Appearance
Agent Lifecycle Roadmap
This is reference material. Use it when you need to look up the Microsoft-aligned pattern, control, or lifecycle decision that belongs at a particular stage.
Purpose
This roadmap defines when to use each Microsoft capability during the lifecycle of an agent, from initial conception through operation and scale. It is intended to be used as the definitive decision guide during planning workshops, internal reviews, and delivery governance reviews.
The core rule is simple: start with the lowest-complexity pattern that proves the business outcome, then move to more flexible platforms only when the requirement forces it.
Default Decision Order
Use this order for every candidate idea.
| Order | Decision | Default Choice | Move On When |
|---|---|---|---|
| 1 | Should this exist? | Do not build until the outcome, owner, KPI, and workflow are clear. | The business case is measurable and the workflow is understood. |
| 2 | Is an agent needed? | Prefer no-agent patterns: standard app feature, deterministic automation, search/RAG, analytics, or reporting. | The work requires reasoning, planning, tool use, adaptive decisions, or autonomous task execution. |
| 3 | Is there a prebuilt SaaS agent? | Use Microsoft SaaS or in-product agents first. | No existing Microsoft SaaS agent satisfies the functional, data, workflow, or governance need. |
| 4 | Can Microsoft 365 Copilot be extended? | Use Microsoft 365 Copilot agents, Agent Builder, declarative agents, or Copilot connectors for Microsoft 365-centered work. | The use case needs deeper process logic, channels, integration, custom runtime, model choice, or advanced orchestration. |
| 5 | Is low-code enough? | Use Copilot Studio for business-configurable agents, knowledge, connectors, actions, channels, and agent flows. | The use case needs pro-code control, advanced evaluations, custom orchestration, hosted frameworks, custom models, or complex multi-agent architecture. |
| 6 | Is managed pro-code enough? | Use Microsoft Foundry Agent Service, Foundry SDK, Foundry evaluations, and managed tools. | The use case requires custom infrastructure, self-hosted models, specialized runtime isolation, or nonstandard framework control. |
| 7 | Is custom infrastructure justified? | Use Azure Container Apps, Azure Kubernetes Service, Azure Functions, Azure API Management, and Microsoft Agent Framework only when the control requirement justifies the operational burden. | The architecture, compliance, or scale requirement cannot be met by SaaS, Copilot Studio, or Foundry. |
Stage Roadmap
| Stage | Question | Use This | Do Not Use This Yet | Exit Gate |
|---|---|---|---|---|
| 0. Conception | What business outcome might improve? | Outcome map, KPI baseline, opportunity brief, business capability map. | Any agent builder or model selection. | Sponsor, owner, target workflow, KPI baseline, and success measure exist. |
| 1. Agent Fit | Should an agent exist? | Agent fit filter, "not an agent" log, use-case inventory. | Copilot Studio, Foundry, or custom code before classification. | Idea is classified as SaaS agent, Microsoft 365 extension, Copilot Studio agent, Foundry/custom agent, automation, RAG/search, analytics, or stop. |
| 2. Portfolio Priority | Which ideas deserve investment? | Prioritization matrix, pilot shortlist, go/no-go gates. | Broad agent portfolio buildout. | One to three pilots have value hypothesis, user group, scope, risks, and scale/stop criteria. |
| 3. Data And Grounding | Can the agent be trusted with the required data and actions? | Data readiness assessment, data access map, retrieval decision register, Purview review, source-system owner review. | Production deployment or broad access. | Authoritative sources, permissions, data gaps, residency, retention, access method, and grounding pattern are approved. |
| 4. Pattern Selection | What is the simplest Microsoft pattern that works? | SaaS-first decision tree, platform selection record, single/multi-agent decision, architecture sketch. | Multi-agent or custom infrastructure by default. | Build/buy/extend decision is documented with platform, tradeoffs, assumptions, and controls. |
| 5. Governance Readiness | Can the agent be owned, governed, secured, monitored, paused, and retired? | Agent registry, RACI, Entra identity plan, Copilot Control System/Power Platform governance, Purview, Defender, Azure Monitor, cost tags. | Build without registry, owner, identity, or control evidence. | Owner, identity, access boundary, funding, registry entry, policy set, risk owner, and lifecycle path are defined. |
