Picture by Editor
# Introduction
The Agent Framework Dev Undertaking is a group initiative offering hands-on, developer-focused coaching supplies for constructing AI brokers utilizing trendy frameworks and tooling, with its Agent Framework Dev Day hosted by the Boston Azure AI Group and sponsored by Microsoft. The Microsoft Agent Framework, launched in October 2025, extends each Semantic Kernel and AutoGen right into a unified strategy for constructing manufacturing agentic techniques. Paired with the Microsoft Foundry platform, it supplies observability, security configuration, and enterprise-grade operational controls on high of the core framework. Working via the framework’s Python content material reveals 4 interconnected technical domains, every one constructing immediately on the final, and every grounded in patterns that apply to actual deployed techniques.
# Treating Security as an Empirical Measurement Downside
Most agentic tutorials deal with security as a footnote. The higher start line is to make security the very first thing a developer sees and measures earlier than writing a single line of agentic logic, grounding the remainder of the work in a practical image of what unguarded fashions really do.
The software for this can be a dual-model comparability runner. The identical immediate is shipped concurrently to 2 deployed situations of gpt-4.1-mini: one with Microsoft Foundry security guardrails enabled, one with these guardrails decreased. Outcomes seem side-by-side within the terminal, together with response textual content and latency for every mannequin, making the behavioral distinction between the 2 deployments unimaginable to dismiss as theoretical.
The default immediate is intentionally provocative: a request for directions on making a home made explosive. The guarded mannequin refuses. The unguarded mannequin could not. Each responses floor in the identical interface, on the identical {hardware}, on the identical time. The distinction is fast and concrete quite than hypothetical.
From there, the comparability opens to 3 enter classes value probing:
- Profanity filterable through curated blocklists in Microsoft Foundry
- Authorities identifiers resembling Social Safety Numbers (SSNs)
- Different personally identifiable data (PII)
Every maps to an actual class of enterprise compliance concern, and every produces observable variations between the 2 deployments, giving builders a direct sense of the place guardrails interact and the place gaps stay.
Latency deserves consideration right here, not simply response content material. Security guardrails introduce measurable overhead, and that tradeoff is value quantifying quite than assuming away. A 3rd regime — fashions working with default settings between the 2 extremes — reinforces that security is a configurable spectrum quite than a binary toggle, one which engineers actively tune based mostly on software context.
The underlying code makes use of the framework’s AzureAIClient to spin up short-lived brokers for every mannequin, runs each through asyncio.collect, and surfaces token counts alongside timing knowledge. The structure is deliberately minimal. The purpose is the comparability, not the infrastructure surrounding it.
The broader lesson: an agent that completes a job just isn’t the identical as an agent that completes a job responsibly underneath real-world inputs, and understanding that distinction early shapes each architectural resolution that follows.
# Connecting Brokers to the World with the Mannequin Context Protocol
The Mannequin Context Protocol (MCP) is a common adapter that enables AI brokers to connect with knowledge sources and instruments via a standardized protocol, with out requiring modifications to the agent consumer when the underlying service modifications, which makes it a sensible basis for constructing brokers that work together with evolving enterprise techniques.
The structure has three parts. A number software (the AI agent) connects via an MCP consumer to a number of MCP servers, every of which exposes instruments, sources, and prompts. Servers might be native or distant, and the consumer code doesn’t change to accommodate both, which retains the agent layer cleanly decoupled from infrastructure selections.
Two transport mechanisms cowl the primary deployment eventualities:
// STDIO Transport
STDIO transport runs the MCP server as a subprocess speaking via normal enter and output. This fits native instruments and CLI integrations the place low latency and tight course of coupling are fascinating.
// HTTP/SSE Transport
HTTP/SSE transport runs the server as an internet service speaking over HTTP with Server-Despatched Occasions (SSE). This fits cloud providers and shared tooling that a number of brokers want to succeed in concurrently throughout distributed environments.
A concrete four-component implementation on a assist ticket area makes these patterns tangible. The mcp_local_server exposes 4 instruments through STDIO: GetConfig, UpdateConfig, GetTicket, and UpdateTicket. The mcp_remote_server is a FastAPI REST API working on port 5060 managing the identical ticket knowledge as a correct service layer. The mcp_bridge runs on port 5070 and interprets between HTTP/SSE and unusual HTTP calls to the REST backend. The mcp_agent_client consumes all of those concurrently, discovering instruments from every server dynamically and changing them into the function-calling format that Azure OpenAI expects, all inside a single agent session.
The architectural perception with essentially the most important enterprise implications: wrapping an present REST API with an MCP bridge requires no modification to the backend in anyway. Any service already exposing HTTP endpoints turns into accessible to an AI agent with out touching that service’s personal code, which dramatically lowers the combination price for organizations with massive present API surfaces.
The complete agentic loop constructed right here covers software discovery at runtime, dynamic perform conversion, mannequin invocation, software dispatch, and outcome ingestion again into context, all constructed from first ideas utilizing the MCP SDK and Azure OpenAI, giving builders an entire image of how every layer connects.
# Orchestrating Workflow Patterns: Sequential, Concurrent, and Human-in-the-Loop
Workflow orchestration is the place particular person brokers begin functioning as coordinated techniques able to dealing with issues too complicated for any single mannequin name to resolve cleanly by itself.
All three patterns function on the identical SupportTicket knowledge mannequin, carrying fields like ticket ID, buyer title, topic, description, and precedence. Utilizing the identical area throughout all three patterns is deliberate: the aim is to look at similar knowledge transfer via basically completely different processing architectures and observe what modifications concerning the output, the latency, and the management floor accessible to the operator.
