Skip to main content

Solution overview

A multi-agent architecture built entirely on the Microsoft stack — from Teams to SharePoint, powered by Azure AI Foundry.

Architecture

100% Microsoft stack

This architecture relies entirely on the Microsoft stack — Azure AI Foundry, Microsoft Graph, SharePoint, Microsoft Teams and Microsoft 365 Copilot.

Data flow

① Conversation start

The user opens a new session with the agent through Microsoft 365 Copilot Chat or Microsoft Teams.

② Authentication & consent

The message is routed to the workflow agent in Azure AI Foundry. If this is the user's first interaction, the MCP server triggers a consent flow to authenticate the user. Authentication is handled externally by the Foundry Agent Service using OAuth.

Note: there is currently no technical mechanism to programmatically detect authentication success.

③ Intent classification & routing

Once authenticated, the user continues the conversation in Copilot or Teams. The original question is sent to the workflow agent, which starts with the router agent. The router classifies the user's intent and forwards the question to the appropriate specialized agent:

🖥️ IT Agent

IT policy-related questions

📋 HR Agent

HR policy-related questions

🛡️ Fallback Agent

Anything outside IT or HR scope

Each agent has specific instructions and parameters. For instance, HR and IT agents search for information in different SharePoint paths, and only the IT agent has the ability to submit tickets.

④ Knowledge retrieval & ticket submission

The IT or HR agent calls the copilot_retrieval tool to search for relevant policy documents in SharePoint. The agent then answers the question grounded in the retrieved content. If no verified answer is found, the IT agent proactively offers to raise a support ticket. If the user accepts (or directly requests one), the agent calls the submit_ticket tool to create a ticket in a SharePoint list.

⑤ Secure, delegated access via Microsoft Graph

All tool calls leverage the Microsoft Graph API — either through the Copilot Retrieval API for document search, or through SharePoint REST APIs for ticket creation. Thanks to the OAuth Identity Passthrough feature, every operation is executed on behalf of the authenticated user with a proper Bearer token issued by the Agent Service to the MCP server. The tool output is then returned to the agent, which uses it to deliver the final answer or confirm the ticket submission.