Sr. Content Developer at Microsoft, working remotely in PA, TechBash conference organizer, former Microsoft MVP, Husband, Dad and Geek.
157220 stories
·
33 followers

Foundry IQ is now in Copilot Studio: Bring your enterprise data to every agent conversation

1 Share

Your AI agents are only as smart as the data they can access

Enterprise teams building Copilot agents face a familiar challenge: connecting agents to organizational knowledge without compromising security, governance, or answer quality. Foundry IQ solves this by providing a unified knowledge layer that sits between your data sources and your agent—delivering 54% better response relevance while keeping enterprise compliance built in.

What Foundry IQ Brings to Your Copilot Agent

Enterprise organizations need a specific set of capabilities to safely deploy AI agents in production, security, compliance, governance, and operational reliability. Foundry IQ is built to meet exactly those requirements. With Foundry IQ, you can create Knowledge Bases. These Knowledge Bases come with enterprise readiness built in, such as Customer-Managed Keys (CMK) for data encryption, ACLs for fine-grained access control, network isolation, Microsoft Entra ID integration, compliance with standards such as FedRAMP and SOC2 and others, the full set of capabilities any organization needs to deploy AI agents safely in production. Learn more about Foundry IQ (Azure AI Search) security capabilities → https://learn.microsoft.com/en-us/azure/search/search-security-overview

When you connect a Knowledge Base to your Copilot agent, it leverages the advanced retrieval capabilities that Foundry IQ brings, including agentic retrieval (automatic query planning that federates across multiple knowledge sources in parallel), iterative query planning and semantic ranking (relevance scoring that goes far beyond keyword matching). The result is a 54% average improvement in response relevance compared to traditional RAG approaches, more accurate, grounded answers for your users (For more details: Foundry IQ: Improve recall by up to 54% with knowledge bases | Microsoft Community Hub)

For Developers & End Users

For Developers

Today, developers can select one of their existing Foundry IQ Knowledge Bases to connect to a Copilot agent, giving their organization's users access to enterprise data safely, with permissions and governance already built in. This ensures that each user only sees the data they are authorized to access, and that every answer returned is grounded in the right, relevant content, no additional configuration needed on the user side

For End Users

End users get access to their organization's enterprise data safely and without any extra work on their end, no need to worry about permissions, data sources, or configurations. Just ask, and your Copilot agent returns accurate, grounded answers with inline citations, from the right sources, respecting what each user is allowed to see.

What Do I Need to Do? Step-by-Step

Prerequisites

Before getting started, make sure you have:

  • An active Microsoft Foundry connection
  • At least one Knowledge Base already created in Foundry IQ
  • An agent created in the new experience. Learn more in Create an agent

1.- Select Microsoft IQ in your Copilot agent settings

    • Open your agent in Copilot Studio.
    • Select the Build tab.
    • In the components panel, select Microsoft IQ to open the Add Microsoft IQ dialog.
    • Navigate to your Copilot agent configuration and select the Microsoft IQ option.

2.- Select Foundry IQ

3.- Select your Foundry IQ connection

Choose the Foundry IQ connection you want to use for this agent.

4.- Select a Knowledge Base

Pick the Knowledge Base you want your agent to use as its knowledge source.

 

5.- Get your agent ready with instructions

6.- Chat with your data

Your agent is now grounded in your enterprise Knowledge Base. Now you can start a conversation and explore your data!

 

Get Started: Try Foundry IQ in Copilot Studio: Connect to Foundry IQ from an agent (preview) - Microsoft Copilot Studio (new experience) | Microsoft Learn. Learn more about Foundry IQ retrieval capabilities: https://aka.ms/FoundryIQ

 

Read the whole story
alvinashcraft
57 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

Windows 365 for Agents: A secured execution environment for AI agents

1 Share

AI agents are rapidly evolving from answering questions to performing tasks across enterprise systems. As organizations move from experimentation to production, one question continues to rise to the top for security leaders: how do you run agents securely at scale?

Today, many agents operate in fragmented environments: local machines, shared virtual machines, or unmanaged cloud infrastructure. That can make it hard to consistently enforce identity, apply policies, and maintain the visibility security teams need.

