Picture by Editor
# Introduction
The Agent Framework Dev Mission is a group initiative offering hands-on, developer-focused coaching supplies for constructing AI brokers utilizing trendy frameworks and tooling, with its Agent Framework Dev Day hosted by the Boston Azure AI Group and sponsored by Microsoft. The Microsoft Agent Framework, launched in October 2025, extends each Semantic Kernel and AutoGen right into a unified strategy for constructing manufacturing agentic programs. Paired with the Microsoft Foundry platform, it gives observability, security configuration, and enterprise-grade operational controls on high of the core framework. Working by way of the framework’s Python content material reveals 4 interconnected technical domains, each constructing instantly on the final, and every grounded in patterns that apply to actual deployed programs.
# Treating Security as an Empirical Measurement Downside
Most agentic tutorials deal with security as a footnote. The higher start line is to make security the very first thing a developer sees and measures earlier than writing a single line of agentic logic, grounding the remainder of the work in a practical image of what unguarded fashions really do.
The device for it is a dual-model comparability runner. The identical immediate is distributed concurrently to 2 deployed situations of gpt-4.1-mini: one with Microsoft Foundry security guardrails enabled, one with these guardrails lowered. Outcomes seem side-by-side within the terminal, together with response textual content and latency for every mannequin, making the behavioral distinction between the 2 deployments not possible to dismiss as theoretical.
The default immediate is intentionally provocative: a request for directions on making a home made explosive. The guarded mannequin refuses. The unguarded mannequin could not. Each responses floor in the identical interface, on the identical {hardware}, on the similar time. The distinction is speedy and concrete slightly than hypothetical.
From there, the comparability opens to a few enter classes price probing:
- Profanity filterable through curated blocklists in Microsoft Foundry
- Authorities identifiers resembling Social Safety Numbers (SSNs)
- Different personally identifiable info (PII)
Every maps to an actual class of enterprise compliance concern, and every produces observable variations between the 2 deployments, giving builders a direct sense of the place guardrails have interaction and the place gaps stay.
Latency deserves consideration right here, not simply response content material. Security guardrails introduce measurable overhead, and that tradeoff is price quantifying slightly than assuming away. A 3rd regime — fashions working with default settings between the 2 extremes — reinforces that security is a configurable spectrum slightly than a binary toggle, one which engineers actively tune primarily based on software context.
The underlying code makes use of the framework’s AzureAIClient to spin up short-lived brokers for every mannequin, runs each through asyncio.collect, and surfaces token counts alongside timing knowledge. The structure is deliberately minimal. The purpose is the comparability, not the infrastructure surrounding it.
The broader lesson: an agent that completes a job isn’t the identical as an agent that completes a job responsibly underneath real-world inputs, and understanding that distinction early shapes each architectural choice that follows.
# Connecting Brokers to the World with the Mannequin Context Protocol
The Mannequin Context Protocol (MCP) is a common adapter that enables AI brokers to connect with knowledge sources and instruments by way of a standardized protocol, with out requiring adjustments to the agent shopper when the underlying service adjustments, which makes it a sensible basis for constructing brokers that work together with evolving enterprise programs.
The structure has three parts. A number software (the AI agent) connects by way of an MCP shopper to a number of MCP servers, every of which exposes instruments, sources, and prompts. Servers might be native or distant, and the shopper code doesn’t change to accommodate both, which retains the agent layer cleanly decoupled from infrastructure choices.
Two transport mechanisms cowl the principle deployment situations:
// STDIO Transport
STDIO transport runs the MCP server as a subprocess speaking by way of commonplace enter and output. This fits native instruments and CLI integrations the place low latency and tight course of coupling are fascinating.
// HTTP/SSE Transport
HTTP/SSE transport runs the server as an online service speaking over HTTP with Server-Despatched Occasions (SSE). This fits cloud providers and shared tooling that a number of brokers want to succeed in concurrently throughout distributed environments.
A concrete four-component implementation on a assist ticket area makes these patterns tangible. The mcp_local_server exposes 4 instruments through STDIO: GetConfig, UpdateConfig, GetTicket, and UpdateTicket. The mcp_remote_server is a FastAPI REST API working on port 5060 managing the identical ticket knowledge as a correct service layer. The mcp_bridge runs on port 5070 and interprets between HTTP/SSE and peculiar HTTP calls to the REST backend. The mcp_agent_client consumes all of those concurrently, discovering instruments from every server dynamically and changing them into the function-calling format that Azure OpenAI expects, all inside a single agent session.
The architectural perception with probably the most vital enterprise implications: wrapping an current REST API with an MCP bridge requires no modification to the backend in anyway. Any service already exposing HTTP endpoints turns into accessible to an AI agent with out touching that service’s personal code, which dramatically lowers the mixing value for organizations with giant current API surfaces.
The complete agentic loop constructed right here covers device discovery at runtime, dynamic operate conversion, mannequin invocation, device dispatch, and consequence ingestion again into context, all constructed from first rules utilizing the MCP SDK and Azure OpenAI, giving builders an entire image of how every layer connects.
# Orchestrating Workflow Patterns: Sequential, Concurrent, and Human-in-the-Loop
Workflow orchestration is the place particular person brokers begin functioning as coordinated programs able to dealing with issues too complicated for any single mannequin name to resolve cleanly by itself.
All three patterns function on the identical SupportTicket knowledge mannequin, carrying fields like ticket ID, buyer identify, topic, description, and precedence. Utilizing the identical area throughout all three patterns is deliberate: the aim is to look at similar knowledge transfer by way of basically totally different processing architectures and observe what adjustments concerning the output, the latency, and the management floor obtainable to the operator.
