to build an impactful but flexible governance strategy
• Strategies for creating an AI-ready data ecosystem
• Ways to apply appropriate policies and controls for highly diverse agents
• Approaches for tracking the impact and value of agents

Chapter 1: Building your agent governance strategy

Thinking through your organizational needs and building a framework to govern agents

As we’ve incorporated agents into different aspects of our organization, we’ve also deepened their involvement in employees’ daily workflows and core business processes. Because of this, we’re diligent about the governance guardrails and policies that protect our organization.

We’ve accumulated a wealth of knowledge and insights in this area through our efforts governing Microsoft 365 Copilot. Based on this experience, some of the key priorities that we made sure to adhere to included:

• Effectively applying controls to ensure users and apps don’t get access to privileged information
• Preventing employees from creating agents that violate company policies
• Balancing the freedom for employees to share their creations with the need to prevent agent sprawl
• Delineating which agents are authoritative and applicable for enterprise functions and which ones are meant for employees’ own personal use.
• Inventorying agents to provide lifecycle management
• Securing and protecting confidential data while respecting our responsible AI principles: Fairness, reliability and safety, privacy and security, transparency, accountability, and inclusiveness
• Unlocking telemetry that enables us to govern agents effectively

By focusing on each of these dimensions, our governance team has centered its efforts on the value these agents provide to the company while also ensuring organizational safety and trust. To realize this value, we emphasize three key principles that help protect both our employees and the organization:

Security

We’ve established standards for data classification, policies for handling confidential information, and other security measures to protect data from unauthorized access, misuse, and disclosures. Microsoft Purview powers these capabilities through data labeling, rights management, and data loss prevention.

Privacy

Privacy compliance measures keep personal data protected and ensure agents adhere to regulatory frameworks in the regions where we operate. We conduct regular privacy assessments for all applications, including high-impact agents.

Regulation

Regulatory compliance assessments ensure agents meet prevailing legal standards. Our legal and compliance teams carefully monitor AI guidelines, regulations, and laws as they evolve so we can understand and incorporate them into these assessments.

We incorporated elements of our tenant’s minimum bar for governance into how we secure agents. Those include Microsoft Purview Information Protection, a functional inventory, activity logging, lifecycle management, and the ability to properly isolate agents so that they don’t cross data boundaries.

Our overarching tenant governance strategy is to govern items like documents and data at the container level. However, within a SharePoint site, for example, the added functionality of agents demands that we introduce further controls like sharing limits, breadth of knowledge sources, agent metadata, and information about an agent’s behaviors.

Turning priorities into principles

To operationalize governance, we developed six principles that guide our approach to agents. They form the governance foundation for a wide matrix of agent creation and usage opportunities.

1. We ensure a strong data hygiene foundation so we can trust our data estate as employees build and use agents.
2. We empower employees to build personal agents that can access permitted services and data sources to help automate and accelerate their tasks.
3. We empower teams and lines of business to build agents with known lower-risk patterns to accelerate impact.
4. We provide a smooth release path for engineering teams to develop agents designed for enterprise functions so they can access all the services and sources they need. This includes the same software development lifecycle (SDLC) reviews and certifications as other enterprise software, which we outline in Chapter 3.
5. We accelerate innovation through agent and automation templates while maintaining an AI Center of Excellence (CoE) to help teams think through their opportunities.
6. We reimagine employee experiences and task execution to simplify and optimize productivity.

Read and prepare

Powering the technical veracity of AI at Microsoft with a Center of Excellence.

Securing control through agent lifecycles

As we strategized to operationalize good governance, agent lifecycles became one of our most crucial tools. We superimposed the enterprise lifecycle on top of these policies, with both user-based and attestation-based lifecycles.

This means we treat agents owned by individual employees like any other user app and delete them when they leave the organization. Meanwhile, we ensure that agents owned by teams have a lifecycle that’s defined by the tenant and tied to attestation, our internal enterprise SDLC, and accountability confirmations.

This approach helps us combat sprawl by eliminating agents that no longer serve a purpose. It provides a solid foundation for more fine-tuned, matrixed policies and practices.

Governing amid real-time technology acceleration

One recent development illustrates how the rapid advancement of AI technology requires us to stay ahead of policy for new features.

Model Context Protocol (MCP) adds new capabilities, but also new risks and challenges. It’s a simple standard that lets AI systems communicate with the right tools and data without custom integration work. Instead of building a new connection or API every time, teams plug into a common pattern.

That standardization delivers speed and flexibility, but it also changes the security equation. We’ve extended our security and governance practices to account for MCP servers.

Our practices and policies help us govern agents effectively in this new environment. First, we assess security across four layers: Applications and agents, the AI platform, data, and infrastructure. We establish a secure-by-default strategy by positioning every remote MCP server behind our API gateway and establishing practices for vetting, identity management, automation that slows agents at the right moments, context trimming, and server isolation.

As you define policies for governing your own agentic ecosystem, you can take inspiration from our process. Start by asking questions about what you want to accomplish and what you want to protect, then move on to establishing your most important priorities. From there, you can cement those priorities into policies.

Learning from our approach to agent governance strategy

Match policies to progress on your AI journey

The complexity of agent governance depends on the maturity of your organization and where you are in your adoption journey. Start slowly to let that maturity grow over time.

A strong policy framework is the foundation

Lean on existing app governance policies, then layer agent-specific structures on top.

Take your cues from established standards

Global regulations around privacy, security, and responsible AI provide a good baseline for establishing governance policies. Assign teams to work through these regulations and incorporate their insights into your agent governance strategy.

Decide on your comfort level with risk

Bring cross-disciplinary experts together from across your organization to determine what level of risk is acceptable for different agents and their use cases. Put guardrails in place for low-risk scenarios and establish processes for supporting more complex or sensitive use cases. Evaluate what data sources agents can extract information from. Establish whether users have shared sensitive data sources.

Change is constant

Plan to reassess and revise your governance structure regularly. Agents are evolving rapidly, as is the tooling surrounding them, so maintaining good governance policies will be an ongoing practice.

Governance is a value driver for employees

Governance isn’t just about protecting your organization. It also provides the right patterns to make sure your employees are getting value from agents. Establish strong measures of business value and a robust methodology for management and assessment of agents through ongoing tracking. This kind of observation and telemetry is foundational and should be a key part of your governance efforts.

Key takeaways

Use these tips based on what we learned here at Microsoft to build your strategy for agent governance at your company:

• Establish a cross-disciplinary agent Center of Excellence. Bring together stakeholders across the organization to define priorities, goals, and shared practices for agent adoption.
• Right-size oversight based on risk. Determine your organization’s risk tolerance and define which agents require more or less involvement from IT, security, and compliance teams.
• Operationalize agent oversight and management. Establish an oversight model and implement tools that help manage agents at scale.
• Establish change management and adoption. Determine and implement a strategy for driving adoption to educate and empower employees.
• Create a centralized governance and information hub. Provide employees and agent builders with a single place to find guidance, standards, and governance information.

Learn more

How we did it at Microsoft

• Find out how we’re protecting AI conversations at Microsoft with MCP security and governance. This post outlines how we’re streamlining MCP governance through secure-by-default architecture, automation, and inventory.
• Explore our IT playbook for the AI era and learn how we’re becoming a Frontier Firm. This article shares our journey as an IT organization in support of this new operating model.
• Discover how Microsoft is becoming an AI-first Frontier Firm. This story shares how we’re approaching the idea of an agentic future.
• Read our five-step guide for IT leaders who want to drive greater AI maturity. This resource can help you chart a course through AI maturity to reimagine what’s possible for the enterprise.
• Learn from our experience tackling Microsoft 365 Copilot governance. This guide details our governance efforts for Microsoft 365 Copilot and can serve as a starting point for agentic governance.

Further guidance for you

• Secure your agents at scale with Microsoft Agent 365 guidance for unified identity, compliance, and control across platforms.
• Learn about the responsible AI policies and practices that guide our use of AI at Microsoft.

Chapter 2: Establishing a solid data foundation for agent governance

Setting agents up for success using a secure, robust data foundation

Operating according to an escalating maturity model means we’ve done the foundational work to secure and govern our data estate for Microsoft 365 Copilot. Many of the same principles apply to agents, with the added complexity of incorporating additional data sources.

To lead these efforts, we established a cross-functional team of data professionals within our AI CoE. This team is mostly comprised of Microsoft Digital employees who support corporate functions like Corporate, External, and Legal Affairs (CELA) and Global Workplace Services. Together with our AI CoE, this team helped us define what it means to have AI-ready data.

In essence, AI-ready data just means information we’ve certified for AI workloads. We certify those data sources using Microsoft Purview to identify defects in our core data products, and we’ve also built AI-powered assessments to certify which data lakes are AI-ready.

In most ways, governance is tool-agnostic and rooted in basic principles. With robust data labeling, data hygiene, and permissions in place alongside our AI tools, which respect labels by default, we can confidently give every employee the ability to build basic agents and trust in our governance guardrails. For decades, the challenge of data analysts and engineers was maintaining a consistently reliable source of truth despite inconsistent data quality, insufficient governance, and years of collecting data in silos. Microsoft Fabric and Microsoft Purview can help resolve these issues.

We’re embracing a more balanced, federated approach to data management today. We call this approach a data mesh. Rather than allowing unchecked decentralization or forcing all our data into a single centralized system, the data mesh formalizes domain ownership while embedding governance, quality, and interoperability directly into shared platforms.

The data mesh connects and distributes, data products across domains, enabling shared data access and compute while scaling beyond centralized architectures.

Platform services are standardized blueprints that embed security, interoperability, policies, standards, and core capabilities — providing guardrails that enable speed without fragmentation.

Data management zones provide centralized governance capabilities for policy enforcement, lineage, observability, compliance, and enterprise-width trust.

With this approach, our domain teams publish data as well-defined, discoverable products, while common standards for security, metadata, and compliance are enforced through automation rather than manual processes. This model preserves enterprise trust and consistency without sacrificing speed or autonomy. By adopting a data mesh mindset, we can scale analytics and AI more effectively across the organization while still keeping ownership closely connected to the business focus.

Confidentiality labels, the practical framework for data protection

To operate according to Zero Trust principles, we needed a coherent system that lets us see, label, and protect data. Otherwise, the burden of data loss prevention would fall solely on employees, who would have to exercise individual discretion whenever they decided how to house and share potentially sensitive content.

With labeling, it’s important to strike a balance between the depth necessary for supporting an array of data governance controls and the simplicity to ensure labeling isn’t burdensome for users.

We decided on four overarching labels for container and file classification, each with its own sub-labels. The highest-level schema looks like this:

1. Highly confidential: We only share our most critical data with named recipients.
2. Confidential: Any items crucial to achieving our goals feature limited distribution.
3. General: Employees can share daily work–like personal settings and postal codes–internally throughout Microsoft.
4. Public: We share unrestricted data meant for public consumption freely. That includes information like publicly released source code and openly announced financials.

For our risk tolerance and organizational needs, we made the decision to protect data designated confidential or higher. As a result, we contain data flows to their tenants and only trust suitable storage destinations for content. That suitability depends on a storage location’s ability to gate which connectors can work with particular source data and sensitivity labels.

The administrators responsible for workspaces like SharePoint sites set default labels. These labels serve as a foundation for appropriate access and circulation for objects within those containers. It takes the burden of labeling off of employees. The sensitivity labels that administrators apply map to several different categories of policies that can anticipate and help to mitigate data loss and risk.

They communicate four key areas:

1. Breadth of availability: Labels determine whether the workspace is broadly available internally or is a private site.
2. External permissions: We administer guest allowance via the group’s classification, allowing specified partners to access teams when appropriate.
3. Sharing guidelines: We tie important governance policies to the container’s label. For example, can an employee share this workspace outside of Microsoft? Is this group limited to a specific division or team? Is it restricted to specific people? The label establishes these rules.
4. Conditional access: While we haven’t implemented this policy at Microsoft, tying identity and device verification to container labels can introduce additional governance controls.

Within Microsoft Digital, we’ve put a lot of thought into how each of our labels aligns with relevant policies. You can see more of the logic behind our sensitivity labels and their policies in this graphic:

If a container owner needs different policies for a set of files to provide greater external access, they can self-service new groups without accidentally violating our governance practices.

At Microsoft, we use Microsoft Purview, which is our suite of data estate management tools, but you can use your tool of choice to apply labels in your environment. Microsoft tools will respect them. Microsoft Purview helps us accomplish three important tasks: mapping our labeling structure onto the relevant policies, verifying them against our standards, and backstopping self-service data loss prevention practices through automation.

Automation is particularly useful. We’ve configured Microsoft Purview Information Protection to scan automatically for wayward credentials, malicious user behaviors, and other sensitive information in items without the proper protections. When Purview detects a violation, our governance team receives alerts that prompt them to contain the risk by upgrading an item’s sensitivity label or requiring employees to remedy the issue.

The result is a system that allows flexibility for employees to self-manage their digital workspaces while providing guardrails that help our governance experts take appropriate actions without overtaxing their time and resources.

Our approach within Microsoft Digital is just one way to create an AI-ready data estate, but aspects of our story will hold true for almost any organization. Consider establishing a body to take over responsibility for AI-ready data, developing your primary goals for AI-ready data, unifying your data estate, and implementing a system of confidentiality labels.

Learning from our approach to agent governance strategy

Define the responsibility for AI-ready data

Identify and assign enterprise data owners to implement and oversee the processes that guarantee data quality.

Create intuitive labels

Your employees will be the ones applying labels, so make those labels intuitive. For example, “highly confidential” is easy to understand, while “business-critical” could be interpreted in many ways from a sensitivity standpoint.

Don’t overwhelm your users

Make labeling simple and intuitive to ensure it isn’t overwhelming. Employees should have a limited set of choices to keep things comprehensible.

Use existing defaults

Identify the security needs and regulatory compliance that are specific to your organization and use built-in governance controls available through Microsoft tools.

Key takeaways

You can use these tips based on what we learned here at Microsoft to tackle agent governance at your company:

• Establish a cross-functional data council. Form a data council to help promote a culture of AI-ready data with professionals from all relevant disciplines, including human resources, legal, security, IT, and anyone else who can share relevant expertise.
• Certify datasets for AI workloads. Limit agents to datasets that have been certified as “AI-ready” to minimize hallucinations and reasoning errors.
• Define your labeling parameters. Keep the number of labels to five main labels with five sub-labels each. The fewer you use, the better.
• Align your sensitivity labels with policies. Consider how your labels line up with breadth of availability, external permissions, sharing guidelines, and conditional access.

Learn more

How we did it at Microsoft

• Follow our journey as we transform our data culture with AI-ready data. This story highlights how we’re using Microsoft Fabric and Microsoft Purview to revolutionize our approach to data governance and AI readiness here at Microsoft.
• Discover how a data council is powering our unified data strategy at Microsoft. This post tells the story of how the Microsoft Digital Data Council is leading our efforts to adopt an AI-ready data strategy.
• See how we’re conditioning our unstructured data for AI at Microsoft. This article explains our internal strategies for handling unstructured data, which can be surfaced by AI agents.

Further guidance for you

• Learn about governance and security for agents and how to keep your AI initiatives secure across your organization.
• Establish responsible AI policies for AI agents to support ethical, transparent, and accountable AI agent deployment across your organization.

Chapter 3: A matrixed approach to agent governance

Governing different types of agents for different contexts, built with different toolsets

Our customers have expressed a strong desire to start building agents, but they’re concerned about where to begin and how to manage those agents once they’re built. They worry about persistent problems such as hallucinations and agent sprawl. These concerns are especially pronounced on IT teams.

During our Customer Zero journey, we’ve learned that the diversity of agent types and creation methods means there’s no one-size-fits-all approach to governance. Generalized approaches will only get you so far.

We’ve found it helpful to think about different kinds of agents along an escalating spectrum of development complexity:

There’s an entire matrix of different parameters that apply to an agent at any level of this spectrum, and they all require different policies. Those parameters include:

• Level of reach: Personal agents, limited sharing (like development environments or team boundaries), or enterprise-wide distribution
• Agent-building tool: SharePoint agent builder, Agent Builder in Microsoft 365 Copilot, Microsoft Copilot Studio, or tools geared to more professional developers (such as Microsoft Foundry or Microsoft 365 Agent Toolkit)
• Knowledge sources and content accuracy: Public sites, SharePoint and OneDrive, directly uploaded files, enterprise apps and systems, or third-party knowledge bases

Each of these parameters creates a pivot that we need to govern, and we’ve carefully assembled a set of policies and controls to account for them. As our understanding and use of agents advances, we’re continually updating how we match their characteristics and capabilities with relevant policies and any applicable reviews.

Within Microsoft Digital, we’ve adopted a risk-based approach that helps us establish a matrixed model for agent governance. The foundational idea is that we identify potential harms for each kind of agent, then assign policies for the level of review and oversight they require.

For example, simple agents that can only read and present data tend to be low risk. Because their access is tied to their creators’ identities and access, our data governance structures and guardrails can prevent overexposure. But for agents that have capabilities like writing data, taking action, or creating items, more reviews are necessary.

A matrix of agent governance policies, pivoted by parameter

The following matrix enumerates the factors that determine how we govern different kinds of agents created using different tools. This matrix helps our employees understand the agent creation process and helps us maintain safety and control.

In addition to mapping out our policies for governing agents, the matrix illustrates how we see their relative utility across the organization. It demonstrates an escalation from personally useful to organizationally useful agents. Their governance policies and controls escalate accordingly.

Regionality is an additional concern. Regulatory compliance might vary, but it’s important to keep in mind that certain kinds of data access and actions might be perfectly permissible in one region, but not in another.

One example is our Employee Self-Service Agent, a central resource employees can turn to for help with IT support, HR questions, and facilities requests. Because it can access potentially sensitive personal information, this agent required additional review from European works councils to ensure it met all relevant workplace standards.

As you facilitate the experimentation and innovation with agents across your workforce from citizen developers to pro developers, consider adopting a similar matrixed approach to agent governance. It starts with understanding your organization’s needs, your risk tolerance, and the different employee populations you want to equip with agent-building capabilities.

Learning from our matrixed approach to agent governance

Figure out your building environment strategy

Decide which scenarios match up with specific environments and make those environments available to the relevant employees.

Design governance structures that scale from low-code to more advanced agentic tools

With the proliferation of AI agents, platform-level approvals similar to the Power Platform model at Microsoft can ensure rapid innovation while requiring review for individual high-impact scenarios.

Build trust through transparency and structure

A clear, well-documented approval process helps internal regulatory advisors understand new AI technologies and establishes the trust needed for productive, long-term collaboration.

Treat regional partners as strategic allies in the agentic future

Early feedback on digital agents from regional partners like works councils helps improve product design, accelerate approvals, and reduce fear or misconceptions about AI in the workplace.

Don’t forget that Copilot Studio is part of Power Platform

You can use what you’ve learned empowering citizen developers in Power Platform to guide your work with agents.

Key takeaways

Use these tips based on what we learned here at Microsoft to tackle agent governance at your company:

• Establish your tolerance for risk. Determine where the most prevalent risks emerge across different populations and kinds of agents. Remember, you control the guardrails in your environment.
• Determine what agent-building tools you want to roll out and who can use them. Different populations benefit from different agent-building capabilities. Put thought into what individuals and teams can create and the degree of partnership each level will need from IT.
• Define your governance parameters for different kinds of agents. Determine the best ways to hedge against risk at every level. For example, you might choose to trust in tenant governance for simple agents and establish reviews for more complex tools.

Learn more

How we did it at Microsoft

• See how we’re empowering employees with the Power Platform. This article explains how our Power Platform governance model influenced our matrixed approach to agent governance.
• Learn how our employees are building their own AI tools. This article describes how knowledge workers at Microsoft are forging their own agents to help improve efficiency and get more done.
• Check out our lessons learned using SharePoint agents at Microsoft. This post shows how we approached governance for low-risk, knowledge-only agents through our deployment of SharePoint agents.
• Read how we’re unlocking enterprise AI extensibility with Copilot Studio. This story explores how we govern more advanced agents built with Copilot Studio, including connectors, orchestration, and scaled governance.

Further guidance for you

• Explore governance and security for AI agents across the organization with Microsoft Learn content.
• Check out this industry-standard framework that validates matrixed, risk-based governance approaches for AI systems.

Chapter 4: Tracking, impact, and value

Managing agents and assessing their business impact for the organization

It’s clear that agents bring astonishing capabilities to the enterprise. For many organizations, what remains unclear is exactly how to measure their impact. Without that information, businesses are at a loss for ways to articulate value and drive improvement.

Tracking agents is also a crucial component of preventing sprawl: We need to understand what agents we have, how employees are using them, what critical processes they’re supporting, and if they’re contributing value or need to be retired.

We’re at the beginning of our impact-tracking journey, but our work can provide a starting point for your own efforts to measure the value of AI initiatives at your organization.

Managing our agent catalog through comprehensive tracking

Microsoft Digital partners with other internal organizations to ensure we’re prioritizing the right agents and avoiding agent sprawl. Ideally, these engagements take place before teams start building their agents so we can avoid wasted effort or duplicated work.

Still, ongoing management efforts are crucial to keeping our agent ecosystem healthy. Telemetry is the key to assessing usage and ensuring compliance. We’ve developed our own internal tooling to ensure that:

• Metadata is complete and available
• The tooling tells us the right information about our agents
• The tools connect properly with other compliance tooling, like Microsoft Purview

This telemetry also reveals agent behaviors, shows how agents do their work, and tracks events, actions, and policy baselines.

These capabilities help us gain visibility into policy adherence and violations, and then to conduct enforcement actions. We also track the speed of reaction and mitigation. AI-ready data and robust guardrails mean we head off most violations before they occur.

A robust inventory, an agile policy framework, and an automated workflow for enforcement are cornerstones for successfully governing agents at scale.

The release of Microsoft Agent 365, now in early access, represents the next step in agent observability and management, two key aspects of agent governance and sprawl mitigation. This control pane for agents incorporates many of our learnings as we’ve bridged governance gaps through IT intervention.

Some of the key aspects of the control pane:

The registry

Provides a complete view of agents, and the enterprise agent store makes it easy to find the right agents for each role and business process within familiar workflows in Microsoft 365 Copilot and Teams.

Visualization

Delivers the observability layer, including role-specific oversight, compliance and audit features, and performance measurements that can help organizations track their agents’ impact and see where they contribute value.

Interoperability

Ensures Agent 365 is open to any Microsoft-built or partner ecosystem, while delivering work intelligence through access to data and Microsoft 365 apps.

Security features

Provide crucial confidence through visibility into security posture, detection and response capabilities, and intelligent runtime defense.

As Customer Zero for Agent 365, we’re excited to have a platform for observability and telemetry that encompasses everything from agentic creation through usage.

Tracking governance from agent inception

Professionally developed agents add a new dimension of tracking and governance, because we need standards in place for ensuring compliant agent-building and to remediate any issues.

We use our Azure DevOps instance to catalog apps on our tenant, and we’ve applied this practice to agents created professionally for lines of business and enterprise agents. This tool contains our service tree with product and app log registration, which is tied to our KPI dashboard and scoring system that validates agent data against our policies.

Our expectation is that all new apps and agents start from a place of compliance. Any new agent is registered through this platform, and we expect adherence within the first 14 days. In our experience, the introduction of new metrics, policies, or timeframes as our governance policies evolve is where agents tend to drop out of compliance. The priority is restoring compliant status.

We’ve established a series of metrics to help track and manage these expectations:

• Enablement velocity
• Renewal velocity
• Agents in compliance
• Time to remediation of noncompliance

Through a DevOps process built on our preexisting software development lifecycle practices, we’ve applied governance not only to agents themselves, but to the process of building them professionally.

Measuring progress and unlocking value

Properly measuring value depends on concrete definitions of success and metrics that support it. Articulating AI’s impact came with several challenges. First, we had to land on a consistent taxonomy for different measurement areas. Then we needed to make the relevant data accessible, ensure its quality, and confirm it made sense.

