Now Reading: Future of Enterprise Connectivity
-
01
Future of Enterprise Connectivity
1
00:00:00,000 –> 00:00:04,320
Most enterprises talk about connectivity like it’s plumbing, connect system A to system B,
2
00:00:04,320 –> 00:00:06,120
add a connector, call it transformation.
3
00:00:06,120 –> 00:00:07,360
That assumption feels safe.
4
00:00:07,360 –> 00:00:10,800
It’s also why the same organizations keep replatforming every three years.
5
00:00:10,800 –> 00:00:12,960
Here’s the promise, this is not a demo tour.
6
00:00:12,960 –> 00:00:15,840
It’s a set of executive mental models you can reuse.
7
00:00:15,840 –> 00:00:20,120
Why logic apps is the execution spine, why copilot studio is the intent interface,
8
00:00:20,120 –> 00:00:23,400
and why MCP matters even when connectors already exist?
9
00:00:23,400 –> 00:00:24,920
Keep one question in mind.
10
00:00:24,920 –> 00:00:27,200
What problem are we actually solving?
11
00:00:27,200 –> 00:00:28,920
The foundational misunderstanding.
12
00:00:28,920 –> 00:00:30,600
Integration isn’t the problem.
13
00:00:30,600 –> 00:00:32,320
This is the uncomfortable truth.
14
00:00:32,320 –> 00:00:35,280
Enterprises don’t fail because systems can’t connect.
15
00:00:35,280 –> 00:00:37,880
They fail because intent can’t survive handoffs.
16
00:00:37,880 –> 00:00:40,320
The average organization already has connectivity.
17
00:00:40,320 –> 00:00:45,360
It has APIs, it has connectors, it has ETL, it has integration platforms.
18
00:00:45,360 –> 00:00:49,520
And yet the business still experiences the same outcomes, delays, rework, audit panic,
19
00:00:49,520 –> 00:00:53,240
and a constant feeling that automation should be easier than this.
20
00:00:53,240 –> 00:00:55,160
That’s not a tooling gap, that’s an intent gap.
21
00:00:55,160 –> 00:00:59,120
Every time a process crosses a boundary, team boundary, system boundary, vendor boundary,
22
00:00:59,120 –> 00:00:59,960
you lose context.
23
00:00:59,960 –> 00:01:01,760
And when you lose context, people improvise.
24
00:01:01,760 –> 00:01:06,120
They open tickets, they add exceptions, they make a spreadsheet, they ask for temporary access.
25
00:01:06,120 –> 00:01:11,880
They build a side flow just for this one case, those are not edge cases, those are entropy generators.
26
00:01:11,880 –> 00:01:16,600
Most organizations describe this as automation backlog.
27
00:01:16,600 –> 00:01:18,160
Architecturally, it’s something else.
28
00:01:18,160 –> 00:01:22,200
You are using humans as message buses and you are using tickets as state machines.
29
00:01:22,200 –> 00:01:26,280
The hiring manager fills in a form, HR copies it into another system, I’d get the tickets,
30
00:01:26,280 –> 00:01:29,360
someone in identity makes an account, someone else assigns groups.
31
00:01:29,360 –> 00:01:32,840
Payroll needs a different attribute, facilities needs a badge request.
32
00:01:32,840 –> 00:01:36,120
The manager sends a team’s message, can we expedite?
33
00:01:36,120 –> 00:01:38,920
And the actual state of the onboarding exists nowhere.
34
00:01:38,920 –> 00:01:42,600
It exists in fragments, half in the HR system, half in the ticketing system, half in email
35
00:01:42,600 –> 00:01:47,560
threads, and the final truth is whoever you can find on Slack at 9pm, that’s what integration
36
00:01:47,560 –> 00:01:48,840
looks like in practice.
37
00:01:48,840 –> 00:01:52,680
And here’s the trap, when leadership says we need better integration, they usually mean
38
00:01:52,680 –> 00:01:55,120
we need the humans to stop doing this.
39
00:01:55,120 –> 00:01:59,280
But the humans are doing it because the system does not preserve intent across steps, it
40
00:01:59,280 –> 00:02:03,480
preserves transactions, not decisions.
41
00:02:03,480 –> 00:02:08,720
Automation in most enterprises is treated as a set of isolated scripts, when x happens
42
00:02:08,720 –> 00:02:12,160
do why the coordination is what the enterprise actually needs.
43
00:02:12,160 –> 00:02:16,920
When x happens, what are we trying to achieve, under which constraints, and with what proof?
44
00:02:16,920 –> 00:02:20,920
This is why AI changes the story, and also why AI makes everything worse if you treat
45
00:02:20,920 –> 00:02:22,160
it like a UI feature.
46
00:02:22,160 –> 00:02:25,760
If you bolt a chatbot onto a broken handoff, you haven’t eliminated the handoff.
47
00:02:25,760 –> 00:02:27,800
You’ve made it non-deterministic.
48
00:02:27,800 –> 00:02:31,920
Now the system doesn’t just lose intent between teams, it can lose intent mid-sentence.
49
00:02:31,920 –> 00:02:37,080
You ask for provision access for the new hire, and the model guesses what access means.
50
00:02:37,080 –> 00:02:39,480
It guesses which system is the source of truth.
51
00:02:39,480 –> 00:02:42,400
It guesses which group naming convention matters.
52
00:02:42,400 –> 00:02:47,080
It guesses whether a finance analyst implies SAP roles or just a distribution list, and when
53
00:02:47,080 –> 00:02:51,160
it guesses wrong, the enterprise pays for it in the only currency that matters.
54
00:02:51,160 –> 00:02:52,960
Incident reviews and audit findings.
55
00:02:52,960 –> 00:02:55,120
So the foundational misunderstanding is this.
56
00:02:55,120 –> 00:03:00,160
AI isn’t a smarter form, it’s not a friendly UI for the same integration spaghetti.
57
00:03:00,160 –> 00:03:04,920
Architecturally you are building a distributed decision engine, that distinction matters.
58
00:03:04,920 –> 00:03:09,400
A decision engine needs two things if you wanted to scale, without turning into conditional
59
00:03:09,400 –> 00:03:10,400
chaos.
60
00:03:10,400 –> 00:03:12,080
Constraints and traceability.
61
00:03:12,080 –> 00:03:12,920
Constraints.
62
00:03:12,920 –> 00:03:16,880
What actions are allowed, what data can move, what pathways are legitimate.
63
00:03:16,880 –> 00:03:20,560
Traceability, what happened, who triggered it, what was decided, what tools were called,
64
00:03:20,560 –> 00:03:22,520
what was written, and where the evidence lives.
65
00:03:22,520 –> 00:03:24,560
Now connect that back to the real world.
66
00:03:24,560 –> 00:03:26,320
Executives don’t wake up worried about connectors.
67
00:03:26,320 –> 00:03:29,640
They wake up worried about, why did we grant that access?
68
00:03:29,640 –> 00:03:31,280
Why did finance get the wrong number?
69
00:03:31,280 –> 00:03:34,000
Why did the integration break during quarter close?
70
00:03:34,000 –> 00:03:36,720
Why did this take three weeks when it should take three hours?
71
00:03:36,720 –> 00:03:38,160
Those are intent failures.
72
00:03:38,160 –> 00:03:39,560
And they compound over time.
73
00:03:39,560 –> 00:03:43,560
Because every workaround becomes precedent, every exception becomes a pattern, every temporary
74
00:03:43,560 –> 00:03:46,240
bypass becomes a dependency.
75
00:03:46,240 –> 00:03:50,320
Eventually policy exists in PowerPoint, but execution exists in whatever the last person
76
00:03:50,320 –> 00:03:51,600
did under pressure.
77
00:03:51,600 –> 00:03:55,760
The solution isn’t more integration, the solution is an architecture where intent can be
78
00:03:55,760 –> 00:04:00,160
expressed, interpreted, and executed without being reinvented at every hop.
79
00:04:00,160 –> 00:04:02,240
That’s the spine for the rest of this episode.
80
00:04:02,240 –> 00:04:05,320
Copilot Studio is where intent shows up in human language.
81
00:04:05,320 –> 00:04:09,720
Logic Apps is where execution becomes deterministic, auditable, and boring on purpose.
82
00:04:09,720 –> 00:04:14,040
And MCP is the contract that stops the model from improvising when it reaches for the enterprise.
83
00:04:14,040 –> 00:04:18,240
Now we can define MCP in terms that executives can actually reuse.
84
00:04:18,240 –> 00:04:21,640
MCP in plain terms, a contract between reasoning and doing.
85
00:04:21,640 –> 00:04:26,480
Okay, so basically, MCP model context protocol is a way to stop your AI from freelancing
86
00:04:26,480 –> 00:04:28,280
inside your enterprise.
87
00:04:28,280 –> 00:04:30,040
Kentware defines it cleanly.
88
00:04:30,040 –> 00:04:34,680
It is an open protocol that enables seamless integration between large language model applications
89
00:04:34,680 –> 00:04:36,880
or agents and tools and data.
90
00:04:36,880 –> 00:04:39,800
That sounds abstract until you translate it into what it prevents.
91
00:04:39,800 –> 00:04:42,920
MCP is not an API replacement, but it’s not yet another connector.
92
00:04:42,920 –> 00:04:46,920
It’s not a new integration platform you buy because you’re tired of the old integration
93
00:04:46,920 –> 00:04:47,920
platform you bought.
94
00:04:47,920 –> 00:04:51,040
MCP is a tool contract, a contract between reasoning and doing.
95
00:04:51,040 –> 00:04:52,960
The reasoning side is the model.
96
00:04:52,960 –> 00:04:57,680
Non-deterministic, context-driven, good at language, good at picking an approach.
97
00:04:57,680 –> 00:05:02,160
The doing side is the enterprise, deterministic systems of record, compliance boundaries,
98
00:05:02,160 –> 00:05:06,800
limit, business rules, and the minor detail that finance will notice if you write the
99
00:05:06,800 –> 00:05:08,000
wrong thing.
100
00:05:08,000 –> 00:05:11,880
Without a contract model’s guess, the guess which endpoint matters, the guess which parameters
101
00:05:11,880 –> 00:05:16,240
are required, the guess what create record means, the guess which account you meant, and
102
00:05:16,240 –> 00:05:17,400
you can’t govern guessing.
103
00:05:17,400 –> 00:05:19,160
You can only apologize for it later.
104
00:05:19,160 –> 00:05:24,440
With MCP, you give the model a catalog of tools with explicit names, schemers and descriptions.
105
00:05:24,440 –> 00:05:26,280
The model doesn’t need to invent a pathway.
106
00:05:26,280 –> 00:05:28,440
It chooses from approved pathways.
107
00:05:28,440 –> 00:05:33,320
It’s the real shift from the model can call anything to the model can only call what you
108
00:05:33,320 –> 00:05:34,320
published.
109
00:05:34,320 –> 00:05:36,160
Here’s what most people miss.
110
00:05:36,160 –> 00:05:37,400
Enterprises already have connectors.
111
00:05:37,400 –> 00:05:39,800
Logic apps has one four hundred plus connectors.
112
00:05:39,800 –> 00:05:41,040
Power Platform has connectors.
113
00:05:41,040 –> 00:05:42,520
Copilot Studio has connectors.
114
00:05:42,520 –> 00:05:44,160
So why care about MCP at all?
115
00:05:44,160 –> 00:05:45,840
Because connectors are not governance.
116
00:05:45,840 –> 00:05:47,240
Connectors are plumbing.
117
00:05:47,240 –> 00:05:49,600
At scale, connectors become connectors, brawl.
118
00:05:49,600 –> 00:05:53,880
Thousands of small, slightly different integrations built by different teams with different
119
00:05:53,880 –> 00:05:58,840
naming, different fields, different error handling and different security assumptions.
120
00:05:58,840 –> 00:06:03,600
It works until it doesn’t and then you discover your business process is implemented as folklore.
121
00:06:03,600 –> 00:06:08,760
MCP is an attempt to standardize the shape of tool usage for models the same way APIs standardize
122
00:06:08,760 –> 00:06:12,640
the shape of system to system calls, but it’s more specific than APIs.
123
00:06:12,640 –> 00:06:18,160
APIs are designed for developers who already know what they’re doing and want maximum flexibility.
124
00:06:18,160 –> 00:06:21,680
MCP tools are designed for models that need constraints to be safe and cheap.
125
00:06:21,680 –> 00:06:26,680
That’s why MCP tools are typically task focused, not here’s a generic crud interface to your
126
00:06:26,680 –> 00:06:28,400
entire CRM.
127
00:06:28,400 –> 00:06:33,440
More like create a contact in Salesforce with these five fields or list incidents in service
128
00:06:33,440 –> 00:06:37,800
now with these filters or update an opportunity stage with these allowed values.
129
00:06:37,800 –> 00:06:42,160
You are narrowing the surface area on purpose because the models job isn’t to explore your
130
00:06:42,160 –> 00:06:43,440
entire schema.
131
00:06:43,440 –> 00:06:46,920
The models job is to execute the business intent you allow.
132
00:06:46,920 –> 00:06:49,600
This is also why MCP shows up now, not five years ago.
133
00:06:49,600 –> 00:06:53,000
The world move to multi agent reality and multi platform reality.
134
00:06:53,000 –> 00:06:55,480
You will have co pilot studio in parts of the org.
135
00:06:55,480 –> 00:06:57,240
You will have foundry in parts of the org.