Windows 365 for Agents changes that.

A Cloud PC for enterprise agents, with security built-in

Windows 365 for Agents provides secured, managed Cloud PCs built for AI agents. As your organization governs and protects your human users today, Windows 365 for Agents enables you to apply the same enterprise security and compliance controls to agentic workloads.

Windows 365 for Agents works with Microsoft Entra, Microsoft Intune, Microsoft Defender, Microsoft Purview, and Microsoft Agent 3651 to provide identity, device management, security, and data governance capabilities for agentic workloads. Agents are designed to operate within enterprise security and compliance boundaries, running in a managed environment with identity, compliance, and security controls.

These core security tenets make it possible.

1. Reduced identity risk with distinct agent identity

Agents running in Windows 365 for Agents are provisioned with their own identity in Microsoft Entra, separate from any human user.

When an agent is hired, a unique agent identity is automatically assigned, helping ensure:

  • Every action is attributable to a specific agent
  • Permissions can be scoped precisely
  • Access can be revoked when necessary

This separation is foundational to Zero Trust. It reduces identity crossover risks and helps ensure agents operate only with the permissions they are explicitly granted. Agents can be governed with full lifecycle management, role-based access control, and auditability built in.

With Entra Conditional Access, organizations can enforce access policies by allowing access to organizational resources only when the Windows 365 for Agents Cloud PC is compliant with the organization’s security requirements. This helps ensure agents access enterprise resources only from managed and compliant Cloud PCs.

By combining identity-based access control with Intune device compliance, organizations can extend Microsoft’s Zero Trust policy engine to agents with the same rigor used for human users.

2. Reduced access risk with agent-only access

Windows 365 for Agents Cloud PCs are reserved exclusively for agents and run on isolated and enterprise-managed compute environments built for agent operations. By providing agents with a dedicated and contained execution environment, organizations can mitigate risks such as privilege escalation, accidental human-agent crossover, and lateral movement across shared accounts. IT administrators can further reinforce these boundaries through Intune provisioning policies that assign Cloud PCs only to agent users, helping ensure these environments are used for their intended purpose.

3. Consistent security and compliance enforcement

Every Windows 365 for Agents Cloud PC is Entra-joined and Intune-enrolled. Such Cloud PCs are managed by Microsoft Intune1, applying the same security posture your organization already relies on for employee devices.

That means:

  • Security baselines and compliance policies can be applied from the moment of provisioning
  • Configuration, hardening, and updates are centrally managed

Agents inherit endpoint security controls, including antivirus, encryption, and device compliance checks. Because these Cloud PCs are managed like any other endpoint, you can extend your existing security investments directly to agentic workloads, simplifying operations while strengthening protection and governance.

4. Network protection with Global Secure Access

Windows 365 for Agents also extends agent security to how agents access the network. Windows 365 for Agents integrates with Microsoft Entra Global Secure Access (GSA) to provide an identity-driven network security layer for agents. This helps organizations apply the same Zero Trust principles they already use for users and devices to agent traffic.

With GSA, organizations can route internet traffic through secure, policy-enforced profiles to help protect agents from malicious destinations, risky connections, and unsafe web activity. Security teams can apply controls for web content filtering, URL-based access policies, and inline threat protection.

By combining network signals with identity and device context, organizations can extend Zero Trust protection beyond authentication and into every network connection an agent makes, while maintaining full visibility into how agents interact with enterprise and external resources.

Read our network security with Global Secure Access learn article to learn more.

5. Governance and visibility into Agent Activity

Security is more than prevention; it is also about governance, visibility, and control. By integrating with Microsoft Agent 3651, organizations gain visibility into agent activity and can apply governance and policy controls across agent execution environments. Windows 365 for Agents is exposed as a model context protocol (MCP) server in Agent 365, and the telemetry flows into the tools your security teams already use such as Microsoft Defender and Microsoft Purview.

Resilience against threats with Microsoft Defender

Agent activity integrates into Microsoft Defender's AI agent inventory and protection, letting security administrators discover Agent 365 enabled agents in your estate. For agents, Defender offers:

  • Advanced hunting across all agent activity
  • Traceability of agent identity, tools, and actions
  • Threat detection and investigation workflows

Protection of sensitive data with Microsoft Purview1

On the data side, Microsoft Purview extends your existing security and compliance controls to agentic workloads.

