Building AI Agents That Take Action, Not Just Chat

Ah! You’re wasting AI on small talk. Pure power trapped in chit-chat.
In this episode, we break open the containment field and show you how to turn AI from a polite conversationalist into a fully-acting IT Operations agent—one that plans, executes, verifies, and stays inside governance at all times. You’ll learn exactly how modern enterprise teams are using Semantic Kernel, MCP, and Azure OpenAI tool-calling with Managed Identity to auto-remediate incidents, reduce MTTR, eliminate hundreds of service desk tickets, and create predictable, auditable workflows. This isn’t theory—it’s the blueprint. 🎯 Episode Focus — From Answering to Acting Traditional chatbots whisper advice. Acting agents do the work.
We explore the shift from static Q&A loops to a closed-loop cycle: Intention → Plan → Tool Use → Result → Self-Check → Next Step Learn why this pattern unlocks automation in Microsoft environments without sacrificing safety, compliance, or observability. Micro-Story: A real SRE team wired an agent to monitor high CPU alerts, correlate with deployments, drain faulty nodes, roll back the slot, and post an incident summary—all before the human even rolled out of bed.
Not magic. Orchestration. 🔌 Why Microsoft Shops Win Big: MCP + SK + Managed Identity Three components snap together and give you enterprise-grade capability: 🔧 MCP (Model Context Protocol): The Wiring

• Tools describe themselves with standards and schemas
• Microsoft Graph, Intune, Service Health, internal APIs become discoverable
• No brittle plugins or secret adapters
• Add new capabilities without redeploying anything

MCP makes your tools visible. 🧠 Semantic Kernel: The Orchestration Layer

• Turns MCP tools into callable kernel functions
• Handles planning: sequential, parallel, or graph-shaped tasks
• Auto-builds JSON schemas models expect
• Removes the need for hand-crafted payloads

SK shapes the plan and the calls. 🔐 Azure OpenAI + Managed Identity: The Containment Field

• Model decides what, identity decides what’s allowed
• Tokens are never exposed
• Each action is access-controlled at the tool boundary
• High-risk actions require approval tokens

Identity contains the blast radius. 🧬 The Six-Part Agent Molecule: Build Stable, Reliable Agents A high-functioning IT Ops agent is built from a six-part molecule:

1. Persona — SRE temperament encoded (cautious, concise, safety-first).
2. Memory — Short-term context + durable environmental facts.
3. Planner — Decomposes tasks into safe, verifiable steps.
4. Tools — MCP-exposed actuators and sensors.
5. Policy — Identity controls, approvals, guardrails.
6. Verifier — Post-action checks: metrics, probes, risk state.

Miss one of these parts and your agent becomes unpredictable. ⚙ Blueprint 1 — SK Planner + Graph via MCP (IT Ops) We walk through a concrete pattern for post-deployment error spikes: Goal: Recover from elevated 5xx while minimizing blast radius. Tools (via MCP):

• AppInsightsQuery
• GraphServiceHealth
• GraphChangeLog
• DrainSubsetByBuild
• RollbackSlot
• PostIncidentNote

Plan:

1. Assess: Query metrics, deployments, health advisories (parallel).
2. Decide: Pick the narrowest safe fix—e.g., drain a bad build subset.
3. Act: Perform drainage or rollback with identity-scoped tools.
4. Verify: Require P95 + 5xx improvement before declaring success.
5. Report: Summaries, graphs, dashboards, change IDs.

Key win: Narrow-first fixes prevent unnecessary rollbacks. 🔧 Blueprint 2 — Azure OpenAI Tool-Calling with Managed Identity This blueprint shows how to let the model act without ever handing out credentials. Example: Password Reset Automation

• Agent validates user status via Graph
• Checks MFA, riskState, and role assignments
• Performs compliant reset (MI scopes enforce safety)
• Notifies user and closes ITSM ticket
• Verifies sign-in status or risk flag after reset

Policy encoded in tools ensures governance is non-negotiable. 🛠 Blueprint 3 — Closed-Loop Auto-Remediation The crown jewel: a fully contained remediation loop. Flow:

• Triggered by telemetry or incident
• Multi-branch assessment for root-cause hints
• Narrow corrective action first (drain, isolate, scale)
• Approval-gated high-risk actions (rollback, redeploy)
• Continuous verification with App Insights
• Auto-reporting with evidence

Closed-loop means no guessing—an agent proves the outcome. 📈 Business Outcomes: Why This Actually Matters Beyond the tech, we break down real business impacts:

• 40–70% reduction in MTTR for repeatable failure modes
• 60–90% ticket deflection for onboarding and identity issues
• 50% faster change cycles with Parallel Assess → Safe Action
• Lower burnout and attrition in SRE/on-call teams
• Audit-ready logs for every action—no mystery behavior
• Risk compression thanks to identity-scoped tools and approvals

Automation stops being magic—it becomes measurable. 🛡 Guardrails & Responsibility: Safety as Physics We detail the guardrails that prevent chaos:

• Split Managed Identities (read vs. write vs. high-risk)
• Hard-coded schema constraints for dangerous operations
• Approval tokens enforced by the tool, not the prompt
• Immutable audit envelopes for every tool call
• Red-team testing for bypass attempts and prompt injections
• Scope-drift monitoring on tools and identities
• Privacy guarantees for sensitive data
• Failure choreography: safe fallback → escalate → contextual summary
• Model rotation behind stable tool contracts

Governance isn’t vibes—it’s encoded in the tool boundary. 🏁 Conclusion — The Agent Era Starts Now If you remember nothing else: SK orchestrates.
MCP connects.
Foundry governs.
Managed Identity contains.
Verification proves. Start with one narrow flow—like drain-then-verify for post-deploy spikes—and scale safely outward. Subscribe for next week’s episode:
The Minimal Viable RAG Pipeline for Enterprise Truth: Chunking, Guardrails, Evaluations, and Cost Control. Delicious security awaits.

Become a supporter of this podcast: https://www.spreaker.com/podcast/m365-show-podcast–6704921/support.

Follow us on:
LInkedIn
Substack