// Sequential Workflow
A high-priority ticket from a buyer unable to log in after a password reset strikes from consumption by way of an AI categorization step, which classifies and summarizes the problem in structured JSON, after which right into a response technology step. The output is an entire, customer-ready reply that acknowledges urgency, presents concrete subsequent steps, and contains the ticket quantity. Your entire pipeline runs with out human intervention, and every step’s output is seen earlier than it passes to the subsequent, making the information transformation at every stage specific and inspectable.
// Concurrent Workflow
A buyer reporting each a reproduction cost and a crashing software in the identical message exposes the boundaries of a sequential single-agent pipeline. Billing and technical considerations require totally different experience, and routing each by way of a single agent produces a weaker consequence than routing every to a specialist who can purpose deeply inside a narrower area.
The concurrent sample followers the query out to a billing professional agent and a technical professional agent concurrently. The billing agent addresses the duplicate cost and recommends a refund path. The technical agent focuses on cache clearing and reinstallation steps for the crashing software. Neither agent makes an attempt to deal with each domains. The aggregated consequence provides the client an entire reply that no single specialist might have produced alone, and the response time is bounded by the slower of the 2 brokers slightly than their sum.
// Human-in-the-Loop Workflow
The best-stakes case includes a buyer requesting a full refund on an annual premium subscription bought one week prior. The AI generates a draft response accurately invoking the 14-day money-back assure coverage and providing to course of cancellation instantly. Then execution stops, and management passes explicitly to a human reviewer earlier than something is distributed.
The supervisor receives the complete draft and three specific selections: approve and ship as written, edit earlier than sending, or escalate to administration. On approval, the system data the motion, updates the ticket standing to resolved, and logs that the response was permitted with out modification, creating an entire audit path of the choice.
What working this sample makes concrete is one thing workflow diagrams are likely to obscure: the human-in-the-loop pause isn’t a failure mode or an exception path. It’s a designed, first-class cease within the workflow. The system waits for it with out polling or timeout. That is the sample that makes AI-assisted processes auditable and defensible in regulated or high-stakes environments, and it deserves to be handled as a peer to the absolutely automated options slightly than a fallback of final resort.
Extending every sample deepens the understanding significantly. Including a sentiment evaluation agent earlier than categorization within the sequential pipeline, including a safety or account specialist to the concurrent fan-out, including new supervisor actions like “Request Extra Information” to the human-in-the-loop step, and composing sequential and concurrent patterns right into a single hybrid workflow all require understanding how the executor lessons, shared shopper manufacturing facility, and knowledge fashions join throughout the complete system.
# Shifting from RAG to Agentic RAG
Normal retrieval-augmented technology (RAG) functions are easy to get began with however encounter query varieties that primary retrieval handles poorly, and people limitations are likely to floor shortly as soon as actual customers begin interacting with the system. Sure/no questions, counting queries, and multi-hop reasoning all stress the assumptions of a single embedding-lookup pipeline in ways in which grow to be instantly seen in manufacturing.
The development by way of this drawback strikes throughout 4 levels: ingestion, easy RAG, superior RAG, and agentic RAG. The sequencing is intentional. Encountering the constraints of naive retrieval first makes the architectural shift to agentic retrieval significant slightly than summary, as a result of the gaps within the easier strategy are already seen earlier than the answer is launched.
The answer makes use of the Microsoft Agent Framework with a Handoff workflow orchestration sample, writing specialised brokers that carry out particular search capabilities backed by Azure AI Search. The Handoff sample routes a question to probably the most applicable specialist agent slightly than sending each query by way of a single retrieval pipeline, which implies every agent might be optimized for the question kind it’s designed to deal with. Implementation covers 4 steps: preliminary setup, a sure/no search agent, a rely search agent, and the remaining specialist brokers, each including a brand new retrieval functionality to the general system.
The architectural shift from commonplace RAG is important and value making specific. Somewhat than a single retrieval pipeline trying to deal with all question varieties with the identical technique, an orchestrator dispatches to brokers specialised for various retrieval approaches, with Azure AI Search serving because the shared data spine that each one specialist brokers draw from. The result’s a system able to answering the complete vary of query varieties that commonplace RAG functions battle with, together with questions that require reasoning over retrieved outcomes slightly than merely returning them.
# Understanding Why These 4 Matters Belong Collectively
The development displays a coherent view of what production-ready agentic improvement really requires, and the order by which the matters seem isn’t arbitrary. Security comes first as a result of it reframes what working code means in an agentic context, establishing from the outset that functionality and accountable habits are separate properties that have to be measured independently. MCP establishes how brokers talk with exterior instruments and providers in a standardized, interoperable method — together with the perception that current APIs might be bridged with none backend modification, which makes it sensible to attach brokers to actual enterprise programs slightly than purpose-built toy backends. Workflow patterns set up how a number of brokers coordinate and, critically, when to pause for a human, introducing the management constructions that make agentic programs reliable sufficient to deploy in consequential settings. Agentic RAG demonstrates how data retrieval scales past easy lookup to deal with the complete vary of query varieties actual customers ask, finishing the image of what a manufacturing data system constructed on this framework seems like.
Taken collectively, the 4 domains transfer from habits commentary to structure development to system operation. That development is what separates a working prototype from a deployable system, and understanding every layer makes the subsequent one significantly simpler to purpose about.
Rachel Kuznetsov has a Grasp’s in Enterprise Analytics and thrives on tackling complicated knowledge puzzles and looking for recent challenges to tackle. She’s dedicated to creating intricate knowledge science ideas simpler to know and is exploring the varied methods AI makes an influence on our lives. On her steady quest to be taught and develop, she paperwork her journey so others can be taught alongside her. You will discover her on LinkedIn.