The Microsoft Digital AI Value Framework is our flexible, modular tool for measuring the impact of our AI initiatives. With tools for measurement firmly in place, we can effectively demonstrate value and guide further decision-making.

We plan to use the following capabilities to improve the overall ecosystem:

• Filtering our agent inventory on specific criteria like the type of agent or how it was built
• Enhancing governance-specific actions we can take with agents in areas like ownership and quarantining
• Gaining visibility into trends like agent usage
• Ingesting agent blueprints and defining policy templates

We’re still in the midst of our agentic measurement journey at Microsoft, but the blueprint for tracking already exists. Your organization might be in the early stages of agent readiness and deployment. If that’s the case, it could be helpful for you to internalize the lessons we’ve learned as Customer Zero and apply them as early as possible in your own journey toward AI maturity.

Learning from our agent adoption experience

Think proactively, not retroactively

If you put effort into tracking agentic impact early in your AI maturity journey, you’ll be poised to start capturing insights immediately instead of applying your methodology retroactively.

Involve a wide array of stakeholders

This workstream needs oversight from different kinds of stakeholders, including your leadership team, IT, Microsoft 365 administrators, agent developers and builders, and employee champions. That will provide the sponsorship, expertise, and perspective you need for success.

Different measurements will be appropriate for different phases of your initiatives

These measurements include monthly, weekly, or daily active usage; consider which metrics make sense at each phase of an AI initiative.

Establish a continuum of value

Agents need to tie into real business goals, so it’s important to establish metrics that actually speak to those objectives. Cascade business goals to concrete KPIs with well-defined timelines and track those diligently.

Embrace the red

Try to think of underperformance not as failure, but as data. Performance data over time helps you course correct or pivot, making sure you invest where it matters.

Key takeaways

Here are some important steps to keep in mind as you embark on your own tracking and measurement efforts for agents:

• Establish priorities and parameters for tracking agents. Consider measurements that relate to sprawl, usage, and coverage, and build them into your telemetry tooling.
• Pull your stakeholders together to establish measurement parameters. Cascade business priorities into measurable value.
• Conduct ongoing tracking. Establish a cadence for tracking and reviewing progress with your team.

Learn more

How we did it at Microsoft

• Learn how we’re measuring the impact of Microsoft 365 Copilot and AI at Microsoft. Discover our framework for tracking the impact of the investments in AI that we’re making internally.
• Find out how we’re deploying Microsoft Agent 365 internally. This story shares our intentions for using our unified control pane for agents.
• See how we’re building an AI-powered continuous improvement culture at Microsoft. This article outlines our approach to continuous improvement.
• Check out how we’re reshaping Microsoft with continuous improvement and AI. This post discusses the importance of continuous improvement for accelerating AI at Microsoft, including three initiatives already underway.

Further guidance for you

• This Microsoft Learn guidance helps organizations align AI investments with strategic goals and measurable outcomes over time.
• Explore a cloud adoption framework that provides practical guidance for defining success metrics, tracking ROI, and tying AI initiatives to business outcomes.

Governing the frontier to scale innovation

AI agents are rapidly becoming core contributors to how work gets done. As our experience within Microsoft Digital demonstrates, realizing their full potential demands more than powerful tools or enthusiastic builders. It requires thoughtful governance that evolves alongside your AI maturity, protects what matters, and gives employees the confidence to innovate responsibly.

As you consider your own strategy for managing agents, it can be helpful to keep one truth in mind: Governance is a catalyst for progress, not a barrier. By embedding guardrails into tools, grounding agent creation in AI‑ready data, applying risk‑based and matrixed policies, and reinforcing all of it through adoption and education, we’ve been able to expand agentic capability without sacrificing security, privacy, or trust.

From our experience, we’ve learned that governance works best when it’s:

• Proportional, scaling with risk and agent complexity
• Embedded, not bolted on after the fact
• Human‑led, recognizing that accountability and judgment remain essential
• Iterative, adapting as technology, regulations, and business needs evolve

When you design governance this way, it allows experimentation, learning, and impact at scale. Employees feel empowered to build agents that solve real problems, while IT and compliance teams gain visibility and control without becoming bottlenecks. Crucially, leaders can measure value, manage risk, and make informed decisions about where to invest next.

“At Microsoft, we believe the future of agentic AI depends on governance that empowers people first. The structures should be invisible when they’re working, intentional when they’re needed, and trusted by everyone they serve.”

Vijaya Alaparthi, principal group product manager, Microsoft Digital

This is the foundation of the Frontier Firm: Organizations where humans lead and agents operate, guided by clear principles and trusted systems.

As you continue your AI maturity journey, remember that there is no single, correct governance model. Your approach will reflect your risk tolerance, regulatory environment, data maturity, and organizational culture. The practices outlined here provide a proven starting point informed by real-world deployment at enterprise scale.

“At Microsoft, we believe the future of agentic AI depends on governance that empowers people first,” says Vijaya Alaparthi, principal group product manager in Microsoft Digital. “The structures should be invisible when they’re working, intentional when they’re needed, and trusted by everyone they serve.”

Now is the moment to act. Start with strong foundations. Empower your builders. Measure what matters. And treat governance not as a constraint, but as a strategic advantage that allows your organization to move faster, innovate safely, and lead confidently on the agentic frontier.

Key takeaways

Here are the high-level learnings and insights that you need to consider as you embark on your own agent governance journey, based on what we’ve learned here at Microsoft:

• Treat governance as an enabler of innovation, not a brake. Effective agent governance is what makes large‑scale innovation possible. When you embed guardrails into platforms, data, and processes, employees can build and experiment confidently without exposing the organization to unnecessary risk or slowing progress.
• Match governance rigor to agent risk and maturity. Not all agents need the same level of oversight. A risk‑based, matrixed approach lets organizations trust lightweight, personal agents while applying deeper reviews to agents that write data, take actions, or operate across business‑critical systems.
• Start with AI‑ready data and zero‑trust foundations. Strong agent governance rests on secure, well‑labeled, high‑quality data. Clear ownership, intuitive sensitivity labels, default protections, and automation reduce reliance on user judgment and allow agents to operate safely at scale.
• Embed governance where agents are built and used. The most effective governance is built into tools and workflows, not enforced through manual reviews alone. Defaults, limits, identity‑based access, lifecycle controls, and telemetry should apply automatically so agents are governed by design.
• Plan for the full agent lifecycle to prevent sprawl. Agent inventories, ownership models, attestation, and retirement processes are essential. Governance needs to account for how you create, share, evolve, audit, and ultimately decommission agents, whether individuals or enterprise teams are responsible for building them.
• Reinforce governance through adoption and education. Guardrails work best when employees understand them. Targeted adoption programs, clear guidance, prerequisites for advanced tools, and visible leadership sponsorship can help employees build responsibly and recognize their role in protecting the organization.
• Measure what matters to prove value and drive improvement. Visibility drives trust. Telemetry, observability, and clear metrics that span productivity, quality, risk reduction, and experience allow organizations to track impact, course‑correct early, and continuously improve their agent ecosystem.

Learn more

• Discover our IT playbook for becoming an AI-driven Frontier Firm.
• Learn how to secure your agents at scale with Microsoft Agent 365 guidance.
• Read a guide to governance and security for AI agents at your organization.
• Check out this detailed guide to our governance process for the internal rollout of Microsoft 365 Copilot.  
• Explore ways to establish responsible AI policies for agents across the organization.  
• Find out how a data council is powering our unified data strategy at Microsoft.

Try it out

Get started building and managing agents at your company with Microsoft Agent 365.

We’d like to hear from you!

Want more information? Email us and include a link to this story and we’ll get back to you.

The post Governing AI agents at scale: Lessons from our journey at Microsoft appeared first on Inside Track Blog.

At Microsoft, we’ve put that potential into action by building the Employee Self-Service Agent, a centralized “front door” for employee support inquiries on all things Microsoft. Whether the question is related to an IT, human resources (HR), or campus services-related challenge, this agentic solution delivers geographically relevant, role-specific content on demand.

Our agent was rolled out in stages to our global workforce, as we continually added topic categories, features, and geographic availability. It eventually reached our entire workforce—more than 300,000 employees and vendors in 103 countries and regions—before being publicly released last November.

Our team in Microsoft Digital—the company’s IT organization—played a pivotal role in our global rollout, working closely with the product team and providing valuable feedback throughout development. It’s all part of our Customer Zero philosophy here at the company.

The agent proved its value early, piloting in large, primarily English-speaking regions—including Canada, India, the UK, and the US—and reaching more than half of our global workforce. But we wanted to raise the bar, so we turned to the rest of Europe.

The next chapter in the rollout was the Europe North region, which brought in 21 countries that are home to a wide variety of languages, cultures, country-specific HR policies, and nuanced IT support requirements.

“For the Employee Self‑Service Agent to work in Europe North, we had to listen locally to understand each country’s realities and respect those differences, rather than forcing a single global approach.”

Allan Hvass, director, Employee Experience in Europe North, Microsoft Digital

However, early deployments in smaller markets in the region revealed that when local content for a specific geography was missing, the agent sometimes defaulted to policies related to the US or other unrelated countries. Sensitive HR scenarios and strict country-level rules increased the complexity and resulting challenges.

Our team in Microsoft Digital met the challenge by working through front‑end field adoption and back‑end product updates to successfully land the Employee Self-Service Agent in Europe North’s small and midsize countries. This included adapting the product to distinct local realities in each country.

“For the Employee Self‑Service Agent to work in Europe North, we had to listen locally to understand each country’s realities and respect those differences, rather than forcing a single global approach,” says Allan Hvass, director for Employee Experience in the Europe North region of Microsoft Digital.

Mobilizing field representatives

To help with the tricky aspects of driving local adoption of  the Employee Self-Service Agent, our team in Microsoft Digital formed an adoption advisory team. The team included leadership representatives from all major countries and business divisions.

The group established on‑the‑ground field representatives to create better communications channels with the Europe North countries. This helped us learn what was and wasn’t working locally while we extended support for neighboring countries and kept excitement around the agent alive.

“I encouraged my colleagues to use the agent, and then to tell customers about their experience,” Rusen says. “A story grounded in real use is much more powerful and authentic than any slide deck.”

Daniel Rusen, sales enablement and operations leader, Europe North

Because the team had already been communicating about the agent internally, including hosting all-hands meetings to spark early usage, we were able to collect thousands of instances of employee feedback. Key themes surfaced, including policy accuracy by country, quality of language, and IT support variance by market.

Daniel Rusen, a sales enablement and operations leader for Europe North, served as one of the field representatives. He helped the advisory team close the loop between the field and the core project by highlighting the language and local relevancy issues that were reported. He also became an evangelist for the agent, encouraging other sales executives to use the tool and experience it first-hand.

“I encouraged my colleagues to use the agent, and then to tell customers about their experience,” Rusen says. “A story grounded in real use is much more powerful and authentic than any slide deck.”

Driving adoption with contextual experiences

To support the rollout of the Employee Self-Service Agent across Europe North, we designed an adoption approach aligned with regional priorities and local ways of working.

We focused on making the value of the agent immediately tangible. Through Microsoft Viva Engage communications, we connected the agent directly to Europe North business goals and highlighted the most relevant, high-impact scenarios—helping employees quickly recognize when the agent was the right “front door” for their support needs.

“Adoption is not about pushing a tool, it’s about helping people recognize, in their own context, when it truly makes their day easier. By focusing on relevant scenarios, simple communication, and hands-on experiences, we made the Employee Self-Service Agent useful from the start.”

Edith Dubuisson, senior business program manager, Employee Experience in Europe North, Microsoft Digital

To avoid overwhelming users, we prioritized simple, focused communication formats. For example, an Advent calendar campaign combined the agent with Copilot capabilities, enabling employees to discover one practical, actionable use case at a time.

In parallel, we hosted targeted readiness sessions to demonstrate key end-to-end scenarios and share practical tips and best practices. This ensured employees not only understood the value of the agent, but also felt confident using it from day one—creating a strong and positive first experience.

“Adoption is not about pushing a tool, it’s about helping people recognize, in their own context, when it truly makes their day easier,” says Edith Dubuisson, a senior business program manager in Microsoft Digital. “By focusing on relevant scenarios, simple communication, and hands-on experiences, we made the Employee Self-Service Agent useful from the start.”

Fine-tuning the agent

Built in Copilot Studio, the Employee Self-Service Agent works on global, regional, and area levels to make sure that users receive the content that corresponds to their geographical location and preferred language.

The Microsoft Global Support Services group manages the agent capability and improvements, driven by a strong partnership with internal engineering teams. The team triaged feedback and partnered with the product group to tag accurate policies and knowledge by country, and to tune agent behavior and guardrails for localized content. They prioritized quick fixes and high-impact content gaps.

Updating the Employee Self-Service Agent to fix content mismatches in Europe North wasn’t about tweaking the AI in isolation. Instead, we needed to overhaul the content that the agent relies on.

“Instead of treating mismatches as failures alone, we used them as signals to improve the underlying content—revising articles, correcting categorization, and closing gaps in coverage. Over time, this combination of tightly scoped data sources, country-level tagging, and ongoing content curation turned the agent into a far more reliable assistant.”

David Finney, director, IT Service Management, Microsoft Digital

The team “grounded” the agent in a set of trusted, IT-approved sources: About 250,000 vetted knowledge base articles and 15-20 different internal SharePoint sites containing policies, guidelines, how-to articles, and related information.

Then they tackled regional nuances, one of the biggest drivers of content mismatches (when a user gets a reply based on content that doesn’t match their country or region). The team tagged content by geography (such as UK-only or Romania-only), so the agent would be fed the correct information for that geographic area.

The process of fixing mismatches also yielded insights.

David Finney, a director of IT Service Management in Microsoft Digital, frames the process as a clear lesson: AI is only as good as the content behind it, so the real work is often on the back end.

“Instead of treating mismatches as failures alone, we used them as signals to improve the underlying content—revising articles, correcting categorization, and closing gaps in coverage,” Finney says. “Over time, this combination of tightly scoped data sources, country‑level tagging, and ongoing content curation turned the agent into a far more reliable assistant.”

Impact and results

The Global Support team added a continuous feedback loop to keep the agent’s content aligned with reality. Users can flag low-quality and inaccurate answers directly through the agent interface. That data flows to a dedicated knowledge management team, creating an efficient pipeline for feedback to inform back‑end fixes and product improvements.

“We’re measuring success by a reduction in tickets, but that’s based on the user having a better experience using the Employee Self-Service Agent versus calling our global help desk and talking to a person. We can only be truly successful if we are creating a better experience for our users.”

Anders Jepsen, director, Field IT Management, Microsoft Digital

Today, the Employee Self-Service Agent’s metrics are moving in the right direction.

The team is optimistic as the Global Support Services data shows agent activity steadily increasing after it officially went live last October, as shown in the following image. At the same time, usage of Legacy Bot (an existing digital support chatbot) decreased, along with support interactions via phone, email, and web.

This data suggests the agent is meeting its ultimate goal: To provide users with an improved support experience, including better first‑touch answers that build employee confidence and yield faster issue resolution. This reduces escalation to human-run support channels and decreases the volume of tickets our employees have to create.

“We’re measuring success by a reduction in tickets, but that’s based on the user having a better experience using the Employee Self-Service Agent versus calling our global help desk and talking to a person,” says Anders Jepsen, a director of Field IT Management in Microsoft Digital. “We can only be truly successful if we are creating a better experience for our users.”

What’s next for self-service support

Our experience deploying the Employee Self-Service Agent in Europe North has allowed us to create a playbook for other small and midsize countries in similar situations, including dealing with multiple languages and specific regional policies.

“Our long-term ambition is to reduce our human-led support tickets by 40 percent. In some areas, like Europe North, we are already taking a significant step toward that.”

Trent Berghofer, general manager, Microsoft Digital Modern Support

The agent now serves as both a self-service tool and the first contact point for employee questions. It doesn’t completely remove humans from support, because if that first point of contact doesn’t resolve the IT issue, a team of humans is available to help.

In the end, the fewer support tickets that are opened, the more time employees can have back for higher-value tasks.

“Our long-term ambition is to reduce our human-led support tickets by 40 percent,” says Trent Berghofer, a general manager in Microsoft Digital Modern Support. “In some areas, like Europe North, we are already taking a significant step toward that.”

The Employee Self-Service Agent is a great example of using the power of AI to increase employee productivity and efficiency, as they access highly curated support through the tool on demand. It fits in with our company’s overall strategic efforts to evolve into an AI-driven Frontier Firm.

“The agent brings IT, HR, and facilities together in one place,” Dubuisson says. “It’s not just a Q&A bot. It gives you information, guides you, and even holds your hand through troubleshooting. The agent tells you what to do and can even do it for you. It standardizes, simplifies, and still lets you chat with someone or get a call back when you need it.”

Key takeaways

Here are steps organizations can take today to implement an AI-powered employee support hub:

• Evaluate your employee support systems. Assess whether employees have a single, trusted “front door” for support issues, or if your organization’s support is still fragmented across different tools.
• Audit local policy coverage in your AI solutions. Identify where tools may be defaulting to global or geographically incorrect content–especially in regions with multiple countries or languages–to validate accuracy and boost trust.
• Pilot localized AI support efforts in a diversified region. Engage regional HR, IT, and field adoption teams early on to make sure that AI experiences reflect real, country-specific employee needs.

Try it out

Learn all about the Employee Self-Service Agent.

Related links

• Check out our in-depth guide to deploying the Employee Self-Service Agent.
• See how we’re accelerating support services at Microsoft with the Employee Self-Service Agent.
• Read about how the agent improves campus and facilities-related support at Microsoft.
• Explore Microsoft Learn content about the Employee Self-Service Agent.
• Watch a Microsoft Ignite Session about the Employee Self-Service Agent.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Transforming IT support across Microsoft with the Employee Self-Service Agent appeared first on Inside Track Blog.

Yonatan Zunger, CVP and deputy CISO for Microsoft, suggests focusing exclusively on hardening a piece of software to security threats may make it difficult to use and introduce a new risk when users get frustrated and try to bypass controls. This is why engineers need to consider not just individual components but how they work together to maintain productivity.

“Think of every system as a socio-technical system containing many parts, and all of them working together in unison have to be secured,” Zunger says.

Learn from our experience 

Read our practical advice about applying security fundamentals to AI.

Try it out

Read more from Zunger about applying security fundamentals to AI.

Related links

• Explore more from Zunger about how to deploy AI safely.
• Discover what you need to know about governing autonomous agents.
• Learn about aligning user, developer role, and organizational intent in agent governance.
• Find out how to use Authorization Fabric to govern AI agents at scale.
• Read about agent abuse patterns.
• Identify ways to secure AI agents with Azure AI Foundry.
• Explore how Data Security Posture Management for AI can prevent runtime risks.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Microsoft CISO advice: Apply engineering fundamentals to securing AI appeared first on Inside Track Blog.

• Our journey to becoming a Frontier Firm at Microsoft
• Chapter 1: Advancing good governance to meet the agentic moment
• Chapter 2: The Microsoft roadmap for implementing agents
• Chapter 3: Driving adoption to capture value across the organization
• Chapter 4: Providing support at the agentic frontier
• Chapter 5: Tracking the impact of your agents
• Applying lessons from our agent deployment at your organization

A how-to guide for governing, implementing, adopting, supporting, and measuring the impact of AI agents from Microsoft Digital, the company’s IT organization.

The agentic future: Our journey to becoming a Frontier Firm at Microsoft

A new way of working, a modern way to achieve more

The rate of change for AI tools and technology continues to accelerate, and new opportunities to reimagine business processes and employees’ day-to-day workflows are emerging. Agents are the driving force behind this next leap forward.

As a result of this technological shift, a new organizational blueprint is emerging. It blends machine intelligence with human judgment to create systems that are AI-operated but human-led.

We have a name for an organization that enacts this model: The Frontier Firm.

As organizations progress toward this goal, they move from foundational AI assistance through escalating levels of agentic maturity and complexity. First, humans operate with help from an AI assistant like Microsoft 365 Copilot. Then, human-agent teams work together. But the future lies in humans leading teams of agent users: AI agents that perform core labor with relative autonomy.

This has been a three-year process for us at Microsoft, and throughout our journey, we’ve had to allow adequate time for deliberate planning and careful execution. Just as importantly, we invested early in clear, consistent internal communications to help employees understand what agents are, why they matter, and how they could safely participate in building them. That shared understanding created the confidence and momentum required to scale agent creation across a global workforce.

“It’s a truly transformative time,” Brian Fielder, vice president of Microsoft Digital. “What we’ve learned from embracing the agentic future at Microsoft is only making us more eager to see organizations empower their employees to take the lead in a world where human judgment and machine intelligence work in harmony.”

Our Frontier Firm journey so far

Within Microsoft Digital, the company’s IT organization, we’re taking a leadership role in reimagining core processes and workflows. These efforts rest on four pillars of practice:

• We envision and implement the AI-first workplace of the future.
• We empower our employees to build their own agents that help supercharge their productivity by providing the training, resources, and inspiration they need.
• We define guardrails and safeguard our environment so our employees can maximize the power of AI while keeping our enterprise safe and secure.
• We’re the voice of company’s internal AI transformation, and we provide the blueprint for our customers to accelerate their own AI journeys.

To guide our steps, we’ve established a cross-disciplinary initiative we call Agents at Microsoft. We’re looking at agentic transformation from an end-to-end perspective that reaches into every aspect of building, publishing, governing, managing, and getting the most value out of agents.

As we’ve incorporated agents into more and more aspects of our organization, key questions have surfaced:

• How do we balance freedom for employees to create agents against the need to manage sprawl?
• How do we put guardrails around agentic capabilities so they can be useful, without introducing undue risks?
• How do we differentiate between agents of different complexity and capability, and how do we adjust our strategies around them accordingly?
• Where can we use agents to fill enterprise functions, and who should be responsible for creating those crucial tools?
• How can we adapt existing software development standards to AI tools?
• How can we minimize the risk of data over-exposure through AI?

It’s possible you’re also considering where agents fit into your organization. If so, it’s likely that you’re wrestling with many of the same questions. We’re here to help.

This guide shares our experience as Customer Zero for agents at Microsoft. As you read, you’ll be able to follow our journey to defining what it means to govern agents safely, implement them effectively, guide their adoption by employees, build a foundation for support, and track their impact through effective measurement.

We’ll share some of the most important lessons we’ve learned so far, along with readiness checklists and resources that can help you advance agentic maturity at your organization. With this guide in your toolkit, you’ll have a framework for building a strategy that incorporates agents into your business goals safely, responsibly, empathetically, and impactfully.

“As we harness the transformative power of AI agents, it’s our responsibility in IT to ensure that technology not only enhances decision making but also fosters a culture of innovation and collaboration across the organization,” says Stephan Kerametlian, a business program management senior director in Microsoft Digital.

The agentic future is here. We’ve explored the path forward, and we’ve seen the exciting places it leads. This guide can help you take your first steps and start realizing those possibilities today.

---

Expert insights

“It’s a truly transformative time. What we’ve learned from embracing the agentic future at Microsoft is only making us more eager to see organizations empower their employees to take the lead in a world where human judgment and machine intelligence work in harmony.”

Brian Fielder, vice president, Microsoft Digital

“As we harness the transformative power of AI agents, it’s our responsibility in IT to ensure that technology not only enhances decision-making but also fosters a culture of innovation and collaboration across the organization.”

Stephan Kerametlian, business program management senior director, Microsoft Digital

---

Chapter 1: Advancing good governance to meet the agentic moment

Maintaining privacy, security, and compliance while respecting regulatory frameworks

Agents offer powerful opportunities to enhance employee productivity, but they also introduce concerns. For example, how do we keep privileged information where it belongs? And how do we keep employees from building agents that violate company policies?