  • Data Security Posture Management (DSPM) for AI continuously assesses how agents interact with your data and helps you evaluate alignment with your policies.
  • Activity Explorer delivers granular visibility into agent data usage, including what was accessed, classified, or shared, so sensitive information stays within your policy boundaries.
  • Existing sensitivity labels, Data Loss Prevention (DLP), and retention policies apply to agent actions similar to human users.
  • Insider Risk Management (IRM) detects risky agent behaviors, identifies elevated risk levels, and prioritizes investigations before sensitive data is exposed or misused.

Together, Agent 365, Defender, and Purview provide organizations with governance, visibility, and security capabilities for agent activity on Windows 365 for Agents Cloud PCs.

This Windows 365 for Agents demo shows how agents execute in a secure, managed environment.

Are you ready for enterprise-ready agentic computing?

Windows 365 for Agents brings identity, device management, and observability together into a unified, secure platform built for AI agents. In summary, this includes:

  • Distinct identity to establish the Zero Trust foundation
  • Agent-only environments to reduce risk of misuse by design
  • Intune management that enforces a consistent security posture
  • Identity-aware, real-time network protection with Global Secure Access
  • Governance and visibility with Agent 365

As your organization scales AI adoption, this model provides governance, compliance, and security capabilities designed to help manage agent workloads throughout their lifecycle.

Ready to put agents to work securely? Learn more about Windows 365 for Agents security on our support page and start running enterprise-ready agentic workloads today.

 


Footnote: 1. Access to and use of Microsoft Entra, Microsoft Intune, Microsoft Defender, Microsoft Purview, and Microsoft Agent 365 capabilities are subject to applicable licensing requirements and may require separate purchases.

Continue the conversation. Find best practices. Bookmark the Windows Tech Community, then follow us on  LinkedIn or @MSWindowsITPro for updates. Looking for support? Visit Windows on Microsoft Q&A.

Read the whole story
alvinashcraft
57 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

Built for Business: How Microsoft 365 Copilot Connects the Tools That Power Your Business

1 Share

Small businesses don't run on a single application or tool. Every day, teams move between email, documents, meetings, spreadsheets, customer records, and financial systems – which means that the information you need is often spread across all those tools, making it harder to find answers, make decisions, and take action quickly.

That's why we're excited to highlight how Microsoft 365 Copilot is working with trusted partners to bring business data, expertise, and workflows directly into the flow of work, powered by AI. Copilot is built into the apps your team uses every day and extends to the systems that run your business through integrations and partner agents – to help you spend less time searching, switching between apps, and manually stitching information together, and more time growing your business. Today, we're starting with Xero.

Bring up-to-date financial data into the flow of work with Xero

Financial information is some of the most important data a small business owns, but it’s often trapped in a separate system. Answering a quick question or checking on an invoice can mean stopping what you're doing, opening another app, and searching for the numbers you need before you can get back to work. Xero's new integration with Microsoft 365 Copilot brings financial context into the tools teams already use.

 

 

Using Xero's financial agent, JAX, Microsoft 365 Copilot can surface financial insights from Xero right where you already work – from Copilot Chat to the everyday apps you use to create and collaborate – while Xero stays the system of record.

Moving from information to action

Say you're planning your next quarter, reviewing recent performance, or just trying to understand what needs attention this week. Instead of digging through reports, you can ask questions in natural language like:

  • What was my profit this quarter?
  • How much am I owed?
  • What is my current cash position?

Copilot works with JAX to surface answers, insights, and recommended next steps – all within your workflow. When it’s time to take deeper action, you can move directly into Xero, where the records and business processes live.

Why this matters for small businesses

Small businesses rarely have a dedicated team for every function. Owners, finance leaders, and employees often wear multiple hats, and every minute spent hunting for information or rebuilding a report is a minute not spent serving customers or growing the business.

Xero’s Chief Product and Technology Officer, Diya Jolly, put the customer benefit simply:

“Whether you’re forecasting in Excel or building a pitch in PowerPoint, Copilot can surface the insights behind your business’s financial health, with a clear, seamless path back to Xero as the source of truth and destination for deeper work.”

