Microsoft AI Podcast: Copilot, Agents and Governance

Inside the World of Microsoft Copilot and AI Agents

From the ThreatCast podcast with Ru Campbell and Graham Hosking

Host: Ru Campbell (Microsoft MVP, Microsoft Practice Lead at Threatscape)

Guest: Graham Hosking (Senior AI Solutions Engineer at Microsoft)

Chasing the AI Train: Why It Feels So Fast

AI in Microsoft 365 has evolved rapidly. New terms like Copilot, generative agents, and MXGP seem to appear overnight, leaving even experienced professionals struggling to keep up. Host Ru Campbell described it best: it feels like “chasing a train”.

To make sense of it all, Graham Hosking from Microsoft joins the show to walk through the landscape, from foundational concepts to real-world implementation. Fresh from the buzz of Microsoft Build, Graham outlines where Microsoft’s AI strategy is heading and what that means for businesses right now.

From Chatbots to Orchestrators: Understanding Microsoft AI Agents

AI agents within Microsoft 365 are not just advanced chatbots. They represent a new class of orchestrated intelligence, tools that combine natural language processing with traditional automation and reasoning.

At their core, these agents:

Act as a central “brain” that controls multiple apps and services across the Microsoft stack
Can dynamically choose steps based on available data or context
Go beyond logic-based flows, adapting in real time based on plans written in natural language

This means AI agents can take loosely defined tasks, interpret them like a human would, and execute them across different systems, including SharePoint, Power Platform, and Azure.

Practical Use Cases: Where Agents Are Already Making a Difference

One of the biggest hurdles for organisations is knowing where to begin. Graham shared several examples where AI agents are already proving transformative.

1. Market Research Automation

A customer who previously spent three days on annual research now completes it in 15 minutes
Agents gather external and internal data, then generate a detailed report with visuals using OpenAI models

2. Cyber Security Triage

Alerts trigger AI-driven workflows that assess severity and route incidents dynamically
Agents escalate priority issues to SOC teams via Teams or email, factoring in time of day and other criteria

3. Internal Business Tools

Declarative agents built in Copilot Studio can handle HR queries or employee onboarding
These can be securely shared and governed across departments

These examples show that the best agent use cases start with repeatable, outcome-based processes, not vague ambitions.

How to Approach Building Your Own Agents

When it comes to getting started, Graham advises identifying tasks you are already good at. Why?

Because the AI only performs well if the plan it follows is clearly defined. If you know how to do the task well, you can train the agent to do the same.

To identify good starting points:

Look for repetitive tasks that eat up time, such as research, reporting, or triaging
Map your business personas and their daily pain points
Start small, with five to ten use cases, then expand as confidence grows

The key is not to try to solve everything at once. Focus on achievable wins and iterate from there.

Copilot Studio, Foundry and Power Platform: The Toolkit Behind the Agents

Microsoft’s AI ecosystem gives builders a wide range of tools. But understanding what each platform does and when to use it is essential.

Copilot Studio

Visual interface for building both simple (declarative) and complex (custom) agents
Includes governance tools to manage access and version control
Supports the full agent lifecycle from draft to deployment

Power Platform

Integrates with agents via Power Automate and new Agent Flows written in natural language
Offers low code and pro code experiences
DLP controls and environment management come built in

Azure AI Foundry

Offers access to over 1,800 models including those from Hugging Face, Grok and Mistral
Lets you select lightweight or specialised models rather than defaulting to GPT-4
Supports multimodal inputs, such as PDFs with embedded images via Mistral OCR

Together, these tools allow users of all skill levels to build, deploy and manage intelligent agents without needing deep coding expertise.

Governance Is Not Optional: Controlling Risk and Sprawl

As AI agents multiply within organisations, so do governance challenges. One of the most frequent concerns is agent sprawl, where departments create unmonitored agents with unclear purpose or oversight.

Graham outlined a few of the core risks and how Microsoft addresses them.

Risks:

Too many agents with overlapping or unclear functions
Over-permissioned connectors accessing sensitive data
Lack of visibility into agent usage or impact

Solutions:

Use Power Platform environments for development, testing and production separation
Apply Data Loss Prevention (DLP) policies to restrict specific connectors
Leverage Purview DSPM for AI to monitor:
- Prompt input and output
- User interaction
- Potential misuse of generative models

Purview’s browser extensions also allow visibility into third party AI usage, even on unmanaged endpoints.

And most critically, Graham emphasised that AI governance is a business decision, not just an IT decision. Monitoring first, blocking second, and iterating with care ensures protection without stifling productivity.

The Rise of Vibe Coding and the MXGP Standard

We are entering a new phase of AI interaction, one where non-developers can create powerful tools using natural language. Known as vibe coding, this approach simplifies software creation dramatically.

Instead of writing code from scratch, users describe what they want and the AI builds the structure. This is accelerating innovation, particularly in Power Platform and Copilot Studio.

But with this power comes new complexity, especially around agent to agent communication. That is where MXGP, Model Exchange Gateway Protocol, comes in:

Developed by Anthropic and adopted by Microsoft and OpenAI
Provides a standard for how agents securely communicate across platforms
Enables use cases like linking a Copilot Studio agent with external APIs such as Perplexity AI

Graham even built his own MXGP server using Azure Web Apps and shared the code on GitHub (handle: ITSpecialist111). It is a clear example of how accessible this technology now is, even for those without formal development backgrounds.