In answering these questions, Microsoft Digital’s governance team focused on the value the company is trying to derive from agents.

We wanted to give employees and teams the freedom to build without risk to the business or introducing agent duplication and sprawl. We wanted to weave robust, reliable agentic experiences into enterprise workflows. We also needed to secure and protect confidential data while respecting responsible AI principles.

“Our principles haven’t changed, but they’ve evolved,” says David Johnson, a tenant and compliance architect at Microsoft Digital. “With AI, the need for proactive governance is far greater than ever before, so we’re putting structures in place that take some of the labor around managing agents off of IT.”

There are some cornerstone constructs that underpin our agent governance strategy. There’s a tenant that holds employees accountable, a reasonably clean data estate, a lifecycle for the agents users-they disappear when the employee leaves. 

We’ve developed six core principles to guide our approach to governing agents:

1. We ensure a strong data hygiene foundation so we can trust our data estate as employees build and use agents.
2. We empower employees to build personal agents that can access services and data sources those users can already access to help automate and accelerate their tasks.
3. We empower teams and lines of business to build agents with known lower risk patterns to accelerate impact.
4. We provide a smooth release path for engineering teams to develop agents designed for enterprise functions so they can access all of the services and sources they need.
5. We accelerate innovation through agent and automation templates while maintaining an AI Center of Excellence (CoE) to help teams think through their opportunities.
6. We reimagine employee experiences and task execution to simplify and optimize productivity.

As a result of our experience establishing strong governance for Microsoft 365 Copilot, we’d already laid a firm foundation for an agent-ready data estate. In some ways, governance is tool-agnostic, rooted in basic principles. With appropriate data labeling, data hygiene, and well-managed permissions in place alongside tools that respect labels by default, we can confidently give every employee the ability to build basic agents and trust in our governance guardrails.

A matrixed approach to agent governance

The sheer diversity of agents and their use cases means we need a multifaceted approach to governance. A matrix of different parameters applies to any agent, and each of those elements requires its own approach to policy.

In practice, agent governance structures echo our overall maturity approach. Simple, personal, lower-risk agents with built-in guardrails act as a starting point for employee experimentation and require very little oversight. As a result of our robust data hygiene foundation, if an employee has access to the grounding content, these agents are low-risk accelerators for things they can already do on their own. Meanwhile, higher-impact agents demand greater attention that echoes our security development lifecycle (SDLC) for internal apps, which include more extensive, cross-disciplinary reviews.

To accommodate agent-creation experiences across this spectrum, we’ve enabled several different building platforms and processes employees and teams can use to create the AI tools they need.

1. We opened up Agent Builder in Microsoft 365 Copilot for all employees to create read-only declarative agents.
2. We created an environment strategy and governance in Power Platform to manage personal environments featuring data connectors with lower risk but high value.
3. We enabled a process to flow the data that teams need into production Power Platform environments featuring data connectors. These agents initially come with sharing limits until the agent receives risk approval.

This structure provides the ability to safely create agents of increasing complexity while ensuring they remain secure and contained until they get the necessary reviews for wider sharing and data exposure.

Our governance guardrails, review policies, and publishing scope varies based on the tool used to create an agent, the level of technical proficiency it requires, its grounding in knowledge sources, its capabilities, the actions it can take, the plug-ins it requires, and whether it includes a custom engine or a bring-your-own model.

The following examples illustrate two different agent scenarios:

As you consider your own governance structures and policies, think about where agents and the ability to create them fit your needs and risk tolerance. Then learn from the different parameters of our governance matrix to access a working model for your own agentic transformation.

---

Expert insights

“Our principles haven’t changed, but they’ve evolved. With AI, the need for proactive governance is far greater than ever before, so we’re putting structures in place that take some of the labor around managing agents off of IT.”

David Johnson, tenant and compliance architect, Microsoft Digital

As you consider your own governance structures and policies, think about where agents and the ability to create them fit your needs and risk tolerance. Then learn from the different parameters of our governance matrix to access a working model for your own agentic transformation.

Aisha Hasan, Power Platform and Copilot Studio product manager, Microsoft Digital

---

Balancing utility and manageability in our agent ecosystem

Empowering employees and teams to simply and securely create agents has been a top priority as we move toward AI maturity at Microsoft, but we also want to eliminate agent sprawl.

Aside from complicating agent management, sprawl has several user-side disadvantages. For example, if more than one team were to create an agent that points to HR information, the employee experience would suffer, because our users wouldn’t be sure which agent serves as the authoritative source of truth.

Our team in Microsoft Digital partners with other internal organizations to ensure we’re prioritizing the right agent development projects and avoiding agent sprawl. Ideally, these engagements take place before teams start building their agents so we can avoid wasted effort or duplicate work.

If a pre-existing agent fits the target scenario, we encourage a team to use that agent instead of creating a redundant solution. For employees who want to create their own agents, we recommend that they first search for an existing tool in our agent catalog to avoid duplication.

User-based lifecycles and periodic attestation are also key pieces of the puzzle. Requiring attestation helps ensure that agents cease to exist once they’re no longer useful or their owner leaves the company.

The release of Microsoft Agent 365, now in early access, represents the next step forward in agent observability and management, two key aspects of agent governance and sprawl mitigation. This control pane for agents incorporates many of Microsoft’s Digital’s learnings as we’ve bridged governance gaps through IT intervention.

• The registry provides a complete view of agents. The enterprise agent store makes it easy to find the right agents for each role and business process within familiar workflows in Microsoft 365 Copilot and Teams.
• Visualization provides the observability layer, including role-specific oversight, compliance and audit features, and performance measurement that can help organizations track their agents’ impact and see where they contribute value.
• Interoperability ensures Agent 365 is open to any Microsoft-built or partner ecosystem, while also delivering work intelligence through access to data and Microsoft 365 apps.
• Security features provide crucial confidence through visibility into security posture, detection and response capabilities, and intelligent runtime defense.

“The next step in our governance journey will be using AI to help us govern AI,” says Aisha Hasan, Power Platform and Copilot Studio product manager at Microsoft Digital. “We’re looking at ways AI can help us manage this new space, and we believe Agent 365 will be the foundation for our deterministic approach to governance.”

As you strategize to deepen AI maturity at your organization, our experience will help you operationalize many of the aspects of governance we’ve pioneered as Customer Zero for agentic AI, especially with the wide release of Agent 365. By adopting the principles we’ve illustrated in this chapter, you can accelerate your transformation and advance your maturity rapidly and securely.

Learning from our experience with agent governance

A strong data foundation is crucial

We’ve built respect for labeling and data governance policies into the tooling for AI assistants and agents, but it’s dependent on a well-governed data estate. Invest time and effort in establishing that foundation.

Decide on your comfort level with risk

Bring cross-disciplinary experts together from across your organization to determine what level of risk is acceptable for different agents and their use cases. Put guardrails in place for low-risk scenarios and establish processes for supporting more complex or sensitive use cases. Evaluate what data sources agents can extract information from. Do you have confidence that users haven’t over-shared data access?

Agents aren’t always like applications—adjust your processes accordingly

We quickly learned that reasonable processes, approvals, and workflows for internal application development didn’t scale well with agents. Consider a risk-based assessment model.

Change is constant

Plan to reassess and revise your governance structure regularly. This technology is evolving rapidly, as is the tooling surrounding it, so maintaining good governance will be an ongoing practice.

Governance is a value driver for employees

Governance isn’t just about protecting your organization. It also provides the right patterns to make sure your employees are getting value from agentic technology. Establish strong measures of value and a robust pane for management and assessment. Observability and telemetry will be foundational, so ensure you build that into your governance efforts.

Continue non-agentic workstreams

Enterprise technology environments are additive and incremental. Don’t cease your efforts to create and govern other internal technologies. Instead, maintain a holistic ecosystem.

Key takeaways

Use these tips based on what we learned here at Microsoft to tackle agent governance at your company:

• Establish a cross-disciplinary agent center of excellence: Bring together stakeholders across the organization to define priorities, goals, and shared practices for agent adoption.
• Put strong data and information protection policies in place: Establish clear governance for your data estate, including labeling and information protection, to support responsible agent use.
• Right-size oversight based on risk: Determine your organization’s risk tolerance and define which agents require more or less involvement from IT, security, and compliance teams.
• Define a clear agent building tool strategy: Decide which tools employees and teams can use to create agents, balancing empowerment with governance.
• Operationalize agent oversight and management: Establish an oversight model and implement tools like Agent 365 that help manage agents at scale.
• Create a centralized governance and information hub: Provide employees and agent builders with a single place to find guidance, standards, and governance information.

Learn more

How we did it at Microsoft

• Explore our IT playbook for the AI era and learn how we’re becoming a Frontier Firm. This article shares our journey as an IT organization in support of this new operating model.
• Read our five-step guide for IT leaders who want to drive greater AI maturity. This resource can help you chart a course through AI maturity to reimagine what’s possible for the enterprise.
• Discover how Microsoft is becoming an AI-first Frontier Firm. This story shares how we’re approaching the idea of an “agentic future.”
• Learn from our experience tackling Microsoft 365 Copilot governance. This article explains the foundation of our governance efforts in the AI space and can serve as a starting point for agentic governance.
• Discover our six dimensions of agent value. They provide our framework for measuring the impact of AI at Microsoft.

Further guidance for you

• Secure your agents at scale with Microsoft Agent 365 guidance for unified identity, compliance, and control across platforms.
• Find out more about security and governance in Microsoft Copilot Studio with our product‑level guidance on DLP, environment controls, audit logs, and security features specific to Copilot Studio agents.

Chapter 2: The Microsoft roadmap for implementing agents

Developing a plan to advance AI maturity while unlocking agentic value at every level of our organization

Implementing agents across your organization is intertwined with your larger AI transformation efforts. At Microsoft, we’ve adopted an escalating maturity model that unfolds across five stages.

Putting the Microsoft AI maturity model into practice

Whatever stage you’re at in your AI journey, you’ll likely experience many of the same challenges and opportunities we do at Microsoft.

Stage 1: Awareness and foundation

Building a foundation means setting a bold vision for your AI journey, anchored in clear business outcomes. At this stage, it’s important to engage your executive sponsors early to foster cross-functional collaboration and empower experimentation.

At Microsoft, we established our AI Center of Excellence (CoE) to help guide and drive adoption of Microsoft 365 Copilot, as well as a Data Council that powers our AI-ready data strategy. As we’ve moved into the agentic future, these teams have been instrumental in maintaining forward momentum.

The company also established the Office of Responsible AI (ORA) to advance AI development, deployment, and secure and trustworthy innovation through governance, legal expertise, internal practice, public policy, and guidance on sensitive uses and emerging technology. ORA partners closely with product and engineering teams alongside other trust domains like privacy, digital safety, security, and accessibility to align our work with Microsoft’s six responsible AI principles:

• Fairness
• Reliability and safety
• Privacy and security
• Transparency
• Accountability
• Inclusiveness

Target outcomes include

A foundational strategy, governance principles, and leadership buy-in to kickstart AI projects.

Stage 2: Active pilot programs and skill building

We started by launching targeted pilot projects across different areas of the company. This process encouraged experimentation and used hackathons to surface a broad range of ideas. From there, we selected the most promising initiatives by evaluating business value against implementation effort and focused resources on a select group of high-impact projects.

To establish early-stage governance, we required all pilots to undergo responsible AI and architectural reviews.

Target outcomes include

The first tangible benefits of AI, including efficiency gains, time and cost savings, quality improvements, and an emerging internal talent pool that paves the way to scale successful solutions.

Stage 3: Operationalize and govern

At this point, we worked to scale and integrate AI solutions across the company. We strengthened our data and AI infrastructure to support this transition by formalizing enterprise governance with clearly defined steering teams. Our AI CoE, Data Council, and Office of Responsible AI helped accelerate implementation, ensure the ongoing quality of structured data, and oversee ethical AI use and compliance. Collaboration among these groups was crucial for ensuring our AI initiatives remained within acceptable bounds while delivering tangible business impacts.

Target outcomes include

Multiple AI use cases running at enterprise scale under robust oversight, with cross-functional alignment on AI objectives and the business value they’re delivering.

Stage 4: Enterprise-wide adoption

To consolidate our gains and achieve AI adoption across the enterprise, we prioritized making AI a core consideration in every new project and process by asking where AI-driven intelligence could deliver real impact. That could be by boosting efficiency, enhancing user experiences, or unlocking new business value. From there, we aligned our AI initiatives with our organization’s strategic goals by empowering business leads to synchronize efforts and continuously update our AI roadmap.

We also cultivated a data-driven culture through ongoing, large-scale training while making AI tools a natural part of everyday work. To accomplish that, we established rigorous impact tracking with clear measurement of the amount of value delivered. Key metrics include time savings, cost reduction, and quality improvements. We reviewed these outcomes regularly at the leadership level to maintain accountability.

Our Continuous Improvement CoE has been instrumental in the process of aligning AI initiatives with our organizational goals and providing a framework for progress. It operates according to four principles:

1. A clear definition of winning, based on expectations
2. Disciplined execution
3. Constrained problem-solving with urgency
4. Sustained replication and acceleration

Target outcomes include

Measurable, data-driven monitoring of AI for your business that’s powered by a continuous improvement mindset.

Stage 5: Transforming your business with agentic AI

At stage five, we’ve been working to embed AI into every aspect of our operations and culture. We started by leveraging the expertise of our AI CoE to foster innovation, drive continuous improvement, and keep our AI initiatives evolving using structured mechanisms like a Kaizen funnel to crowdsource, prioritize, and advance ideas that extend the impact of AI across the enterprise.

We also further strengthened governance to address the advanced challenges of agentic applications, including responsible scaling of generative AI and effective mitigation of AI hallucinations. Finally, we focused on refining human-AI collaboration so our teams can offload routine tasks to AI agents and concentrate on higher-value work.

One tactic that’s been highly successful here at Microsoft Digital is conducting “Fix, Hack, Learn” weeks, where we encourage employees to identify opportunities for improving our services. So far, these initiatives have yielded multiple AI-powered breakthroughs that are already in production.

Target outcomes include

Significant efficiency gains and innovations from AI, including recognition as a leader in enterprise AI adoption.

As you advance along the AI maturity curve at your organization, keep these essential ingredients in mind:

1. Executive sponsorship and governance
2. Responsible AI by design
3. Data foundations, architecture reviews, and technical readiness
4. Talent, skills, and culture
5. Impact tracking and accountability
6. Change management and communication
7. Continuous improvement, innovation, and partnerships

It’s important to remember that these elements aren’t static, but iterative. You’ll need to continue to evolve them over time as your enterprise AI transformation continues. But the five stages of enterprise AI maturity we’ve outlined in this chapter form an overarching framework to keep you moving forward.

Learning from our agent implementation experience

Invest in data infrastructure and AI platforms

Building robust data infrastructure ensures your organization is prepared to leverage AI, supporting scalable, innovative, and secure AI-driven solutions.

Foster a culture of innovation and collaboration

Champion an AI-forward culture where innovation and collaboration drive the adoption of agentic AI.

Align AI initiatives with strategic business goals

Ensuring AI initiatives align with business goals maximizes impact and positions your organization to succeed in the rapidly evolving world of agentic AI.

Implement ethical practices based on our responsible AI principles

Adopting ethical AI practices builds trust, ensures responsible innovation, and prepares your organization to navigate the evolving landscape as AI becomes central to business operations and decision-making.

Position IT to facilitate the transition to a Frontier Firm

At a minimum, your IT leaders and practitioners need to prepare your data estate for agentic workloads, partner to identify and enable prioritized business scenarios, and then actively participate in enterprise transformation through skilling, change management, and measurement activities.

Evolve your enterprise IT infrastructure to embrace dynamic and adaptive agent-based systems

Moving from traditional deterministic systems to agentic systems that introduce probabilistic behaviors, autonomous decision-making, and continuous learning requires new architectural thinking, audit capabilities, and governance models.

Key takeaways

Here are some key tips for implementing agents at your organization, based on what we’ve learned through our own experience here at Microsoft:

• Align agent efforts with business priorities: Partner with leadership to establish clear business priorities that guide agent adoption and investment.
• Define success and how you’ll measure it: Determine business goals and metrics of success that allow you to track impact and value over time.
• Put the right governance structures in place: Establish steering committees across implementation, data, responsible AI, and continuous improvement to guide decision-making.
• Start with early adopters and focused pilots: Identify enthusiastic users and promising pilot programs to validate value and refine your approach.
• Scale what works across the enterprise: Determine which initiatives deliver the greatest value and are ready for broader, enterprise-wide adoption.
• Support change through targeted skilling and enablement: Develop skilling and change management strategies that address the needs of both technical and nontechnical employees.

Learn more

How we did it at Microsoft

• Take a look inside the councils steering AI projects at Microsoft. This article describes the overall impact of our AI CoE, data council, and Office of Responsible AI at Microsoft.
  • Learn more about our AI CoE.
  • Learn more about our Microsoft Digital Data Council.
  • Learn more about our Office of Responsible AI.
• See how we’re building an AI-powered continuous improvement culture at Microsoft. This story outlines the work of our Continuous Improvement CoE as it identifies and tracks AI opportunities at Microsoft.
• Learn how we’re unleashing API-powered agents at Microsoft. This article shares our internal learnings and a step-by-step guide.

Further guidance for you

• Follow the Microsoft 365 Copilot Agents Deployment Blueprint to enable agents at scale with security, governance, and measurement strategies.
• Microsoft Copilot Studio implementation guidance on how to plan, build, manage, and improve Copilot Studio agents.
• Get our AI Agent adoption guidance for planning, governing, building, and managing AI agents across your organization.
• Define your solution architecture with architecture-level guidance for designing scalable, enterprise-ready agents.

Chapter 3: Driving adoption to capture value across the organization

Readying our workforce for the agentic future through targeted enablement, skilling, and cross-company collaboration

Change management is an important part of our AI maturity journey. All the technical readiness in the world means nothing if we don’t build a transformative culture. The spectrum of agents, use cases, and creation methods is wide, but enabling them all requires one thing: an AI-first mindset.

Driving adoption for agents represents a fundamental shift from an AI assistant like Microsoft 365 Copilot, which delivers a comparable experience for every employee. With the agentic mindset, the point is for individuals to be selective about the agents they choose to use—and more significantly, the agents they choose to create.

We also structure our enablement efforts to channel employees into different behaviors based on what’s available and what they might need to build:

• First, we enable employees to discover and use agents that are already published and available.
• If an agent that serves their use case doesn’t exist, employees can build their own, starting with simple no-code agents.
• For complex agents, we channel employees, teams, and lines of business into using Copilot Studio and other, more full-featured pro-code tools.

Regardless of the behavior we’re trying to enable, we follow a four-phase strategy that takes inspiration from Prosci’s ADKAR model, which progresses through awareness, desire, knowledge, ability, and reinforcement. Our adoption efforts align with the Microsoft Engagement Framework, which we’ve developed specially for driving adoption of our products. You can learn more about our overarching approach in our Microsoft 365 Copilot readiness guide.

“An important part of agentic adoption is telling stories to help people understand where AI’s value comes alive or why they should build agents,” says Amy Rosenkranz, a principal product manager on the Copilot Extensibility team within Microsoft Digital. “Examples from peers and real-world use cases are two of our most effective methods for getting people into the AI-first mindset.”

We’re applying several tried-and-tested change management techniques to our organization-wide adoption efforts. These are relevant to both non-developer employees who want to create simple agents and professional developers working on tools for their teams, lines of business, and the entire enterprise.

Cohort-based coordination

We divide our adoption campaigns along two pivots: Internal organizations like legal or sales and marketing, and regions like North America or Europe. Different cohorts have different focuses, but the strategy is similar. Our company-wide adoption leads spearhead our efforts, and we identify members of target cohorts who can support the adoption, including change managers, leadership sponsors, and employee champions.

Adoption communications

We treat internal communications as a primary driver of agent adoption and creation, not just a distribution channel for training. Our initial communications focused on building confidence, reducing fear, and reinforcing clear norms for responsible agent building. We used consistent messaging across leadership communications, learning content, and employee channels to normalize experimentation and help employees understand when to create an agent, when to reuse one, and where to go for guidance.

AI Agent Launchpad

During our deployment of Microsoft 365 Copilot, we experimented with event-driven skilling in the form of Camp Copilot and Copilot Expo. Now, we’ve adapted these kinds of skilling events to agents as well. AI Agent Launchpad takes employees on a learning path through five modules to help them discover, use, and build agents confidently:

1. AI mindset in motion: Employees learn about the concept of the Frontier Firm.
2. Introduction to agents: This module covers the basic principles and definitions of AI agents to establish a foundation of understanding for agent creation and usage.
3. Explore existing agents: Participants build the new habit of discovering available agents to see if any existing tools meet their needs.
4. Build agents with ease: Employees polish their agent building skills in Copilot Chat and SharePoint with an expert in a hands-on lab environment.
5. Build with Copilot Studio: This module goes deeper into designing, connecting, testing, and publishing more powerful agents.

Each module features self-learning readiness, live sessions, gamification, and Credly badges. Instead of a global, centralized event, we’ve modularized the experience so local or organization-level leaders can adapt it to their particular cohort’s needs, while still providing support from centralized adoption leads. We’ve also created a freely available resource organizations can use to plan and run their own virtual skilling events around AI adoption.

Copilot builder champs

Our initial AI rollout showed us first-hand the power of peer leadership in driving adoption, so we adapted the strategy behind our highly successful Copilot Champs Community into our Copilot builder champs program. This initiative makes use of peer connections, success stories, and a Viva Engage community, and we refocused it on enabling employees to create the agentic solutions they need.

These champions represent some of our strongest adoption evangelists on their respective teams. We also created a Microsoft SharePoint hub with resources, best practices, agent publishing information, and more.

Integration and incentivization

We collaborate with managers to integrate AI into their teams’ routines. Often, we’ll use mini-challenges or gamification strategies to encourage agent usage. We recognize top contributors with shout-outs or small awards. We’ve also found that it makes these efforts more engaging to blend work tasks with personal interests.

Formalizing change management for professional developers

We apply more focused adoption initiatives for the professional developers who create team, line-of-business, and enterprise agents. Because their efforts are reimagining how work gets done across the organization, we need to ensure these agents are aligned with business goals, built securely and responsibly, and drive the impact the company needs. The process unfolds across five steps.

Whatever your goals and whichever segment of your workforce you target, it’s important to understand that adoption doesn’t happen by accident. True workforce transformation won’t take place without appropriate adoption activities.

As you launch your own adoption initiatives, consider who your audience is, what they need to build confidence and competence, and how you can unlock agentic value for them across your organization.

Learning from our agent adoption experience

Be thoughtful about your audience

Vary your efforts between non-developer and developer audiences, different geographies and internal organizations, and specific goals. Put together a methodology for thinking about what agents you want and what benefits they’ll provide, then determine who the best builder is.

Don’t just enable agents—empower the enterprise

Your goal isn’t just to activate agents for agents’ sake. Think carefully about what workflows and value you’re trying to unlock, and how agents can get you there. Break down aspects of roles and workflows, and see how agents fit in.

Establish multiple vectors for skilling

Different modalities work for different employees. Use every tool at your disposal, from live events to peer leadership to self-guided learning, and communicate them across all available channels.

In many ways, this is a reset

Your employees may have just become comfortable with Copilot, and agents might feel like a whole new horizon. That’s true. Have patience and understand that this is an entirely separate adoption path.

Showcase and celebrate success

People need to see value and possibilities for agents in their own work. When pilots or personal agents create results, socialize them widely and encourage employees to try them out. Nothing encourages experimentation with agents like successful usage.

Leadership sponsorship is absolutely crucial

Leaders both set expectations and bear the standard of your organization’s culture. They can be the figureheads of transformation by setting priorities, participating in communications, and leading by example.