For the millions of small businesses and accountants who can’t afford to lose context between tools, that’s the real promise of the agentic era.

Built on trust

Microsoft 365 Copilot is built on Microsoft's enterprise-grade approach and commitments to security, privacy, and compliance. With the Xero integration, you stay in control of your data, Xero remains the source of truth for your financial records, and the financial data you see in Copilot is never used to train Microsoft’s AI models. For a small business, that means you can have confidence in how your information is accessed and protected while you get the benefits of AI.

Connecting more tools that power your business

Across every industry, small businesses rely on specialized tools that hold critical information – and Microsoft 365 Copilot is where those tools connect, without asking your team to learn a new way of working. Whether you’re analyzing finances, preparing customer communications, or making a big decision, Copilot brings the right information to the right person, when it’s most useful. Through partners like Xero, that value keeps growing.

Stay tuned for more in this series and learn more about Microsoft 365 Business with Copilot.  

About Xero

Xero is a global small business platform that helps customers supercharge their business by bringing together the most important small business tools, including accounting, payroll and payments — on one platform. Xero’s powerful platform helps customers automate routine tasks, get timely insights, and connects them with their data, their apps, and their accountant or bookkeeper so they can focus on what really matters. Trusted by millions of small businesses and accountants and bookkeepers globally, Xero makes life better for people in small business, their advisors, and communities around the world. For further information, please visit xero.com

Read the whole story
alvinashcraft
57 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

Introducing ROI for agents in Foundry

1 Share

Authors: Han Che, Luffy Chen

Across Foundry Agent Service and the broader ecosystem of agent frameworks and runtimes, it is becoming easier to build, deploy, evaluate, and optimize production agents. You can instrument your agent, collect traces, run evaluations, and use the agent optimizer to improve behavior over time.

But quality is only part of the production story.

A customer support agent may answer more questions correctly, but is it reducing support cost? A sales agent may handle more conversations, but is it creating more qualified opportunities? A claims agent may complete tasks faster, but is it improving business outcomes enough to justify the model, tool, and operational cost?

Customers today can answer whether an agent is working technically. They have traces, evaluation scores, latency, token usage, and logs. What is harder to answer is whether the agent is creating measurable business value.

Today we are introducing ROI for Agents in Foundry, available in private preview. ROI for Agents in Foundry helps customers connect agent quality, usage, and cost to business impact, so they can understand whether production agents are delivering value and where to focus next.

What is ROI for Agents in Foundry?

ROI for Agents in Foundry helps customers measure the business value, cost, and efficiency of their production agents based on customer-defined value models, configured assumptions, and observed system costs. It gives customers a way to move from operational and evaluation signals to a business outcome view.

At the center is a simple starting point:

ROI = (business value gained - total cost) / total cost

This gives teams a common way to ask:

  • How much value did the agent create?
  • How much did the agent cost to run?
  • Is the agent improving business outcomes over time?
  • Which workflows or tasks are driving the most value?
  • Where is cost growing faster than value?

Every organization measures value differently. ROI in Foundry starts with a standard ROI model and helps teams connect business value assumptions, cost signals, and agent performance in one place.

Why ROI matters for production agents

Evaluations tell you whether an agent is behaving correctly. Traces tell you what happened. Metrics tell you how much the agent was used and how much it cost.

ROI in Foundry connects those signals to business impact.

For example:

  • A support agent resolves a billing issue without escalation.
  • A travel agent completes a booking change that would otherwise require human support.
  • A field service agent reduces time spent on manual troubleshooting.
  • A sales agent helps qualify leads faster.
  • A claims agent improves completion rate while reducing review time.

Each of these scenarios has both a value side and a cost side. ROI in Foundry helps teams bring those together in one place.

How it works

ROI for agents is available in the Monitor tab within the Agents experience in Microsoft Foundry — the same place you already go to track agent traces and performance signals. The Monitor tab now surfaces not just how your agent is behaving, but whether it's worth it — combining agent traces, business-value evaluation, and estimated operating cost into a unified view. That means customers can move beyond operational health metrics and evaluate whether an agent is generating more value than it costs to run. Let's take a closer look.