136
00:06:57,240 –> 00:06:59,520
You will have GitHub co pilot in engineering.
137
00:06:59,520 –> 00:07:03,760
You will have third party agents showing up anyway and every one of those will want to use
138
00:07:03,760 –> 00:07:04,760
tools.
139
00:07:04,760 –> 00:07:08,680
MCP is vendor agnostic pressure relief, a standard shape for tools so you can build
140
00:07:08,680 –> 00:07:11,960
once published ones and reuse across agent surfaces.
141
00:07:11,960 –> 00:07:14,720
And here’s the consequence executives should care about.
142
00:07:14,720 –> 00:07:19,320
MCP reduces the amount of bespoke glue you have to govern, not because it removes complexity
143
00:07:19,320 –> 00:07:23,920
because it concentrates complexity into deliberate, reviewable, auditable tool definitions.
144
00:07:23,920 –> 00:07:26,880
If you remember nothing else from this section, remember this.
145
00:07:26,880 –> 00:07:29,240
MCP doesn’t make the model smarter.
146
00:07:29,240 –> 00:07:33,480
It makes the model less creative in the places where creativity is a liability.
147
00:07:33,480 –> 00:07:34,480
Logic apps.
148
00:07:34,480 –> 00:07:37,040
What it is architecturally, not what marketing says.
149
00:07:37,040 –> 00:07:40,560
Logic apps is usually introduced as low code workflow automation.
150
00:07:40,560 –> 00:07:41,880
That description is not wrong.
151
00:07:41,880 –> 00:07:45,200
It’s just incomplete in the way that gets organizations hurt.
152
00:07:45,200 –> 00:07:47,560
Architecturally, logic apps is not an automation toy.
153
00:07:47,560 –> 00:07:52,640
It is an execution runtime with a connector fabric and an observability plane glued to
154
00:07:52,640 –> 00:07:53,640
it.
155
00:07:53,640 –> 00:07:57,720
That combination matters because the moment you introduce AI reasoning, the only sane move
156
00:07:57,720 –> 00:08:01,720
is to make execution boring, deterministic and reviewable.
157
00:08:01,720 –> 00:08:04,080
Kentwear points out the awkward reality.
158
00:08:04,080 –> 00:08:06,520
Logic apps has been around almost 10 years.
159
00:08:06,520 –> 00:08:07,840
It launched in 2016.
160
00:08:07,840 –> 00:08:08,840
That’s not trivia.
161
00:08:08,840 –> 00:08:12,560
It means enterprises have already been running business critical integrations on it long
162
00:08:12,560 –> 00:08:15,000
before anyone started saying, “agentic.”
163
00:08:15,000 –> 00:08:16,200
The muscle is there.
164
00:08:16,200 –> 00:08:21,640
It triggers, connectors, retries, compensation patterns, run history and the miserable lessons
165
00:08:21,640 –> 00:08:25,560
that show up after the first time an integration fails during quarter close.
166
00:08:25,560 –> 00:08:27,400
So what is it in system terms?
167
00:08:27,400 –> 00:08:31,120
Logic apps is a workflow runtime that can accept a trigger, perform a sequence of calls
168
00:08:31,120 –> 00:08:34,000
and then persist an auditable record of what happened.
169
00:08:34,000 –> 00:08:38,480
It’s the thing that turns, we should update three systems when this event happens into
170
00:08:38,480 –> 00:08:41,600
an artifact you can trace, rerun and prove.
171
00:08:41,600 –> 00:08:43,760
And the connector part is the other half of the story.
172
00:08:43,760 –> 00:08:46,000
Logic apps has a large connector library.
173
00:08:46,000 –> 00:08:48,680
It calls out 1,400 plus.
174
00:08:48,680 –> 00:08:52,120
That means an organization doesn’t start from a blank sheet every time it needs to touch
175
00:08:52,120 –> 00:08:58,640
service now, SAP, Salesforce, Teams, Dataverse, SQL or some random SAS someone bought with
176
00:08:58,640 –> 00:08:59,720
a credit card.
177
00:08:59,720 –> 00:09:00,720
But here’s the shift.
178
00:09:00,720 –> 00:09:04,440
In an MCP world, connectors are not the endpoint, they’re raw material.
179
00:09:04,440 –> 00:09:08,400
Logic apps becomes the place where you wrap raw connector actions into governed tools and
180
00:09:08,400 –> 00:09:09,400
workflows.
181
00:09:09,400 –> 00:09:10,400
You decide what is exposed.
182
00:09:10,400 –> 00:09:11,760
You decide what is hidden.
183
00:09:11,760 –> 00:09:13,320
You decide what inputs matter.
184
00:09:13,320 –> 00:09:14,960
You decide what outputs return.
185
00:09:14,960 –> 00:09:17,080
And you do it once in a way that can be reused.
186
00:09:17,080 –> 00:09:19,760
Now deployment models, most people gloss over this.
187
00:09:19,760 –> 00:09:22,320
Don’t logic apps has three deployment models.
188
00:09:22,320 –> 00:09:24,960
Consumption, standard and hybrid, that is not a feature list.
189
00:09:24,960 –> 00:09:26,760
It is a control plane decision.
190
00:09:26,760 –> 00:09:28,760
Consumption is multi-tenant, it’s convenient.
191
00:09:28,760 –> 00:09:33,120
It’s also by design not where you go when you need tight network boundaries and predictable
192
00:09:33,120 –> 00:09:34,600
execution at scale.
193
00:09:34,600 –> 00:09:35,600
Standard is single tenant.
194
00:09:35,600 –> 00:09:39,560
Can’t describe that as single tenancy dedicated compute, dedicated storage, networking.
195
00:09:39,560 –> 00:09:40,560
That’s the key.
196
00:09:40,560 –> 00:09:44,920
In standard, the workflow runs inside compute you control with networking you can shape.
197
00:09:44,920 –> 00:09:48,760
And with identity primitives that don’t require you to play the where did this secret get
198
00:09:48,760 –> 00:09:50,680
copied game.
199
00:09:50,680 –> 00:09:54,520
Hybrid is the extension of that idea when you need to bring the runtime closer to your
200
00:09:54,520 –> 00:09:55,720
environment.
201
00:09:55,720 –> 00:10:00,880
Arc connected Kubernetes, semi connected execution, data staying local with telemetry sinking
202
00:10:00,880 –> 00:10:01,880
back.
203
00:10:01,880 –> 00:10:04,720
That’s for the parts of the enterprise that still live in reality.
204
00:10:04,720 –> 00:10:09,000
Factories, regulated networks, awkward latency and the unspoken requirement that cloud
205
00:10:09,000 –> 00:10:11,600
outage cannot equal business outage.
206
00:10:11,600 –> 00:10:14,280
So why does any of this matter for co-pilot and MCP?
207
00:10:14,280 –> 00:10:18,360
Because the execution plane needs properties, the reasoning plane will never have.
208
00:10:18,360 –> 00:10:22,520
Deterministic behavior, predictable retries, clear failure modes and a run history that
209
00:10:22,520 –> 00:10:24,320
can serve as evidence.
210
00:10:24,320 –> 00:10:25,880
Logic apps gives you that by default.
211
00:10:25,880 –> 00:10:29,840
It’s not glamorous, it’s not conversational, it does not pretend to be intelligent.
212
00:10:29,840 –> 00:10:30,840
Good.
213
00:10:30,840 –> 00:10:34,480
In the AI era, the most valuable system is the one that refuses to improvise.
214
00:10:34,480 –> 00:10:39,000
And that’s why logic apps become the practical MCP factory inside Microsoft Estates.
215
00:10:39,000 –> 00:10:41,840
It can take your enterprise’s messy reality.
216
00:10:41,840 –> 00:10:45,640
It can take your business, networks, identities, throttling retries and package it into tools
217
00:10:45,640 –> 00:10:50,960
that are safe enough for a model to use without turning every request into a new experiment.
218
00:10:50,960 –> 00:10:55,560
Now we can place co-pilot studio correctly, not as the thing that integrates everything.
219
00:10:55,560 –> 00:10:59,400
As the thing that decides what should happen, then hands execution to something that can
220
00:10:59,400 –> 00:11:00,880
be held accountable.
221
00:11:00,880 –> 00:11:04,640
Co-pilot studio, the intent interface, not the integration layer.
222
00:11:04,640 –> 00:11:08,320
Co-pilot studio is where most leaders want to start because it looks like the business.
223
00:11:08,320 –> 00:11:09,840
A person asks a question.
224
00:11:09,840 –> 00:11:11,960
The system answers, it feels like progress.
225
00:11:11,960 –> 00:11:15,720
But the moment you confuse that interface for the integration layer, you’ve quietly
226
00:11:15,720 –> 00:11:17,640
rebuild the same old problem.
227
00:11:17,640 –> 00:11:21,560
You’ve put business intent inside a surface that can’t own the enterprise’s execution
228
00:11:21,560 –> 00:11:22,560
debt.
229
00:11:22,560 –> 00:11:24,320
That distinction matters.
230
00:11:24,320 –> 00:11:29,520
Co-pilot studio is excellent at three things, conversation, decision framing and tool selection.
231
00:11:29,520 –> 00:11:33,160
Conversation means it can pull context out of humans without forcing them through a form
232
00:11:33,160 –> 00:11:34,160
they hate.
233
00:11:34,160 –> 00:11:37,400
Hiring managers don’t want to know which attribute maps to which HR field.
234
00:11:37,400 –> 00:11:42,520
They want to say start date is the 15th, remote needs contractor access and yes finance systems.
235
00:11:42,520 –> 00:11:44,480
Co-pilot studio can extract that cleanly.
236
00:11:44,480 –> 00:11:49,160
Decision framing means it can take fuzzy requests and turn them into a structured intent.
237
00:11:49,160 –> 00:11:50,960
What is the user trying to achieve?
238
00:11:50,960 –> 00:11:52,360
What constraints are implied?
239
00:11:52,360 –> 00:11:53,840
What information is missing?
240
00:11:53,840 –> 00:11:54,840
What needs approval?
241
00:11:54,840 –> 00:11:56,360
That is not integration.
242
00:11:56,360 –> 00:11:57,840
That’s interpretation.
243
00:11:57,840 –> 00:12:01,480
Tool selection means it can choose the next action from a defined set of tools based
244
00:12:01,480 –> 00:12:03,080
on descriptions and schemas.
245
00:12:03,080 –> 00:12:06,080
And that’s where it becomes dangerous if your tools are a mess because the model will
246
00:12:06,080 –> 00:12:08,520
still choose even if the choices are ambiguous.
247
00:12:08,520 –> 00:12:11,040
Here’s the foundational mistake organizations make.
248
00:12:11,040 –> 00:12:15,440
They assume co-pilot studio should just connect to systems of record directly because it
249
00:12:15,440 –> 00:12:16,440
can.
250
00:12:16,440 –> 00:12:17,440
It can.
251
00:12:17,440 –> 00:12:18,440
It shouldn’t.
252
00:12:18,440 –> 00:12:22,040
When co-pilot studio calls a connector directly, you’ve embedded execution inside the reasoning
253
00:12:22,040 –> 00:12:23,040
plane.
254
00:12:23,040 –> 00:12:26,920
You’ve made the model responsible for error handling, retries, compensations and the
255
00:12:26,920 –> 00:12:31,600
kinds of boring transactional guarantees that humans expect and systems rarely provide.
256
00:12:31,600 –> 00:12:33,160
That is not an AI problem.
257
00:12:33,160 –> 00:12:34,440
That is an architecture problem.
258
00:12:34,440 –> 00:12:37,680
Now to be fair, the tools landscape inside co-pilot studio is getting broader and more
259
00:12:37,680 –> 00:12:38,680
capable.
260
00:12:38,680 –> 00:12:39,680
You can use prompts.
261
00:12:39,680 –> 00:12:40,680
You can use connectors.
262
00:12:40,680 –> 00:12:41,680
You can use agent flows.
263
00:12:41,680 –> 00:12:45,360
You can use computer use for UI automation when the API story is terrible.
264
00:12:45,360 –> 00:12:46,360
And now you can use MCP.
265
00:12:46,360 –> 00:12:49,680
But each of those tools exists on a spectrum of governance.
266
00:12:49,680 –> 00:12:51,680
Prompts are flexible, but they’re not evidence.
267
00:12:51,680 –> 00:12:54,000
Connectors are convenient, but they’re not a control plane.
268
00:12:54,000 –> 00:12:58,360
Agent flows can be structured, but they still need an execution spine behind them if you
269
00:12:58,360 –> 00:13:00,800
want consistent enterprise behavior.
270
00:13:00,800 –> 00:13:04,240
Computer use is powerful, but it is literally automation through screens.
271
00:13:04,240 –> 00:13:08,160
That is the opposite of stable, and MCP is the one that forces you to stop pretending
272
00:13:08,160 –> 00:13:10,600
the model can safely improvise.
273
00:13:10,600 –> 00:13:12,760
This is why Kent’s question lands.
274
00:13:12,760 –> 00:13:14,720
Co-pilot studio has connectivity.
275
00:13:14,720 –> 00:13:17,080
So why do I care about MCP server?
276
00:13:17,080 –> 00:13:20,720
Because the enterprise doesn’t care that a single agent can do a thing once.
277
00:13:20,720 –> 00:13:24,840
The enterprise cares that the next 10 agents don’t each invent their own way to do the same
278
00:13:24,840 –> 00:13:25,840
thing.