Key takeaways

Here are some important steps to keep in mind as you embark on your own adoption and change management efforts for agents:

• Establish strong adoption leadership early: Assign a dedicated adoption lead, form a cross-functional adoption team, and align change managers, executive sponsors, and employee champions around clear ownership and cadence.
• Design adoption around real work and real people: Identify priority cohorts, personas, and usage scenarios, then tailor messaging, enablement, and communications to how each group works and learns.
• Define success before you deploy: Set clear KPIs and success criteria likefeature usage, scenario adoption, and employee sentiment, and put a measurement and feedback plan in place from day one.
• Enable employees through structured onboarding and learning: Combine readiness communications, live learning, self-service resources, and a centralized enablement asset library to help employees build confidence and momentum.
• Activate champions and leadership to amplify adoption: Launch champion communities, empower leaders to model usage, and use internal channels to reinforce behaviors and share progress.
• Continuously listen, learn, and iterate: Gather feedback through surveys and listening sessions, surface success stories, and apply insights to refine adoption, reinforcement, and resistance management plans.
• Extend and optimize for professional developer teams: Support advanced agent ideation, development, discovery, and advocacy while using ongoing feedback to drive workforce transformation at scale.

Learn more

How we did it at Microsoft

• Revisit our adoption practices for Copilot. This chapter of our Copilot readiness guide will help lay a base for your understanding of AI adoption practices.
• See how we made AI engagement fun with Camp Copilot. This article tells the story of our skilling event series to show you how this kind of initiative could look at your organization.
• Try our 7 tips for driving Microsoft 365 Copilot adoption with a virtual skilling event.  This post distills our learnings from Camp Copilot into a handy list for change leaders.
• See how we enabled meaningful AI adoption with a Microsoft 365 Copilot Expo. This story outlines our follow-up and evolution of the Camp Copilot experience into Copilot Expo, a more flexible and modular skilling event.
• Learn how we drove Microsoft 365 Copilot adoption with our Copilot Champs Community. This article showcases the peer leadership efforts that supported Copilot adoption at Microsoft.

Further guidance for you

• Download the Agentic Automation Adoption Guide to learn migration strategies, governance models, and business value for agentic automation.
• Explore the company’s official AI agent adoption guidance to plan, govern, and operate agents using proven frameworks and best practices.
• Visit the AI Agents Hub on Microsoft Adoption to access webinars, quick-start guides, and business scenarios for Copilot, Foundry, and Copilot Studio.
• Check out our Copilot user engagement tools and templates, which we used to encourage adoption across our organization.

Chapter 4: Providing support at the agentic frontier

Bolstering agentic transformation through solid groundwork, human oversight, and AI-driven support

With many forms of technology, support is fairly simple. You identify pain points and common issues with a relatively static technology, create self-service tools to help users with those challenges, and make subject matter experts available in the form of a dedicated support team.

But AI is evolving too quickly for that model, and agents are too diverse and individualized for a static approach. As a result, our support apparatus for agents needs to be much more flexible. Within Microsoft Digital, our goal is to make it easy for employees to engage with agentic tools freely and adaptably while maintaining safety and responsibility.

The path to this objective relies on a three-pronged approach to governance:

• Embedded governance functionality: The ideal state is that our agent creation and publishing tools should incorporate good guidance, governance, and guardrails out of the box so the agents people create are essentially self-governing.
• IT oversight: This is a new space and a new way of working, so it isn’t feasible for all agents to self-govern at this point. As an IT organization, Microsoft Digital fills gaps in governance through reviews and oversight. We do this by establishing risk-based policies around types of agents, exposure and sharing, and other pivots we addressed in our governance chapter.
• User education: It’s almost impossible to predict every governance gap and need, so educating our users helps them avoid accidentally stepping out of bounds. Our Agents at Microsoft team and change managers are the linchpins of these efforts, and employees can lean on resources like Microsoft Learn courses and the Agent Builders SharePoint hub.

Of course, we do have a support team of AI subject matter experts available to employees for any questions they can’t answer themselves. Our HelpDesk support team operates independently from other enablement vehicles, but human support representatives can only accomplish so much. It’s important not to create bottlenecks by relying on conventional support. After all, the promise of AI is to reduce the burden on humans, and that’s no different for our support teams.

“On our journey to Frontier Firm, we’re working really hard to accelerate processes and remove roadblocks so people can get to value much faster. This is crucial for agentic scenarios because we’re using these iterations to polish and improve the tools we create.”

Mykhailo Sydorchuk, Customer Zero lead for Microsoft 365 integrated experiences, Microsoft Digital

AI itself is becoming a cornerstone solution for this challenge. An AI-driven approach aligns with the idea of the Frontier Firm, where humans lead and agents operate, in this case by supporting other humans as they explore AI more deeply.

This is a relatively new approach, but we’re already using agents to provide support in several ways:

• We operate an agent called Ask MICA (Microsoft Intelligent Compliance Agent). This tool provides information and support for compliance issues.
• Agents help us evaluate the risk profiles of other agents. Automating risk assessment accelerates publishing by minimizing human reviews or questions to support specialists.
• We use an agent to perform checks against standards for responsible AI, security, privacy, and access to sensitive information.
• We’re also partnering with our product groups to develop automated agent-building enablers and accelerators that can support ideation and evaluation for new ideas instead of relying on groups like the AI CoE to step in for that kind of support.

In reimagining the support experience this way, we’re focused on maximizing efficiency so that humans remain in the loop, but only for edge cases where AI can’t help. That’s the best use of their time and unique human talent. Meanwhile, we’re continuing to develop and implement agents to support employees for increasing numbers of non-edge cases.

Continuous improvement practices help propel this work forward. Much of that work comes from targeted conversations around pain points. For example, an agent builder might share that it’s taking too long to get security reviews for their projects. To us, that signifies that a security review agent may be useful.

“On our journey to Frontier Firm, we’re working really hard to accelerate processes and remove roadblocks so people can get to value much faster,” says Mykhailo Sydorchuk, a Customer Zero lead for Microsoft 365 integrated experiences at Microsoft Digital. “This is crucial for agentic scenarios because we’re using these iterations to polish and improve the tools we create.”

It’s important to remember that humans will always need to be involved in supporting other humans. But the more assistance agents can provide your support specialists, the more they can focus on tasks that absolutely require human attention. As you consider where AI might fit into your support efforts, our journey can shed some light on the possibilities agents represent.

Learning from our experience with providing support around agents

Emphasize proven agents to minimize the need for support

If you’ve built dedicated first-party agents within your organization, encourage employees to favor those through internal communications. They’re less likely to require support in the first place.

Identify opportunities for AI-driven support

Listen to employees’ pain points and concerns. Recurring themes and issues probably mean there’s an opportunity for agentic support.

Meld adoption and support

Education and skilling initiatives build employee competency to minimize their need for support. If people understand standard use cases thoroughly or know where they can find the right information, they’re more likely to reach out to support specialists only on real edge cases.

Backstop support as much as possible

Microsoft is working to make our tools as self-service as possible. Where gaps appear for your organization’s specific use cases, fill those with IT backstops and employee enablement resources. Hopefully, your support team can be your final resort.

Key takeaways

Here are some key things to remember as you develop your support plan for agents at your company:

• Build agent expertise within support teams early: Provide targeted training, skilling, and early access so support teams can become trusted agent subject matter experts.
• Reduce support demand through proactive enablement: Identify IT backstops and employee enablement opportunities that prevent common issues before they require support intervention.
• Operationalize agentic support at scale: Identify recurring issues across non-developers and professional developers, select high-value opportunities for agentic support, build and test support agents, and actively promote them to drive adoption.

Learn more

How we did it at Microsoft

• Revisit our support practices for Copilot. This chapter will help you lay a base of understanding for AI adoption practices.
• Access our eight steps for managing your support team content with AI tools. This resource demonstrates one way AI can boost your support team’s efforts.
• See how AI is revolutionizing the way we support corporate functions at Microsoft. This story outlines ways that AI tools can contour to different functions across your organization.

Further guidance for you

• Get our Microsoft Agent 365 overview documentation for our control plane for managing, governing, and securing agents across the enterprise.
• Learn how to manage AI agents across your organization. This article provides guidance on integrating AI agents into business workflows and managing their lifecycle from deployment to retirement.

Chapter 5: Tracking the impact of your agents

Building the apparatus for effective measurement to ensure our agentic ecosystem drives business value

Effective governance, implementation, adoption, and support don’t mean anything if your agents aren’t driving the impact your organization wants. But how do you understand that impact if you can’t track and measure it? And what should your measurement criteria be?

Within Microsoft Digital and the company’s leadership team, we’re currently thinking through these ideas to ensure we’re capturing all the value agents have to offer. We’re still developing our approach, but the questions we’ve asked and our measurement parameters will be helpful to consider as you track your own agents’ impact.

First, there’s a difference between tracking agent volume, agent usage, and agent value. Employees creating massive numbers of agents that never get used don’t drive impact. Agent usage is closer to the mark, and it can be a good indicator of which tools are meaningful to employees or might deserve potential promotion for use throughout your organization. Still, usage doesn’t necessarily correlate to business value.

To really articulate value, you need to dive into the specifics of what you intend your agents to do. There are several dimensions to consider:

• Types of agents: First-party enterprise agents, third-party agents, line-of-business or team-based tools and individually created agents all have different purposes and capabilities. They need different measurement strategies.
• Personas: Who is creating the agent, and what are their maturity and needs? What value does a user get compared with a developer or administrator? There’s also team versus individual value. For teams, we tend to measure impact in terms of workflows automated or pain points relieved. For individual users, it’s all about satisfaction, productivity, quality, and efficiency gains.
• Data: Different agents access varying degrees of data. How do you assess the ways they provide access and deliver insights?
• Creation versus discovery and usage: We want to encourage both agent creation when it meets a unique need and agent discovery when a useful agent already exists. Each requires its own measurement parameters.

Our roadmap to agentic impact tracking

We aren’t starting from scratch when it comes to tracking agentic impact. Our Continuous Improvement CoE has already done extensive work aligning targeted and sanctioned AI initiatives with greater business value and tracking them over time. The concept is based on defining top-level value, cascading that value into operational drivers that deliver results, creating action plans and delivering AI solutions to achieve those goals, and then tracking them over time.

We’re currently progressing along a roadmap to a more holistic impact tracking methodology we can use to identify, consolidate, and build agent analytics for all makers, developers, administrators, and Microsoft Digital teams. As time goes on, this approach will accelerate product improvements, improve the builder experience, and cater to reporting and analysis requirements.

Our journey has three main goals:

1. Authoritative, clean, deduplicated data
2. A baseline for creation and usage, and well-defined key performance indicator (KPI) targets
3. Advanced insights to accelerate the agentic ecosystem at Microsoft

In service of these goals, we’re progressing through a five-phase process:

As this methodological structure for tracking agentic impact has come together, we’ve used various tools to help us gain visibility. These include Viva Insights, Microsoft 365 admin center, and an internally built declarative agent tracker, with visibility typically provided by Microsoft Power BI. With the release of Microsoft Agent 365, now available through the Frontier program, we’ve gained a more streamlined vehicle for observability and telemetry.

Three feature sets will be especially useful for tracking value:

• Registry provides a complete view of agents to give us maximum visibility and trackability across our entire agentic ecosystem.
• Visualization includes measurement features to track agent performance, speed, and quality so we can assess ROI and make informed deployment decisions.
• Interoperability ensures we can connect to an open ecosystem of both Microsoft and partner tools.

As Customer Zero for Agent 365, we’re excited to have a platform for observability and telemetry that encompasses everything from agentic creation through usage.

We plan to use the following capabilities to improve the overall ecosystem:

• Filtering our agent inventory on specific criteria like the type of agent or how it was built
• Enhancing governance-specific actions we can take with agents in areas like ownership and quarantining
• Gaining visibility into trends like agent usage
• Ingesting agent blueprints and defining policy templates

We’re still in the midst of our agentic measurement journey at Microsoft, but the blueprint for tracking already exists. Your organization may be in the early stages of agent readiness and deployment. If that’s the case, it will be helpful for you to internalize the lessons we’ve learned as Customer Zero and apply them as early as possible in your own journey to AI maturity.

Learning from our approach to tracking agentic impact

Think proactively, not retroactively

If you put effort into tracking agentic impact early in your AI maturity journey, you’ll be poised to start capturing insights immediately instead of applying your methodology after the fact.

Involve a wide array of stakeholders

This workstream needs oversight from different kinds of stakeholders, including your leadership team, IT, Microsoft 365 administrators, agent developers and builds, and employee champions. That will provide the sponsorship, expertise, and perspective you need for success.

Establish a continuum of value

Agents need to tie into real business goals, so it’s important to establish metrics that actually speak to those objectives. Cascade business goals to concrete KPIs with well-defined timelines and track those diligently.

Embrace the red

Try to think of underperformance not as failure, but as data. Performance data over time helps you course correct or pivot, making sure you invest where it matters.

Key takeaways

Here are some tips as you develop a strategy for measuring the impact of agents at your organization:

• Assemble a cross-functional analytics and adoption team: Bring leadership, IT, Microsoft 365 administrators, agent builders, and employee champions together to ensure shared ownership and accountability.
• Clarify analytics and insight requirements up front: Identify, source, and clearly articulate the data and insights needed to measure agent adoption and impact.
• Build an analytics foundation and iterate over time: Consolidate data sources, establish baselines, and develop initial analytics that can evolve as usage grows.
• Define and standardize agent KPIs: Finalize a clear, consistent set of metrics aligned to business outcomes and adoption goals.
• Turn insights into action through reporting: Apply analytics and reporting to inform decisions, optimize adoption efforts, and drive continuous improvement.

Learn more

How we did it at Microsoft

• Find out how we’re deploying Microsoft Agent 365 internally. This story shares our intentions for using our unified control pane for agents.
• See how we’re building an AI-powered continuous improvement culture at Microsoft. This article outlines our approach to continuous improvement.
• Learn how we’re reshaping Microsoft with continuous improvement and AI. This post discusses the importance of continuous improvement for accelerating AI at Microsoft, including three initiatives already underway.

Further guidance for you

• Read this guide for measuring adoption and business value with Copilot Analytics.
• Get our guidance on using Microsoft 365 admin center activity reports. This resource shows you how to get insights into how people in your business are using Microsoft 365 services.

Applying lessons from our agent deployment at your organization

You’ve learned from our AI maturity journey. It’s time to get started on yours.

Becoming a Frontier Firm might seem daunting. But the agent-building and agent-adoption practices we’ve articulated in this guide can help you gradually and thoughtfully progress toward a new organizational blueprint, one that blends machine intelligence with human judgment. It can help you build systems that are AI-operated but human-led.

By capitalizing on the lessons we’ve learned during our internal deployment, you can both speed up the process of building and deploying agents at your company while avoiding frustrating pitfalls. If you anchor your work in careful planning and use the steps and resources we’ve provided here, you’ll be on the path toward true business transformation through agentic workflows.

“Embracing AI transformation is an opportunity for IT leaders to take part in defining the future of their organizations. Our role as technical professionals has never been more revolutionary, and our team can support yours as you reimagine workflows to make AI part of your everyday reality.”

Vijaya Alaparthi, principal group product manager, Microsoft Digital

You’re not in this alone. If you’re looking for support or knowledge on any aspect of your deployment, reach out to our customer success team.

“Embracing AI transformation is an opportunity for IT leaders to take part in defining the future of their organizations,” says Vijaya Alaparthi, a principal group product manager at Microsoft Digital. “Our role as technical professionals has never been more revolutionary, and our team can support yours as you reimagine workflows to make AI part of your everyday reality.”

Frontier opportunities are present across every aspect of your organization today. Partner with us and take your first steps toward this exciting agentic future.

Key takeaways

This guide captures what we’ve learned as we’ve deployed agents across our entire global organization. Here are the key things to remember as your company moves from early AI adoption to a large and thriving agentic ecosystem:

• Advance governance early: Establish a strong and trusted data foundation that includes labeling, protections, and a risk-based governance model before enabling broad agent creation. Establishing your governance foundations for Microsoft 365 provides the confidence to open up Copilot without hiding data. Clear guardrails, differentiated oversight, and lifecycle management help ensure safe innovation without sprawl.
• Follow a maturity roadmap: Use an escalating AI maturity model that progresses from awareness to enterprise-wide adoption and agentic transformation to sequence your rollout. This staged approach aligns AI investments with business goals while building the culture, skills, and infrastructure you need to scale.
• Drive targeted adoption: Treat agent adoption as its own transformation journey, distinct from assistant-based tools like Microsoft 365 Copilot. Cohort-driven skilling, champion communities, localized learning, and leader-led communications accelerate confidence and empower both makers and users.
• Empower builders at all levels: Support no-code creators and professional developers with tailored enablement, clear publishing workflows, and accessible resources. This ensures individuals can create personal agents while teams can safely build enterprise-grade tools that unlock high-value scenarios.
• Reimagine support with AI: Blend embedded governance, flexible IT backstops, and AI-driven support agents to reduce friction and scale help resources. As employees experiment with agents, automated checks, accelerators, and intelligent support tools keep humans focused on true edge cases.
• Track impact holistically: Distinguish between agent creation, usage, and value by establishing KPIs that map directly to real business outcomes. A unified telemetry and observability layer powered by tools like Microsoft Agent 365 enables clear measurement, optimization, and proof of return on investment.
• Continuously evolve toward becoming a Frontier Firm: Advance your culture, architecture, governance, and workforce practices iteratively as agentic capabilities grow. By combining human judgment with autonomous agentic operations, your organization can unlock transformational efficiency, innovation, and scale.

Learn more

How we did it at Microsoft

• Discover how we’re deploying Microsoft Agent 365 internally. This story shares our intentions for using Microsoft’s unified control pane for agents.
• Explore our IT playbook for the AI era and learn how we’re becoming a Frontier Firm. This article shares our journey as an IT organization in support of this new operating model.
• Learn how we’re building an AI-powered continuous improvement culture at Microsoft. This story outlines the work of our Continuous Improvement CoE as it identifies and tracks AI opportunities at Microsoft.
• Access our eight steps for managing your support team content with AI tools. This resource demonstrates one way AI can boost your support team’s efforts.

Further guidance for you

• Secure your agents at scale with Microsoft Agent 365 guidance for unified identity, compliance, and control across platforms.
• Learn about the Responsible AI policies and practices we use to guide our use of AI at Microsoft.
• Follow the Microsoft 365 Copilot Agents Deployment Blueprint to enable agents at scale with security, governance, and measurement strategies.
• Download the Agentic Automation Adoption Guide to learn migration strategies, governance models, and business value for agentic automation.
• Visit the AI Agents Hub on Microsoft Adoption to access webinars, quick-start guides, and business scenarios for Copilot, Foundry, and Copilot Studio.

Try it out

Get started with Microsoft Agent 365 at your company.

We’d like to hear from you

Want more information? Email us and include a link to this story and we’ll get back to you.

The post Becoming a Frontier Firm: A guide for deploying AI agents based on our experience at Microsoft appeared first on Inside Track Blog.

“It turns out that it’s very easy to write AI-powered software, but it’s very hard to write AI-powered software that works right in real-world cases,” says Yonatan Zunger, CVP and deputy CISO for Microsoft.

Yunger explains how important it is to test if you want to build trustworthy agentic AI.

Learn from our experience 

Read our practical advice about applying security fundamentals to AI.

Key takeaways

Here are best practices to apply while building trustworthy agentic AI:

• Prototype. Test. Iterate. Think of and try prompts your real users might give your agentic AI. Use real data. From those trials, build a set of test cases and keep testing.
• Use AI tools to amplify testing. Evaluating agents requires a “try it and repeat it” mindset. Using AI Foundry with such tools as Python Risk Identification Tool amplifies these assessment capabilities.
• Record your tests. Applying this practice, as you would with unit testing, enables you to repeat evaluations as your data models and agents evolve.
• Don’t skimp on testing. Test early, test often, test with real data. This is the best way to understand what your agent might do when it encounters the unexpected.

Try it out

• Find out how to deploy Python Risk Identification Tool (PyRIT).
• Explore how to use Microsoft Foundry Playgrounds to test your AI solutions.

Related links

• Read more about how to secure agentic AI.
• Learn more from Zunger about how to deploy AI safely.
• Discover what you need to know about governing autonomous agents.
• Explore how to use Azure AI Foundry to secure generative AI models.
• Generate synthetic data for fine-tuning in Microsoft Foundry.
• Leverage built-in policies for model deployment in Microsoft Foundry.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Microsoft CISO advice: How to build trustworthy agentic AI appeared first on Inside Track Blog.

With agent usage growing rapidly, our team here in Microsoft Digital, the company’s IT organization, has invested in events and learning sessions to help employees adopt agentic approaches and get more value from Microsoft 365 Copilot.

One example was Camp Copilot, a peer‑led virtual training event dedicated to building employee Copilot skills. We also offered a Copilot Expo, which delivered a more formal, large‑scale learning program focused on role‑specific skills and deeper daily usage.

Now, we’ve consolidated learnings from those programs into Agent Launchpad, an accessible, multifaceted six‑module curriculum. Our instructional program is designed to develop our employees’ agentic AI skills, empowering them to take advantage of existing agents in their day-to-day work and build their knowledge and confidence to create new agents.

Why we built Agent Launchpad

Companies that fail to grasp the growing role of AI and agents in the workplace risk falling behind teams and organizations that are already redesigning their work around hybrid human-agent teams. We created Agent Launchpad to acknowledge this shift, demonstrate the power of agents, and show how they can be integrated into everyone’s daily work.

Unlike basic assistants that only respond to direct prompts, agents can plan, carry out actions, monitor progress, and iterate until they meet a goal. They can perform tasks like drafting content, analyzing data, automating workflows, scheduling meetings, triggering processes, and coordinating across multiple apps and services.

“Think of an agent as like hiring a really intelligent, enthusiastic university graduate. They may not have deep business experience yet, but they bring a high level of intelligence, energy, and scalability to the tasks you give them.”

Kevin Wooldridge, senior director of business programs, Microsoft Digital

At a higher level, agents can act as proactive collaborators, taking on routine tasks so human workers can focus on higher‑value thinking. Employees who aren’t engineers can create agentic tools, which becomes a cultural differentiator.

“Think of an agent as like hiring a really intelligent, enthusiastic university graduate,” says Kevin Wooldridge, a senior director of business programs in Microsoft Digital. “They may not have deep business experience yet, but they bring a high level of intelligence, energy, and scalability to the tasks you give them.”

Understanding how agents work is the new baseline for staying competitive. It’s the defining trait of the emerging Frontier Firm: A human‑led, agent‑operated organization designed for the AI era. Workers become agent bosses who define outcomes, while autonomous agents plan, reason, and run the workflows to deliver them.

How Agent Launchpad enables agent adoption

Integrating agents into existing workflows and processes can feel overwhelming. Our Agent Launchpad curriculum can help our employees get the most out of the technology.

“Our employees told us they didn’t want someone lecturing over slides. They wanted peer‑to‑peer learning, storytelling, showcases, and hands‑on experiences.”

Tom Heath, senior business program manager, Microsoft Digital

To build our curriculum, our team incorporated input from a variety of stakeholders across Microsoft representing a range of backgrounds and technical expertise. They also included feedback from the Copilot Champs Community.

“Our employees told us they didn’t want someone lecturing over slides,” says Tom Heath, a senior business program manager in Microsoft Digital. “They wanted peer‑to‑peer learning, storytelling, showcases, and hands‑on experiences.”

Baked into our Agent Launchpad program are:

• Detailed, approachable explanations of the existing agents available in the Copilot ecosystem
• Practical guidance for how to use the agents
• Step-by-step, hands-on labs for building new agents—regardless of the employee’s level of technical expertise

“People were being bombarded with information about agents, many of which were already live,” says Stephan Kerametlian, a senior director of business program management in Microsoft Digital. “Launchpad became a way to bring clarity and help them discover what already exists.”