| 6. System Design | What exactly may the agent do? | Agent charter, instruction architecture, tool/action policy, approval design, memory and retention policy, threat model. | Open-ended tools, broad data access, unmanaged memory, autonomous high-risk actions. | Scope, prohibited actions, tools, knowledge, approvals, fallback, escalation, memory, and audit are testable. |
| 7. Build | How should the agent be built and integrated? | Agent Builder, Copilot Studio, Microsoft Foundry Agent Service, Foundry SDK, Microsoft Agent Framework, Power Automate, Logic Apps, Azure Functions, APIs, MCP, ALM pipelines. | Production release before validation evidence. | Prototype is versioned, environment-bound, least-privilege, instrumented, and ready for evaluation. |
| 8. Validate | Does it meet quality, safety, value, cost, and compliance thresholds? | Foundry evaluations, agent evaluators, Copilot Studio test sets, red-team plan, security scan, runtime protection status, user acceptance testing. | Scaling based on demo success alone. | Pilot receives scale, redesign, pause, or stop decision backed by evidence. |
| 9. Rollout | Where should it live in daily work? | Teams, Microsoft 365 Copilot, Dynamics 365, Power Apps, internal portals, phased rollout, adoption plan, support model. | Big-bang rollout before telemetry and support are ready. | Users, channels, support, training, feedback, telemetry, and rollback/pause paths are ready. |
| 10. Operation And Scale | How is the agent kept useful, safe, and cost-effective? | Agent 365 registry and management where licensed, Copilot Control System, Purview, Defender, Sentinel, Azure Monitor, Application Insights, Cost Management, Foundry control plane, Copilot Studio analytics. | Unreviewed long-running agents. | Agent has regular value, access, risk, cost, quality, and retirement reviews. |
What To Use By Pattern
| Pattern | Use When | Microsoft Capabilities | Primary Risks To Control |
|---|---|---|---|
| No agent | The workflow is deterministic, rules-based, already covered by an app, or does not need adaptive reasoning. | Power Automate, Logic Apps, Power Apps, Dynamics 365 configuration, Power BI, Fabric, standard Microsoft 365 features. | Overengineering, low ROI, unnecessary model cost. |
| Search/RAG only | Users need grounded answers from approved content, but the system does not need to take actions. | Microsoft 365 Copilot, Microsoft Search, Copilot connectors, SharePoint, OneDrive, Azure AI Search, Copilot Studio knowledge, Foundry retrieval. | Stale content, weak permissions trimming, poor source authority, hallucinated answers. |
| Microsoft SaaS agent | A Microsoft product already provides the needed domain capability. | Microsoft 365 Copilot agents, Researcher, Analyst, Dynamics 365 agents, Security Copilot agents, Fabric data agents, GitHub Copilot agents. | Oversharing, adoption, licensing, admin policy, unmanaged installation. |
| Microsoft 365 Copilot extension | The agent should live in Microsoft 365 and use Microsoft 365 data, instructions, knowledge, and limited actions. | Agent Builder, declarative agents, Microsoft 365 Agents Toolkit, Copilot connectors, Microsoft Graph connectors, Teams app packaging. | Tenant governance, connector permissions, app publishing, action scope. |
| Copilot Studio agent | Business teams need low-code configuration, channels, knowledge, connectors, actions, agent flows, analytics, and Power Platform governance. | Copilot Studio, Power Platform environments, solution pipelines, DLP policies, Dataverse, Power Automate, connectors, Azure Application Insights. | Connector misuse, environment sprawl, DLP gaps, weak ALM, insufficient runtime protection. |
| Foundry managed agent | Developers need model choice, advanced tools, managed runtime, evaluations, observability, multi-agent workflows, or pro-code integration. | Microsoft Foundry Agent Service, Foundry portal, Foundry SDK, prompt agents, workflow agents, hosted agents, model catalog, tool catalog, Azure AI Search, Foundry evaluations. | Model cost, tool governance, network isolation, evaluation quality, workload operations. |