279
00:13:25,840 –> 00:13:30,200
MCP servers are how you make connectivity reusable, reviewable and portable across agent
280
00:13:30,200 –> 00:13:31,200
platforms.
281
00:13:31,200 –> 00:13:35,800
But the tool contract once, publish it and then co-pilot studio foundry VS code and whatever
282
00:13:35,800 –> 00:13:38,880
else shows up next can consume the same governed capabilities.
283
00:13:38,880 –> 00:13:42,280
It’s also how you prevent connector sprawl from becoming agents sprawl.
284
00:13:42,280 –> 00:13:46,760
If every team can attach connectors directly to their agent, your security model will drift.
285
00:13:46,760 –> 00:13:48,160
Your data movement will drift.
286
00:13:48,160 –> 00:13:49,480
Your approval logic will drift.
287
00:13:49,480 –> 00:13:50,880
Not because people are reckless.
288
00:13:50,880 –> 00:13:53,680
Because entropy always wins when enforcement is optional.
289
00:13:53,680 –> 00:13:55,520
So co-pilot studio’s role is specific.
290
00:13:55,520 –> 00:13:57,000
It is the intent interface.
291
00:13:57,000 –> 00:13:58,640
It is where humans express what they want.
292
00:13:58,640 –> 00:14:01,360
It is where the system asks the right follow-up questions.
293
00:14:01,360 –> 00:14:05,120
It is where reasoning happens and then it hands off to an execution layer that doesn’t
294
00:14:05,120 –> 00:14:06,120
negotiate.
295
00:14:06,120 –> 00:14:08,880
That handoff is not a minor implementation detail.
296
00:14:08,880 –> 00:14:11,360
It’s the architecture.
297
00:14:11,360 –> 00:14:15,360
Co-pilot studio without an execution spine becomes a high end demo machine.
298
00:14:15,360 –> 00:14:16,760
Impressive in a meeting.
299
00:14:16,760 –> 00:14:18,840
Unpredictable in production.
300
00:14:18,840 –> 00:14:23,960
Co-pilot studio with a governed execution layer becomes a scalable operating model.
301
00:14:23,960 –> 00:14:29,400
In addition, decisions, constraint actions and traceability you can defend in an audit.
302
00:14:29,400 –> 00:14:32,440
Now we can introduce the executive mental model that makes this click.
303
00:14:32,440 –> 00:14:33,440
Two planes.
304
00:14:33,440 –> 00:14:34,720
Two jobs.
305
00:14:34,720 –> 00:14:38,080
And a hard boundary between decide and do.
306
00:14:38,080 –> 00:14:39,440
The two plane model.
307
00:14:39,440 –> 00:14:41,680
Reasoning plane versus execution plane.
308
00:14:41,680 –> 00:14:44,560
Here’s what most organizations miss until the first incident review.
309
00:14:44,560 –> 00:14:46,920
AI doesn’t automate workflows.
310
00:14:46,920 –> 00:14:50,800
AI changes where decisions get made and once decisions move control either follows
311
00:14:50,800 –> 00:14:53,360
by design or it evaporates by accident.
312
00:14:53,360 –> 00:14:55,240
So the executive mental model is this.
313
00:14:55,240 –> 00:14:56,240
Two planes.
314
00:14:56,240 –> 00:14:57,800
A reasoning plane and an execution plane.
315
00:14:57,800 –> 00:14:59,520
The reasoning plane is co-pilot studio.
316
00:14:59,520 –> 00:15:00,520
It’s conversational.
317
00:15:00,520 –> 00:15:01,520
It’s adaptive.
318
00:15:01,520 –> 00:15:02,520
It’s probabilistic by nature.
319
00:15:02,520 –> 00:15:04,840
It’s good at interpreting messy human intent.
320
00:15:04,840 –> 00:15:07,920
Asking for missing context and deciding which option fits the moment.
321
00:15:07,920 –> 00:15:09,200
But it is not deterministic.
322
00:15:09,200 –> 00:15:10,600
It will never be deterministic.
323
00:15:10,600 –> 00:15:11,600
That’s not a bug.
324
00:15:11,600 –> 00:15:12,600
That’s what makes it useful.
325
00:15:12,600 –> 00:15:14,360
The execution plane is logic apps.
326
00:15:14,360 –> 00:15:15,360
It’s transactional.
327
00:15:15,360 –> 00:15:16,360
It’s auditable.
328
00:15:16,360 –> 00:15:17,360
It’s designed to be boring.
329
00:15:17,360 –> 00:15:20,920
It takes a decision and turns it into a series of controlled actions against systems
330
00:15:20,920 –> 00:15:25,480
of record with retries, compensations and a run history that can survive and audit.
331
00:15:25,480 –> 00:15:27,080
It is deterministic on purpose.
332
00:15:27,080 –> 00:15:29,680
That distinction matters.
333
00:15:29,680 –> 00:15:33,000
Because if you blend the planes, you get conditional chaos.
334
00:15:33,000 –> 00:15:38,240
A system where outcomes vary based on phrasing, context drift, tool ambiguity or a model update
335
00:15:38,240 –> 00:15:39,600
you didn’t schedule.
336
00:15:39,600 –> 00:15:43,400
In the two plane model, each plane has a job it can actually do well.
337
00:15:43,400 –> 00:15:46,520
In the reasoning plane, the job is interpret intent.
338
00:15:46,520 –> 00:15:48,040
What is the user really asking for?
339
00:15:48,040 –> 00:15:49,520
What policy constraints apply?
340
00:15:49,520 –> 00:15:50,880
What approvals are needed?
341
00:15:50,880 –> 00:15:52,640
What information is missing?
342
00:15:52,640 –> 00:15:54,880
And critically, what tool should be called next?
343
00:15:54,880 –> 00:15:58,320
In the execution plane, the job is enforce intent.
344
00:15:58,320 –> 00:16:00,320
Make the call the same way every time.
345
00:16:00,320 –> 00:16:02,560
Validate inputs.
346
00:16:02,560 –> 00:16:04,400
Handle failures predictably.
347
00:16:04,400 –> 00:16:07,440
Write to the right system in the right order with the right identity.
348
00:16:07,440 –> 00:16:10,080
Capture the evidence.
349
00:16:10,080 –> 00:16:14,200
Now connect this to the line that should be written on a whiteboard in every AI transformation
350
00:16:14,200 –> 00:16:15,760
steering committee.
351
00:16:15,760 –> 00:16:17,640
Copilot decides what should happen.
352
00:16:17,640 –> 00:16:20,440
Logic apps ensures it happens within your compliance boundaries.
353
00:16:20,440 –> 00:16:24,440
If copilot makes a decision that violates policy, the execution plane should refuse.
354
00:16:24,440 –> 00:16:28,280
If copilot makes a decision without required data, the execution plane should force the missing
355
00:16:28,280 –> 00:16:29,280
fields.
356
00:16:29,280 –> 00:16:33,520
If copilot makes a decision that triggers a risky operation, the execution plane should
357
00:16:33,520 –> 00:16:36,120
require an approval pathway or an escalation.
358
00:16:36,120 –> 00:16:41,360
This is where MCP becomes more than a protocol and starts acting like the seam between planes.
359
00:16:41,360 –> 00:16:45,640
MCP is how the reasoning plane asks the execution plane to do something without improvising
360
00:16:45,640 –> 00:16:46,720
the mechanics.
361
00:16:46,720 –> 00:16:48,080
The tool name is fixed.
362
00:16:48,080 –> 00:16:49,240
The schema is fixed.
363
00:16:49,240 –> 00:16:50,600
The inputs are explicit.
364
00:16:50,600 –> 00:16:51,880
The outputs are structured.
365
00:16:51,880 –> 00:16:52,880
The model stops guessing.
366
00:16:52,880 –> 00:16:53,960
It starts selecting.
367
00:16:53,960 –> 00:16:57,720
And that changes everything about blast radius because the most dangerous idea in enterprise
368
00:16:57,720 –> 00:17:01,320
AI is AI inside every workflow.
369
00:17:01,320 –> 00:17:02,320
That sounds modern.
370
00:17:02,320 –> 00:17:06,960
It’s also how you end up with non-deterministic rights to your systems of record scattered across
371
00:17:06,960 –> 00:17:11,120
dozens of agents, each with slightly different prompts, slightly different tools and slightly
372
00:17:11,120 –> 00:17:12,960
different security assumptions.
373
00:17:12,960 –> 00:17:15,320
In other words, policy drift at machine speed.
374
00:17:15,320 –> 00:17:17,520
The two plane model reduces that risk by design.
375
00:17:17,520 –> 00:17:19,400
You don’t let reasoning leak into execution.
376
00:17:19,400 –> 00:17:22,000
You don’t let execution logic get rebuilt in every agent.
377
00:17:22,000 –> 00:17:26,600
You centralize execution into an orchestration layer that is observable, governable and repeatable.
378
00:17:26,600 –> 00:17:31,080
Then you let AI do what it’s actually good at, understanding humans and choosing among
379
00:17:31,080 –> 00:17:32,520
constrained options.
380
00:17:32,520 –> 00:17:34,560
This also scales organizationally.
381
00:17:34,560 –> 00:17:38,600
Agent builders can focus on intents, conversations and decision quality.
382
00:17:38,600 –> 00:17:43,480
Workflow owners can focus on integration, integrity, idempotency and data contracts.
383
00:17:43,480 –> 00:17:46,360
Operators can focus on run, history, failures and evidence.
384
00:17:46,360 –> 00:17:48,360
That row separation is not bureaucracy.
385
00:17:48,360 –> 00:17:52,280
It’s how you stop privilege sprawl and tool sprawl from becoming permanent.
386
00:17:52,280 –> 00:17:57,000
And if you’re listening for the payoff, this is why MCP matters even when connectors exist.
387
00:17:57,000 –> 00:18:01,560
Connectors let you call systems MCP, paired with an execution plane, let you call systems
388
00:18:01,560 –> 00:18:02,560
safely.
389
00:18:02,560 –> 00:18:06,360
That’s the difference between it works in a demo and it survives quarter close.
390
00:18:06,360 –> 00:18:11,280
Now that the model is clear, we can narrate what this actually looks like end to end.
391
00:18:11,280 –> 00:18:16,040
Event, reasoning, orchestration and an audit trail that doesn’t rely on someone’s memory.
392
00:18:16,040 –> 00:18:17,720
Walkthrough narrated.
393
00:18:17,720 –> 00:18:21,040
Event, reasoning, orchestration, audit trail.
394
00:18:21,040 –> 00:18:25,000
Here’s the narrated version of what actually happens when this architecture is working end
395
00:18:25,000 –> 00:18:27,040
to end without screens.
396
00:18:27,040 –> 00:18:30,000
Start with a real signal, not a user click the button demo signal.
397
00:18:30,000 –> 00:18:34,600
A real enterprise event, a new hire is approved in the HR system and invoiced lands in a shared
398
00:18:34,600 –> 00:18:35,600
mailbox.
399
00:18:35,600 –> 00:18:38,320
A servitoo ticket gets created in your ITSM platform.
400
00:18:38,320 –> 00:18:43,040
A pricing update is published from SAP, something changes and now the enterprise has to respond.
401
00:18:43,040 –> 00:18:45,920
That event is the trigger and the first discipline is this.
402
00:18:45,920 –> 00:18:49,240
Don’t let the trigger become the workflow, a trigger is just a fact.
403
00:18:49,240 –> 00:18:51,000
It says something happened.
404
00:18:51,000 –> 00:18:55,040
The reasoning plane is where the system decides what that fact means in business terms.
405
00:18:55,040 –> 00:18:59,520
So Copilot Studio takes the event, plus whatever context is allowed to see, and it does
406
00:18:59,520 –> 00:19:04,080
the part humans usually do in chat messages and half filled tickets, interpretation.
407
00:19:04,080 –> 00:19:08,240
For HR onboarding, it looks at the hire request and immediately starts asking the questions
408
00:19:08,240 –> 00:19:09,920
that always get asked too late.
409
00:19:09,920 –> 00:19:15,040
Roll, location, start date, manager, equipment needs, standard access versus special access,
410
00:19:15,040 –> 00:19:18,600
contractor versus employee and whether any approvals are missing.
411
00:19:18,600 –> 00:19:23,440
For invoice exceptions, it does the thing, accounts payable teams hate doing manually.
412
00:19:23,440 –> 00:19:24,800
Why was this rejected?
413
00:19:24,800 –> 00:19:29,240
It reads the rejection reason, asks for missing context, normalizes vendor names and figures
414
00:19:29,240 –> 00:19:34,160
out whether this is a mismatch, a missing PO, a limit breach or an approval gap.
415
00:19:34,160 –> 00:19:37,360
For IT service automation, it identifies the intent.
416
00:19:37,360 –> 00:19:42,080
Password reset, device compliance, VPN access, mailbox permissions, whatever your tier catalog
417
00:19:42,080 –> 00:19:43,600
actually contains.
418
00:19:43,600 –> 00:19:46,520
And it checks whether this is within policy or needs escalation.
419
00:19:46,520 –> 00:19:47,520
Now here’s the key.
420
00:19:47,520 –> 00:19:51,720
Copilot Studio is not calling random connectors because it can.
421
00:19:51,720 –> 00:19:57,160
It is selecting tools, MCP tools, tools with names and schemers that were designed in advance.
422
00:19:57,160 –> 00:20:01,880
This is where the system stops being a chatbot and starts behaving like a constrained operator.
