News
Microsoft Expands AI Agent Framework with Copilot Tuning and Secure Multi-Agent Protocols
At this year's annual Microsoft Build conference, Redmond announced a significant expansion of its AI agent development infrastructure, adding tools to customize, orchestrate, and secure intelligent agents across Microsoft 365 and Windows environments.
The updates center on a growing framework for autonomous and collaborative AI agents, with a focus on low-code agent tuning, multi-agent orchestration, and the formalization of the Model Context Protocol (MCP) for inter-agent communication.
Copilot Tuning Brings Domain-Specific AI Agent Training to Enterprises
One of the core announcements, Microsoft 365 Copilot Tuning, introduces a low-code approach for enterprise users to adapt AI model behavior using their own organizational data and task structures.
Rather than relying on pre-trained generalist models alone, organizations can now train domain-specific agents—such as legal assistants or industry-specific consultants—tailored to their preferred tone, language, and workflows. These tuned agents run within the secure Microsoft 365 execution boundary, and Microsoft stated that no customer data is used to retrain base foundation models.
The feature will be released in June as part of an early adopter program.
Multi-Agent AI Coordination and Model Portability in Copilot Studio
Microsoft is also expanding Copilot Studio, its agent development environment, to support multi-agent orchestration. This allows agents to collaborate dynamically, each handling different aspects of a task based on functional expertise.
For example, in automated employee onboarding, HR, IT, and operations agents can execute parallel subtasks, coordinated by orchestration logic. These workflows are now available in public preview.
Additionally, Copilot Studio will integrate with Azure AI Foundry, offering support for over 1,900 pretrained models, including domain-optimized LLMs. Developers can now "bring their own models," enhancing agent alignment with organization-specific logic, vocabulary, and goals.
Expanded Tooling for AI-Driven Application Workflows
To support full-stack AI development, Microsoft launched the Microsoft 365 Agents Toolkit, now generally available. It includes debugging and deployment tools for embedding agents into Microsoft 365 and Teams environments.
A new Teams AI Library provides agent optimization tools for multi-modal collaboration use cases (chats, channels, meetings) and supports the Agent-to-Agent (A2A) protocol alongside the evolving Model Context Protocol (MCP).
"[Agents Toolkit] can significantly simplify your development by providing integrated Microsoft 365 identity, cloud storage access, data from Microsoft Graph, and other services in Azure with a 'zero-configuration' approach," said Principal Product Manager Zhidi Shang, in a blog post.
Microsoft also introduced Copilot APIs, starting with capabilities for chat and retrieval, to enable integration of Copilot behaviors into custom apps. Agent oversight and pipeline management are now supported via the new Agent Feed in Power Apps, while Solution Workspace integrates generative UI design and supports code-first deployment from Visual Studio Code.
Windows 11 Implements Security Controls for Agent Interoperability
Windows 11 will formally adopt the Model Context Protocol, enabling standardized HTTP-based communication between agents and tools. MCP is designed to promote modular, discoverable, and reusable AI toolchains—but its open architecture presents new security challenges.
To address this, Microsoft is embedding a secure-by-default MCP framework into the OS, with controls including:
- Proxy-mediated MCP traffic routing, governed by a trusted Windows component.
- Tool-level user authorization, requiring explicit approval for agent-tool execution.
- Centralized MCP registry, allowing only security-vetted servers.
- Runtime isolation and privilege enforcement, minimizing potential damage from compromise.
MCP servers will be required to meet strict criteria, including code signing, immutability, scoped permissions, and interface hardening. A developer preview of the secured MCP implementation will roll out after Build 2025.