| Code-first custom agent | The use case requires custom orchestration, strict runtime control, custom libraries, special networking, custom memory, or self-hosted models. | Microsoft Agent Framework, Azure Functions, Azure Container Apps, Azure Kubernetes Service, Azure API Management, Azure Monitor, Application Insights, Key Vault. | Operational burden, security baseline, secrets, observability gaps, incident response, cost. |
| Multi-agent system | The work crosses domains, teams, identities, policy boundaries, or specialist roles that need clear separation. | Foundry workflows, Microsoft Agent Framework workflows, Copilot Studio agent flows, MCP, A2A patterns where approved. | Debuggability, latency, handoff failures, privilege escalation, unclear accountability. |
Data, Knowledge, And Tool Roadmap
| Need | Use This First | Escalate To | Use Only With Strong Controls |
|---|---|---|---|
| Microsoft 365 content grounding | SharePoint, OneDrive, Teams, Microsoft 365 Copilot, Copilot connectors. | Microsoft Graph connectors or custom connector. | Direct file scraping or unmanaged indexes. |
| Enterprise search over non-Microsoft content | Prebuilt Copilot connector. | Microsoft Graph connectors API, Azure AI Search. | Custom crawler without ACL preservation. |
| Structured business data lookup | Existing business app APIs or Dataverse. | Azure Functions, Logic Apps, API Management, custom APIs. | Direct database access from agent runtime. |
| Business action or writeback | Deterministic workflow with approval. | Narrow API/tool action with least privilege and audit. | Autonomous write actions for high-risk transactions. |
| External tool integration | Approved connector, OpenAPI action, Logic App, or Power Automate flow. | MCP server with security review. | Unreviewed MCP servers or broad tool catalogs. |
| Memory | Session-only memory. | Managed memory with retention and user isolation. | Persistent memory containing sensitive data without Purview, retention, and deletion controls. |
Governance And Control Plane Roadmap
| Control Need | Use When Available | Fallback If Not Available | Evidence Required |
|---|---|---|---|
| Agent inventory | Agent 365 registry in the Microsoft 365 admin center. | Agent registry plus platform inventories. | Agent ID, owner, purpose, platform, access scope, risk tier, lifecycle status. |
| Agent identity | Microsoft Entra Agent ID and managed identities. | Dedicated app registrations or scoped service principals. | Unique identity, least privilege, credential owner, access review. |
| Microsoft 365 agent governance | Copilot Control System in Microsoft 365 admin center. | Integrated Apps controls and documented admin process. | Published/deployed/blocked status, access policies, sharing controls. |
| Copilot Studio governance | Power Platform admin center, environments, DLP policies, solution pipelines. | Manual environment and release checklist. | Environment, DLP policy, connector approval, solution version, runtime status. |
| Data security and compliance | Microsoft Purview, DSPM for AI, DLP, sensitivity labels, audit, retention, Compliance Manager. | Manual compliance review and control mapping. | Data classification, DLP policy, retention rule, audit trail, regulatory mapping. |
| AI security monitoring | Microsoft Defender for Cloud AI threat protection, Defender XDR, Microsoft Sentinel. | Azure Monitor alerts and manual security review. | Alert routing, incident playbook, red-team evidence, prompt injection test results. |
| Observability | Foundry control plane, Azure Monitor, Application Insights, Copilot Studio analytics. | Manual telemetry report. | Usage, success rate, failure rate, latency, cost, safety events, user feedback. |
| Cost control | Azure Cost Management, Foundry cost dashboards, Copilot Studio usage/message allocation. | Finance-owned usage tracker. | Budget, cost center or allocation code, usage threshold, quota, review cadence. |
Build Roadmap By Team Type
| Team Type | Best Starting Point | Why | Guardrail |
|---|---|---|---|
| Business team in Microsoft 365 | Agent Builder or Microsoft 365 declarative agent. | Fastest path for scoped Microsoft 365 productivity scenarios. | Admin approval, tenant policy, connector review. |
| Business process team on Power Platform | Copilot Studio. | Low-code agents, connectors, channels, Power Automate, and Power Platform ALM. | Environment strategy, DLP, solution pipeline, runtime protection. |
| Product engineering team | Microsoft Foundry Agent Service. | Managed pro-code agent runtime, model choice, tools, evaluations, observability. | Standard setup for enterprise data, private networking if required, CI/CD, evaluations. |