Our curriculum explains how to get the most out of available agents, like our Employee Self-Service Agent. It also supports employees who want to build their own agents, whether by using Agent Builder for no‑code development or utilizing Copilot Studio for light coding (otherwise known as pro‑coding).

“Launchpad covers that full end‑to‑end journey at a time when information feels scattered and overwhelming,” Kerametlian says. “It gives people a structured, guided, modular path from the fundamentals all the way to developing agents, if that aligns with their skills and needs.”

Built for flexibility: Our Agent Launchpad curriculum

Given the broad range of skills and goals that our employees bring to the learning process, our six-module curriculum format was designed around two different tracks: The Explorer path and the Builder path.

“We talk about ‘buffet‑style learning’ a lot at Microsoft, and that applies here—but with AI and agents, many people don’t even know what they need. That’s why we built two learning paths.”

Cadie Kneip, senior business program manager, Microsoft Digital

Participants can sign up for live sessions or, if they prefer a self-guided approach, they can move through our modules on their own schedule. Learners have the option to earn participation badges by finishing modules, completing paths, or achieving other milestones within the curriculum.

“We talk about ‘buffet‑style learning’ a lot at Microsoft, and that applies here—but with AI and agents, many people don’t even know what they need,” says Cadie Kneip, a senior business program manager in Microsoft Digital. “That’s why we built two learning paths. We don’t believe everyone needs to be a builder, but everyone benefits from using agents to do their best work. Our goal is high‑quality agents and great usage experiences.”

Each path aligns with specific parts of our curriculum:

• Explorer path, Modules 1-3: Offering both context-setting information as well as examples and usage guidance for existing Copilot agents, our first three modules are for those who want to understand broader agentic context and enhance their day‑to‑day work with available agentic options.
• Builder path, Modules 1-6: For those who want to build their own agents, our full curriculum includes not only the first three modules but also no‑code agent development in Agent Builder (Module 4), agents that involve pro-coding via Copilot Studio (Module 5), and a showcase for new agents with recorded demos and use cases (Module 6).

As an enterprise-level company, Microsoft employs people with a wide variety of skills and backgrounds. That’s part of why Agent Launchpad works: People can choose their own agentic adventure.

“Launchpad provides a centralized starting point, with clear signposting to other assets and a sense of community. It lets us scale across the company and meet people where they are,” Wooldridge says. “If someone is deeply technical, there’s a path for them. If someone isn’t technical but wants to understand the hype and experiment, there’s a path for them too.”

The Frontier Firm mindset: A new way to think about work

While our Agent Launchpad curriculum includes detailed technical guidance for using and building agents, it’s also vital to emphasize the Frontier Firm mindset that employees need as we collectively approach a new era of AI-based work.

“When our core team was designing what Agent Launchpad would look like, we wanted to make sure we weren’t just tackling the technology, but also the mindset and behavioral changes that come with it.”

Alexandra Jones, director of business programs, Microsoft Digital

In the near future, a human‑led, agent‑operated organization built for the AI era—one in which humans define the outcomes they want, but agents decide how to achieve them—will become the new norm. The first module in our curriculum is designed to make sure that concept lands with learners, and it could be the most important part of the training.

“When our core team was designing what Agent Launchpad would look like, we wanted to make sure we weren’t just tackling the technology, but also the mindset and behavioral changes that come with it,” says Alexandra Jones, a director of business programs in Microsoft Digital. “That’s why we decided to cover the concept of the Frontier Firm—why people’s mindsets need to shift, and how we can address common concerns about AI.”

Agentic AI: A shifting landscape

Given the pace of innovation in the AI landscape, our Agent Launchpad program needed to be resilient, flexible, and minimally dependent on product documentation that might soon be outdated.

“It’s challenging to anticipate people’s needs in such a fast‑moving environment,” Wooldridge says. “We’re only slightly ahead of our employees on this journey ourselves, so we’re learning what’s valuable at the same time they are. That means we’re constantly recreating or updating content—it’s a hamster wheel of creation, delivery, revision, and more delivery.”

The pace of change is an ongoing challenge.

“All of this is part of our evolution. Our first immersive learning experience was Camp Copilot. We learned from that and evolved it into Copilot Expo. Now we’ve iterated again and built Agent Launchpad. It’s essentially version 3.0—the best of what we learned from the earlier programs, retooled around agents.”

Stephan Kerametlian, senior director of business program management, Microsoft Digital

New agents ship constantly. The tools evolve every day, and the technology moves at lightning speed. Keeping Agent Launchpad current remains a priority, and our curriculum is continuously adapting.

“All of this is part of our evolution,” Kerametlian says. “Our first immersive learning experience was Camp Copilot. We learned from that and evolved it into Copilot Expo. Now we’ve iterated again and built Agent Launchpad. It’s essentially version 3.0—the best of what we learned from the earlier programs, retooled around agents.”

Driving interest: Enthusiastic responses to Agent Launchpad

Employees are seeing the value of our curriculum, as strong usage data indicates broad interest in the program. In addition to online engagement with our coursework, thousands of our employees have attended in-person sessions. It’s a level of participation that helps drive the goals of both agentic adoption and the Frontier Firm mindset at Microsoft.

Feedback has been overwhelmingly positive, with employees reporting high satisfaction along with a demonstrable uplift in weekly active agent usage across Microsoft. Many thoughtful recommendations have been captured and turned into insights that will inform our next phase of Agent Launchpad.

“Launchpad unexpectedly became extremely popular—it was supposed to be our pilot, and we didn’t promote it heavily,” Kneip says. “Because of that huge engagement, we want to find more ways to lean into rewards and celebrate people who submit their work, so people feel recognized and come back to learn with us again.”

Key takeaways

Here are some things to keep in mind as you develop your own training programs around the new agentic way of working:

• Understanding how agents work is the new baseline for staying competitive. This is the defining trait of the emerging Frontier Firm: A human‑led, agent‑operated organization built for the AI era.
• Agent Launchpad delivers insights to employees about the fast moving agentic AI landscape. By building on our experiences with Camp Copilot and Copilot Expo, the program gives learners a structured, approachable way to understand, use, and build AI agents in their daily work.
• The curriculum is designed to meet employees where they are. With Explorer and Builder paths, Agent Launchpad supports both agent adoption and agent creation—regardless of technical background or learning style.
• The program helps employees develop a Frontier Firm mindset. The curriculum emphasizes not just how agents work, but how human led, agent operated teams are reshaping the future of work and the new habits we all need to build to leverage them.
• Strong engagement and Copilot usage shows that our participants are benefiting from the program. High participation rates and increased agent usage across Microsoft signal growing confidence, capability, and enthusiasm for agentic AI among employees.

Try it out

Check out a comprehensive webinar series that can help you unlock the full potential of our AI agents.

Related links

• Discover how to build your own agents with Copilot Studio.
• Try our 7 tips for driving Microsoft 365 Copilot adoption with Camp Copilot.
• Explore how Microsoft enables meaningful AI adoption with the Microsoft 365 Copilot Expo.
• Learn how the Copilot Champs Community drives AI tool adoption.
• The Frontier Firm: Discover how knowledge workers are forging their own AI tools at Microsoft.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Skilling up for the future of work at Microsoft with Agent Launchpad appeared first on Inside Track Blog.

Our teams across Microsoft Digital—the company’s internal IT organization—leaned in. We built tools, workflows, and AI enabled solutions at speed. Momentum followed, along with real enthusiasm and growth.

“We did a lot of good work building community and excitement. But at some point, we needed to evolve and put more structure around what we’d built.”

Qingsu Wu, principal group product manager, Microsoft Digital

But increasing scale required us to evolve our approach.

As adoption accelerated, we began to see duplication, uneven governance, and growing gaps between strategy and delivery. What helped us move fast early on wasn’t enough to sustain impact over time.

“We did a lot of good work building community and excitement,” says Qingsu Wu, a principal group product manager who leads the AI CoE at Microsoft Digital. “But at some point, we needed to evolve and put more structure around what we’d built.”

AI agents and solutions began appearing across Microsoft Digital. Different teams solved similar problems. Standards were interpreted differently. Reporting was inconsistent, and in many cases manual.

The question was no longer, “How do we help teams try AI?” It became, “How do we turn AI into consistent, measurable outcomes at scale?”

Answering that question required a change in how our CoE operated.

Rather than acting primarily as an advisory group, the AI CoE evolved into an execution‑focused function. Its role expanded from guidance to coordination, helping set priorities, define guardrails, and connect AI work directly to business outcomes.

The goal wasn’t to slow AI innovation down, but to help it move in the correct direction with more agility and better scalability.

Evaluating AI for Microsoft

The AI CoE connects AI strategy to execution across Microsoft Digital. It operates as a cross‑functional coordination layer that sets direction and creates shared accountability for how AI work gets done.

“We can see patterns that a single team can’t. We’re translating AI CoE strategy and enterprise priorities into clear execution plans that work in each organization’s context. That helps us align priorities and make sure the biggest bets are actually landing.”

Ria Khetan, senior program manager, Microsoft Digital

The CoE brings our leaders and practitioners together from AI, data, responsible AI, and operations to answer questions collectively. We use that cross‑disciplinary view to operate above individual projects without losing touch with day‑to‑day reality.

The CoE looks across the organization and answers questions individual teams can’t answer on their own.

• What AI initiatives are already in flight?
• Which ones matter most to the business?
• Where are teams duplicating effort?
• Where do we need clearer standards or stronger governance?

“We can see patterns that a single team can’t,” says Ria Khetan, a senior program manager in Microsoft Digital who helps lead program management for the AI CoE. “We’re translating AI CoE strategy and enterprise priorities into clear execution plans that work in each organization’s context. That helps us align priorities and make sure the biggest bets are actually landing.”

We’ve designed the AI CoE to act as the connective tissue between leadership intent and execution on the ground. It helps ensure that AI work across Microsoft Digital moves forward with purpose, consistency, and measurable impact.

Building transformation on core pillars

The AI CoE establishes a common structure that helps our teams work toward the same outcomes, even when they are building different solutions.

“We use the CoE to bring consistency to how AI work gets done. It gives us a way to step back and ask whether we’re solving the right problems and whether we’re set up to scale.”

Don Campbell, principal group technical program manager, Microsoft Digital

The operating model is intentionally simple.

AI initiatives are reviewed against shared pillars that help teams think beyond individual projects. These lenses ensure the work aligns to business priorities, can scale safely, has a clear delivery path, and supports responsible adoption.

“We use the CoE to bring consistency to how AI work gets done,” says Don Campbell, a principal group technical program manager who leads AI strategy here in Microsoft Digital. “It gives us a way to step back and ask whether we’re solving the right problems and whether we’re set up to scale.”

Our CoE uses these four pillars to guide our work:

• Strategy. We work with product and feature teams to determine what we want to achieve with AI. They define business goals and prioritize the most important implementations and investments.
• Architecture. We enable infrastructure, data, services, security, privacy, scalability, accessibility, and interoperability for all our AI use cases.
• Roadmap. We build and manage implementation plans for all our AI projects, including tools, technologies, responsibilities, targets, and performance measurement.
• Culture. We foster collaboration, innovation, education, and responsible AI among our stakeholders.

These pillars are the common language that helps us connect strategy to execution and make decisions across all teams and scenarios at Microsoft Digital.

Strategy

Our CoE strategy team’s role is to step back and create clarity.

Our strategy is driven from the organization’s top level, and executive sponsorship is crucial to executing our implementation well. When our transformation mandate comes from the organization’s leader, it resonates in every corner of the organization, every piece of work, and every task. We also encourage and welcome ideas from every level of the organization, empowering individuals to contribute their AI insights.

We maintain a centralized view of AI initiatives across Microsoft Digital, including agents, workflows, and AI‑enabled solutions. That visibility allows our CoE team to identify duplication, surface opportunities to scale successful ideas, and align investments to enterprise priorities. This creates a shared intake and prioritization model.

One of our CoE strategy team’s most significant responsibilities is prioritizing the idea pipeline for AI solutions. All employees can feed ideas into the pipeline through a form that records important details. The strategy team then evaluates each idea, analyzing two primary metrics:

• Business value. How important is the solution to our business? Potential cost reduction, market opportunity, and user impact all factor into business value. As our business value increases, so does the idea’s position in the pipeline priority queue.
• Implementation effort. We focus on clearly defining the problem statement—what the problem is, why it matters, who the customer is, the baseline metrics, and the plan to attribute value pre‑production. This ensures we prioritize AI for the most critical business problems and can measure impact before and after deployment.

By anchoring AI work in business outcomes from the start, the strategy pillar helps ensure the organization’s energy is spent on the work that matters most.

Architecture

Our architecture pillar defines how we help teams scale AI solutions without creating security gaps, compliance issues, or technical debt they’ll have to unwind later.

“The CoE introduces a framework to enable design reviews in the early development phase. We help make sure teams are choosing the right platforms and thinking about security and compliance from the beginning.”

Qingsu Wu, principal group product manager, Microsoft Digital

Before solutions move into broader use, our architecture team helps think through data readiness, platform alignment, and governance requirements. The goal isn’t to prescribe a single architecture, but to make sure foundational decisions won’t limit scale or create risk down the line. Many times, this means doing things before development, while other times it means making improvements after the initial development is done and the product or scenario is launched and being used. We also track our efforts with measurable metrics like usage.

One common pitfall is that teams may gravitate toward the most flexible platforms with full control, without fully understanding the associated security and compliance implications. To address this, we publish clear guidance to help teams choose the right platform—one that strikes the appropriate balance between flexibility and the security and compliance effort required.

Our architecture pillar helps prevent that by reinforcing a set of common expectations. Teams still build locally and move fast, but they do so within a framework that supports reuse, interoperability, and responsible operation built on enabling teams and employees to experiment with guardrails that keep our production systems safe.

“The CoE introduces a framework to enable design reviews in the early development phase,” Wu says. “We help make sure teams are choosing the right platforms and thinking about security and compliance from the beginning.”

Teams are encouraged to build on recommended platforms and services that support enterprise‑grade security, observability, and lifecycle management. This helps ensure solutions can be monitored, governed, and supported over time.

Security and compliance are never treated as downstream checkpoints. Architectural guidance reinforces the need to design with identity, access controls, auditability, and responsible AI principles from the start.

When solutions prove valuable, we look for opportunities to reuse architectural patterns, components, or services rather than rebuilding them in isolation. This reduces duplication and accelerates future work.

Roadmap

Our CoE roadmap team examines our employee experience in the context of our AI solutions and governs how we achieve the optimal experience in and throughout AI projects. It focuses on how our employees will interact with AI. Getting the roadmap right ensures user experiences are cohesive and align with our broader employee experience goals.

We’ve recognized AI’s potential to impact how our employees get their work done.

Their experiences and satisfaction levels with AI services and tools are critical. Our roadmap pillar is designed to encourage experiences across all these services and tools that are complementary and cohesive.

We’re focusing on the open nature of AI interaction.

“We’re surfacing AI capabilities and information when the user needs them, according to their context,” Campbell says. “It makes the user experience and user interface for an AI service less important than how the service allows other applications or user interfaces to interact with it and harness its power.”

A key part of this approach is disciplined experimentation.

Rather than treating every idea as a long‑term commitment, the roadmap pillar helps teams validate value early. Our teams know when they’re in an experimental phase and when they’re expected to operationalize. This gives our leaders a more consistent view of progress and risk. The net result is that dependencies between teams surface earlier, when they’re easier to resolve.

Culture

Our culture pillar ensures that AI adoption across Microsoft Digital is intentional, responsible, and sustainable.

Culture underpins everything we do in the AI space. Ensuring our employees can increase their AI skillsets and access guidance for using AI responsibly are critical to AI at Microsoft.

“We’re driving a shift from ad‑hoc AI usage to intentional, outcome‑driven adoption,” Khetan says. “That requires clarity, education, and shared expectations.”

In practice, that means the culture pillar defines how our teams are expected to adopt AI and integrate it into their work, not just what tools they can use.

Our culture team works with AI champions across the organization to translate enterprise AI priorities into local execution. Those champions act as two‑way conduits, bringing real‑world feedback and blockers back to the CoE and carrying guidance, standards, and learnings back to their teams.

Without this structure, AI adoption tends to fragment as teams experiment in isolation.

Our culture team has published training, recommended practices, and our shared learnings on next-generation AI capabilities. We work with individual business groups at Microsoft to determine the needs of all the disciplines across the organization. That work extends to groups as diverse as engineering, facilities and real estate, human resources, legal, sales, and marketing, among others. 

Responsible AI is embedded throughout that work.

The CoE reinforces responsible AI practices as part of everyday decision‑making—during design, experimentation, and scale. Teams are expected to understand not just what they’re building, but the implications of how they build it.

In the AI CoE, culture isn’t abstract. It shows up in how teams propose ideas, how they design solutions and how they measure success.

Fostering agent innovation

The true value of the AI CoE is evident when strategy, architecture, roadmap, and culture come together around real work.

A clear example of that is how we addressed the rapid growth of AI agents across the organization.

“That’s the core problem we’re trying to solve. In the past, admins had to go to multiple portals just to understand how many agents exist, and they all give different answers.”

Garima Tiwari, principal product manager, Microsoft Digital

Our teams were building agents in different platforms, for different scenarios, and at very different levels of maturity. That flexibility accelerated innovation, but it also made it difficult to answer basic questions.

• How many agents exist today?
• Which ones are in production?
• Which ones touch sensitive data?

The strategy lens helped clarify what mattered most. Our goal wasn’t to inventory every experiment. It was to gain visibility into agents that were active, scaling, or depended on by others, and to ensure those agents aligned to business priorities and Responsible AI expectations.

Architecture quickly followed.

As the CoE looked at how agents were built, we quickly discovered that information about agents was fragmented across tools. Different platforms showed different numbers. Ownership wasn’t always clear. And governance signals were hard to reconcile.

“That’s the core problem we’re trying to solve,” says Garima Tiwari, a principal product manager in Microsoft Digital leading our internal strategy and adoption of Agent 365. “In the past, admins had to go to multiple portals just to understand how many agents exist, and they all give different answers.”

This is where Agent 365—which we use to govern agents here at Microsoft—became a critical enabler.

Agent 365 brings together signals from multiple agent‑building platforms into a single, consolidated view. That visibility allows the CoE and administrators to understand agent inventory, ownership, lifecycle state, and governance posture in one place.

“Agent 365 is really about accurate inventory and observability,” Garima says. “It provides one number we can trust and a way to see how agents are behaving, who they’re interacting with, and whether they’re compliant.”

That architectural clarity changed how decisions were made.

Instead of guessing what was safe to scale, the CoE could see which agents were production‑ready, which needed remediation, and which should remain in experimentation. Security, privacy, and compliance considerations moved to earlier in the lifecycle.

“We can’t scale what we don’t understand,” Wu says. “Agent 365 helps us see what’s actually running so we’re not scaling something blindly.”

The roadmap lens then brought structure to execution.

“What changed was the mindset. Teams started thinking about manageability, security, and scale much earlier, not after an agent was already deployed.”

Don Campbell, principal group technical program manager, Microsoft Digital

Rather than standardizing everything at once, the CoE helped teams sequence work. Some agents stayed in pilot. Others moved toward broader rollout, informed by architectural and governance signals surfaced through Agent 365.

Culture and enablement ran alongside that work.

Teams began factoring operational readiness into design decisions instead of treating governance as a final checkpoint. Agent 365 isn’t positioned as a control tool at the end of the process, but as part of building agents the right way from the start.

“What changed was the mindset,” Campbell says. “Teams started thinking about manageability, security, and scale much earlier, not after an agent was already deployed.”

The outcome wasn’t a single standardized solution.

It was a repeatable approach within a shared CoE framework, supported by platforms like Agent 365, that made scaling AI more visible, more manageable, and more intentional.

That’s what the AI CoE enables at Microsoft Digital.

Key takeaways

If you’re just starting to consider AI usage at your organization, or if you’re already creating a standardized approach to AI, consider the following:

• Start with outcomes, not tools. AI work scales faster when teams align on the business problem first and select technology second.
• Design for scale from day one. Early architectural decisions around data, security, and platforms determine whether solutions can grow—or need to be rebuilt.
• Make experimentation disciplined. Clear paths from prototype to production help teams move fast without committing to ideas that haven’t proven value.
• Treat governance as an enabler, not a gate. Visibility and manageability, supported by platforms like Agent 365, make it easier to scale AI responsibly.
• Create shared accountability. Standard metrics and automated reporting turn AI activity into measurable progress.

Try it out

Learn more about how Microsoft Agent 365 enables agent governance and manageability.

Related links

• Discover, create, and onboard an agent in Agent 365.
• Use and collaborate with agents in Agent 365.
• Learn about responsible AI at Microsoft.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Powering the technical veracity of AI at Microsoft with a Center of Excellence appeared first on Inside Track Blog.

“Make it an expectation in your organization that people will create safety plans and have them for everything,” Zunger says. “People get so excited about having clarity in front of them that they end up making much more systematic, careful plans, and the rate of errors goes down dramatically.”

Learn from our experience 

Read our practical advice about applying security fundamentals to AI.

Key takeaways

Here are questions and ideas to consider as you create a safety plan for your AI systems:

• Define the problem. What problem are you trying to solve? A simple and clear problem statement is always a great starting point before building anything, including an AI agent.
• Outline the solution. What is the basis of your solution? Can you explain your solution to an end user? What does a developer or administrative user of your solution need to know about what it is and does?
• List the things that can go wrong. What can go wrong with your solution? Creating this list is the first step to figuring out how to deal with those issues.
• Document your plan. What is your plan to address identified concerns? Identify the process you will follow when something goes wrong.
• Draft your plan early and update it as your solution matures. Your safety plan can be as simple as a list or outline and should evolve as you prepare to build your solution.
• Get feedback and buy-in. When you review the plan with stakeholders and leaders in your team and organization, you may uncover risks or issues you had not thought of. You also build awareness and agreement on what to do when something goes wrong.
• Make a template and build its use into your processes. This tip is for anyone who leads a team or influences process development. Encourage using a safety template in all your projects to bring clarity and structure to how you work with AI.

Try it out

Discover how to secure agentic AI.

Related links

• Learn more from Zunger about AI security fundamentals.
• Zunger shares one important thing to consider when securing AI. 

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Microsoft CISO advice: The importance of a written AI safety plan appeared first on Inside Track Blog.

Zunger and his team focus on AI safety and security. They consider all the different ways anything involving working with AI can go wrong.

“An important thing to know about AI is that AI’s make mistakes,” Zunger says. “You already know how to work with systems that make mistakes, get tricked.”

Explore Zero Trust for AI

Check out our new Zero Trust for AI tools and guidance.

Try it out

Explore how to extend Zero Trust principles to AI.

Related links

• Discover how to secure and govern autonomous agents.
• Find out how to deploy AI safely.
• Learn about aligning user, developer role, and organizational intent in agent governance.
• Review why it is important to eliminate high privilege access by applications. 
• Meet the Deputy CISOs who help shape Microsoft’s approach to cybersecurity. 

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Microsoft CISO advice: The most important thing to know about securing AI appeared first on Inside Track Blog.

• The case for AI in employee assistance
• Chapter 1: Governance means getting your data right
• Chapter 2: Implementation with intention
• Chapter 3: Driving adoption by breaking old habits
• Begin your journey with the Employee Self-Service Agent

The case for AI in employee assistance

The advent of generative AI tools and agents has been a game changer for the modern workplace at Microsoft. And one of the foremost examples of how we’re reaping the benefits of this agentic revolution is our deployment of our new Employee Self-Service Agent across the company.