// Sequential Workflow
A high-priority ticket from a buyer unable to log in after a password reset strikes from consumption via an AI categorization step, which classifies and summarizes the difficulty in structured JSON, after which right into a response technology step. The output is an entire, customer-ready reply that acknowledges urgency, affords concrete subsequent steps, and contains the ticket quantity. The whole pipeline runs with out human intervention, and every step’s output is seen earlier than it passes to the following, making the information transformation at every stage specific and inspectable.
// Concurrent Workflow
A buyer reporting each a replica cost and a crashing software in the identical message exposes the bounds of a sequential single-agent pipeline. Billing and technical considerations require completely different experience, and routing each via a single agent produces a weaker outcome than routing every to a specialist who can purpose deeply inside a narrower area.
The concurrent sample followers the query out to a billing professional agent and a technical professional agent concurrently. The billing agent addresses the duplicate cost and recommends a refund path. The technical agent focuses on cache clearing and reinstallation steps for the crashing software. Neither agent makes an attempt to deal with each domains. The aggregated outcome offers the shopper an entire reply that no single specialist may have produced alone, and the response time is bounded by the slower of the 2 brokers quite than their sum.
// Human-in-the-Loop Workflow
The best-stakes case includes a buyer requesting a full refund on an annual premium subscription bought one week prior. The AI generates a draft response accurately invoking the 14-day money-back assure coverage and providing to course of cancellation instantly. Then execution stops, and management passes explicitly to a human reviewer earlier than something is shipped.
The supervisor receives the complete draft and three specific selections: approve and ship as written, edit earlier than sending, or escalate to administration. On approval, the system data the motion, updates the ticket standing to resolved, and logs that the response was permitted with out modification, creating an entire audit path of the choice.
What working this sample makes concrete is one thing workflow diagrams are likely to obscure: the human-in-the-loop pause just isn’t a failure mode or an exception path. It’s a designed, first-class cease within the workflow. The system waits for it with out polling or timeout. That is the sample that makes AI-assisted processes auditable and defensible in regulated or high-stakes environments, and it deserves to be handled as a peer to the totally automated alternate options quite than a fallback of final resort.
Extending every sample deepens the understanding significantly. Including a sentiment evaluation agent earlier than categorization within the sequential pipeline, including a safety or account specialist to the concurrent fan-out, including new supervisor actions like “Request Extra Data” to the human-in-the-loop step, and composing sequential and concurrent patterns right into a single hybrid workflow all require understanding how the executor lessons, shared consumer manufacturing unit, and knowledge fashions join throughout the complete system.
# Transferring from RAG to Agentic RAG
Customary retrieval-augmented technology (RAG) purposes are simple to get began with however encounter query varieties that primary retrieval handles poorly, and people limitations are likely to floor shortly as soon as actual customers begin interacting with the system. Sure/no questions, counting queries, and multi-hop reasoning all stress the assumptions of a single embedding-lookup pipeline in ways in which change into instantly seen in manufacturing.
The development via this drawback strikes throughout 4 levels: ingestion, easy RAG, superior RAG, and agentic RAG. The sequencing is intentional. Encountering the restrictions of naive retrieval first makes the architectural shift to agentic retrieval significant quite than summary, as a result of the gaps within the less complicated strategy are already seen earlier than the answer is launched.
The answer makes use of the Microsoft Agent Framework with a Handoff workflow orchestration sample, writing specialised brokers that carry out particular search capabilities backed by Azure AI Search. The Handoff sample routes a question to essentially the most acceptable specialist agent quite than sending each query via a single retrieval pipeline, which implies every agent might be optimized for the question sort it’s designed to deal with. Implementation covers 4 steps: preliminary setup, a sure/no search agent, a rely search agent, and the remaining specialist brokers, every one including a brand new retrieval functionality to the general system.
The architectural shift from normal RAG is critical and value making specific. Slightly than a single retrieval pipeline making an attempt to deal with all question varieties with the identical technique, an orchestrator dispatches to brokers specialised for various retrieval approaches, with Azure AI Search serving because the shared information spine that each one specialist brokers draw from. The result’s a system able to answering the complete vary of query varieties that normal RAG purposes wrestle with, together with questions that require reasoning over retrieved outcomes quite than merely returning them.
# Understanding Why These 4 Matters Belong Collectively
The development displays a coherent view of what production-ready agentic growth really requires, and the order through which the matters seem just isn’t arbitrary. Security comes first as a result of it reframes what working code means in an agentic context, establishing from the outset that functionality and accountable conduct are separate properties that should be measured independently. MCP establishes how brokers talk with exterior instruments and providers in a standardized, interoperable means — together with the perception that present APIs might be bridged with none backend modification, which makes it sensible to attach brokers to actual enterprise techniques quite than purpose-built toy backends. Workflow patterns set up how a number of brokers coordinate and, critically, when to pause for a human, introducing the management constructions that make agentic techniques reliable sufficient to deploy in consequential settings. Agentic RAG demonstrates how information retrieval scales past easy lookup to deal with the complete vary of query varieties actual customers ask, finishing the image of what a manufacturing information system constructed on this framework seems like.
Taken collectively, the 4 domains transfer from conduct remark to structure building to system operation. That development is what separates a working prototype from a deployable system, and understanding every layer makes the following one significantly simpler to purpose about.
Rachel Kuznetsov has a Grasp’s in Enterprise Analytics and thrives on tackling complicated knowledge puzzles and looking for recent challenges to tackle. She’s dedicated to creating intricate knowledge science ideas simpler to know and is exploring the varied methods AI makes an impression on our lives. On her steady quest to be taught and develop, she paperwork her journey so others can be taught alongside her. You could find her on LinkedIn.