| Advanced engineering/platform team | Microsoft Agent Framework on Foundry or Azure. | Maximum control over orchestration, workflows, state, MCP, and custom runtime. | Architecture review, landing zone, security baseline, observability, incident response. |
| Operations/security team | Defender, Sentinel, Purview, Azure Monitor, Agent 365 where licensed. | Central visibility, threat detection, compliance, identity, cost, and lifecycle management. | Clear ownership and response playbooks. |
Validation Roadmap
| Validation Area | Use | Minimum Pass Condition |
|---|---|---|
| Business value | KPI test, user feedback, task completion measurement. | Pilot reaches agreed value threshold or has a credible redesign path. |
| Agent behavior | Foundry agent evaluators, custom test set, Copilot Studio test sets. | Intent resolution, task adherence, tool call accuracy, and response quality meet target. |
| Grounding | Groundedness, relevance, citation checks, source permission tests. | Answers come from approved sources and respect user permissions. |
| Tool use | Tool-call accuracy tests, API validation, approval checks, rollback tests. | The agent calls the right tool, with valid inputs, under the right authority. |
| Safety/security | Red-team tests, prompt injection tests, data leakage tests, Defender/Purview checks. | No unresolved high-risk safety or security findings. |
| Compliance | Control register, audit trail, retention, residency, DLP, access review. | Required evidence is complete and approved by risk owners. |
| Operations | Latency, failure rate, token/cost usage, incident workflow, support readiness. | Operations owner accepts runbook, telemetry, thresholds, and pause path. |
Scale, Redesign, Pause, Or Stop
| Decision | Use When | Next Action |
|---|---|---|
| Scale | The pilot meets value, safety, quality, adoption, cost, and operations gates. | Expand users in waves, convert pilot architecture into a reusable pattern, schedule lifecycle reviews. |
| Redesign | Value is real, but data, UX, controls, architecture, model choice, or workflow placement failed. | Rework the failed layer only, then rerun validation before expanding. |
| Pause | A dependency, regulation, security issue, or data gap prevents responsible operation. | Disable access, preserve evidence, assign remediation, set decision date. |
| Stop | The agent does not deliver measurable value, is not needed, cannot be governed, or carries unacceptable residual risk. | Retire the agent, remove access, archive evidence, and route useful pieces to automation/search/analytics backlog. |
Nonnegotiable Controls Before Production
- Named business owner, product owner, technical owner, and operations owner.
- Agent registry entry with platform, identity, data sources, tools, access scope, budget owner or cost allocation, risk tier, and lifecycle status.
- Clear decision that the use case needs an agent rather than a simpler pattern.
- Approved data sources, grounding pattern, permission model, retention, and residency.
- Unique identity and least-privilege access for the agent and its tools.
- Tool/action policy with human approval for high-impact actions.
- Threat model and responsible AI assessment.
- Evaluation test set with quality, grounding, task completion, safety, security, cost, and latency thresholds.
- Audit trail for conversations, tool calls, approvals, failures, and administrative changes.
- Pause, rollback, incident response, and retirement process.
Source Alignment
This roadmap is aligned to Microsoft guidance for the AI agent adoption process, technology planning, governance/security, standardized build, Microsoft 365 agent governance, Agent 365 governance, Entra Agent ID, Copilot Studio governance, Foundry Agent Service lifecycle, evaluation, observability, and operation:
- Technology plan for AI agents
- Governance and security for AI agents
- Process to build agents across your organization
- Manage AI agents across your organization
- Agents for Microsoft 365 Copilot
- Agents admin guide for Microsoft 365
- Copilot Control System management controls
- Microsoft Agent 365 overview
- Agent Registry in the Microsoft 365 admin center
- Microsoft Entra Agent ID
- Microsoft Purview for AI agents
- Microsoft Foundry Agent Service
- Agent development lifecycle in Microsoft Foundry
- Foundry evaluations
- Microsoft Agent Framework