Thanks to the power of AI, agents, and Microsoft 365 Copilot, our employees—and workers everywhere—are discovering new ways to be more productive at their jobs every day. Recent research shows that knowledge workers are increasingly seeing big gains from using AI tools for work tasks. According to our Microsoft Work Trend Index:

As an AI-first Frontier Firm, Microsoft is at the leading edge of a transformation that’s bringing this technology into all aspects of our workplace operations. With tools like Microsoft 365 Copilot providing “intelligence on tap,” we’re forging a human-led, AI-operated work culture that enables our employees to accomplish more than ever before.

Bringing AI to employee assistance

As part of this move to embed AI across our enterprise, it was a natural step for us to apply this burgeoning technology to a common pain point for us and many workplaces today—employee assistance.

Workers in organizations large and small face many common issues in their day-to-day jobs. Whether it’s a problem with their device, a question about their benefits, or a facilities request, our typical employee was often forced to navigate a bewildering array of tools, apps, and systems in order to get help with each specific task.

This confusion is reflected in research showing that most workers are dissatisfied with existing employee-service solutions.

Our studies show that most employees have trouble finding the appropriate tools and resources they need to address their workplace-related questions.

Realizing that this was an ideal opportunity for AI, we set out to develop a state-of-the-art agentic solution. At Microsoft Digital, the company’s IT organization, we partnered with our product groups to develop and deploy the Employee Self-Service Agent, a “single pane of glass” that employees can turn to any time they need help. The product is now broadly available in general release.

“With this employee self-service solution, we’re shaping a new era in worker support. With AI, every interaction is intuitive, every resource is within reach, and help feels seamless—creating an experience that empowers our people and accelerates business outcomes.”

Nathalie D’Hers, corporate vice president, Microsoft Employee Experience

Because Copilot is our “UI for AI,” the Employee Self-Service Agent is delivered as an agent in Microsoft 365 Copilot. If your employees have access to Copilot, you can deploy the agent at your company at no extra cost. If your employees don’t have a Copilot license, they can access it via Copilot Chat if it’s enabled by your IT administrator.

For the initial development and launch of our Employee Self-Service Agent, we decided to provide agentic help in three categories: Human resources, IT support, and campus services (real estate and facilities). Every organization will have to make its own determination for which functions to include in their implementation. Note that the agent is inherently flexible and expandable; we plan to add additional capabilities, such as finance and legal, in the future.

We learned many lessons in the almost year-long process of developing and implementing the Employee Self-Service Agent across our organization worldwide. The goal of this guide is to pass on what we learned—including how we used it to provide value to our employees and vendors—to help you prepare for, implement, and drive adoption of your own version of the agent.  

“With this employee self-service solution, we’re shaping a new era in worker support,” says Nathalie D’Hers, corporate vice president of Microsoft Employee Experience. “With AI, every interaction is intuitive, every resource is within reach, and help feels seamless—creating an experience that empowers our people and accelerates business outcomes.”

Before you start: Developing your plan

As you embark on your Employee Self-Service Agent journey, make sure to establish a clear and structured plan. This was a critical step for us in our deployment, and we can say with confidence that it will help you avoid surprises and increase your chances of a successful outcome.

Based on our experience here at Microsoft, the below is a high-level outline of the steps you should consider as you prepare for deploying your agent.

1. Define prerequisites
Start by making sure that all foundational elements for the agent are in place.

• Assign licenses to your employees who will interact with the agent. They will need Microsoft 365 Copilot or Copilot Chat.
• Verify readiness by configuring your Power Platform environments, applying Data Loss Prevention (DLP) policies, and setting up isolation (limited and controlled deployment with guardrails in place) where needed.
• Ensure connectivity with critical systems by confirming that you have appropriate APIs and connectors available and functioning for the essential workplace systems that your organization uses (e.g., Workday, SAP SuccessFactors, and ServiceNow).

2. Identify your core team and responsibilities
Successful implementation of the Employee Self-Service Agent requires collaboration across multiple roles and departments in your organization.

• Business owners from the areas your agent will cover—such as human resources and IT support—can help you define requirements, priorities, success criteria, and telemetry needs.
• Platform administrators, particularly for Power Platform and tenant/identity teams, can manage your technical configuration.
• Content owners and editors are needed to identify the knowledge sources to surface in the agent, curate new knowledge sources, and maintain the data underpinning these sources on an ongoing basis.
• Subject matter experts can provide important “golden” prompt and user scenarios that the agent should prioritize and answer accurately.
• Compliance, privacy, and security leaders and their teams are needed to address risk considerations.
• Support professionals can help build a structure for live agent escalation and ticketing operations (in situations where the agent is unable to provide a solution).
• Focus groups of end users assist with validating requirements and scenarios, as well as help with testing the agent.

3. Establish a clear timeline
We found that creating a schedule for the creation, implementation, and adoption of the agent is crucial. This phased approach will help you maintain momentum and accountability over the duration of the project.

For example, here’s a rough implementation timeline that you might use to gauge your progress:

4. Articulate your vision

Communicate your rollout plan to your team, including timelines and phases, and adjust it based on feedback. Establish clear goals and meaningful success metrics to guide you and make sure your efforts are in alignment with your company objectives. (Note: You may want to consider key upcoming projects or events in your organization and link the agent roadmap to them. This will help you meet your project’s success criteria faster and encourage quicker agent adoption.)

5. Define your governance

This phase will allow you to define policies and standards and conduct a thorough content audit to ensure accuracy, relevance, security, and sustainability.

6. Implement your agent

This phase involves configuration and integration, followed by testing.

7. Roll out the agent while driving adoption and measurement

We advise deploying the Employee Self-Service Agent using a phased, or ringed, approach. We started with a small group of employees, then gradually rolled it out to larger and larger groups  before finally releasing it to our entire organization.

We encouraged adoption with internal targeted communications and promotional efforts. Careful measurement enabled us to track impact and optimize agent performance. This type of concerted change management allowed us to share the latest product developments with our employees and to keep them excited and engaged with the tool.

By investing sufficient time and effort in the planning phase of your deployment, you’ll create a strong foundation for a secure, scalable, and successful self-service agent experience.

Chapter 1: Governance means getting your data right

When a Microsoft employee enters a query into an AI chat tool like Microsoft 365 Copilot, they know that they may not receive an individualized response that is directly specific to their situation. They are aware that they might need to verify the answer they receive with further research and additional sources.

But when it comes to our company-endorsed self-service agent, the stakes are different. Our employees expect to receive accurate and personally relevant responses when they ask for help. This is particularly true for queries related to important personal details, like HR-related questions about leave policies or benefits.

“People expect personally tailored and highly accurate answers, especially for HR moments that really matter. We designed the Employee Self‑Service Agent with that expectation in mind, pairing trusted data and deep personalization with strong governance controls so that privacy, security, and trust are built into every interaction.”

Prerna Ajmera, general manager, HR digital strategy and innovation

Although the Employee Self-Service Agent comes pretrained with basic HR and IT support data, we found that the quality of the responses that our employees receive is directly connected to the accuracy, currency, and depth of the information we provide to the tool. You’ll want to spend the necessary time and effort to make sure that your data governance process is well thought-out and thorough, so that your employees experience the best possible results.

“Employee self‑service has a higher bar than generic AI tools,” says Prerna Ajmera, general manager of HR strategy and innovation. “People expect personally tailored and highly accurate answers, especially for HR moments that really matter. We designed the Employee Self‑Service Agent with that expectation in mind, pairing trusted data and deep personalization with strong governance controls so that privacy, security, and trust are built into every interaction.”

Major considerations for governance

We learned that before you configure your agent, you need to establish guardrails that protect your data’s integrity and that build your employees’ trust. These considerations will form the backbone of your governance framework:

• Managing requirements: Define what the agent must deliver and align your stakeholders on clear, prioritized goals and objectives.
• Determining and managing resources: Ensure you have the right people, systems, and funding in place to support your full product lifecycle.
• Data security: Protect your sensitive employee information with strong controls, compliant storage, and least‑privilege access.
• User access: Establish who can use, administer, and update your agent, with appropriate permissions and guardrails.
• Change tracking: Monitor your updates to content, configurations, and workflows so your agent always reflects your current policies.
• Reviewing: Regularly evaluate your content’s accuracy, the agent’s performance, and your organizational fitness to help you keep your employees’ experience with the agent trustworthy.
• Auditing: Maintain traceability for compliance, incident investigation, and quality assurance across all of your data flows.
• Deployment control: Manage where, when, and how you roll out new versions of the agent to reduce disruption and ensure consistency.
• Rollback: Prepare a fast, safe path to reverting your changes if something breaks.

We found that addressing these considerations early in the process creates a governance structure that is proactive rather than reactive, increasing the quality of responses and setting your organization up for success.

Architecture essentials

Understanding the architecture of our agent helped our governance teams make informed decisions about our configuration and integration. To do that, they needed to review and understand its key architectural components. You’ll need to do the same.

Here’s a list of the different architecture components that our team assessed, to help you get started on your own process:   

• Topics: Structured intents (e.g., “view paystub”) that align to employee questions and drive consistent answers.
• Domain packages: Pre-curated bundles for different agent segments (like HR and IT support) that provide reusable patterns, prompts, and integrations.
• Knowledge sources: Documents, intranet pages, FAQs, and databases that ground responses in authoritative content.
• Connectors: Secure integrations to systems of record (like Workday or SAP SuccessFactors) can help enable read/write operations. (Because the Employee Self-Service Agent was built with Copilot Studio, it has access to more than 1,400 different connectors.)
• Instructions: Governance-approved rules and prompts that shape tone, guardrails, and escalation behavior.

Assessing and preparing your content

A key early governance step is to audit all relevant content in your knowledge bases. This process should include assessing, updating, and, if necessary, restructuring this information before it is ingested by the agent.

An important caveat here is that the agent’s ability to understand which policies and procedures apply to which employee relies on your content having consistent metadata, permissions, and content structure. We found that before feeding your data into the agent, you need to:

• Inventory existing content: Your content will incorporate many different types, such as SharePoint pages, Microsoft Teams posts, PDFs, intranet articles, and knowledge-base documents. The goal of the inventory process is to identify content that is complete rather than outdated, duplicative, or siloed; if there are issues with the content, they should be addressed before loading into the agent.
• Assign knowledge owners: The owners should be SMEs who can help validate, tag, and maintain the content going forward. Part of this process is training up knowledge owners to be able to prepare and maintain content in ways that make it easily consumable by both agents and people.
• Structure content for discoverability: All your content needs to have accurate metadata, well-defined topic pages, and consistent naming so that the agent can surface the right information at the right time.

We found that completing a thorough content audit helps us ensure that the Employee Self-Service Agent isn’t just chatting—it’s delivering trusted, up-to-date answers that save your workers time and effort as they go about their day.

Be aware of tone and conversational flow

Providing vetted and well-structured data to the agent is important, but it’s not the entire battle. You’ll also need to make sure your agent is given clear guidance on conversational tone and instructions on what to do in specific scenarios.

Make sure you incorporate:

• Global instructions: Define the agent’s voice, behavior, and escalation rules to ensure consistency and trust. 
• Topic-level triggers: Map natural language phrases to specific workflows (such as “reset password” or “check PTO”) so the agent routes these common queries correctly.
• Advanced knowledge rules: Prioritize which data sources to use in ambiguous scenarios, and define when the agent should ask clarifying questions.

Taking these steps gave our agent a better chance of being accurate, helpful, and aligned with our organization’s specific preferences.

Addressing common scenarios with “golden” content

Another vital aspect of your content audit is identifying the most frequently accessed information in each topic area.

A good example comes from the preparation of our IT support content for ingestion by the Employee Self-Service Agent. One of the focuses of this effort was on so-called “golden prompts:” the 20 or so topics that generate up to 80 percent of our employee queries (a version of the famous “80/20 rule”).

Our golden prompts are a curated set of scenarios that:

• Represent our critical user workflows and edge cases
• Possess clear, expected responses (golden responses)
• Cover core functionality that must never break

We made sure that the agent was providing high-quality responses for these common scenarios—we recommend you do the same.

Including “zero prompt” content

Another important aspect of your content process should be to develop “zero prompts.” These are preconfigured prompts in the agent that the user can simply click on to get an answer for a common issue or request.

For example, if one of your employees wants to understand how to set up a VPN, they simply click on the zero prompt provided for that topic. The tool then gives them complete instructions on how to set one up.

During our deployment of the agent, one case where we prepopulated the tool with content for a specific, high-demand scenario came when Microsoft made a major announcement regarding employees returning to the office. We knew this policy change would generate a lot of questions from our employees.

In preparation for this, we asked Microsoft 365 Copilot to create a single document that pulled in all the “return to office” material found in its verified HR content database. We then made this document available to the agent. Just by taking that simple step, we saw our user satisfaction ratings in the tool jump from 85 percent to 98 percent for that issue!

In your own deployment, think about what issues and topics generate the most questions from your employees. You can then prepare specific content to address these scenarios, which will increase your chances of success with the agent.

Data security and compliance

Data security was a high priority when we developed our agent, especially because it must necessarily access sensitive HR information on a regular basis. During product development, we made sure that the agent adhered to enterprise-grade security standards, including identity federation, least-privilege access, and encrypted storage.

Because the agent is built on Copilot Studio, it supports robust data-loss prevention features. The agent also complies with regulatory frameworks like General Data Protection Regulation through built-in auditing and data-retention policies.

One of the big advantages that an AI agent has over a static website or similar data source is the ability to personalize responses for each user. At the same time, we had to make sure that the agent had guardrails in place to avoid overexposing sensitive information. This included detailed disclaimers to help call out these kinds of responses and flag them for more careful handling.

Our agent complies fully with our accessibility standards as well. Like all Microsoft products and services, the tool underwent a rigorous review to ensure it was fully accessible for all users.

Responsible AI

Whenever a new AI application is launched, there may be concerns raised about potential challenges regarding bias, safety, and transparency. That’s why the Employee Self-Service Agent follows the Microsoft Responsible AI principles by default.

When you enable the sensitivity topic in your agent, it screens all responses for harassment, abuse, discrimination, unethical behavior, and other sensitive areas. We tested the agent thoroughly for objectionable responses before it was launched to a broad internal audience at Microsoft.

In addition, the agent includes an emotional intelligence (EQ) option. This feature is designed to make responses more empathetic, context-aware, and relevant for diverse user audiences. It analyzes the conversation’s context and tailors the agent’s replies to ensure that users feel understood and valued throughout their session (which could be particularly relevant for any conversations related to sensitive HR topics, such as family leave). The EQ option is customizable and can be turned off by your product admins.

Key takeaways

The following are important considerations for data governance when you deploy your Employee Self-Service Agent:

• Employee expectations regarding accuracy and relevance are high for employee self-service tools, which makes data governance a key aspect of your deployment.
• Consider which data repositories are best to incorporate into your agent, and make sure they are up-to-date and well-structured. This process requires a thorough content audit.
• Pay special attention to the so-called “golden prompts” that make up a large percentage of expected queries. The agent’s answers to these questions should be top-notch.
• Restructuring content can improve response quality. When we anticipated huge interest in a particular topic, such as workplace policy changes, we restructured our content on that subject and saw a significant jump in user satisfaction.
• Build your agent to meet or exceed high standards for data security, privacy, and Responsible AI. These are vital concerns for any product that has access to sensitive personal information.

Learn more

How we did it at Microsoft

• Learn how we’re getting the most out of agents internally here at Microsoft with good governance. This story shares what our Microsoft Digital governance team learned while deploying AI-driven tools here at Microsoft.   
• Find out how we’re unlocking enterprise AI extensibility internally with Microsoft Copilot Studio. This post explains how we’re empowering our employees to create and extend Copilot-based agents using Copilot Studio.
• Read about how we’re infusing responsible AI principles into all our AI tools and projects at Microsoft. An article that explores the Microsoft Responsible AI Standard and how it informs our work with AI technologies at Microsoft Digital.

Further guidance for you

• Explore Microsoft Learn documentation for Microsoft Copilot Studio to read about key concepts in governance and security.
• Examine Microsoft Learn content related to security and data protection in Power Platform.
• Conduct the Microsoft 365 Copilot Optimization Assessment to understand your level of AI adoption and chart your course.
• Access Microsoft Learn documentation for Microsoft 365 Copilot to learn about data, privacy, security, and Zero Trust principles.

Chapter 2: Implementation with intention

Deploying a powerful and versatile tool like the Employee Self-Service Agent is no simple task. It requires guidance and buy-in from top leaders at the company, as well as detailed planning and execution across disparate parts of your organization. Here, we identify some of the key steps that we took here at Microsoft that can help guide you when launching your own self-service agent.

Determine category parameters

One of the first major decisions around implementing the agent is deciding which business function—we call them agent starters—to choose for your initial implementation.

We recommend starting with HR support or IT help (we started with HR). Both agent starters can be deployed into a single Employee Self-Service Agent experience, but they must be deployed one at a time. 

So you know, we’ve built the Employee Self-Service Agent to be connectable with other first- or third-party Copilot agents, enabling a seamless handoff to these agents without having to navigate to other tools or interfaces.

Understanding your deployment steps

There were four essential stages involved in the deployment of our agent, each with multiple steps. Here’s a quick rundown that you can use at your company:

1. Preparation for deployment
   • Establish roles: Define who will manage, configure, and support the tool, assigning responsibilities to ensure accountability during deployment.
   • Set up your environment: Prepare the necessary hardware, operating system, and network configurations so the agent can run smoothly.
   • Set up third-party system integration: Ensure your infrastructure can securely connect and exchange data with external systems that the agent will need to integrate with.
2. Installation
   • Install the agent: Deploy the core Employee Self-Service Agent software on the designated servers or endpoints.
   • Install accelerator packages: Add any desired connectors that enable the agent to communicate with commonly used systems for HR, payroll, IT support, etc.
3. Customization
   • Configure the core agent: Adjust default settings to align with your organization’s policies and workflows.
   • Identify knowledge sources: Specify where the agent will pull information from, such as internal knowledge bases or FAQs.
   • Provide common questions and responses: Add employee FAQs to improve the agent’s ability to respond quickly and accurately.
   • Identify sensitive queries: Flag questions and responses that involve confidential or regulated information to ensure they’ll be handled securely.
4. Publication
   • Approve the agent: Complete internal reviews and compliance checks to confirm the agent meets your organizational standards before full rollout.
   • Publish the agent: Make the configured agent available to your employees in your production environment.

Customization

The Employee Self-Service Agent operates as a custom agent within Copilot Studio, using our AI infrastructure via the Power Platform. The agent is constructed on a modular architecture that allows you to integrate it with your own enterprise data sources using APIs, prebuilt and custom connectors, and secure authentication mechanisms.

To streamline this integration process, we provide a library of prebuilt and custom connectors through both Copilot Studio and Power Platform. Preconfigured scenarios include connecting to major enterprise service providers such as Workday, SAP SuccessFactors, and ServiceNow. (View the full list of connectors offered by Copilot Studio.)

These connectors facilitate data exchange with the following systems and other agents in this ecosystem:

• HR information systems
• IT systems management
• Identity management
• Knowledge base platforms

We found that third-party integrations require setup effort and technical expertise across stakeholders in your tenant. Be sure to get buy-in and involve all relevant departments that will be impacted.

Rollout: A phased approach

As previously noted, we started our agent with HR content and then added IT support (we later expanded to include campus services help as well). We rolled the agent out to different groups of employees and geographic regions around the world over the course of months, adding new knowledge sources to the different categories at each step along the way. This gave us an opportunity to gather user data and refine performance of the tool as we went.

Adding campus support services required us to handle queries and tasks related to dining, transportation, facilities, and similar subjects. This was a challenging addition, because the facilities and real estate space—unlike the HR and IT support areas—doesn’t have many large service providers, which are easier to provide prebuilt connectors for.

One area that did lend itself to prebuilt connectors, however, was facilities ticketing.

Because many of our campus facilities vendors use Microsoft Dynamics 365, we were able to create an out-of-the-box connector in the agent for their ticketing process. You can take advantage of these kinds of preconfigured tools in your deployment.  

Key takeaways

Here are some things to remember when implementing the Employee Self-Service Agent at your organization:

• Decide which starter agent you will deploy first. We recommend starting with a single agent covering one area (vertical), such as HR or IT support, and then expanding from there.
• Consider a phased rollout to allow time to refine responses and ramp up the number of topic areas and knowledge sources installed in your agent.
• Use the prebuilt connectors to make it easier to integrate the agent with your existing systems.We developed customized connectors for major HR and IT service providers and a Microsoft 365 Dynamics connector to integrate with our many facilities vendors around the world.

Learn more

How we did it at Microsoft

• Learn how we’re embracing this “agentic” moment at Microsoft. This post describes how we’re integrating agents into many of our workflows and processes at the company.
• Get our step-by-step guide to how we’re unleashing API-powered agents at Microsoft. This article describes what we’ve learned from deploying agents internally at the company.

Further guidance for you

• Learn how to prepare for a successful Microsoft Employee Self-Service Agent implementation. This Microsoft 365 Copilot Blog story includes a webinar video on the same topic.
• Discover a step-by-step guide to getting your organization prepared for the Employee Self-Service Agent.
• Check out our Microsoft Learn content about deploying the Employee Self-Service Agent.
• Learn more about the customizable accelerator packs that come with the Employee Self-Service Agent.
• Read our Microsoft Learn content about installing the agent.
• Explore Microsoft Learn content about customizing your agent.
• Dive into detailed information about integrating the agent with Workday, ServiceNow, and SAP SuccessFactors.
• Work through this learning path to discover how you can create agents with Copilot Studio.

Chapter 3: Driving adoption by breaking old habits

Once upon a time, when our employees needed help with a technical issue or an HR question, they literally picked up the phone and called the relevant internal phone number. That quickly evolved into an email-centered system, where employee questions were sent to a centralized inbox that would then generate a service request. Still later, chat-based help was introduced.

Using AI to handle employee questions and service requests is a natural step in this evolution, as large-language models were built to parse vast data repositories and return the right information (often with the help of multi-turn queries and responses). And by encouraging self-service, an AI agent can help meet employee needs faster while saving the organization’s staffing resources for other needs.

But getting employees to change their habits and use a tool like the Employee Self-Service Agent wasn’t going to be as easy as just flipping a switch. Here’s how we handled this important change management task at Microsoft.

Adoption across verticals

A key principle that we learned during the adoption process was that 80% of our change management activities for the agent are applicable to all our verticals (whether it be HR, IT support, campus facilities, or another category). We didn’t need to reinvent the wheel each time we added to the topics that the agent covered.

This allowed us to create a change management “playbook” that we could use each time we expanded to a new category. So, while roughly 20% of the strategies we used were specific to that vertical, the vast majority were the same, which saved time as we moved through onboarding the different categories.

Leadership is key

To get our employees to change the way they ask for help, we found it essential to get the support of our key leaders, something we refer to as “sponsorship.”

We found that good sponsorship doesn’t just come from your central product, communications, or marketing groups. It is equally vital to invest in relationships with local leadership in different regions as you roll out the agent (especially in multinational companies like ours).

Local leaders understand the various regional intricacies—including language, functionality, and the rhythm of the business—that can help inspire their segments of the workforce to adopt a new tool, and then evangelize it to others in turn. Working closely with these kinds of sponsors will help you pull off a successful adoption campaign.

If you have works councils, be sure to seek out your representatives and solicit their feedback on your agent experience early on. You can help them understand how the agent was developed and trained, then address any concerns they raise.

We’ve found that once our works councils are made aware of the careful processes we go through to protect user privacy, and to ensure compliance with our Responsible AI standards, they become enthusiastic supporters and can help promote agent adoption. (Read more about our experience with our works councils and the Microsoft 365 Copilot rollout.)

Defining your messaging

Work with your internal communications team to come up with a well-planned messaging framework for your agent rollout. Based on our experience, it’s likely you’ll need to communicate across a wide variety of teams and organizations like HR, IT, facilities, finance, and so on.

It’s important to be clear about how you’re positioning the product for your employees. This will allow you to develop both overall messaging for general use, but also content tailored to specific teams or employee roles. The more sophisticated your messaging, the more likely it is to be effective in encouraging user adoption of the agent in their regular workflow.