423
00:20:01,880 –> 00:20:06,280
The agent sees a tool catalog and chooses a tool based on description and required inputs.
424
00:20:06,280 –> 00:20:07,600
It’s not inventing an endpoint.
425
00:20:07,600 –> 00:20:09,320
It’s not guessing at field names.
426
00:20:09,320 –> 00:20:10,920
It’s selecting from what you published.
427
00:20:10,920 –> 00:20:14,680
Yes, the descriptions matter because they become decision inputs for the model.
428
00:20:14,680 –> 00:20:19,560
When Ken said MCP enables seamless integration between large language model applications or
429
00:20:19,560 –> 00:20:23,120
agents and tools and data, that’s what seamless really means.
430
00:20:23,120 –> 00:20:25,760
The model gets a clean menu instead of a junk drawer.
431
00:20:25,760 –> 00:20:29,760
So Copilot Studio chooses the tool, fills in the schema and hands off the request to the
432
00:20:29,760 –> 00:20:30,760
execution plane.
433
00:20:30,760 –> 00:20:32,160
Now logic apps takes over.
434
00:20:32,160 –> 00:20:35,440
This is where the enterprise stops debating what should happen and starts doing what is
435
00:20:35,440 –> 00:20:36,600
allowed to happen.
436
00:20:36,600 –> 00:20:38,600
Logic apps executes connector calls.
437
00:20:38,600 –> 00:20:43,400
But it does it with boring features that matter in production, retries, timeouts, compensating
438
00:20:43,400 –> 00:20:45,720
actions and controlled sequencing.
439
00:20:45,720 –> 00:20:48,320
If a downstream system throttles it retries in the right way.
440
00:20:48,320 –> 00:20:53,800
If a step fails after partial success, it compensates or it roots to a human approval path.
441
00:20:53,800 –> 00:20:57,960
If a call needs enrichment, look up the manager’s ID, map the vendor number, translate a location
442
00:20:57,960 –> 00:20:58,960
code.
443
00:20:58,960 –> 00:21:00,720
Logic apps does it deterministically.
444
00:21:00,720 –> 00:21:03,280
And this is why logic apps is the execution spine.
445
00:21:03,280 –> 00:21:04,760
It doesn’t just call APIs.
446
00:21:04,760 –> 00:21:06,320
It owns the workflow reality.
447
00:21:06,320 –> 00:21:07,720
The enterprise depends on.
448
00:21:07,720 –> 00:21:12,320
Now the part executives should care about even more than the automation is the evidence trail.
449
00:21:12,320 –> 00:21:14,680
Because enterprises don’t get punished for automating.
450
00:21:14,680 –> 00:21:16,960
They get punished for not being able to prove what happened.
451
00:21:16,960 –> 00:21:18,440
Logic apps gives you run history.
452
00:21:18,440 –> 00:21:22,600
And when you run MCP tools through it, you get a full chain, the trigger event, the parameters
453
00:21:22,600 –> 00:21:27,360
passed, the connector calls made, the responses received and the final output.
454
00:21:27,360 –> 00:21:33,480
Kent described it as full traceability, inputs outputs, what the user said, what the agent
455
00:21:33,480 –> 00:21:34,680
responded.
456
00:21:34,680 –> 00:21:36,160
We’ve got a very complete picture.
457
00:21:36,160 –> 00:21:37,440
That is not a nice to have.
458
00:21:37,440 –> 00:21:41,240
It is the difference between an automation you can scale and an automation you quietly turn
459
00:21:41,240 –> 00:21:43,200
off after the first compliance review.
460
00:21:43,200 –> 00:21:44,720
The output is simple.
461
00:21:44,720 –> 00:21:49,480
Systems update, tickets close, records reconcile, access provisions, approvals route and
462
00:21:49,480 –> 00:21:51,800
humans only touch the weird cases.
463
00:21:51,800 –> 00:21:53,120
But the real product isn’t the update.
464
00:21:53,120 –> 00:21:56,280
The real product is that the enterprise can replay the truth.
465
00:21:56,280 –> 00:21:58,200
When someone asks, who approved this?
466
00:21:58,200 –> 00:21:59,200
You don’t search teams.
467
00:21:59,200 –> 00:22:00,200
You pull the run.
468
00:22:00,200 –> 00:22:02,160
When someone asks, why did the agent do that?
469
00:22:02,160 –> 00:22:03,160
You don’t blame the model.
470
00:22:03,160 –> 00:22:06,200
You show the tool call and the policy boundary at hit.
471
00:22:06,200 –> 00:22:08,680
And once you have that, you’re not building automations anymore.
472
00:22:08,680 –> 00:22:10,880
You’re building a govern decision and execution pipeline.
473
00:22:10,880 –> 00:22:14,440
Now we can talk about the part that determines whether the scales or collapses.
474
00:22:14,440 –> 00:22:15,760
Tool design.
475
00:22:15,760 –> 00:22:19,080
Tool design is governance, avoiding conditional chaos.
476
00:22:19,080 –> 00:22:23,920
This is where most agentec enterprise conversations collapse into a polite disaster.
477
00:22:23,920 –> 00:22:24,920
Tool design.
478
00:22:24,920 –> 00:22:27,880
Not model selection, not prompt tuning, not which chat surface you picked.
479
00:22:27,880 –> 00:22:28,880
Tool design.
480
00:22:28,880 –> 00:22:30,800
Because once a model has tools, it will use them.
481
00:22:30,800 –> 00:22:34,520
And if the tools are vague, overlapping or overpowered, you’ve created conditional
482
00:22:34,520 –> 00:22:38,600
chaos with a friendly UI, can set the line that should permanently ruin the idea of just
483
00:22:38,600 –> 00:22:40,200
expose the connector.
484
00:22:40,200 –> 00:22:42,240
Create record, create record of what?
485
00:22:42,240 –> 00:22:44,080
That question isn’t pedantic.
486
00:22:44,080 –> 00:22:47,200
It’s the entire governance problem in one sentence.
487
00:22:47,200 –> 00:22:51,480
In an enterprise connector, create record usually means create anything in a system that
488
00:22:51,480 –> 00:22:54,320
contains hundreds of entities and thousands of fields.
489
00:22:54,320 –> 00:22:57,240
Humans can handle that because humans carry context and caution.
490
00:22:57,240 –> 00:22:58,240
Models don’t.
491
00:22:58,240 –> 00:23:02,560
Models optimize for completing the task and they will happily fill in blanks with guesses
492
00:23:02,560 –> 00:23:03,920
that look plausible.
493
00:23:03,920 –> 00:23:06,080
For the first rule of MCP Tool design is simple.
494
00:23:06,080 –> 00:23:07,320
Generic tools don’t scale.
495
00:23:07,320 –> 00:23:09,040
They scale ambiguity.
496
00:23:09,040 –> 00:23:12,880
An ambiguity is expensive, in tokens, in retries, in wrong rights.
497
00:23:12,880 –> 00:23:17,480
And in the time you’ll spend explaining to audit why an AI wrote something to somewhere,
498
00:23:17,480 –> 00:23:19,000
because the tool allowed it.
499
00:23:19,000 –> 00:23:22,760
The counter-intuitive part is that governance isn’t a policy document.
500
00:23:22,760 –> 00:23:23,760
Governance is what you expose.
501
00:23:23,760 –> 00:23:27,920
And if you expose a tool that can write to ten tables, you’ve already lost the argument
502
00:23:27,920 –> 00:23:29,880
that you control the system.
503
00:23:29,880 –> 00:23:31,440
Control is not what you intended.
504
00:23:31,440 –> 00:23:32,760
Control is what the interface permits.
505
00:23:32,760 –> 00:23:38,360
So you design tools, like you designed guardrails, narrow surface area, clear intent, constrained
506
00:23:38,360 –> 00:23:41,080
inputs, predictable outputs.
507
00:23:41,080 –> 00:23:44,600
And the output constraints matter more than most people think because tool responses become
508
00:23:44,600 –> 00:23:45,920
model context.
509
00:23:45,920 –> 00:23:49,920
If you return the entire record payload every time you’re not being thorough, you’re burning
510
00:23:49,920 –> 00:23:53,320
tokens and feeding the model noise it will treat as relevant.
511
00:23:53,320 –> 00:23:59,000
The simple version is your tool schema is your policy boundary, now practical consequences.
512
00:23:59,000 –> 00:24:04,240
If you build an MCP tool called update opportunity, and it accepts any field in the opportunity
513
00:24:04,240 –> 00:24:08,960
object, the model will eventually update the wrong field, not because it’s malicious,
514
00:24:08,960 –> 00:24:11,880
because it is trying to be helpful in a schema it can’t fully reason about.
515
00:24:11,880 –> 00:24:16,160
But if you build advanced opportunity stage with allowed values required IDs and a constrained
516
00:24:16,160 –> 00:24:20,800
output that returns the new stage timestamp and a correlation ID, you’ve done something
517
00:24:20,800 –> 00:24:25,880
different, you’ve turned a risky right into a controlled action, that distinction matters.
518
00:24:25,880 –> 00:24:28,960
And this is where logic apps becomes more than an execution engine.
519
00:24:28,960 –> 00:24:32,640
It becomes a tool compiler, you take raw connectors and you wrap them into tools that match
520
00:24:32,640 –> 00:24:38,640
business verbs, not platform verbs, provision day one access, create incident with severity,
521
00:24:38,640 –> 00:24:43,480
validate invoice against PO, sync pricing changes with ID and potency, those aren’t connector
522
00:24:43,480 –> 00:24:46,000
operations, they’re governed capabilities.
523
00:24:46,000 –> 00:24:50,520
Now the part everyone underestimates tool descriptions, tool descriptions are not documentation,
524
00:24:50,520 –> 00:24:51,600
they’re decision inputs.
525
00:24:51,600 –> 00:24:56,600
A model doesn’t read your wiki, it reads the tool catalog description and schema, that’s
526
00:24:56,600 –> 00:24:59,480
what it uses to decide whether a tool fits the situation.
527
00:24:59,480 –> 00:25:02,960
If the description is generic, the model selection is probabilistic, if the description is
528
00:25:02,960 –> 00:25:05,720
precise, the model selection becomes constrained.
529
00:25:05,720 –> 00:25:10,040
So you write descriptions like you’re writing for a deterministic system, because you are.
530
00:25:10,040 –> 00:25:15,280
This tool creates a Salesforce contact with last name, email and account ID, use it only
531
00:25:15,280 –> 00:25:19,880
when a human confirms the contact should be created, that is governance.
532
00:25:19,880 –> 00:25:25,280
And the moment you do that consistently, something else happens, you reduce tool collisions.
533
00:25:25,280 –> 00:25:29,680
You reduce duplicate tools across teams, you reduce the temptation for every agent builder
534
00:25:29,680 –> 00:25:33,640
to invent their own slightly different version of the same capability, because they don’t
535
00:25:33,640 –> 00:25:34,640
need to.
536
00:25:34,640 –> 00:25:37,200
This is also where you kill entropy generators early.
537
00:25:37,200 –> 00:25:41,280
Policy exceptions thrive in ambiguity, side channels thrive when the official path is
538
00:25:41,280 –> 00:25:43,440
harder than the unofficial one.
539
00:25:43,440 –> 00:25:47,560
Shadow integrations appear when the blessed tool can’t answer the real question.
540
00:25:47,560 –> 00:25:51,720
Well designed tools remove those escape hatches, not by telling people to behave, by making
541
00:25:51,720 –> 00:25:53,560
the correct path the easiest path.
542
00:25:53,560 –> 00:25:55,800
Now tie this back to governance as an enabler.
543
00:25:55,800 –> 00:25:59,720
A tool catalog that’s curated and constrained is what allows you to move faster without losing
544
00:25:59,720 –> 00:26:00,720
control.
545
00:26:00,720 –> 00:26:04,600
It’s how you let teams build agents quickly without granting them raw access to systems
546
00:26:04,600 –> 00:26:05,600
of record.
547
00:26:05,600 –> 00:26:09,720
It’s how you let co-pilot studio do things without turning every action into a bespoke
548
00:26:09,720 –> 00:26:10,720
security review.
549
00:26:10,720 –> 00:26:13,720
You don’t govern agent behavior by reviewing every conversation.
550
00:26:13,720 –> 00:26:16,000
You govern it by designing what actions are possible.
551
00:26:16,000 –> 00:26:17,000
That’s why MCP matters.
552
00:26:17,000 –> 00:26:18,320
It’s not just a protocol.
553
00:26:18,320 –> 00:26:21,560
It’s a forcing function that makes tool design the unit of governance.
554
00:26:21,560 –> 00:26:26,200
And once tool design is governance, you stop arguing about whether AI is safe.
555
00:26:26,200 –> 00:26:27,840
You start proving it.
556
00:26:27,840 –> 00:26:30,680
Scenario one, HR onboarding across systems.
557
00:26:30,680 –> 00:26:34,520
HR onboarding is the universal enterprise mess because it looks simple until you try to
558
00:26:34,520 –> 00:26:35,840
do it consistently.
559
00:26:35,840 –> 00:26:37,080
A person is hired.
560
00:26:37,080 –> 00:26:38,080
They need an identity.
561
00:26:38,080 –> 00:26:39,080
They need a mailbox.
562
00:26:39,080 –> 00:26:40,080
They need access.
563
00:26:40,080 –> 00:26:41,080
They need a device.
564
00:26:41,080 –> 00:26:42,080
They need payroll.
