A working Copilot Studio agent wired to one enterprise data source — OAuth on-behalf-of, correct DLP zone, Azure Functions middleware, generative orchestration, audit logging. Security-review-ready by handoff, not "we'll figure that out next quarter."
The agent reads or writes against one identifiable system (SharePoint site, Dataverse table, ServiceNow instance, internal API). Not "an agent that does everything" — one that does one thing well.
It's going through InfoSec eventually. You'd rather build it right the first time than retro-fit OBO and DLP scoping after the review fails.
You have engineers who can run it once it's live. You need the working artifact plus the architecture docs, not a managed-service relationship.
One agent, generative orchestration enabled, system topic for the in-scope use case, conversation starters. Published to the right environment with the right governance scope.
One connector wired to the data source — Streamable HTTP transport (not the deprecated SSE), classified into the correct Power Platform DLP zone, tenant-scoped.
Functions backend handling OAuth on-behalf-of so the agent acts as the user, not as itself. Token cache, refresh handling, scoped Graph permissions, audit logging.
Functions app, app registration, key vault, Application Insights — defined in Bicep, deployed through GitHub Actions or Azure DevOps. Repeatable, reviewable, in source control.
Written architecture doc, ops runbook, threat model summary. The artifacts your team needs to operate and your security team needs to approve.
Two weeks, one agent, one data source. Adding a second data source, a second agent, or a custom UI is out of scope for the quickstart price — but they're the natural follow-ons and we'll scope them when we get there. The point of the package is to ship the first agent right; the second is easier once the pattern is in place.
The decisions this package gets right are the same ones laid out in the public essay on adding MCP servers to Copilot Studio in regulated environments — identity, DLP zone, generative orchestration, Streamable HTTP, tenant scoping. If you want to see the architecture work before engaging, that's the longest-form thing I've written on it.