Listening to feedback

As Customer Zero for the company, our employees are our best testers and sources of feedback during our product development process. The Employee Self-Service Agent was no different, and we continue to gather crucial feedback and user data throughout the internal adoption process.

Because the agent is a tool centered on helping your workers resolve challenges and get quick answers to questions, you’ll want to set up your own systems for capturing their feedback and make sure the agent is meeting a high-quality bar.

We found that setting yourself up for success when it comes to listening to your employees involves two major aspects: Developing and deploying a system for gathering employee sentiment about the product, and then creating a system for analyzing that feedback and funneling the findings back to your IT team.

Some of the types of feedback and methods we used to gather it during the development process included:

• User-testing data
• User satisfaction ratings
• User surveys, interviews and other research
• Voice of the customer (in-product feedback)
• Pilot projects and focus groups (smaller segments of users)
• IT support incidents
• Usage data and telemetry
• Community-based early adopter feedback (similar to our Copilot Champs community)
• Social media feedback and comments

You can choose from among these options to set up your own feedback mechanisms, or come up with something customized to your implementation.

Calibrating your usage goals

Remember that the Employee Self-Service Agent is not an all-purpose AI tool like Microsoft 365 Copilot, which your employees might use a dozen times a day. Instead, they may only need assistance from HR or IT support, tools, and information sources a few times a week (or even less). Your usage targets should be calibrated accordingly.

At the same time, the more categories of assistance you add to the agent, the more your usage levels can grow—along with user expectations.

When we decided to add campus support (dining, transportation, and facilities-related needs and queries), one of the motivators was to provide information that users might need on a more regular basis. This addition helped us increase adoption and build daily usage habits for the agent among our employees.

Making the agent your front door for employee assistance

Your employees may have longstanding habits around the ways that they seek assistance, such as moving quickly to email a service request, or immediately engaging a live support technician. There might even be someone helpful in the office next to them that they lean on for IT support. We’re aware that breaking such habits can be a challenge.

That’s why we decided to change our own employee-assistance workflows. In the case of HR, we are planning to remove the option to email a centralized alias for help, which was the default in the past. This forcing function will instead prompt our employees to turn to the agent first for assistance, creating a “front door” for all our HR service requests.

For our IT support function, we are switching from a Virtual Agent chatbot to the Employee Self-Service Agent, which should provide users with a richer experience and a higher rate of resolution.

Of course, our main goal is for the agent to handle an employee’s issue without having to seek further assistance. But what happens when the agent cannot resolve their problem or handle their request? That’s why we’ve also implemented a “smooth handoff”—either to create a service request or connect the user to a live agent for specialized assistance.

There are three key steps in this process:

1. The Employee Self-Service Agent can identify when the user has reached a point where they need to move to a higher level of assistance via a live agent or a service request. (Note that we also allow the employee to make that determination for themselves.)
2. We then give them different options for how they want to connect to live support.
3. When the employee is transferred to a live technician, the Employee Self-Service Agent is able to pass on the chat history from its session with the user. That way, the technician or staff support can quickly get up to speed on the situation, see what the employee has already asked about and tried, and start helping them immediately.

Enabling the employee to quickly and smoothly transition to a higher level of support without leaving the chat increases user satisfaction and makes them more likely to return to the agent the next time they need assistance.

Strategic outreach to employees

Of course your workers, like ours, are busy with their day-to-day job functions. They may be resistant to trying a new tool or going through special training on how to access employee assistance. Or they may just not know about it.

Because of our regionally phased rollout of the agent, email was one of the most effective tools we used to connect with specific audiences and make them aware of the tool. With specific email lists, we could make sure that only employees in that phase of the rollout were seeing the message.

A key aspect of getting our employees to adopt any new tool is reinforcement—the process of sustaining behavior change by providing ongoing incentives, recognition, and support. Some of the reinforcement strategies we used for the agent included:

• Targeted communications: Emails and organizational messages invited employees to try the agent as they received access
• Multi-channel campaigns: Promotion of the agent via portals, newsletters, digital signage, and more to keep it at the forefront of employee minds
• Training: Workshops and micro-learning sessions about the agent
• Social campaigns: Posts highlighting the tool to increase awareness and gather employee feedback (see details below)
• Leadership support: Managers modeled usage of the agent and promoted it regularly
• Processes: The tool was part of regular employee workflows

One very important communications channel that we used in our adoption efforts was Microsoft Viva Engage. We set up a private Engage community for the Employee Self-Service Agent, then populated it with each new wave of users as they were given access to the tool (eventually all were given access when the tool went companywide).

We used this channel for various kinds of messaging:

• General product awareness
• Updates on new or changing functionality
• Answering questions or addressing frustrations (two-way dialogue between users and the product team)
• Fun and helpful “tips and tricks” that users could try (these could come from the product team, leadership, or individual product “champions”)

We also inserted messages about the new agent into our regular communications with different audiences, including HR professionals, IT support personnel, and internal comms staff at the company. And we regularly messaged company leaders about it, so they could encourage their teams and direct reports to support the effort and evangelize for the tool.

One thing we did was make clear to our employees that even though the agent was not able to handle an issue today, it might be able to in a month or two. That’s why ongoing communications to users was important.”

Prerna Ajmera, general manager, HR digital strategy and innovation

Of course, as a natural language chat tool, the Employee Self-Service Agent doesn’t require formalized training. The product itself is designed to guide users and allow them to experiment, simply by stating their needs in plain language. Most employees will already be familiar with AI tools like Microsoft 365 Copilot, so effectively using an AI-powered employee-assistance agent should be a low bar to clear.

Managing expectations

Your Employee Self-Service Agent rollout will be an ongoing journey as you add topic areas, functionalities, and other product features. Your product roadmap will evolve as you learn more about what your employees need with this kind of AI solution.

One factor to consider is how to set realistic user expectations about what the agent can do while the product matures and improves. As we gradually rolled out the tool, we messaged that the agent was in “early preview,” which helped avoid employee disappointment when it couldn’t handle a specific request.

“One thing we did was make clear to our employees that even though the agent was not able to handle an issue today, it might be able to in a month or two,” Ajmera says. “That’s why ongoing communications to users was important, as new capabilities were added and speed and accuracy improved.”

We also created messaging for early users indicating that their testing was an integral part of making the tool more effective. This created a positive feedback loop while also keeping employee expectations reasonable.

How we measured success

Carefully tracking and analyzing your success metrics throughout your development and release of the product is a high priority. Without this step, you are working in the dark.

At Microsoft, we identify the key performance indicators (KPIs) for a particular product and then use them as our North Star for any internal release. But the specifics of those KPIs can vary from product to product.

For example, measuring the monthly average user (MAU) statistics might be extremely important for an all-purpose productivity tool like Microsoft 365 Copilot. But for an employee-assistance tool, the goal is not necessarily regular use, because employees aren’t constantly facing challenges that require help (we hope). Usage statistics may also be affected by certain events or cyclical needs, such as annual employee reviews or a major technology change (like a significant Windows update).

With this in mind, we identified certain key metrics for the Employee Self-Service Agent. In this case, the top KPIs included:

• Percentage of support tickets deflected
• Net satisfaction score
• Latency period
• Reliability
• Total time savings
• Total cost savings
• Identified and prioritized issues (reported back to product group)

Overall, we focused on the rate at which employees were able to resolve issues without opening a support ticket, as this would likely generate the greatest return on time and cost savings. We came up with an overall target across the different verticals of 40% ticket deflection, and we’re making solid progress toward this goal as we continue to refine and improve the agent.

Part of our measurement process is a monthly progress meeting of key project stakeholders, where all KPIs are evaluated to see if our targets are being met. If the results do not meet expectations, we identify the potential causes and discuss what adjustments need to be made to address these shortfalls.

Key takeaways

Here are some key things to remember when it comes to adoption efforts for your Employee Self-Service Agent:

• Don’t reinvent the wheel. Most of your change management and adoption strategies for the agent will be the same across different regions and help categories.
• Line up product sponsors. Finding leaders and others across the organization to help you promote the Employee Self-Service Agent within their own groups, functions, and regions can make a big difference in gaining employee trust and encouraging adoption.
• Set up proper listening channels. You’ll want to gather as much feedback as possible from your employees as you roll out the agent so you can understand what is working well and what needs improvement. This kind of feedback loop can also make your employees feel heard and help them shape the tool.
• Make the shift to agent-first help. Employee habits for seeking assistance can be resistant to change. We decided that turning off the “email to create a service ticket” workflow was a great way to nudge our workers to recognize the agent as the first option for their assistance needs.
• Be strategic in your communications. Use tools like email, Viva Engage, and other appropriate communications channels to target your communications and encourage a two-way conversation with employees about the agent. Sharing fun tips and encouraging peer support are other ways to increase awareness and engagement with product.
• Identify your key metrics. We determined our benchmarks for success for this particular type of agent, then tracked them and made the results available to key stakeholders. This allowed us to measure the impact and effectiveness of the product.

Learn more

How we did it at Microsoft

Although some of the blog posts below are about adoption efforts related to Microsoft 365 Copilot, they can give you ideas on how we promote internal adoption of agentic AI products at Microsoft.

• Find out how we’re reimagining campus support with the Employee Self-Service Agent. This post describes how we targeted popular employee queries—such as “What’s for lunch?”—to drive adoption of our new agentic tool in the facilities and real estate space.
• Read about how we drove Copilot adoption using Microsoft Viva. This article explains how Viva provides a powerful suite of tools that can assist with your adoption efforts.
• Learn how we created an internal Microsoft 365 Copilot Champs community to help drive adoption of the tool. This article covers how we created a special community of Copilot enthusiasts at Microsoft, who provided peer training and support for their coworkers’ Copilot journeys.  
• Discover how we built an AI-powered continuous improvement culture at Microsoft. This article provides a detailed examination of how we use data to track adoption and continuously improve our products and processes within Microsoft.
• See how we’re supercharging our internal communications with Microsoft Viva. This post explains how we use tools like Viva engage to build trust and encourage two-way dialogue with our employees about important topics, company initiatives, and key product rollouts.

Further guidance for you

• Explore the formal Adoption Guide for the Employee Self-Service Agent.
• Read the product group’s guide for deploying an Employee Self-Service Agent.
• Check out our Microsoft Learn content about collecting usage data and feedback on the Employee Self-Service Agent.

Begin your journey with the Employee Self-Service Agent

Agentic AI offers incredible promise to transform employee productivity, giving individuals access to powerful tools that enable them to accomplish more. We believe the Employee Self-Service Agent is another step along that path, allowing workers to get instant help with tasks that used to be cumbersome and time-consuming.

“We’re excited to get the Employee Self-Service Agent out and into the hands of our customers, so that they can reap the same benefits that we’re already seeing from it. As we continue to refine the product and expand the number of verticals it can cover, we expect to realize exponential efficiency gains and capture even more cost savings across our entire organization.”

Brian Fielder, vice president, Microsoft Digital

Now that you’ve read about our experience deploying the tool, it’s time to start your own journey. Successful implementation means your people will spend less time on the phone with support staff or hunting through web pages and other resources for help with routine employment tasks and more time devoted to their productive work, reducing job-related pain points and frustrations.

You can benefit from the lessons we’ve learned and the many helpful features and capabilities that we’ve built into this product, all of which are designed to make your implementation as fast, easy, and effective as possible.

“We’re excited to get the Employee Self-Service Agent out and into the hands of our customers, so that they can reap the same benefits that we’re already seeing from it,” says Brian Fielder, vice president of Microsoft Digital. “As we continue to refine the product and expand the number of verticals it can cover, we expect to realize exponential efficiency gains and capture even more cost savings across our entire organization.”

Key takeaways

Here are some of the essential top-level learnings we gleaned from our deployment of the Employee Self-Service Agent, which you should keep in mind as you start out on your own deployment path:

• Identify and engage the right people. You’ll need buy-in and advocacy from leaders across the organization; the involvement of key stakeholders from HR, IT, legal, and compliance; and technical guidance from admins, license administrators, environment makers, and knowledge-base subject matter experts.
• Develop your plan. Understand the major phases of governance, implementation, and adoption of the tool, and make sure that you have adequate resources and support for each phase.
• Verify the quality of your content. Your chances of success will be better if you undertake a thorough content assessment to address the currency, accuracy, and structure of all relevant knowledge bases. Pay particular attention to the topics and tasks that are in greatest demand by employees when they access help services.
• Consider a phased rollout. Releasing your Employee Self-Service Agent to progressively larger groups of workers across your organization allows you to gather data and feedback and improve the performance and relevance of the agent over time. You can also expand the number of categories that your agent covers as you go, increasing the impact and appeal of the tool.
• Communicate strategically to promote adoption. Convincing employees to break longstanding habits when seeking help is a challenge. Email is helpful for targeting specific groups of employees, but be sure to use tools like Viva Engage to create community, answer questions, provide fun tips and tricks, and announce new capabilities and options.
• Set clear goals and measure against them. Come up with a targeted set of KPIs that reflect your organization’s needs and aspirations, then develop a plan to capture data for each of these indicators and a regular reporting cadence to keep stakeholders informed of progress toward your goals.

Learn more

How we did it at Microsoft

• Read the official Employee Self-Service Agent product release announcement.
• Learn how we’re accelerating employee services at Microsoft with the Employee Self-Service Agent.
• View a series of Microsoft Learning Community videos about deploying the Employee Self-Service Agent.
• Explore the Microsoft Learn content related to the Employee Self-Service Agent.
• Discover how we’re tackling Microsoft 365 Copilot governance internally at Microsoft.
• Explore our leaders’ guide to enterprise AI maturity in five steps.
• Watch a video from the Understanding Microsoft Agents series devoted to the Employee Self-Service Agent.

Try it out

• Learn more about how you can begin your own journey with the Employee Self-Service Agent.

We’d like to hear from you!

• Want more information? Email us and include a link to this story, and we’ll get back to you.

The post Deploying the Employee Self‑Service Agent: Our blueprint for enterprise‑scale success appeared first on Inside Track Blog.

As our ecosystem of AI tools expands, so does our responsibility and opportunity. We have to guide the process with the right structure, clarity, and confidence.

“With Agent 365, IT leaders can confidently embrace this innovation through a unified control plane that provides the capabilities that enterprises need to ensure agents are governed, observable, and secure—regardless of which tools, frameworks, or models were used to create them.”

Brian Fielder, vice president, Microsoft Digital

We approach the governance of AI as a task we’re shaping in real time while observing the different ways our people are using AI in their daily work.

That’s the advantage of being Customer Zero here in Microsoft Digital, the company’s IT organization. We’re living this transformation across Microsoft 365 every day, evolving our governance model alongside the evolution of AI and agents.

“With Agent 365, IT leaders can confidently embrace this innovation through a unified control plane that provides the capabilities that enterprises need to ensure agents are governed, observable, and secure—regardless of which tools, frameworks, or models were used to create them,” says Brian Fielder, vice president of Microsoft Digital.

Our governance approach is built around two complementary control planes: Microsoft Agent 365 for agents and Copilot controls for Microsoft 365 Copilot.

“We’ve seen the rapid pace of innovation firsthand. As Copilot evolves and agents expand, the control planes we use must evolve also. New AI and agent capabilities raise the bar for governance and management, so at Microsoft Digital, we’re working with our product teams to evolve the management to keep the company secure, informed, and ready for whatever comes next.”

David Johnson, principal architect, Microsoft Digital

These control planes are supported by the four fundamental concepts that we apply to every enterprise system we operate: security, governance, management, and observability.

“We’ve seen the rapid pace of innovation firsthand,” says David Johnson, principal architect in Microsoft Digital. “As Copilot evolves and agents expand, the control planes we use must evolve also. New AI and agent capabilities raise the bar for governance and management, so at Microsoft Digital, we’re working with our product teams to evolve the management to keep the company secure, informed, and ready for whatever comes next.”

This model gives us a consistent way to support new capabilities, encourage responsible experimentation, and help our employees adopt AI and agents with fewer hurdles.

Expanding our AI governance practices

As AI use evolves within our organization, we’re seeing clear patterns emerging. Copilot goes well beyond chat. It can execute tasks, create and modify content directly inside apps, connect systems, and coordinate multi‑step work through agents. The AI ecosystem is becoming more effective at boosting productivity with model choices, agent-to-agent orchestration, and agent mode within applications that leverage natural language to complete tasks.

These patterns are exciting, move fast, and expand how we think about governance.

The shift became clear as teams across Microsoft began experimenting with new AI capabilities in the last few years. Accelerating Copilot usage showed us how quickly people adopt tools to help them work better and faster. Rapid agent growth showed us how much value workers get when AI takes on more complex, multi‑step tasks. These expansions pushed us to evolve our security, governance, and management approaches alongside the technology.

That’s what led us to define two complementary control planes for Copilot and agents—not because one replaces the other, but because they serve complementary roles in the ecosystem. Copilot goes beyond chat, surfacing intelligence directly inside apps, workflows, and context to help people work smarter in the flow of their apps. Agents take on broader responsibilities across services, teams, and data boundaries.

By recognizing the different types of work that Copilot and agents do, we’re better equipped to manage and govern them. We can apply consistent principles, tailor the controls to each type of tool, and give employees a clearer understanding of how each AI capability behaves. It’s an approach that grows with technology, instead of forcing everything into a single frame.

Building governance on foundational pillars

As Copilot and agents expand across Microsoft 365 and the rest of our product offerings, we’ve anchored our approach on the fundamentals of security, governance, management, and observability. These principles have shaped our enterprise systems for years. What’s changing is how we apply them to a fast‑moving AI ecosystem.

Security and governance

Security and governance are the baseline for us at Microsoft. Every new capability—whether it’s Copilot helping you draft, find, or create content, or an agent running an automated workflow—must adhere to security and governance principles.

“The Microsoft 365 admin center is becoming the place where controls come together. Policies, observability, and configuration are in a single experience, so admins don’t have to hunt across multiple portals. That consolidation makes it easier for us to understand how AI is behaving in our tenant and what controls we have available to guide it.”

Mike Powers, senior systems engineer and AI admin, Microsoft Digital

Products like Microsoft Purview and Defender allow us to better understand what data our AI tools are accessing, for how long, and where additional guardrails might be needed as features and usage evolve.

Management

Management completes the foundation, and measurement is how we track our progress.

As AI tools take on more responsibility, we needed a unified way to manage access, lifecycle, and configuration. Agent 365 is evolving the Microsoft Admin Center to serve as a central focal point for agent management and observability. Agent 365 brings together agent information and controls that were previously scattered across different admin experiences and puts them in one coherent place.

“The Microsoft 365 admin center is becoming the place where controls come together,” says Mike Powers, a senior systems engineer and AI admin in Microsoft Digital. “Policies, observability, and configuration are in a single experience, so admins don’t have to hunt across multiple portals. That consolidation makes it easier for us to understand how AI is behaving in our tenant and what controls we have available to guide it.”

It’s how we track adoption, quality, and business value like time saved and reduction in operational costs. It’s how we identify what’s working, where to invest next, and how we can guide product teams with real‑world insights. We look carefully at active agents, usage patterns, assisted hours, sentiment, and the outcomes our people achieve with AI. Different audiences share the same goal: using telemetry to make AI better.

Together, these principles allow us to evolve our governance model without slowing innovation. They give us a steady foundation in a rapidly expanding environment—one where Copilot and agents will continue to grow, intersect, and unlock new ways of working.

Observability with Microsoft Agent 365

The widespread use of agents is an accelerating trend here at Microsoft. We use them to automate multi‑step tasks, build applications in plain language, connect systems, and streamline work that previously depended on manual coordination.

As the number of agents grows and becomes more autonomous, we need a management approach that matches their scale and autonomy. That’s what Microsoft Agent 365 gives us—a control plane designed for AI and agentic workloads that operate across platforms and traditional admin boundaries.

Agent 365 provides a registry for agents that lets us discover and understand how agents behave across Microsoft 365. It shows us who built them, who can use them, and what data they can access. From a single admin console, we can observe and manage agents created across different platforms. Day to day, Agent 365 gives AI admins agent observability we didn’t have before, and a way to connect insight to action.

“Agents represent a significant and growing workload that tenant administrators manage as part of day‑to‑day operations,” Powers says. “Agent 365 helps bring clarity to a diverse and rapidly scaling agent population by providing a centralized place to observe and manage how agents operate. This centralized approach is bringing together admin teams like never before so we can apply broad expertise to agent management.”

That clarity matters.

Agents behave differently than Copilot experiences. They can run continuously, trigger processes automatically, and touch systems across organizational boundaries. By treating them as advanced workloads, we can apply governance that supports experimentation without losing control over the ecosystem.

Agent 365 gives teams the confidence to build agents, knowing there’s a clear, consistent framework behind them. It helps ensure agents scale responsibly, are discoverable, and align to the enterprise patterns that keep Microsoft secure and productive.

Keeping track of Copilot controls

We rely on Copilot controls to give us a unified way to govern how different Copilot experiences show up for employees.

Copilot controls aren’t a single product. It’s a fabric of controls, insights, and guardrails that help us guide Copilot usage as it grows. It brings together settings, reports, and policies that once lived across separate admin surfaces and connects them into one coherent system.

“Copilot controls bring everything into one place, so admins don’t have to jump across different reports. It gives them a holistic view of Copilot health. That includes licenses, sentiment, usage, and recommendations. It’s everything they need to understand how Copilot is working in our tenant.”

Amy Ceurvorst, direct of business programs, Microsoft Digital

At its core, Copilot controls help us manage three things:

• Who has access
• How the experience is configured
• How we measure adoption and value

It’s how we track whether licenses are assigned as expected, whether teams are using Copilot regularly or occasionally, and where configuration gaps may exist. It also recommends changes that can make Copilot more effective and secure.

As Copilot evolves, our Copilot controls will evolve with it. New features, security patterns, and use cases all plug into the same foundation. That gives admins a rhythm they can rely on, even as the technology continues to move rapidly.

It also gives business leaders clearer visibility into how Microsoft 365 Copilot helps people work—how often it’s used, what tasks it supports, and where impact shows up.

“Copilot controls bring everything into one place, so admins don’t have to jump across different reports,” says Amy Ceurvorst, a director of business programs in Microsoft Digital. “It gives them a holistic view of Copilot health. That includes licenses, sentiment, usage, and recommendations. It’s everything they need to understand how Copilot is working in our tenant.”

That clarity is critical. It helps us guide Copilot responsibly without slowing its momentum. It gives our admins confidence in how the experience behaves. It gives our engineering teams the feedback they need to keep improving the platform. And it gives our employees a secure, well‑governed environment where they can adopt Copilot at their own pace.

Applying Agent 365 and Copilot controls as Customer Zero

We use Agent 365 and Copilot controls every day. They help us understand what AI is doing inside Microsoft, how these tools are evolving, and where we need to focus our efforts next.

These systems give us visibility we didn’t have a year ago, as well as a way to move faster without losing alignment across security, IT, and business teams.

“Measurement tells us what’s really happening. It shows us where people are finding value and where they need help. We can see the friction points, the successful patterns, and the opportunities that aren’t obvious from the surface. Having that level of insight lets us give the product team clear, actionable feedback.”

Tanya Roberts, senior business program manager, Microsoft Digital

Understanding how agents perform in the real world is essential. With Agent 365, we look at what’s being created, what’s actively being used, and which workflows people rely on most. We review how agents are scoped and published, and we check whether they’re operating as expected. These signals help us see emerging patterns—what’s gaining traction, what’s causing confusion, and where we need clearer controls.

The same applies to Copilot.

Copilot controls give us a consolidated view of how Copilot appears across the tenant—licenses, usage, sentiment, and recommended configuration changes. We use that data to advise product groups, flag issues early, and help business teams to adopt Copilot in ways that make sense for their work. Internally, these insights reduce friction. Externally, they help shape the product.