565
00:26:42,080 –> 00:26:45,520
They need just one exception because the new hire is remote or a contractor or joining
566
00:26:45,520 –> 00:26:48,960
finance or starting tomorrow or all of the above.
567
00:26:48,960 –> 00:26:54,120
And every one of those needs lives in a different system owned by a different team with a different
568
00:26:54,120 –> 00:26:55,880
definition of done.
569
00:26:55,880 –> 00:26:57,600
So here’s the strategic framing.
570
00:26:57,600 –> 00:26:59,360
onboarding isn’t an integration problem.
571
00:26:59,360 –> 00:27:03,760
It’s a coordination problem with security consequences because the moment onboarding becomes
572
00:27:03,760 –> 00:27:06,720
a ticket relay race, two things always happen.
573
00:27:06,720 –> 00:27:07,720
First you lose time.
574
00:27:07,720 –> 00:27:09,800
Day one readiness turns into day three readiness.
575
00:27:09,800 –> 00:27:10,800
Then day seven readiness.
576
00:27:10,800 –> 00:27:13,840
Then they’ll be fine with shared access for now.
577
00:27:13,840 –> 00:27:15,120
Second you lose control.
578
00:27:15,120 –> 00:27:19,720
The access becomes normal access manual overrides become permanent pathways and nobody can prove
579
00:27:19,720 –> 00:27:23,880
why a given person got a given entitlement because the decision lived in an email and the
580
00:27:23,880 –> 00:27:25,760
execution happened in four different places.
581
00:27:25,760 –> 00:27:28,640
Now drop co pilot studio and logic apps into that reality.
582
00:27:28,640 –> 00:27:30,560
The intent interface is co pilot studio.
583
00:27:30,560 –> 00:27:34,840
The hiring manager doesn’t need to know what entry attribute maps to what downstream system.
584
00:27:34,840 –> 00:27:37,120
They need to communicate intent in human terms.
585
00:27:37,120 –> 00:27:42,920
Roll location start date manager department employment type and whether standard access applies
586
00:27:42,920 –> 00:27:45,080
or special access is required.
587
00:27:45,080 –> 00:27:47,520
And co pilot studio’s job is not to guess the answer.
588
00:27:47,520 –> 00:27:51,240
It’s to interrogate the request until the request becomes executable.
589
00:27:51,240 –> 00:27:53,280
This is where you reduce entropy early.
590
00:27:53,280 –> 00:27:56,320
The agent asks the questions humans usually ask too late.
591
00:27:56,320 –> 00:27:59,840
It confirms whether the person is employee or contractor, whether they need privileged
592
00:27:59,840 –> 00:28:04,520
access, whether they handle regulated data, whether they require SIP rolls, whether they
593
00:28:04,520 –> 00:28:09,640
need a device shipped and whether approvals exist for any non-standard entitlements.
594
00:28:09,640 –> 00:28:11,280
Then the handoff happens.
595
00:28:11,280 –> 00:28:15,560
The pilot selects a tool not a connector a tool with a name that encodes your governance
596
00:28:15,560 –> 00:28:21,640
intent like start on boarding for new hire or provision day one access.
597
00:28:21,640 –> 00:28:25,960
And this is where mcp matters the model isn’t improvising a sequence of connector calls.
598
00:28:25,960 –> 00:28:29,160
It is calling a published capability with a schema you defined.
599
00:28:29,160 –> 00:28:33,760
The request goes into logic apps and logic apps does the boring work that you actually want
600
00:28:33,760 –> 00:28:34,760
boring.
601
00:28:34,760 –> 00:28:38,520
It creates the identity using managed identity not shared credentials.
602
00:28:38,520 –> 00:28:42,600
It assigns baseline groups using explicit mappings, not whatever the model thinks.
603
00:28:42,600 –> 00:28:46,800
It provisions the mailbox, triggers device enrollment tasks, creates payroll records
604
00:28:46,800 –> 00:28:49,160
and opens or updates the ITSM ticket.
605
00:28:49,160 –> 00:28:52,880
So the operational teams see a single authoritative state.
606
00:28:52,880 –> 00:28:54,960
If something fails, it doesn’t apologize.
607
00:28:54,960 –> 00:28:57,920
It retries, it compensates, it escalates.
608
00:28:57,920 –> 00:28:59,600
This is the part executives miss.
609
00:28:59,600 –> 00:29:01,160
You aren’t automating on boarding.
610
00:29:01,160 –> 00:29:04,520
You’re automating the control plane for on boarding because the workflow becomes the
611
00:29:04,520 –> 00:29:09,320
place where you enforce what done means and you can enforce separation of duties by design.
612
00:29:09,320 –> 00:29:13,400
Agent builders can define the conversational experience and the intent model.
613
00:29:13,400 –> 00:29:16,480
Workflow owners control the execution layer.
614
00:29:16,480 –> 00:29:22,600
Which systems are touched in what order, with what identity and what evidence is recorded.
615
00:29:22,600 –> 00:29:27,000
Operators monitor runs and failures without needing access to redesign tools.
616
00:29:27,000 –> 00:29:31,440
That RBX split matters because on boarding is where privileged sprawl starts.
617
00:29:31,440 –> 00:29:34,080
Now take the scenario everyone has.
618
00:29:34,080 –> 00:29:35,080
Special access.
619
00:29:35,080 –> 00:29:38,880
A manager says they’ll need finance reporting access on day one.
620
00:29:38,880 –> 00:29:43,080
In the old model that becomes a side channel, a team’s message to someone who can do it real
621
00:29:43,080 –> 00:29:44,080
quick.
622
00:29:44,080 –> 00:29:47,920
In this model, Copilot collects the justification and roots it into the workflow.
623
00:29:47,920 –> 00:29:49,920
Logic apps enforces the policy boundary.
624
00:29:49,920 –> 00:29:54,080
Either it requires an approval step or it queues it for a privileged workflow or it
625
00:29:54,080 –> 00:29:59,520
refuses unless the request meets conditions you defined, same request, different outcome.
626
00:29:59,520 –> 00:30:03,600
Not because the AI is smarter, because the system is constrained and the audit story becomes
627
00:30:03,600 –> 00:30:04,600
clean.
628
00:30:04,600 –> 00:30:07,040
If someone asks why did this person receive that access?
629
00:30:07,040 –> 00:30:09,240
You don’t reconstruct the narrative from five systems.
630
00:30:09,240 –> 00:30:10,320
You open the run history.
631
00:30:10,320 –> 00:30:14,480
You see who asked what was asked, what approvals were captured, what tools were called, what
632
00:30:14,480 –> 00:30:17,800
groups were assigned and what downstream updates were made.
633
00:30:17,800 –> 00:30:21,520
That is the actual value of enterprise connectivity in an AI era.
634
00:30:21,520 –> 00:30:24,600
Not faster clicks, but fewer, untracked decisions.
635
00:30:24,600 –> 00:30:27,080
And the business outcome is easy to say without hype.
636
00:30:27,080 –> 00:30:32,440
Fewer manual handoffs, faster day one readiness, fewer access mistakes and a measurable reduction
637
00:30:32,440 –> 00:30:34,600
in the hidden labor of coordination.
638
00:30:34,600 –> 00:30:39,040
Now that the pattern is clear, the next scenario makes the same point from a different angle.
639
00:30:39,040 –> 00:30:40,280
Invoices aren’t hard.
640
00:30:40,280 –> 00:30:41,280
Exceptions are.
641
00:30:41,280 –> 00:30:42,280
Scenario 2.
642
00:30:42,280 –> 00:30:44,080
Invoice processing and exception handling.
643
00:30:44,080 –> 00:30:47,080
Invoice automation is always sold as a paper to ERP story.
644
00:30:47,080 –> 00:30:51,240
Scan the PDF, extract the fields, match the PO, post the invoice, done.
645
00:30:51,240 –> 00:30:52,480
That’s the brochure version.
646
00:30:52,480 –> 00:30:54,800
In reality, invoices aren’t hard.
647
00:30:54,800 –> 00:30:57,120
Expansions are endless and they are usually undocumented.
648
00:30:57,120 –> 00:31:00,200
The vendor name doesn’t match what procurement entered three years ago.
649
00:31:00,200 –> 00:31:03,040
The PO is missing, but we always pay this vendor.
650
00:31:03,040 –> 00:31:06,400
The amounts don’t line up because someone changed pricing after the PO.
651
00:31:06,400 –> 00:31:08,680
The approval threshold got exceeded by $12.
652
00:31:08,680 –> 00:31:12,360
The cost center is wrong, the invoice got emailed to the wrong mailbox.
653
00:31:12,360 –> 00:31:14,960
The line items are structured like a ransom note.
654
00:31:14,960 –> 00:31:19,520
And every business unit has its own definition of urgent, so the enterprise cost isn’t invoice
655
00:31:19,520 –> 00:31:20,520
processing.
656
00:31:20,520 –> 00:31:22,040
It’s human exception triage.
657
00:31:22,040 –> 00:31:25,320
And that triage is almost always done in the worst possible place.
658
00:31:25,320 –> 00:31:30,080
Email threads and comments inside whatever ERP screen someone happens to know.
659
00:31:30,080 –> 00:31:31,880
Here’s the architectural reframing.
660
00:31:31,880 –> 00:31:35,240
Invoice exceptions are a coordination problem with money attached.
661
00:31:35,240 –> 00:31:36,240
That means two things.
662
00:31:36,240 –> 00:31:40,480
First, you need a reasoning surface that can collect context without forcing AP to become
663
00:31:40,480 –> 00:31:41,480
a detective.
664
00:31:41,480 –> 00:31:46,800
Second, you need an execution layer that refuses to just post it when policy says otherwise.
665
00:31:46,800 –> 00:31:51,800
This is where co-pilot studio earns its place, not by automating finance.
666
00:31:51,800 –> 00:31:56,160
By handling the conversation nobody wants to have manually, 50 times a day.
667
00:31:56,160 –> 00:32:00,160
When an invoice fails validation, the agent can answer the only question people actually
668
00:32:00,160 –> 00:32:02,400
ask, why was this rejected?
669
00:32:02,400 –> 00:32:06,040
And it can do the follow-up work that humans usually do via back and forth.
670
00:32:06,040 –> 00:32:07,800
Which PO should this map to?
671
00:32:07,800 –> 00:32:09,080
Is this a duplicate?
672
00:32:09,080 –> 00:32:10,800
Who owns this cost center?
673
00:32:10,800 –> 00:32:12,720
Do you want to split the amount?
674
00:32:12,720 –> 00:32:15,920
Is this a legitimate exception and if so, who can approve it?
675
00:32:15,920 –> 00:32:19,240
That matters because it pulls intent out of the business in plain language.
676
00:32:19,240 –> 00:32:22,280
And then the system has to stop being polite and start being strict.
677
00:32:22,280 –> 00:32:25,240
This is where logic apps become the execution spine again.
678
00:32:25,240 –> 00:32:27,840
The model can reason across messy inputs.
679
00:32:27,840 –> 00:32:31,160
But the workflow decides what can move where.
680
00:32:31,160 –> 00:32:35,960
Logic apps enforces validations, vendor match, PO match, limits and approval routing.
681
00:32:35,960 –> 00:32:38,560
It does the ordering that keeps finance sane.
682
00:32:38,560 –> 00:32:40,160
Enrich invoice data.
683
00:32:40,160 –> 00:32:44,680
Check against authoritative systems, root to approvals if thresholds trip, then right back to the
684
00:32:44,680 –> 00:32:49,880
ERP only when the conditions are satisfied. And it does it with audit grade behavior, deterministic
685
00:32:49,880 –> 00:32:53,480
steps, retries where retries make sense and a recorded run history.
686
00:32:53,480 –> 00:32:56,800
Now at the part most AI demos skip because it’s not as fun.
687
00:32:56,800 –> 00:32:57,800
DLP.
688
00:32:57,800 –> 00:32:59,400
In finance, DLP isn’t a slide.
689
00:32:59,400 –> 00:33:02,920
It’s the difference between, we can deploy this and security shut it down.
690
00:33:02,920 –> 00:33:04,280
The practical model is simple.
691
00:33:04,280 –> 00:33:06,280
AI can reason across information.
692
00:33:06,280 –> 00:33:09,640
Workflows decide what information is allowed to move between systems.
693
00:33:09,640 –> 00:33:13,600
So you can let co-pilot studio interpret an exception, summarize what’s missing and ask
694
00:33:13,600 –> 00:33:15,360
the user for clarification.
695
00:33:15,360 –> 00:33:19,600
Without granting it direct, unconstrained access to write into your system of record, because
696
00:33:19,600 –> 00:33:22,080
authenticated does not mean authorized.
697
00:33:22,080 –> 00:33:25,600
And even authorized does not mean safe to execute without guardrails.
698
00:33:25,600 –> 00:33:28,320
Now in MCP terms, this becomes a tool story.
699
00:33:28,320 –> 00:33:32,720
You don’t expose a generic, create invoice tool with a hundred fields and vague meanings.
700
00:33:32,720 –> 00:33:36,080
You expose an invoice exception resolution tool set.
701
00:33:36,080 –> 00:33:40,880
Validate invoice against PO, retrieve vendor master details, request approval for exception
702
00:33:40,880 –> 00:33:45,840
type X, post invoice with correlation ID, and return a structured result that contains
703
00:33:45,840 –> 00:33:48,560
what happened and what evidence was created.
704
00:33:48,560 –> 00:33:52,880
The model doesn’t freehand an ERP transaction, it selects from approved actions.
