Technical Reference

The Reference
Architecture, on
Microsoft.

For the technical evaluator: how an HR knowledge agent fits together on the Microsoft stack, the controls that make it safe, and the difference between a good starting architecture and a great one.

Book a Discovery Call
One fabric
SharePoint, Graph, and the Semantic Index ground the agent, permission-trimmed
Microsoft Learn
Purview
labels and DLP for Copilot govern sensitive HR content
Microsoft, 2025
Entra ID
identity and access scoping underpin the whole design
Microsoft Learn
The Architecture

One Grounding Fabric, Two Build Tracks

An HR knowledge agent on Microsoft rests on a single grounding fabric: approved content in SharePoint, indexed through Microsoft Graph and the Semantic Index, retrieved permission-trimmed per user, with identity from Entra ID and governance from Purview.

On top of that fabric sit two build tracks. The declarative track (Copilot Studio) uses Microsoft's orchestration and models, fastest and most governed. The custom track (Azure AI Foundry) gives full control for complex retrieval or non-Microsoft surfaces.

For HR question answering, the declarative track is the right default. The custom track is the maturity option, not the starting point.

The Components
  • SharePoint: the governed HR content store
  • Microsoft Graph and Semantic Index: retrieval, permission-trimmed
  • Copilot Studio: the declarative agent and orchestration
  • Azure AI Foundry: the custom-engine option for complex needs
  • Microsoft Purview: sensitivity labels and DLP for Copilot
  • Microsoft Entra ID: identity and access scoping
The Layers

Five Layers, From Content to Conversation

A clean HR agent architecture separates these five layers, so each can be governed and evolved independently.

01

Content

Approved HR policy in a governed SharePoint hub, labeled and de-duplicated.

02

Retrieval

Graph and the Semantic Index surface the right content, trimmed to the asker's permissions.

03

Agent

Copilot Studio composes grounded, cited answers and enforces the guardrails.

04

Governance

Purview labels and DLP, plus Entra scoping, keep sensitive content in bounds.

05

Surfaces

Teams, Microsoft 365 Copilot chat, and the HR SharePoint site, with optional external portal.

Good

Declarative on the Fabric

The recommended starting architecture: a Copilot Studio declarative agent grounded on a governed SharePoint hub, guardrails set, deployed to Teams, with permissions and governance inherited from the tenant.

  • Fastest to stand up
  • Strongest built-in governance
  • Permission trimming inherited
  • Runs on existing licensing
Great

Custom Engine and Connectors

The maturity architecture adds SharePoint Knowledge Agent auto-tagging, Copilot connectors to HRIS, agentic retrieval for multi-part questions, and a custom engine for branded or external surfaces.

  • Auto-tagged content for precision
  • HRIS data in scope via connectors
  • Agentic retrieval for complex questions
  • Custom engine for external portals

Review the Architecture for Your Tenant.

We will map this reference architecture to your environment and constraints. Start with a discovery call.

Book a Discovery Call