A typical flow looks like this:

  1. Connect traces. ROI in Foundry uses Application Insights trace data from the agent. Traces provide the conversation, evaluation, token, tool, cost, and version signals used for ROI calculation.
  2. Choose a business-value evaluator. Select a built-in or custom evaluator that represents what “value” means for the agent, such as customer satisfaction, case deflection, or task completion.
  3. Estimate business value. Conversations that pass the selected business-value evaluator are mapped to configured business value. Conversations that do not pass can still incur cost.

 

 

  1. Measure operating cost. ROI in Foundry uses default cost estimates when available. Users can override cost settings when the default estimate is missing or not appropriate for the preview scenario.

 

 

  1. Review ROI metrics. The Agent Monitor experience shows ROI KPIs such as Net Value, Business Value, Total Cost, and Current ROI, along with trend charts and version comparisons.

 

 

 

Note: Values shown are illustrative preview examples; Actual ROI depends on customer-defined value assumptions and actual operating costs.

 

  1. Investigate low-ROI behavior. When ROI is low or negative, users can drill into traces to understand whether the issue is low business value, high model cost, expensive tool calls, or a specific agent version.

 

 

 

The goal is not to replace evaluations or observability. ROI in Foundry builds them. It adds a business lens to the post-deploy journey so customers can connect quality, cost, and business impact.

Built for real-world value models

ROI in Foundry is designed for real production scenarios where business value can vary by workflow, team, and industry.

In private preview, we are working with customers to understand how they want to model:

  • How teams define business value gained for different agent scenarios.
  • Which costs should be included in total cost, such as model tokens, tool calls, infrastructure, human review, or operational overhead.
  • Whether ROI should be calculated per task, workflow, customer interaction, time period, or aggregate agent.
  • Scenario-specific ROI models or templates.
  • How ROI should connect to evaluation scores, task completion, customer satisfaction, and business process metrics.
  • ROI workflows across UI, SDK/API, automation, export, and reporting.

These questions matter because every agent scenario is different. A support deflection agent, a sales assistant, a claims agent, and an internal operations agent may all create value in different ways.

Get started

ROI in Foundry is currently in private preview. We are looking for customers who have production or near-production agents and want to understand the business value, cost, and efficiency of those agents.

The best-fit preview participants are teams that can share:

  • A production or near-production agent scenario.
  • Traces or a plan to enable tracing.
  • Evaluation signals or quality criteria.
  • A business value model or an initial hypothesis for how the agent creates value.
  • Feedback on UI and code-first ROI workflows.

If you are interested in joining the private preview, please complete the Private Preview Sign-up form. Our team will review all submissions and reach out to companies that meet the criteria and are a strong fit for the program. 

To see ROI for agents in action, watch our Microsoft Build session for an end-to-end observability walkthrough and live demos, including ROI in Foundry: From observability to ROI for AI agents on any framework.

Read the whole story
alvinashcraft
58 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

361: Beep Beep: AWS Ships an ACME Product That Actually Works

1 Share




Download audio: https://episodes.castos.com/5e2d2c4b117f29-10227663/2525718/c1e-nj4jtzx6ndi02dpj-mk98zwo4i4d6-czhigu.mp3
Read the whole story
alvinashcraft
58 minutes ago
reply
Pennsylvania, USA
Share this story
Delete

Microsoft’s Xbox reset is pivoting Obsidian to make Fallout instead of Avowed

1 Share

As part of Microsoft's big Xbox "reset," which includes layoffs affecting 3,200 staffers, jettisoning studios, and shifting investments to focus on "higher priority projects," Obsidian Entertainment is changing its plans. The studio, behind games like Grounded and The Outer Worlds, is starting work on a new Fallout title and has canceled "multiple projects," including a sequel to last year's Avowed, according to Bloomberg.

Despite the success of the Fallout TV show, which is getting a third season, Xbox hasn't released a new game in the series since 2018's Fallout 76. Josh Sawyer, Obsidian's studio design director, will head up the new Fall …

Read the full story at The Verge.

Read the whole story
alvinashcraft
7 hours ago
reply
Pennsylvania, USA
Share this story
Delete
Next Page of Stories