705
00:33:52,880 –> 00:33:56,080
And the best part is the outcome that executives actually care about.
706
00:33:56,080 –> 00:33:58,920
Humans only touch exceptions, not the happy path.
707
00:33:58,920 –> 00:34:03,360
Happy path invoices post automatically with boring reliability.
708
00:34:03,360 –> 00:34:06,760
Exceptions become structured conversations with constrained outcomes, and you can measure
709
00:34:06,760 –> 00:34:12,280
it in the only ways finance trusts, reduced cycle time, fewer manual touches per invoice,
710
00:34:12,280 –> 00:34:16,360
and fewer we don’t know why this was posted moments that show up during close.
711
00:34:16,360 –> 00:34:17,880
This also changes the failure mode.
712
00:34:17,880 –> 00:34:21,120
In the old world, the failure mode is silent drift.
713
00:34:21,120 –> 00:34:24,040
Someone finds a workaround and it becomes policy by accident.
714
00:34:24,040 –> 00:34:26,160
In this world, the failure mode is explicit.
715
00:34:26,160 –> 00:34:29,080
The workflow refuses, roots, or escalates.
716
00:34:29,080 –> 00:34:32,720
And you can see it happen, which means your control environment becomes a system, not
717
00:34:32,720 –> 00:34:33,720
a story.
718
00:34:33,720 –> 00:34:37,640
In voice exception, stop consuming human attention, you get a second order benefit.
719
00:34:37,640 –> 00:34:42,400
Your AP team stops spending time, being a message bus, and start spending time on the only
720
00:34:42,400 –> 00:34:46,480
work worth human judgment, actual anomalies and actual fraud signals.
721
00:34:46,480 –> 00:34:51,400
Now if you want the scenario where this becomes even more obvious, it’s IT service automation.
722
00:34:51,400 –> 00:34:55,240
Because IT isn’t paid to be creative, it is paid to be consistent under pressure with
723
00:34:55,240 –> 00:34:56,240
receipts.
724
00:34:56,240 –> 00:34:57,240
Scenario 3.
725
00:34:57,240 –> 00:34:58,760
IT service automation.
726
00:34:58,760 –> 00:35:02,720
IT service management is where enterprise reality shows up without makeup.
727
00:35:02,720 –> 00:35:04,320
It’s a repetitive.
728
00:35:04,320 –> 00:35:06,760
Documentation is outdated the day after it’s written.
729
00:35:06,760 –> 00:35:10,200
Tribal knowledge lives in the heads of two people you can’t afford to lose.
730
00:35:10,200 –> 00:35:14,240
And the SLA clock keeps running even when the root cause is a user who swears they didn’t
731
00:35:14,240 –> 00:35:15,240
change anything.
732
00:35:15,240 –> 00:35:19,120
So yes, it is a great place to start with a genetic orchestration, not because it’s glamorous,
733
00:35:19,120 –> 00:35:22,680
because it’s measurable, painful, and full of work that should not require a human to
734
00:35:22,680 –> 00:35:24,960
interpret the same request for the thousandth time.
735
00:35:24,960 –> 00:35:27,920
But here’s the thing, most organizations get wrong when they try it.
736
00:35:27,920 –> 00:35:29,960
They aim for AI resolve’s tickets.
737
00:35:29,960 –> 00:35:30,960
That’s not the real objective.
738
00:35:30,960 –> 00:35:31,960
The real objective is.
739
00:35:31,960 –> 00:35:38,280
AI handles standard intents and the system escalates only when policy thresholds are crossed.
740
00:35:38,280 –> 00:35:41,640
Tier to tier 2 is not a human hierarchy, it’s a control boundary.
741
00:35:41,640 –> 00:35:44,600
Tier is self-service and safe automation.
742
00:35:44,600 –> 00:35:50,120
Password resets account unlocks basic access requests, known device compliance checks, standard
743
00:35:50,120 –> 00:35:55,880
VPN, troubleshooting prompts, maybe a simple, how do I request that roots to a knowledge base?
744
00:35:55,880 –> 00:35:58,600
Tier 1 is guided execution with guardrails.
745
00:35:58,600 –> 00:36:02,200
If you do this action, then verify this condition, then notify the user.
746
00:36:02,200 –> 00:36:06,400
It’s still mostly deterministic, it’s the human doing the steps because the system didn’t.
747
00:36:06,400 –> 00:36:09,800
Tier 2 is where the organization actually pays for judgment.
748
00:36:09,800 –> 00:36:14,840
Complex incidents, ambiguous symptoms, high impact outages, or anything that can create collateral
749
00:36:14,840 –> 00:36:15,840
damage.
750
00:36:15,840 –> 00:36:19,920
Agentech orchestration is about moving work down the stack without moving risk up the stack.
751
00:36:19,920 –> 00:36:21,280
So here’s the pattern.
752
00:36:21,280 –> 00:36:24,200
Copilot Studio becomes the intake and triage surface.
753
00:36:24,200 –> 00:36:28,000
It takes messy user language and turns it into a clean intent.
754
00:36:28,000 –> 00:36:34,080
Password, re-enroll device, request application access, check mailbox permissions, troubleshoot
755
00:36:34,080 –> 00:36:38,920
teams audio, whatever your top ticket categories actually are, then it does the part a ticket
756
00:36:38,920 –> 00:36:40,520
form never does well.
757
00:36:40,520 –> 00:36:42,880
It collects the missing context conversationally.
758
00:36:42,880 –> 00:36:47,200
Device name, error message, location, whether it’s a new device or a rebuild, whether the
759
00:36:47,200 –> 00:36:51,280
user is traveling, whether this is affecting one person or a whole team.
760
00:36:51,280 –> 00:36:53,360
This seems small, it’s not.
761
00:36:53,360 –> 00:36:57,360
Because IT tickets fail for the same reason invoices fail, missing context forces humans
762
00:36:57,360 –> 00:36:58,520
to improvise.
763
00:36:58,520 –> 00:37:01,440
Then Copilot selects the tool and this is where you need to be ruthless.
764
00:37:01,440 –> 00:37:04,120
IT tools are not query everything and do anything.
765
00:37:04,120 –> 00:37:07,800
That’s how you end up with an agent that can disable accounts because someone phrased
766
00:37:07,800 –> 00:37:08,800
a question badly.
767
00:37:08,800 –> 00:37:11,600
Your MCP tools here should map to safe verbs.
768
00:37:11,600 –> 00:37:17,720
Reset password for user, unlock account, create incident with severity, check device compliance,
769
00:37:17,720 –> 00:37:22,600
request software access with a profile, update ticket status, notify user.
770
00:37:22,600 –> 00:37:25,000
If you’re hearing repetition, good repetition is the point.
771
00:37:25,000 –> 00:37:29,080
A safe enterprise is mostly repeated patterns executed consistently.
772
00:37:29,080 –> 00:37:33,680
Now logic apps takes the request and executes it and this is where IT benefits from boring
773
00:37:33,680 –> 00:37:38,760
on purpose more than any other domain because IT automation isn’t just do the thing.
774
00:37:38,760 –> 00:37:43,040
It’s do the thing, then prove it worked, then record what happened.
775
00:37:43,040 –> 00:37:47,600
Logic apps can update your ITSM platform, service now, Azure DevOps, whatever your reality
776
00:37:47,600 –> 00:37:48,600
is.
777
00:37:48,600 –> 00:37:50,400
It can call graph for identity operations.
778
00:37:50,400 –> 00:37:54,280
It can integrate with endpoint tooling that can post to teams, it can send email, it can
779
00:37:54,280 –> 00:37:59,280
trigger follow-up actions and it can do it with controlled retries and clear failure parts.
780
00:37:59,280 –> 00:38:03,280
If the password reset fails due to a lockout policy, the workflow doesn’t keep guessing.
781
00:38:03,280 –> 00:38:04,520
It roots to escalation.
782
00:38:04,520 –> 00:38:08,840
If the device action fails, it captures the error, attaches it to the ticket and moves the
783
00:38:08,840 –> 00:38:10,440
case to tier two with evidence.
784
00:38:10,440 –> 00:38:11,600
This is the real win.
785
00:38:11,600 –> 00:38:14,640
You stop escalating tickets without context.
786
00:38:14,640 –> 00:38:15,760
You escalate with a record.
787
00:38:15,760 –> 00:38:20,120
Now add governance because IT is where governance either becomes real or it becomes a slide.
788
00:38:20,120 –> 00:38:25,240
You separate roles, agent designers build the conversational experience and intent rooting.
789
00:38:25,240 –> 00:38:28,160
Workflow owners build and maintain the executable pathways.
790
00:38:28,160 –> 00:38:32,600
Operators watch run history and manage failures and authentication does not equal authorization.
791
00:38:32,600 –> 00:38:36,400
The system can authenticate the agent and still restrict which tool calls are permitted
792
00:38:36,400 –> 00:38:39,440
for which scenarios, which users and which groups.
793
00:38:39,440 –> 00:38:45,040
If you let any authenticated agent call any IT tool, you just created a new tier incident
794
00:38:45,040 –> 00:38:46,040
generator.
795
00:38:46,040 –> 00:38:49,640
This is also where managed identities and least privilege stop being best practice and
796
00:38:49,640 –> 00:38:51,080
start being survival.
797
00:38:51,080 –> 00:38:55,680
No shed credentials in a workflow, no copy-paste API keys inside an agent, no temporary service
798
00:38:55,680 –> 00:38:58,720
accounts that become permanent because nobody wants to rotate them.
799
00:38:58,720 –> 00:39:01,560
Now for the part executives will actually ask for outcomes.
800
00:39:01,560 –> 00:39:06,520
In IT and HR, 20 to 40% ticket deflection is a credible range when you focus on the top
801
00:39:06,520 –> 00:39:07,760
repetitive intents.
802
00:39:07,760 –> 00:39:12,120
Not because the AI is brilliant, because the system finally stops requiring humans to coordinate
803
00:39:12,120 –> 00:39:13,120
between tools.
804
00:39:13,120 –> 00:39:15,720
And the bigger outcome is SLA protection.
805
00:39:15,720 –> 00:39:19,880
When the agent handles the standard work, humans get time back for real incidents.
806
00:39:19,880 –> 00:39:22,560
When escalations happen, they happen with context and evidence.
807
00:39:22,560 –> 00:39:26,120
When audits ask who changed what, you can answer without archaeology.
808
00:39:26,120 –> 00:39:28,800
Kentware even said it directly in the context of IT.
809
00:39:28,800 –> 00:39:31,960
IT service management always a good place to start.
810
00:39:31,960 –> 00:39:33,280
He’s not being optimistic.
811
00:39:33,280 –> 00:39:35,640
He’s describing where the economics work first.
812
00:39:35,640 –> 00:39:40,040
And once you can prove this works in IT, where metrics are unforgiving, you have a template
813
00:39:40,040 –> 00:39:41,840
you can take to every other domain.
814
00:39:41,840 –> 00:39:45,840
The same two-plane model, the same constraint tools, the same deterministic execution, the
815
00:39:45,840 –> 00:39:47,320
same traceability.
816
00:39:47,320 –> 00:39:51,120
Now the next scenario is where you find out whether your orchestration layer is real or
817
00:39:51,120 –> 00:39:52,600
just polite.
818
00:39:52,600 –> 00:39:55,760
Transactual sync across systems of record where failure isn’t annoying.
819
00:39:55,760 –> 00:39:56,760
It’s expensive.
820
00:39:56,760 –> 00:39:57,760
Snaurio 4.
821
00:39:57,760 –> 00:39:58,760
SAP.
822
00:39:58,760 –> 00:39:59,760
Dataverse.
823
00:39:59,760 –> 00:40:01,960
Lobby sync without breaking finance.
824
00:40:01,960 –> 00:40:06,200
SAP and finance adjacent systems are where just automated goes to die.
825
00:40:06,200 –> 00:40:09,560
Because the failure mode isn’t a funny demo glitch, it’s a reconciliation exercise that
826
00:40:09,560 –> 00:40:11,280
becomes someone’s full-time job.
827
00:40:11,280 –> 00:40:13,800
And here’s the pattern every enterprise recognizes.
828
00:40:13,800 –> 00:40:14,800
Pricing.
829
00:40:14,800 –> 00:40:16,000
Customer master data.
830
00:40:16,000 –> 00:40:17,400
Vendor master data.
831
00:40:17,400 –> 00:40:18,400
Product catalog.
832
00:40:18,400 –> 00:40:19,400
Cost centers.
833
00:40:19,400 –> 00:40:20,400
GL mappings.
834
00:40:20,400 –> 00:40:21,400
Pick your poison.
835
00:40:21,400 –> 00:40:24,760
The business wants a change to show up everywhere, immediately and consistently.
836
00:40:24,760 –> 00:40:26,080
But the estate is a patchwork.
837
00:40:26,080 –> 00:40:27,080
SAP.
838
00:40:27,080 –> 00:40:28,080
Dataverse.
839
00:40:28,080 –> 00:40:30,920
A few line of business apps that matter way more than they look like they should.
840
00:40:30,920 –> 00:40:34,680
And an integration layer that’s accumulated five years of temporary fixes.
841
00:40:34,680 –> 00:40:36,000
So teams try to sync.
842
00:40:36,000 –> 00:40:37,600
They build point to point calls.
843
00:40:37,600 –> 00:40:38,960
They wire up a connector.
844
00:40:38,960 –> 00:40:39,960
They do a nightly job.
