Microsoft 365 Copilot: Proxy Agent
Software Development Redmond, Washington
Proxy agent pattern demo links customer AI to Microsoft Copilot via Azure Bot Service and Entra ID with GitHub sample
Key insights
- Proxy Agent and Microsoft 365 Copilot: The proxy agent pattern lets organizations expose an existing, customer-built AI agent inside Microsoft 365 Copilot without reworking the agent’s internal orchestration.
It uses a thin adapter layer to translate messages and handle connectivity while your backend keeps controlling the AI workflow. - Architecture and flow: Users enter via Copilot Chat, which sends activities through Azure Bot Service to the proxy agent built with the Microsoft 365 Agents SDK.
The proxy normalizes requests and forwards them to your existing backend, which runs the actual single- or multi-agent logic. - Authentication and security: The solution uses Entra ID and an on-behalf-of token exchange to provide secure SSO and user identity flow.
Make sure the bot messaging endpoint is publicly reachable so Copilot can deliver activities to your proxy. - Main benefits: The pattern preserves your existing agentic architecture and avoids duplicating orchestration in Copilot integration code.
It enables single-engine reuse across channels and keeps the channel plumbing separate from AI logic, simplifying maintenance and scaling. - Supported patterns: The proxy supports multi-agent backends and asynchronous agent patterns, allowing background tasks and follow-up interactions rather than only immediate replies.
This makes it suitable for complex workflows and long-running operations. - Demo and implementation notes: Microsoft’s webinar demos a GitHub sample that includes a Copilot debugging skill showing a proxy receiving activities and forwarding them to a backend.
Teams can register and manage integrations through the Foundry portal or the Microsoft 365 Agents Toolkit. If helpful, I can produce a step-by-step checklist or a text architecture diagram next.
Video summary and context
The YouTube video, published by Microsoft, presents a CAT AI Webinar titled “Connecting customer-built AI to Microsoft 365 Copilot: The Proxy Agent Pattern.” In the session, Microsoft experts walk viewers through a reference architecture that surfaces externally built AI agents inside Microsoft 365 Copilot without reworking the agent’s core orchestration. Consequently, the focus is on a lightweight intermediary that handles connectivity, authentication, and message translation while leaving the original backend in control of AI workflows.
The webinar also includes a demo of an open-source GitHub sample, which features a Copilot debugging skill to illustrate the pattern in practice. Moreover, the session explains how single sign-on and on-behalf-of token exchange work via Azure Bot Service and Entra ID. Overall, the video aims to help organizations adopt agents in Copilot by offering practical guidance, code samples, and architectural tradeoffs.
How the proxy agent pattern works
At the core of the approach is a thin intermediary called a proxy agent that connects Copilot to an existing AI backend. The proxy receives activities from Copilot Chat, normalizes requests using the Microsoft 365 Agents SDK, performs authentication flows, and then forwards the request to the customer’s backend for processing.
Importantly, the pattern relies on publicly reachable messaging endpoints so that the Azure Bot Service can deliver activities securely to the proxy. Then, the backend can run either a single agent or a multi-agent orchestration engine and send responses back through the same proxy, which relays them to Copilot. This separation keeps channel plumbing distinct from AI logic and supports asynchronous workflows when background processing is required.
Benefits and practical advantages
One clear advantage is that organizations can bring their own agent to Copilot without rewriting orchestration logic, which saves time and reduces risk. Furthermore, by using a stateless, low-complexity proxy, teams can scale and deploy integrations faster than rebuilding a full orchestration layer inside Microsoft’s surface area.
Additionally, the pattern promotes reuse: the same backend that serves Copilot could also serve Teams, web apps, or other channels, improving consistency across customer experiences. Moreover, the clean separation of concerns simplifies maintenance and debugging, since developers can focus on the existing AI backend independently from Copilot-specific plumbing.
Tradeoffs and technical challenges
Nonetheless, this approach has tradeoffs that organizations must weigh. For instance, relying on a public endpoint introduces exposure and networking considerations, and teams must ensure robust security controls and reliable connectivity. Although the pattern uses secure token exchange via Entra ID, careful design around identity, permission scopes, and token lifecycles remains essential to avoid leaks or privilege escalation.
Another challenge is orchestration complexity when backends coordinate many agents or support long-running asynchronous tasks. In such cases, teams must balance the desire to keep business logic centralized with the need to surface timely and context-rich responses inside Copilot. Therefore, planning for state management, callback flows, and retries becomes crucial to deliver a smooth user experience.
Implementation considerations and examples
The webinar shows a reference implementation and an accompanying GitHub sample that includes a Copilot debugging skill, which helps developers see the pattern in action. Developers can deploy a lightweight proxy built on the Microsoft 365 Agents SDK, configure SSO via Entra ID, and connect the proxy endpoint to Azure Bot Service so Copilot activities reach the customer backend.
However, teams should evaluate hosting, observability, and scalability decisions early. For example, choosing a managed hosting option can reduce operational load but may limit fine-grained control, while self-hosting gives more control at the cost of higher operational responsibility. Consequently, the right choice depends on the organization’s security posture, traffic expectations, and engineering resources.
What this means for organizations
For organizations with existing agentic architectures, the proxy pattern offers a pragmatic path to integrate with Microsoft 365 Copilot while preserving investment in current systems. Moreover, by reducing the need to re-implement orchestration, teams can accelerate time to value and maintain consistent behavior across channels.
At the same time, adoption requires careful planning around identity, network reachability, and asynchronous workflows to avoid integration pitfalls. In short, the YouTube webinar provides a useful blueprint and hands-on sample, but teams must weigh security, operational, and architectural tradeoffs before moving to production.
Keywords
Microsoft 365 Copilot integration, Proxy Agent pattern for Copilot, Connect custom AI to Copilot, Copilot extensibility patterns, Custom AI agent integration Microsoft 365, Copilot connector architecture, Secure proxy for Copilot, Enterprise AI integration with Copilot