Build secure and enterprise-ready agents with Agent 365 | BRK251
Neta Haiby, Kendra Springer, and Lei Zhong walk through what it takes to ship production-grade AI agents, with practical focus on observability, governance, and security controls that don’t block delivery.
Overview
As AI agents move from prototypes to production, the session focuses on the controls developers and platform teams need across the agent lifecycle:
- Observability and runtime visibility for understanding what agents are doing in production
- Identity-aware access to ensure agents act within the right permissions
- Threat protection and risk management for agent behavior and ownership
- Data security to protect sensitive information handled by agents
- Compliance and policy-based governance to meet enterprise requirements
The presenters show how to build enterprise-ready agents using:
- Agent 365 SDK (for building and instrumenting agents)
- Microsoft Purview SDK (for governance and policy enforcement)
Key concepts covered
Agent lifecycle requirements for production
The session frames “enterprise-ready” agents around five requirements:
- Observability
- Identity
- Threat protection
- Data security
- Compliance
Agent Blueprint (reusable instruction model)
A new concept introduced is the Agent Blueprint, described as a reusable instruction model that can be used to create and manage multiple agent instances consistently.
User experience in Microsoft Teams
From the user perspective, the session demonstrates using an agent inside Microsoft Teams, highlighting end-user collaboration scenarios.
Multiple agent instances
The presenters demonstrate how the Blueprint concept supports creating and operating multiple agent instances, and summarize the demo around:
- Onboarding
- Observability
- End-user collaboration
Admin and risk management workflows
The session includes admin-focused capabilities such as:
- Risk management
- Agent ownership reassignment in an admin portal
Rules-based automation
The presenters introduce automation using rules in Agent 365, positioning it as a way to operationalize governance and lifecycle actions.