845
00:40:39,960 –> 00:40:40,960
It works for a while.
846
00:40:40,960 –> 00:40:42,840
And then something fails silently.
847
00:40:42,840 –> 00:40:44,120
A request times out.
848
00:40:44,120 –> 00:40:45,960
A downstream API throttles.
849
00:40:45,960 –> 00:40:47,440
A duplicate update slips through.
850
00:40:47,440 –> 00:40:48,280
A schema changes.
851
00:40:48,280 –> 00:40:50,200
A retry replays the wrong step.
852
00:40:50,200 –> 00:40:53,160
The sync succeeds in one system and fails in another.
853
00:40:53,160 –> 00:40:55,400
And now your systems of record disagree.
854
00:40:55,400 –> 00:40:56,920
That is not a technical annoyance.
855
00:40:56,920 –> 00:40:58,880
That is financial risk.
856
00:40:58,880 –> 00:41:01,640
And this is where the two-plane model becomes non-negotiable.
857
00:41:01,640 –> 00:41:04,640
Copilot Studio can help interpret intent here.
858
00:41:04,640 –> 00:41:06,240
And yes, there is real value in that.
859
00:41:06,240 –> 00:41:08,880
A finance user doesn’t want to file an integration request.
860
00:41:08,880 –> 00:41:13,640
They want to say, sync pricing changes for these skews or update customer credit limits
861
00:41:13,640 –> 00:41:18,560
for this region or reconcile product categories between ERP and CRM.
862
00:41:18,560 –> 00:41:24,280
Copilot can translate that into structured intent, scope, criteria, timing, approval needs,
863
00:41:24,280 –> 00:41:25,840
and which systems are involved.
864
00:41:25,840 –> 00:41:29,200
But copilot should never wing it when it comes to multi-system rights.
865
00:41:29,200 –> 00:41:31,440
Because the enterprise doesn’t need a conversational update.
866
00:41:31,440 –> 00:41:33,160
It needs transactional integrity.
867
00:41:33,160 –> 00:41:36,200
So the right pattern is copilot decides what should happen.
868
00:41:36,200 –> 00:41:38,160
Logic apps ensures it happens.
869
00:41:38,160 –> 00:41:42,240
And this is where logic apps earns its keep as the execution plane.
870
00:41:42,240 –> 00:41:46,720
The workflow encodes ordering, read source of truth, compute deltas, apply updates in a
871
00:41:46,720 –> 00:41:48,920
controlled sequence and verify results.
872
00:41:48,920 –> 00:41:51,240
It encodes idempotency.
873
00:41:51,240 –> 00:41:54,440
If the same request is replayed, you don’t double apply the change.
874
00:41:54,440 –> 00:41:57,720
It encodes retries that don’t turn into accidental duplication.
875
00:41:57,720 –> 00:42:01,560
And it encodes compensating actions for the cases where a partial success is worse than
876
00:42:01,560 –> 00:42:02,560
a full failure.
877
00:42:02,560 –> 00:42:05,120
This is the kind of boring nobody claps for in a demo.
878
00:42:05,120 –> 00:42:07,760
It is also the only kind of boring finance trusts.
879
00:42:07,760 –> 00:42:09,600
Now layer in the connectivity reality.
880
00:42:09,600 –> 00:42:12,960
A lot of these systems are not meant to be exposed to the public internet.
881
00:42:12,960 –> 00:42:15,720
They live behind networks with reasons not vibes.
882
00:42:15,720 –> 00:42:18,600
This is where logic app standard and the networking options matter.
883
00:42:18,600 –> 00:42:22,800
If you need private endpoints and vnet integration so the orchestration layer can talk to internal
884
00:42:22,800 –> 00:42:26,800
systems without punching holes through your perimeter, this is where you do it.
885
00:42:26,800 –> 00:42:29,000
Executives here, private endpoint.
886
00:42:29,000 –> 00:42:30,400
And think it’s a networking detail.
887
00:42:30,400 –> 00:42:31,400
It’s not.
888
00:42:31,400 –> 00:42:32,400
It’s a trust boundary.
889
00:42:32,400 –> 00:42:37,360
It’s the difference between we integrated SAP and we exposed SAP integration to whatever
890
00:42:37,360 –> 00:42:38,800
could hit an endpoint.
891
00:42:38,800 –> 00:42:40,400
Now bring mcp into the picture.
892
00:42:40,400 –> 00:42:43,400
In this scenario mcp is not about making SAP magical.
893
00:42:43,400 –> 00:42:47,680
It’s about packaging the governed workflow as a tool the model can call without improvisation.
894
00:42:47,680 –> 00:42:51,040
So instead of giving the model a connector and hoping it can construct a correct right
895
00:42:51,040 –> 00:42:56,680
into SAP you give it a tool like sync pricing changes backed by a logic app workflow that
896
00:42:56,680 –> 00:43:01,880
does the ugly parts validation mapping sequencing retries and evidence.
897
00:43:01,880 –> 00:43:06,040
The schema forces specificity which products which effective date which price list which
898
00:43:06,040 –> 00:43:11,400
region what approval ID if required what correlation ID should be returned for audit and the output
899
00:43:11,400 –> 00:43:16,360
is structured not chatty what changed what didn’t what failed and where the evidence lives.
900
00:43:16,360 –> 00:43:20,240
This is the part most people miss the output format is governance too.
901
00:43:20,240 –> 00:43:25,400
If you return huge payloads and raw ERP responses you’re not being transparent you’re flooding
902
00:43:25,400 –> 00:43:29,880
the reasoning plane with noise so you return the minimum needed for decisions and you store
903
00:43:29,880 –> 00:43:31,600
the rest as run history.
904
00:43:31,600 –> 00:43:33,440
Now business outcomes.
905
00:43:33,440 –> 00:43:38,160
The direct benefit is fewer integration outages and fewer systems disagree incidents but
906
00:43:38,160 –> 00:43:42,200
the bigger benefit is that change becomes safer when the enterprise can trust that cross-system
907
00:43:42,200 –> 00:43:47,000
updates are ordered, idempatent and traceable you can move faster without creating reconciliation
908
00:43:47,000 –> 00:43:48,000
debt.
909
00:43:48,000 –> 00:43:52,360
And yes reconciliation debt is a real thing you pay it later with interest during quarter
910
00:43:52,360 –> 00:43:53,360
close.
911
00:43:53,360 –> 00:43:57,640
This scenario also clarifies a strategic truth AI doesn’t remove the need for integration
912
00:43:57,640 –> 00:44:02,080
engineering it exposes whether you ever had it if your estate relies on tribal knowledge
913
00:44:02,080 –> 00:44:07,840
and side channel coordination AI will amplify the inconsistency if your estate has a deterministic
914
00:44:07,840 –> 00:44:12,840
execution layer with governed tools AI will amplify throughput without amplifying risk
915
00:44:12,840 –> 00:44:16,400
that’s the difference between agente transformation and agente chaos.
916
00:44:16,400 –> 00:44:21,320
Next there’s one scenario that turns all of this into executive language instantly compliance
917
00:44:21,320 –> 00:44:26,840
evidence collection where the output isn’t automation it’s proof scenario five compliance
918
00:44:26,840 –> 00:44:31,960
evidence collection audit sell reality compliance is where strategy stops being inspirational
919
00:44:31,960 –> 00:44:36,240
and starts being accountable most executives don’t fear automation they fear the email
920
00:44:36,240 –> 00:44:40,600
from audit that says prove it prove who approved the access prove why the change was made
921
00:44:40,600 –> 00:44:44,600
prove the control operated consistently prove the data didn’t leak prove the exception
922
00:44:44,600 –> 00:44:48,760
was justified prove it across three systems that don’t agree and two teams that remember
923
00:44:48,760 –> 00:44:53,280
it differently and that’s the ugly truth in most enterprises the work is automated but
924
00:44:53,280 –> 00:44:57,840
the evidence is manual people spend weeks collecting screenshots digging through tickets exporting
925
00:44:57,840 –> 00:45:01,840
logs and stitching together a narrative that sounds plausible enough to pass not because
926
00:45:01,840 –> 00:45:06,040
anyone wants to lie because the systems were never designed to tell the story and to end
927
00:45:06,040 –> 00:45:10,240
this is where agente orchestration gets to stop being innovation and start being an operating
928
00:45:10,240 –> 00:45:14,520
model copilot studio plays the front door here but not as the system of record as the
929
00:45:14,520 –> 00:45:19,560
interface to the evidence executives ask questions like who has access to finance reporting
930
00:45:19,560 –> 00:45:24,240
and why which invoices were posted outside policy last quarter what changed in the last
931
00:45:24,240 –> 00:45:28,880
release that impacted customer data which approvals were bypassed during the outage humans
932
00:45:28,880 –> 00:45:33,360
can answer those questions slowly in meetings with caveats copilot studio can answer them
933
00:45:33,360 –> 00:45:37,800
conversationally quickly and in a way that executives will actually use because it can translate
934
00:45:37,800 –> 00:45:42,040
vague questions into structured requests but only if the execution plane can produce
935
00:45:42,040 –> 00:45:45,920
deterministic evidence that is the constraint so the pattern looks like this copilot studio
936
00:45:45,920 –> 00:45:52,080
takes the audit style question and converts it into an evidence request scope time window systems
937
00:45:52,080 –> 00:45:57,680
involved the definition of exception and what the auditor will accept as proof then it
938
00:45:57,680 –> 00:46:02,440
selects a tool that doesn’t search everything it calls an evidence assembly capability and
939
00:46:02,440 –> 00:46:06,400
logic apps does what logic apps always does when it’s used correctly it executes a boring
940
00:46:06,400 –> 00:46:10,480
repeatable process that creates a trace you can defend pull the access assignments from
941
00:46:10,480 –> 00:46:15,160
entry pull the ticket approvals from it sm pull the workflow runs that provisioned or revoked
942
00:46:15,160 –> 00:46:19,480
access pull the finance transaction logs that show postings and reversals package it into
943
00:46:19,480 –> 00:46:23,240
an evidence bundle with correlation IDs and timestamps store it where your compliance
944
00:46:23,240 –> 00:46:28,200
team expects it return a summary to the agent that is small structured and decision ready
945
00:46:28,200 –> 00:46:32,400
and here’s the architectural payoff you’re not relying on copilot’s memory of the conversation
946
00:46:32,400 –> 00:46:37,720
to be the record you’re relying on run history can’t describe it as full traceability
947
00:46:37,720 –> 00:46:41,880
inputs outputs what the user said and what the agent responded we’ve got a very complete
948
00:46:41,880 –> 00:46:45,800
picture that matters most in audits because audits are not about what your system intended
949
00:46:45,800 –> 00:46:50,080
they’re about what your system did logic apps run history becomes an audit artifact who
950
00:46:50,080 –> 00:46:54,400
triggered the workflow what inputs were supplied what tools were called what downstream systems
951
00:46:54,400 –> 00:46:58,960
responded and what the workflow returned if your agent asked for evidence the workflow
952
00:46:58,960 –> 00:47:03,640
can provide it with the same determinism every time and once you have that something changes
953
00:47:03,640 –> 00:47:08,680
culturally audit stop being a seasonal panic they become a query that’s not a small shift
954
00:47:08,680 –> 00:47:15,120
it’s executive language reduced compliance labor fewer control failures faster response
955
00:47:15,120 –> 00:47:19,480
to audit requests and less reliance on heroics also it forces a healthier boundary between
956
00:47:19,480 –> 00:47:24,360
reasoning and execution copilot can talk it can interpret it can format the answer for a human
957
00:47:24,360 –> 00:47:28,840
but the evidence comes from a deterministic system that can be replayed inspected and monitored
958
00:47:28,840 –> 00:47:33,560
that’s what governed AI actually means not trust in the model but trust in the trail
959
00:47:33,560 –> 00:47:38,360
and if you want the most cynical accurate ROI statement for compliance it’s this the business
960
00:47:38,360 –> 00:47:42,600
value isn’t that the agent can answer auditors the business value is that the enterprise
961
00:47:42,600 –> 00:47:47,800
stops paying humans to reconstruct reality after the fact governance that enable speed guard
962
00:47:47,800 –> 00:47:52,920
rails that don’t rot governance is usually presented as a break pedal that framing is why it fails
963
00:47:52,920 –> 00:47:57,560
a break pedal is something people try to avoid they root around it they temporarily bypass it
964
00:47:57,560 –> 00:48:03,000
they build side channels then governance becomes theater a slide deck about controls that were never
965
00:48:03,000 –> 00:48:09,480
enforced by design in an agentic world governance has to be an accelerator not because leaders suddenly
966
00:48:09,480 –> 00:48:14,840
love compliance because the only way to scale AI is to make the safe path the default path
967
00:48:14,840 –> 00:48:19,000
every other option is entropy with a budget line so here’s what governance looks like when it
968
00:48:19,000 –> 00:48:23,960
actually enables speed and doesn’t rot six months after launched first role separation that matches
969
00:48:23,960 –> 00:48:28,520
how the system works you need three roles and you need them because the platform will drift without
970
00:48:28,520 –> 00:48:35,240
them agent designers build the intent interface prompts conversation flows and tool selection logic
971
00:48:35,240 –> 00:48:39,960
they should not be able to change what a provision access tool can do in production workflow owners
972
00:48:39,960 –> 00:48:46,200
build the execution plane logic apps workflows tool schemas retries compensations and the integration
973
00:48:46,200 –> 00:48:50,920
contracts they should not be writing the conversational layer operators run the estate monitoring
974
00:48:50,920 –> 00:48:55,240
incident response and evidence production they should not be editing workflows in the middle of
975
00:48:55,240 –> 00:48:59,800