Cross‑team collaboration is essential. Security teams watch for data exposure risks. IT teams manage configuration and rollout. Business units surface scenarios they want to enable. We coordinate across all these groups so Copilot and agents can scale smoothly.

Measurement ties it all together.

“Measurement tells us what’s really happening,” says Tanya Roberts, a senior business program manager in Microsoft Digital. “It shows us where people are finding value and where they need help. We can see the friction points, the successful patterns, and the opportunities that aren’t obvious from the surface. Having that level of insight lets us give the product team clear, actionable feedback. We can connect the dots between what people are trying to do and what the technology needs to support next.”

This is how we make AI real and practical. We learn from what happens in production, evolve the controls, and feed those lessons back into the product. It’s an ongoing cycle that grows stronger as adoption increases.

Looking forward

The AI landscape isn’t slowing down. Copilot will keep getting smarter and more broadly used across other apps and services. Agents will take on more complex work. And the boundaries between them will continue to blur as new capabilities emerge across Microsoft 365. That’s why our governance model has to evolve alongside the technology.

We’re designing for a future where AI spans more systems, touches more data, and supports more business processes. That means deeper integration between Agent 365 and our Copilot controls; more connected signals across security, management, and measurement; and governance patterns that hold up no matter how AI capabilities shift.

We expect the control planes we use will continue expanding in ways that give admins even more clarity. We’re looking forward to seeing richer telemetry across Copilot and agents. We plan to develop simpler ways to scope, publish, and update AI workloads. And we anticipate more advanced governance features, which will help organizations understand not just what AI is doing, but why it’s doing it.

Our work with Microsoft product teams as Customer Zero will continue to shape this evolution. As part of this process, we can provide real‑world insights about how AI behaves at enterprise scale. That feedback is already influencing how controls show up in the Microsoft 365 admin center and how Agent 365 is expanding to support new workloads. These feedback loops will only get stronger over time.

We’re building our AI management approach into a living system that adapts to new capabilities, new risks, and new opportunities. A system that supports innovation instead of slowing it down. And one that keeps Microsoft—and our customers—confident as the AI stack keeps changing.

Key takeaways

If you’re establishing governance for Copilot and AI agents in your organization, consider these actions to drive responsible, scalable adoption:

• Start with governance fundamentals. Use security and governance, management, and observability as your pillars before layering in other tools or processes. Many of the same fundamentals that unblock Copilot provide the reason why a tenant can be comfortable with knowledge-only agents. 
• Understand the unique and intersecting governance paths for Copilot and agents. Both have some of the same fundamentals but Copilot and agents have distinct AI controls, with different responsibilities, risks, and oversight needs.
• Use measurement to guide decisions. Track usage, value, sentiment, and friction to understand how AI is performing and where you need to refine the experience.
• Make governance a shared responsibility. Bring together security, IT, business leaders, and product teams to ensure clarity, alignment, and end‑to‑end control.
• Design governance that evolves. Adopt controls that can adapt as Copilot grows, agents mature, and new AI capabilities enter the stack.
• Prioritize clarity for builders and admins. Keep patterns simple, make guidance visible, and ensure that controls are easy to understand so your teams can adopt AI confidently.
• Invest in the AI admin role. Create space for a dedicated AI admin role and skill up AI Admins with deep, cross‑platform expertise, including SharePoint, Power Platform, Azure AI Foundry, Entra identity, and Exchange. Yes, agents will soon have their own mailboxes. In the evolving world of agents, effective administration depends on knowing how agent lifecycle is tied to the platforms where they are created and operate. 

Try it out

• Get started with Microsoft Agent 365 at your company.
• Learn more about Copilot controls.

Related links

• Learn more about our Microsoft Agent 365 product launch. 
• Check out our story announcing our internal rollout of Microsoft Agent 365 here at Microsoft.
• Find out more about how we’re tackling Copilot governance internally at Microsoft.
• Learn more Control controls security and governance.
• Find out how we’re riding the wave of agents washing over Microsoft with good governance.
• Use Agent 365 in the Microsoft 365 admin center.
• Manage Microsoft 365 Copilot scenarios in the Microsoft 365 admin center.
• Explore the tools, practices, and policies regarding Responsible AI at Microsoft.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Shaping AI management at Microsoft with Agent 365 and Copilot controls appeared first on Inside Track Blog.

Answers got sharper. Delivery sped up. New patterns of development emerged across teams working with Copilot agents.

That ease of communication, however, comes with a responsibility: Protect the conversation.

Questions came up like, who’s allowed to speak? What can they say? And what should never leave the room?

Microsoft Digital, the company’s IT organization, and the Chief Information Security Officer (CISO) team, our internal security organization, are leaning on those questions to help us shape our strategy and tooling around MCP internally at Microsoft.

“With MCP, the problem is not the inherent design; it’s that every improper server implementation becomes a potential vulnerability. Even one misconfigured server can give the AI the keys to your data.”

Swetha Kumar, security assurance engineer, Microsoft CISO

Our approach is intentionally straightforward.

Start secure by default. Use trusted servers. Keep a living catalog so we always know which voices are in the room. Shape how agents communicate by requiring consent before making changes.

We minimize what’s shared outside our walls, watch for drift, and act when something looks off. Our goal is practical governance that lets builders move fast while keeping our data safe.

That’s the risk we design for, and it’s why our controls prioritize clear ownership, simple choices, and visible guardrails.

“With MCP, the problem is not the inherent design; it’s that every improper server implementation becomes a potential vulnerability,” says Swetha Kumar, a security assurance engineer in the Microsoft CISO organization. “Even one misconfigured server can give the AI the keys to your data.”

Understanding MCP and the need for security

MCP is a simple standard that lets AI systems “talk” to the right tools and data without custom integration work. Think of it like USB‑C for AI. Instead of building a new connection every time, teams plug into a common pattern. That standardization delivers speed and flexibility—but it also changes the security equation.

Before MCP, every integration was its own isolated conversation.

“Now, one pattern can unlock many systems,” Kumar says. “It’s a win and a risk. When AI can reach more systems with less effort, we must be precise about who’s allowed to speak, what they can say, and how much gets shared.”

We frame this as communications security.

The question isn’t just, “Is this API secure?” It’s “Is this a conversation we trust?” We want to know which servers are in the room, what actions they’re permitted to take, and how we’ll notice if something changes. At the same time, we keep the cognitive load low for builders. They choose from trusted options, see clear prompts before an agent makes edits, and move on. Simple choices lead to safer outcomes.

“MCP enables granular control over the tools and resources exposed to the Large Language Model,” Kumar says. “But that means the developer is responsible for configuring it correctly—which tools an agent can see, what actions a server can take, and what context is shared.”

This approach helps both sides.

Product teams get a consistent way to extend their agents while security teams get consistent places to add guardrails—at discovery, access, and throughout the flow of requests and responses. Everyone operates from the same playbook.

When we treat MCP this way, we protect the conversation without slowing it down. We know who’s speaking. We know what they can do. And we can prove it.

Assessing MCP security across four layers

Every MCP session creates a conversation graph. An agent discovers a server, ingests its tool descriptions, adds credentials and context, and starts sending requests. Each step—metadata, identity, content, and code—introduces potential risk.

We evaluate those risks across four layers so we can catch failures early, contain blast radius, and keep conversations in bounds.

However, the big picture is just as important as the details.

“We take a holistic view of MCP security: start with the ecosystem, then specify controls across the four layers,” Kumar says. “The layers make the work concrete, but the goal stays the same—unified governance, shared education, and faster detect-and-mitigate when a server is at risk.”

Applications and agents layer

This is where user intent meets execution. Agents parse prompts, discover tools, select actions, and request changes. MCP clients live here, deciding which servers to trust and when to ask for user consent.

• What can go wrong
  • Tool poisoning or shadowing. A server advertises safe‑looking actions but performs something else.
  • Silent swaps. A tool’s metadata changes and the client keeps trusting an altered “voice.”
  • No sandbox. The agent can request edits or run code without strong guardrails.
• What we watch for
  • Unexpected tool descriptions or capabilities at connect time.
  • Edit attempts on critical resources without explicit user consent.
  • Abnormal tool‑selection patterns across sessions.

AI platform layer

The AI platform layer includes the AI models and runtimes that interpret prompts and call tools, along with orchestration logic and safety features.

• What can go wrong
  • Model supply‑chain drift. Unvetted models, unsafe updates, or compromised fine‑tunes change behavior.
  • Prompt injection via tool text. Descriptions and responses steer the model toward unsafe actions.
• What we watch for
  • Model provenance and update cadence tied to agent behavior changes.
  • Signals of jailbreaks or instruction overrides in prompts and intermediate messages.
  • Output drift linked to specific tools or servers.

Data layer

This layer covers business data, files, and secrets the conversation can touch.

• What can go wrong
  • Context oversharing. Session data, files, or secrets get packed into the model’s context and leak to a third‑party server.
  • Over‑scoped credentials. Long‑lived tokens, broad scopes, or wrong audience claims enable lateral movement.
• What we watch for
  • Size and sensitivity of context passed to tools.
  • Token hygiene, including short lifetimes, least‑privilege scopes, and correct audience claims.
  • Data egress patterns that don’t match a tool’s declared purpose.

Infrastructure layer

The infrastructure layer includes compute, network, and runtime environments.

• What can go wrong
  • Local servers with too much reach. Excessive access to environment variables, file systems, or system processes.
  • Cloud endpoints without a gateway. No TLS enforcement, rate limiting, or centralized logging.
  • Open egress. Servers call out to the internet where they shouldn’t.
• What we watch for
  • All remote MCP servers registered behind the API gateway.
  • Runtime signals, such as authentication failures, burst traffic, or unusual geographies.
  • Network policies that restrict outbound calls to certain targets.

Across all four layers, the throughline is AI communications security. We decide who can speak and verify what was said—and keep listening for change.

Establishing a secure-by-default strategy

We start by closing the front door. We recommend every remote MCP server sits behind our API gateway, giving us a single place to authenticate, authorize, rate‑limit, and log. There are no direct calls and no blind spots.

“Everything we do starts with securing the MCP server by default and that begins by registering it in API Center for easier discovery. We rely solely on vetted and attested MCP servers, ensuring every call comes from a trusted footprint.”

Prathiba Enjeti, principal PM manager, Microsoft CISO

Next, we decide who gets a voice.

Teams choose from a vetted list of MCP servers. If someone connects to an unapproved endpoint, they receive a friendly nudge and a clear path to register it. No shaming—just fast correction and a better inventory the next time around.

Identity comes next. Servers expect short‑lived, least‑privilege tokens with the right scopes and audience. Admin paths require strong authentication, and where possible, we use proof‑of‑possession to bind tokens to the client and reduce replay risk. Secrets don’t live in code, keys rotate, and audit trails are in place.

“Everything we do starts with making the MCP server secure by default and that begins by registering it in API Center for easier discovery,” says Prathiba Enjeti, a principal product manager in the Microsoft CISO organization. “We only use vetted and attested MCP servers. That’s how we keep the conversation safe without slowing it down.“

On the client side, we slow agents at the right moments. Agents can’t touch high‑risk tools without explicit consent. Tool descriptions are verified on connection and compared to approved contracts. If a tool’s “voice” drifts, we block the call.

We also minimize what’s shared.

Context is trimmed to what the task requires. Sensitive data isn’t included by default, and third‑party servers get only what they need—not the whole transcript. Output filters and prompt shields sit alongside the model to prevent risky inputs from becoming risky actions.

Isolation completes the design. Local servers run in containers with tight file and network permissions. Hosted servers allow only the outbound calls they need, and inbound traffic flows through the gateway, with TLS and logging enforced.

Simple rules with visible guardrails.

“We only use vetted MCP servers,” Enjeti says. “That’s how we keep the conversation safe without slowing it down.”

How we run MCP at scale: architecture, vetting, and inventory

We keep MCP safe by making three things intentionally boring: architecture, vetting, and inventory. One defined path. One vetting flow. One living catalog.

Architecture

We recommend remote MCP servers sit behind an API gateway, giving us a single place to authenticate, authorize, validate, rate‑limit, and log. Transport Layer Security (TLS) is required by default, and for sensitive endpoints, we can require mutual TLS. Outbound egress is pinned to approved destinations using private endpoints and firewall rules, so servers can’t “call anywhere.” Runtime protection continuously watches for credential abuse, injection patterns, burst traffic, and odd geographies.

Identity is established up front. We issue short‑lived, least‑privilege tokens with the correct audience and scopes, and admin paths require strong authentication. Where supported, tokens are bound to the client to reduce replay risk. Services use managed identities or signed credentials; secrets don’t live in code, and keys rotate on schedule.

Model‑side safety travels with every conversation. Content safety and prompt shields help models ignore risky inputs, while orchestration enforces a per‑tool allowlist, so an agent can’t call tools that aren’t in policy—even if the model suggests it. We also track model versions, allowing behavior changes to be correlated with updates.

Clients enforce consent at the edge. “Ask before edits” is enabled by default for write, delete, and configuration changes. When an agent connects, it verifies tool descriptions against the approved contract.

Observability ties it all together. We’re working toward logging tool calls, resource access, and authorization decisions end‑to‑end with correlation IDs. Detections flag abnormal tool selection, unexpected data egress, or edits without consent. Every server has an owner, a contract, and an approval record, and metadata changes automatically trigger re‑review. Kill switches live at both the client and the gateway when we need them.

Vetting

We don’t “connect and hope.”

Before any MCP server can speak in our environment, it earns trust. Owners declare what the server does (tools and actions), what it touches (data categories and exports), how callers authenticate (scopes and audience), and where it runs (runtime and on‑call ownership).

We start with static checks: manifests must match the contract, side‑effecting actions must be consent‑gated, tokens must be short‑lived and properly scoped. A SBOM (Software Bill of Materials) must be present, dependencies must be current, and no credentials can be embedded in code.

Then we test like a client would. We snapshot tool metadata on connect and compare it to the approved contract, probe for prompt‑injection and tool‑poisoning, and verify that “ask before edits” triggers for destructive actions.

We also confirm context minimization, validate that egress is pinned to approved hosts, and test resilience under load, including health checks, retry behavior, and isolation using containers with least‑privilege file and network access. Servers are published only when security, privacy, and responsible AI reviews are complete, runbooks and on‑call are in place, and the registry entry is created and pinned.

Inventory

“Inventory is the foundation—if we miss a server, we miss the conversation. Every server, regardless of where it’s running or how it’s deployed, must be accounted for in our system.”

Priya Janardhanan, principal security assurance engineering manager, Microsoft CISO

You can’t govern what you can’t see, and MCP shows up in more places than a single system of record. To solve that, we’re building the map from signals and stitch them into one catalog.

“Inventory is the foundation—if we miss a server, we miss the conversation,” says Priya Janardhanan, a principal security assurance engineering manager at Microsoft CISO Operations. “Every server, regardless of where it’s running or how it’s deployed, must be accounted for in our system. Without a complete inventory, we lose visibility into critical operations, risk exposing sensitive data, and undermine our ability to ensure compliance and security.”

Our goal state is that Endpoint telemetry catches developer‑run servers on laptops and workstations. Repos and CI pipelines reveal intent before anything ships. IDEs (Integrated Development Environments) surface local extensions and configured endpoints. The gateway and our registries anchor what’s approved for business data, while low‑code environments tell us which connectors are in use and where they point.

We normalize and correlate those signals with stable IDs for servers, tools, and owners. Ownership is proven through repositories, gateway services, and environment administrators—on‑call contacts included. Exposure is scored based on data touches, scopes requested, egress rules, and change history, so high‑risk items rise to the top of the queue.

Freshness is tracked with last‑seen timestamps, and stale entries are retired over time. Builders can discover and reuse approved servers; reviewers can see what changed since the last approval, and admins get instant visibility into coverage and hotspots.

We’re working toward automated identification and notification for unknow servers. In the ideal state, a registration stub is created when we detect an unknown server on an endpoint. Then, the likely owner is notified, and direct calls are blocked until the server is vetted through an automated process. If tool metadata changes after approval, high-risk actions are paused and routed for re-review, then auto-resumed once approved.

“It all revolves around inventory as the foundation,” Janardhanan says. “If we miss a server, we miss the conversation.”

“Agent 365 tooling servers will allow centralized governance for IT admins. That means a single pane where they can see what’s approved, who owns it, what data it touches, and then apply policy.”

Aisha Hasan, principal product manager, Microsoft Digital

Architecture gives us stable choke points. Vetting keeps weak servers out. Inventory keeps our map current. It’s a single pattern for builders and a unified playbook for security.

Governing agents in low‑code and pro-code scenarios

Makers move fast—that’s the point. A Customer Support team needed a Copilot action to pull case history, so they opened Copilot Studio, selected an approved MCP connector, and shipped a first version before lunch. No tickets. No detours. Governance showed up in the flow, not as a blocker.

“Agent 365 tooling servers will allow centralized governance for IT admins,” says Aisha Hasan, a principal product manager at Microsoft Digital. “That means a single pane where they can see what’s approved, who owns it, what data it touches, and then apply policy. We’re moving toward that consolidation so innovation continues while governance gets simpler and more consistent.”

We place guardrails where makers already work. In Copilot Studio, trusted and verified first-party MCP servers are allowed in developer environments to accelerate innovation and encourage experimentation. Riskier or complex MCP integration is available in Copilot Studio custom environments and other pro-code tools such as Microsoft 365 Agent Tool kit in VS Code and Microsoft Foundry, but only with clear checks: service ownership, security and privacy review, responsible AI assessment, and consent gating for high‑impact actions.

The allowlist is our north star.

Approved MCP servers and connectors live in one catalog with documented owners, scopes, and data boundaries. Makers choose from that shelf. If an MCP server uses an unverified tool, we enforce endpoint filtering. If there is misconfiguration, we open a task for the owner and help them build securely.

Permissions stay tight without adding cognitive load. Tokens are short‑lived and scoped to the task. Context is trimmed so only the necessary fields flow to the tool. Third‑party servers never get the full transcript. If a connector’s capabilities change, the runtime compares the new “voice” to what we approved. MCP Clients should pause risky actions, notify the owner, and resume automatically once reviewed.

With agent inventory in Power Platform Admin Center and registry in Agent 365, admins get a clean view on which connectors are active, who owns them, what data they touch, and how often they’re called. Organization policies such as DLP and MIP can be enforced in a unified way , with a re‑review when capabilities change. The goal is simple: let builders innovate confidently and securely while maintaining security and compliance.

“MCP servers are powerful AI tools that enable agents to seamlessly integrate and interact with enterprise data and transform business workflows,” Hasan says. “That means the same enterprise data and governance principles are applied equally to MCP servers and other connectors. A robust inventory, an agile policy framework, and an automated workflow for enforcement are cornerstones for successfully governing agents at scale.”

Securing MCP at scale: Operating, monitoring, and enabling

Our work doesn’t stop at go‑live. Once an MCP server is in the catalog, we operate the conversation like a service: measurable, observable, and responsive. Identity and policy guard the front door, but runtime is where we prove the controls work without slowing anyone down.

In practice, operating MCP at scale comes down to four motions:

Observe every tool call end to end. We make the flow observable. Every tool call carries a correlation ID from client to gateway to server and back. Prompts, tool selections, authorization decisions, and resource access should belogged with consistent schemas. Golden signals—latency, errors, saturation—sit alongside safety signals like unexpected egress or edits without consent. Owners and security teams see the same dashboards.

Detect drift and abnormal behavior early. Detection lives close to the work. We flag abnormal tool patterns, spikes in write operations, burst traffic from new geographies, and context sizes that don’t fit a task. We continuously compare a tool’s “voice” at connect time to the approved version; drift automatically pauses risky actions and pings the owner. Cost controls double as guardrails, using rate limits and budgets to cap blast radius and surface runaway loops early.

Respond with precision instead of blunt shutdowns. Response is graded, not binary. We can block destructive actions and allow reads, or throttle a noisy client without killing the session. Kill switches exist at both the client and the gateway. Playbooks are pre‑approved and integrated into the consoles owners already use, and dry runs are part of muscle memory, so the first switch flip doesn’t happen during an incident.

We treat model behavior as part of operations. Content safety and prompt shields run in production, not just in tests. We pin model versions and watch for output drift after updates. If a model starts suggesting tools out of character, the owner gets paged with the exact prompts and calls that triggered it.

Telemetry respects privacy. Logs avoid sensitive payloads by default and mask what must pass through for forensics. Access is role‑based, retention follows policy, and audit readiness is designed in on day one.

Enable builders through templates, education, and reuse. Adoption and education run in parallel. Builders get templates that enable best practices: sample manifests with consent gates, CI checks for token scope and SBOMs, and gateway stubs with sane defaults. A “ten‑minute preflight” runs locally to verify contracts, test consent flows, and check egress before a pull request is opened. IDE lint rules catch common issues early.

“This is how we operate MCP at scale,” says Janardhanan. “Observe the conversation, detect drift early, respond with precision, and teach habits that make the right path the easy path. We run it like a product because that’s what it is.”

Measuring results and moving forward

This program has changed how we build. Reviews move faster because every server follows the same path. Drift is caught early because clients compare a tool’s “voice” on connection. Shadow servers decline as inventory fills in from endpoint, repo, IDE, and gateway signals. Reuse increases because teams can discover trusted servers instead of creating new ones. Incidents resolve faster with correlation IDs across the conversation and kill switches at both the client and the gateway.

It’s also changed how our admins work. One gateway means one perimeter to manage. Policies land once and apply everywhere. Owners see the same telemetry security sees, so fixes happen where the work happens.

Going forward, we’re focused on more consolidation and automation. We’re moving toward a single pane for MCP governance—approve, monitor, and pause from one place. Policy-as-code will keep allowlists, consent rules, and egress boundaries versioned and testable in CI.

Our preflight checks will get smarter, with stronger injection tests, automatic egress validation, and environment‑aware templates. We’ll expand consent patterns so high‑impact actions remain explicit and auditable, even across multi‑tool chains. And we’ll keep shrinking re‑review time, so drift is measured in minutes, not days.

AI conversations are now part of how we build every day. MCP standardizes how agents talk to tools and data. Secure‑by‑default architecture, rigorous vetting, and a living inventory, ensure the right voices stay in the room, only what’s needed is shared, and drift is caught early.

The result is simple: teams ship faster with fewer surprises, and governance stays visible without getting in the way. We’ll keep tightening the loop, so saying yes remains both easy and safe.

Key takeaways

If you’re implementing MCP security, consider these key actions to ensure secure, efficient adoption in your organization:

• Build governance into the maker flow. Embed security, consent, and responsible AI checks directly where teams build—so protection shows up by default, not as an afterthought.
• Maintain a single allowlist and catalog. Centralize approved MCP servers and connectors with clear ownership, scope, and data boundaries.
• Enforce scoped, short-lived permissions by default. Automatically limit token scope and duration to minimize risk and exposure.
• Monitor continuously and detect drift early. Observe activity, flag deviations, and pause risky actions until reviewed and approved by owners.
• Automate incident response and controls. Leverage pre-approved playbooks, kill switches, and rate limits for fast, precise action.
• Design for privacy and auditability from day one. Mask sensitive data, restrict log access by role, and endure audit readiness.
• Promote education and reuse. Provide templates, training, and feedback loops to encourage safe development and adoption of trusted servers.

Try it out

Get started with MCP Server.

Related links

• Learn more about MCP Server.
• Explore Microsoft API Management documentation to secure and govern MCP servers behind a single gateway.
• Get started with Copilot Studio Kit Compliance Hub.
• Get started with Microsoft Copilot Studio security and compliance for custom connectors and actions.
• Understand Microsoft’s Zero Trust guidance app‑to‑app communication.

We’d like to hear from you!

• Want more information? Email us and include a link to this story and we’ll get back to you.

The post Protecting AI conversations at Microsoft with Model Context Protocol security and governance appeared first on Inside Track Blog.