Copilot: Agents with M365 & Foundry

Key insights

• Demo summary: Franck Cornu demonstrated, in a Microsoft 365 community call, how to combine the Copilot Retrieval API, the M365 Agents SDK, and the Microsoft Foundry Agent Service to build grounded, enterprise-ready AI agents that run inside Teams and other M365 surfaces.
  
• End-to-end flow: Teams bots authenticate users, call the Copilot Retrieval API to fetch permission-trimmed content, use the M365 Agents SDK for agent logic and coordination, and push live results back into Foundry agents with proper citations for traceability.
  
• Copilot Retrieval API details: Send a queryString (up to 1,500 chars) to run hybrid semantic-lexical searches; target sources via dataSourceConfiguration, scope results with filterExpression (KQL), and receive per-extract relevanceScore (0–1). The API returns up to 25 chunks per source to ground responses.
  
• M365 Agents SDK capabilities: Build declarative agents that access Outlook, Teams, mail, and meeting insights; support agent-to-agent calls for complex workflows and use working sets for personalization and context preservation.
  
• Foundry service role: The Microsoft Foundry Agent Service hosts scalable RAG workflows, manages orchestration and compatibility, and provides analytics for agent operations and deployments during preview and production stages.
  
• Security and value: The stack improves grounding to reduce hallucinations, enforces permission trimming, supports KQL and Purview controls for compliance, and scales with batching and paging — enabling secure, production-ready agents that cite sources and respect data access rules.
  

Overview

The Microsoft-authored blog post reviews a demonstration video that shows how to combine the Copilot Retrieval API, M365 Agents SDK, and the Microsoft Foundry Agent Service to build enterprise AI agents. The session, led by Franck Cornu, walks through an end-to-end architecture in which Teams bots authenticate users, fetch data from Microsoft 365 using semantic search, and return live, cited results into Foundry agents. In addition, the demo emphasizes grounded responses, permission-aware access, and agent-to-agent coordination. Overall, the video positions this stack as a practical route for production-ready, retrieval-augmented generation solutions.

Demo Highlights

First, the presenter shows a working pipeline where a user query triggers a Teams bot that calls the Copilot Retrieval API to fetch permission-trimmed content from SharePoint and OneDrive. Next, the demo illustrates how the M365 Agents SDK interprets those results, applies ranking and table extraction, and then hands that grounded context to Foundry-hosted agents. Furthermore, the session demonstrates live updates and adaptive cards so users see refreshable content and accurate citations. Consequently, the example makes clear how the pieces interact in a real scenario rather than staying at a purely conceptual level.

How the Stack Works

The technical flow begins with natural language queries sent to the Copilot Retrieval API, which returns up to a limited number of relevance-ranked chunks and metadata. Then, the M365 Agents SDK acts as the agent runtime, enabling declarative logic, agent coordination, and access to more M365 insights like mail and meetings. Finally, the Microsoft Foundry Agent Service orchestrates deployments and manages compatibility for components used in production environments. Together, these layers let developers ground language model prompts with live enterprise data while preserving identity and permission context.

Tradeoffs and Performance Considerations

Balancing grounding and latency remains a central tradeoff for teams adopting this approach. On one hand, deeper grounding—such as fetching more chunks, doing hybrid semantic-lexical search, and extracting table content—improves accuracy and reduces hallucinations, but it also raises response time and compute costs. Conversely, returning fewer, more targeted results speeds interactions but increases the risk of missing crucial context. Therefore, teams must tune parameters like chunk limits, paging sizes, and batching to match their use case for responsiveness versus completeness.

Another important tradeoff involves permission trimming and data usefulness. Strict permission enforcement and compliance integration protect sensitive content, yet overly narrow filters can starve agents of context and degrade usefulness. In addition, agent-to-agent orchestration adds power but increases system complexity and debugging overhead. Hence, organizations need strong telemetry, testing, and incremental rollouts to balance security, accuracy, and maintainability in production systems.

Challenges and Practical Limits

Authentication and identity correlation are practical challenges highlighted in the demo, particularly when Teams bots must act on behalf of users across multiple M365 sources. Implementing end-to-end permission trimming requires careful handling of tokens and connector admin controls to avoid data leaks. Moreover, scaling multi-agent systems presents operational hurdles because agent coordination can create unpredictable behaviors and hidden costs if not governed properly.

Another set of challenges centers on grounding quality and citations. While relevance scores and table extraction improve traceability, they do not eliminate all risk of incorrect synthesis, especially when external federated connectors introduce heterogeneous formats. Thus, teams should combine automated checks with human review in high-stakes workflows and invest in monitoring to detect drift in relevance and accuracy.

Implications and Next Steps

For organizations exploring this stack, the demo suggests a pragmatic pathway: start with focused use cases where permissions and ROI are clear, then expand toward more complex agent orchestration. Transitioning from prototype to production benefits from Foundry’s orchestration features, batching and paging optimizations, and the SDK’s built-in connectors. Meanwhile, investing in logs, user feedback loops, and compliance tooling will reduce operational risk as agents take on broader responsibilities.

Finally, while the combined approach offers clear gains in grounding and orchestration, teams should plan for iterative tuning and cross-functional governance. By doing so, they can capture the advantages of accurate, enterprise-ready agents while managing latency, cost, and security tradeoffs. The YouTube demo captures these themes and gives a solid, practical blueprint for organizations ready to build grounded agents within Microsoft 365 environments.

Keywords

Copilot Retrieval API guide, M365 Agents SDK integration, Microsoft Foundry Agent Service, Build AI agents for Microsoft 365, Copilot and Foundry integration, Scale enterprise agents with Foundry, Retrieval-augmented generation Copilot, M365 agent architecture best practices