The Reference
Architecture, on
Microsoft.
For the technical evaluator: how an HR knowledge agent fits together on the Microsoft stack, the controls that make it safe, and the difference between a good starting architecture and a great one.
Book a Discovery CallOne Grounding Fabric, Two Build Tracks
An HR knowledge agent on Microsoft rests on a single grounding fabric: approved content in SharePoint, indexed through Microsoft Graph and the Semantic Index, retrieved permission-trimmed per user, with identity from Entra ID and governance from Purview.
On top of that fabric sit two build tracks. The declarative track (Copilot Studio) uses Microsoft's orchestration and models, fastest and most governed. The custom track (Azure AI Foundry) gives full control for complex retrieval or non-Microsoft surfaces.
For HR question answering, the declarative track is the right default. The custom track is the maturity option, not the starting point.
- SharePoint: the governed HR content store
- Microsoft Graph and Semantic Index: retrieval, permission-trimmed
- Copilot Studio: the declarative agent and orchestration
- Azure AI Foundry: the custom-engine option for complex needs
- Microsoft Purview: sensitivity labels and DLP for Copilot
- Microsoft Entra ID: identity and access scoping
Five Layers, From Content to Conversation
A clean HR agent architecture separates these five layers, so each can be governed and evolved independently.
01
Content
Approved HR policy in a governed SharePoint hub, labeled and de-duplicated.
02
Retrieval
Graph and the Semantic Index surface the right content, trimmed to the asker's permissions.
03
Agent
Copilot Studio composes grounded, cited answers and enforces the guardrails.
04
Governance
Purview labels and DLP, plus Entra scoping, keep sensitive content in bounds.
05
Surfaces
Teams, Microsoft 365 Copilot chat, and the HR SharePoint site, with optional external portal.
Declarative on the Fabric
The recommended starting architecture: a Copilot Studio declarative agent grounded on a governed SharePoint hub, guardrails set, deployed to Teams, with permissions and governance inherited from the tenant.
- Fastest to stand up
- Strongest built-in governance
- Permission trimming inherited
- Runs on existing licensing
Custom Engine and Connectors
The maturity architecture adds SharePoint Knowledge Agent auto-tagging, Copilot connectors to HRIS, agentic retrieval for multi-part questions, and a custom engine for branded or external surfaces.
- Auto-tagged content for precision
- HRIS data in scope via connectors
- Agentic retrieval for complex questions
- Custom engine for external portals
HR Knowledge Agents
View the full practice →Review the Architecture for Your Tenant.
We will map this reference architecture to your environment and constraints. Start with a discovery call.
Book a Discovery Call