an outage because someone asked nicely that’s our back as an operating model not our back as a
976
00:48:59,800 –> 00:49:04,520
checkbox and if you don’t do it you will get privileged sprawl you will get everyone is a maker
977
00:49:04,520 –> 00:49:10,360
access drift you will get production edited from a browser tab at 11 p.m second managed identity as
978
00:49:10,360 –> 00:49:15,800
the default not as a nice when we have time upgrade if an automation can run only because somebody
979
00:49:15,800 –> 00:49:21,080
copied a client secret into a connection you have not built a system you’ve built a hostage situation
980
00:49:21,080 –> 00:49:26,600
managed identities are how you keep execution boring no secrets no shared credentials no rotated
981
00:49:26,600 –> 00:49:31,400
keys that nobody rotates it also gives you something executives care about when they eventually ask
982
00:49:31,400 –> 00:49:37,240
who had access to do that because the identity is explicit scoped and auditable third tenant
983
00:49:37,240 –> 00:49:42,200
and environment isolation that reflects reality dev test and prod aren’t best practice they are
984
00:49:42,200 –> 00:49:46,360
entropy containment agent behavior will change prompts will change tools will evolve connectors will
985
00:49:46,360 –> 00:49:51,000
get updated models will get updated if you don’t isolate environments you’ve created a single
986
00:49:51,000 –> 00:49:56,760
shared blast radius where experimentation and production share the same failure modes so you isolate
987
00:49:56,760 –> 00:50:03,000
not by duplicating intelligence but by promoting vetted artifacts tool contracts workflows policies
988
00:50:03,000 –> 00:50:08,520
build once then promote through environments with controlled change fourth network boundaries early
989
00:50:08,520 –> 00:50:13,480
not as a retrofit if you wait until after the pilot to ask should this traffic stay private
990
00:50:13,480 –> 00:50:17,880
you’ve already chosen public exposure you just haven’t admitted it logic app standard and
991
00:50:17,880 –> 00:50:23,000
private endpoints exist for a reason enterprises have systems that cannot be internet adjacent and
992
00:50:23,000 –> 00:50:27,640
when you’re feeding those systems through agente pathways you don’t get to pretend the network is
993
00:50:27,640 –> 00:50:32,760
someone else’s problem private endpoints keep internal traffic internal vnet integration keeps the
994
00:50:32,760 –> 00:50:37,480
orchestration layer on the right side of your perimeter and yes it’s slower to set up at first it’s
995
00:50:37,480 –> 00:50:42,920
faster than rebuilding everything after security says no fifth dlp as the line between reasoning
996
00:50:42,920 –> 00:50:47,560
and movement copilot studio can reason across a lot of information that’s the point but workflows
997
00:50:47,560 –> 00:50:53,480
decide what can move where so you treat dlp policies as rooting rules for data movement not as abstract
998
00:50:53,480 –> 00:50:58,280
restrictions you define which connectors can exchange which data classes you define where sensitive
999
00:50:58,280 –> 00:51:03,240
data can be written you define what can be summarized versus what can be exported this is how you stop
1000
00:51:03,240 –> 00:51:09,400
helpful from becoming x filtration finally authorization beyond authentication enterprises love
1001
00:51:09,400 –> 00:51:14,040
saying it’s protected by entra that’s only the first gate authenticated doesn’t mean authorized
1002
00:51:14,040 –> 00:51:18,600
authorize doesn’t mean least privilege least privilege doesn’t mean safe tool design so you enforce
1003
00:51:18,600 –> 00:51:24,120
authorization at the execution plane which tools can be called by which agents on behalf of which
1004
00:51:24,120 –> 00:51:29,800
uses for which scopes under which conditions and you log it as evidence not as best effort this is
1005
00:51:29,800 –> 00:51:34,680
the uncomfortable truth policy will erode wherever enforcement is optional so you make enforcement
1006
00:51:34,680 –> 00:51:40,200
structural you publish constrained tools you root execution through deterministic workflows you
1007
00:51:40,200 –> 00:51:44,920
isolate environments you remove secrets you keep the network private and you keep the run history
1008
00:51:44,920 –> 00:51:49,400
as the truth source because governance that works is not something people remember to do it’s
1009
00:51:49,400 –> 00:51:55,000
what the architecture refuses to let them avoid operating model build ones reuse everywhere most
1010
00:51:55,000 –> 00:52:00,200
enterprises don’t lose to technology they lose to duplication one team builds a sales force connector
1011
00:52:00,200 –> 00:52:04,440
solution another team builds the same thing slightly differently because they couldn’t find the
1012
00:52:04,440 –> 00:52:09,640
first one couldn’t trust it or couldn’t use it without begging for access six months later you don’t
1013
00:52:09,640 –> 00:52:13,480
have an integration strategy you have a museum of near identical artifacts and now you’re about to
1014
00:52:13,480 –> 00:52:18,520
do the same thing with agents so this section is the operating model how you stop agentic work from
1015
00:52:18,520 –> 00:52:23,480
becoming a new layer of sprawl the rule is simple build ones reuse everywhere but that only works if
1016
00:52:23,480 –> 00:52:28,200
you treat tools as products not as project outputs that means you need a catalog not a folder not a
1017
00:52:28,200 –> 00:52:34,440
team’s post not ask bob a catalog with ownership visibility and a life cycle this is why api center
1018
00:52:34,440 –> 00:52:39,080
shows up in Kent’s story as more than a wizard it’s the discoverability layer that prevents your
1019
00:52:39,080 –> 00:52:43,880
mcp servers from becoming that thing someone built in a subscription nobody monitors and he called
1020
00:52:43,880 –> 00:52:48,760
api center a central hub to stop your api sprawl that’s not marketing that’s the problem statement
1021
00:52:48,760 –> 00:52:53,480
because mcp servers without a catalog are just better hidden endpoints and hidden endpoints are
1022
00:52:53,480 –> 00:52:57,880
how governance dies now practically there are three catalog shaped paths in the Microsoft estate
1023
00:52:57,880 –> 00:53:03,560
that all converge on the same idea first api center is the enterprise catalog for api’s and mcp
1024
00:53:03,560 –> 00:53:08,280
servers it’s where you register describe and publish what exists it’s where admins can see what’s
1025
00:53:08,280 –> 00:53:12,840
out there and developers can discover what they’re allowed to reuse and yes it’s also where you can
1026
00:53:12,840 –> 00:53:18,280
start small Kent mentioned the free tier with a limit of up to 200 registered assets that’s enough
1027
00:53:18,280 –> 00:53:23,080
runway for most organizations to prove the model without turning procurement into a blocker second
1028
00:53:23,080 –> 00:53:28,040
foundry’s tools catalog this is the agent builder’s view of the same reality it’s where teams go when
1029
00:53:28,040 –> 00:53:32,680
they want to add capability fast but still through a governed pathway what matters here isn’t the
1030
00:53:32,680 –> 00:53:37,960
UI what matters is that the tool gets created as an mcp server with consistent security and packaging
1031
00:53:37,960 –> 00:53:43,720
so it becomes reusable across agents not embedded into one build third native logic apps where the actual
1032
00:53:43,720 –> 00:53:48,680
execution lives this is where the workflows exist the run history exists and the operational
1033
00:53:48,680 –> 00:53:53,560
reality gets owned the catalog is just the storefront logic apps is the factory these aren’t
1034
00:53:53,560 –> 00:53:57,800
competing approaches they’re different entry points to the same operating model and once you accept
1035
00:53:57,800 –> 00:54:03,960
that your strategy becomes less about which portal do we prefer and more about how do we enforce reuse
1036
00:54:03,960 –> 00:54:08,680
now reuse fails for predictable reasons and you can design around them the first is discoverability
1037
00:54:08,680 –> 00:54:13,000
if people can’t find the tool they rebuild it the second is trust if people can’t see how the tool
1038
00:54:13,000 –> 00:54:17,800
behaves they don’t bet their process on it the third is friction if consuming the tool requires a
1039
00:54:17,800 –> 00:54:22,680
weeks long security negotiation teams will route around it so you solve these with an enterprise posture
1040
00:54:22,680 –> 00:54:27,720
that is boring and explicit every mcp server gets an owner every tool gets a description that matches
1041
00:54:27,720 –> 00:54:32,040
business verbs not platform verbs every tool gets a schema that constraints inputs and constraints
1042
00:54:32,040 –> 00:54:37,400
outputs every tool gets versioning and change control because we updated the workflow is not an
1043
00:54:37,400 –> 00:54:42,200
acceptable release note when the workflow is now the execution plane for multiple agents
1044
00:54:42,200 –> 00:54:47,800
and every tool gets an operational contract how it’s monitored how failures route how evidence is
1045
00:54:47,800 –> 00:54:53,080
stored how changes are deployed now testing is the part everyone skips until the first outage can
1046
00:54:53,080 –> 00:54:57,800
mention the logic apps unit testing framework that is GA and the detail that matters isn’t the
1047
00:54:57,800 –> 00:55:02,840
framework itself it’s the posture you don’t treat workflows as low code art you treat them as
1048
00:55:02,840 –> 00:55:08,440
production assets testable promotable and regression safe because when your mcp server is backed by
1049
00:55:08,440 –> 00:55:13,240
a workflow a workflow changes a tool change and a tool change is now a business risk so you build
1050
00:55:13,240 –> 00:55:19,240
smoke tests in vscode you validate tool schemas you test failure paths you test timeouts you test the
1051
00:55:19,240 –> 00:55:23,640
what happens when sales force throttles scenario because that’s not hypothetical it’s Tuesday
1052
00:55:23,640 –> 00:55:29,400
if you want a single executive framing for this operating model it’s this the roi doesn’t come from
1053
00:55:29,400 –> 00:55:34,200
smarter a i it comes from fewer humans coordinating between systems and fewer teams rebuilding the
1054
00:55:34,200 –> 00:55:39,080
same governed capabilities catalogs make capabilities visible logic apps makes execution reliable
1055
00:55:39,080 –> 00:55:44,120
mcp makes those capabilities portable across agent platforms and once that’s true every new agent
1056
00:55:44,120 –> 00:55:49,480
stops being a bespoke integration project it becomes a consumer of a shared enterprise tool chain
1057
00:55:49,480 –> 00:55:55,240
executive decision checklist where this goes wrong and how to prevent it executives don’t need
1058
00:55:55,240 –> 00:55:59,800
another architecture diagram they need a checklist that predicts failure so here it is the five ways
1059
00:55:59,800 –> 00:56:04,600
this goes wrong and what prevents it mistake one treating mcp like just another connector
1060
00:56:05,720 –> 00:56:11,320
that creates tools brawl 50 overlapping tools with vague names vague schemas and nobody who can explain
1061
00:56:11,320 –> 00:56:17,000
which one is safe prevention is boring publish a small curated tool catalog backed by owned workflows
1062
00:56:17,000 –> 00:56:22,920
then enforce reuse through the catalog not tribal knowledge mistake two letting a i write directly
1063
00:56:22,920 –> 00:56:27,880
to systems of record without an execution plane that’s not automation that’s uncontrolled
1064
00:56:27,880 –> 00:56:33,320
mutation prevention is the two plane model copilot reasons logic apps executes if it can’t be traced
1065
00:56:33,320 –> 00:56:38,840
it doesn’t run mistake three skipping discoverability if people can’t find a standard tool they’ll rebuild
1066
00:56:38,840 –> 00:56:43,720
it if they can’t trust it they’ll bypass it prevention is a catalog with ownership versioning
1067
00:56:43,720 –> 00:56:48,920
and a life cycle api center foundry catalog whatever your front door is the tool has to be
1068
00:56:48,920 –> 00:56:54,040
discoverable and governable or it doesn’t exist mistake four ignoring networking and identity
1069
00:56:54,040 –> 00:56:58,840
until after the pilot that’s how pilots die in security review prevention is designing with
1070
00:56:58,840 –> 00:57:04,600
private endpoints managed identity and environment isolation from day one you don’t retrofit trust
1071
00:57:04,600 –> 00:57:11,720
boundaries you enforce them mistake five exposing generic do everything tools create record is not a
1072
00:57:11,720 –> 00:57:16,440
tool it’s an entropy generator prevention is designing tools as constrained business verbs with
1073
00:57:16,440 –> 00:57:20,600
explicit inputs and constrained outputs and that’s how you stop guessing from becoming writing now
1074
00:57:20,600 –> 00:57:28,440
the decision framework start in one domain where pain is obvious and measurement is easy i t sm or h r
1075
00:57:28,440 –> 00:57:33,880
build one mcp server backed by logic apps workflows publish it in a catalog use it from copilot studio
1076
00:57:33,880 –> 00:57:38,440
proof traceability and approval boundaries then scale by reuse not by cloning that’s how you avoid
1077
00:57:38,440 –> 00:57:45,000
conditional chaos the positive thesis the future isn’t smarter chat it’s governed execution copilot
1078
00:57:45,000 –> 00:57:50,520
studio turns intent into decisions and logic apps turns decisions into controlled auditable action
1079
00:57:50,520 –> 00:57:54,440
if you want the governance patterns that keep this from turning into tools brawl watch the next
1080
00:57:54,440 –> 00:57:59,240
next episode and subscribe because this is where Enterprise AI either scales or breaks.
