Skip to Content
TutorialsAgent Fundamentals

Agent Fundamentals

TL;DR: You will learn the four building blocks of an agent (instructions, knowledge, actions, identity) and how they map across Microsoft 365 Copilot, Copilot Studio, MCP and Claude, so you can apply least-privilege governance before any agent ships.

What you will learn

  • What an AI agent actually is, and how it differs from a chatbot or a plain prompt.
  • The four building blocks every agent shares: instructions, knowledge, actions (tools) and identity.
  • How those blocks appear across Microsoft 365 Copilot, Copilot Studio, the Model Context Protocol (MCP) and Claude.
  • Why each building block is also a governance control surface, and what a practitioner must check before an agent is deployed.

Prerequisites

  • A Microsoft 365 Copilot licence if you want to follow the Copilot examples hands-on (reading the concepts requires no licence).
  • A Copilot Studio environment, or trial, to inspect the maker experience (optional).
  • Microsoft Entra ID, with Entra ID P2 recommended where you plan to apply Conditional Access and Privileged Identity Management to agent identities.
  • A role with visibility into the Microsoft 365 admin center and Microsoft Purview, so you can see where agent governance controls live.
  • No earlier tutorial is required; this is the first tutorial in the track.

What an agent is

An AI agent is a system that takes a goal, reasons over context, and uses tools to act on the user’s behalf, rather than only returning text. A plain chatbot answers; an agent decides and does.

Step 1: Separate the model from the agent

  1. Recognise that the large language model is only the reasoning engine.
  2. Note that the agent is the model plus everything wrapped around it: its instructions, the knowledge it can read, the actions it can take, and the identity it runs as.
  3. Conclude that governance is about the wrapper, not the model. You cannot inspect the model’s weights, but you can fully control its instructions, knowledge, actions and identity.

Step 2: Name the four building blocks

  1. Instructions define the agent’s purpose, tone and constraints (the system prompt or agent definition).
  2. Knowledge is the grounding data the agent may read, such as SharePoint sites, files or a connector.
  3. Actions (tools) are the operations the agent may perform, such as calling an API or writing a record.
  4. Identity is the security principal the agent runs as, which determines what data and actions it is permitted to reach.

Hold these four words. Every platform below is just a different way to declare the same four things.

The building blocks across the landscape

Each platform expresses the same four blocks with its own vocabulary. Mapping them once means your governance checklist transfers everywhere.

Step 1: Microsoft 365 Copilot declarative agents

  1. A declarative agent is a customised version of Microsoft 365 Copilot. You supply instructions, knowledge and actions, and it runs on Copilot’s own orchestrator and foundation models, so no extra hosting is required.
  2. Instructions shape how Copilot responds for your scenario.
  3. Knowledge connects Microsoft 365 sources such as SharePoint, OneDrive and Microsoft 365 Copilot connectors.
  4. Actions are API plugins that reach external systems.
  5. Identity is inherited: the agent runs in the calling user’s context and respects existing Microsoft 365 permissions and data protections.

Step 2: Copilot Studio agents

  1. Copilot Studio is the low-code maker tool for richer agents, including custom actions and triggers that go beyond the declarative model.
  2. You still author the same blocks: topics and instructions, knowledge sources, actions and connectors, and an identity (the agent’s authentication and connection references).
  3. Treat connection references as the identity surface. They decide which downstream systems the agent can touch and as whom.

Step 3: Model Context Protocol (MCP)

  1. MCP is an open protocol that lets an agent discover and call external tools and data sources through a standard interface.
  2. In MCP terms, a server exposes tools (actions) and resources (knowledge), and the host agent supplies the instructions and runs under some identity.
  3. The governance question is the same: which MCP servers are trusted, what scopes their credentials hold, and who can register a new server.

Step 4: Claude and Agent Skills

  1. Claude is a model and platform where agents are assembled from instructions, knowledge and tools as well.
  2. Agent Skills package the instructions, scripts and resources an agent needs for a real-world task into a portable, version-controlled folder, which makes the instruction and knowledge blocks reviewable artefacts.
  3. Because a Skill is just files, it can be checked into source control, reviewed and approved before use, which is exactly the audit posture governance teams want.

Step 5: Build the mapping table

Keep this table close; it is the backbone of every review you will run.

Building blockMicrosoft 365 CopilotCopilot StudioMCPClaude
InstructionsAgent instructionsTopics and instructionsHost promptSystem prompt or Skill
KnowledgeSharePoint, OneDrive, connectorsKnowledge sourcesMCP resourcesFiles or Skill resources
Actions (tools)API pluginsActions and connectorsMCP toolsTools and Skill scripts
IdentityCalling user contextConnection referencesServer credentials and scopesAPI key and tool scopes

Governance call-outs

  • Data leakage through knowledge: an agent can surface anything its knowledge sources expose. Confirm that the grounding data (SharePoint sites, files, connectors) is already correctly permissioned, because the agent inherits, and amplifies, every oversharing problem.
  • Least-privilege actions: every tool or plugin widens the blast radius. Grant the narrowest scopes that the scenario needs and reject any action whose permission cannot be justified.
  • Identity and authentication: decide whether the agent acts as the user or as a service identity. Apply Conditional Access and, where supported, Privileged Identity Management to agent and connection identities; never let an agent run with standing high-privilege credentials.
  • Compliance gates before publish: require Responsible AI and content checks, and route Microsoft 365 agents through Microsoft Purview so interactions inherit your data loss prevention and retention policies.
  • Audit trails: ensure every agent action is logged and attributable to an identity. If you cannot answer “who did the agent act as, and what did it touch”, the agent is not ready for production.

Next step

Continue with the next tutorial.

Sources

Licensed under CC BY 4.0  by Educ4te .

Last updated on
OverviewDeclarative Agents 101