From question to governed answer
in under 60 seconds
See how a governed AI agent reads enterprise data, answers in Microsoft Teams, and produces a complete audit trail — all with a real M365 identity. Not a concept. Not a prototype. Working software.
Governed AI in Microsoft Teams
A real user asks a real agent a real question — and every step is identity-verified, policy-checked, and hash-chained. Here's exactly what happens.
Agent Provisioned
Sage BA provisioned with a real Microsoft 365 identity — UPN, mailbox, Teams presence, license, and group memberships — via an 8-step governed provisioning pipeline.
User Messages Agent
A user opens a 1:1 chat with Sage BA in Microsoft Teams and sends: "What are the key priorities this quarter?"
Identity Resolved
The system resolves the M365 object ID to the enrolled agent identity. Verified the agent is active (not paused or quarantined) and authorized for this tenant.
Policy Evaluated
Policy engine classifies the action as ANSWER_QUESTION_INTERNAL, assigns risk level LOW, and returns decision: AUTO — no human approval required.
Kill Switch Checked
Runtime confirms no active kill switch at any of the four scopes: Global, Department, Agent, or Run. Execution is cleared to proceed.
LLM Generates Response
Azure OpenAI (GPT-4o) generates the answer within the governed runtime. Input and output are bounded by the policy context. LLM call logged.
Audit Event Written
SHA-256 hash-chained audit event appended to the immutable log — capturing the action, actor, tenant, timestamp, and cryptographic link to the previous event.
Response Delivered
Agent replies in Teams using its own M365 identity via Microsoft Graph API. The user sees the response in their Teams chat — from a real, governed identity.
What makes this different
The agent has a real M365 identity — not a webhook, not a bot framework token. It appears in Entra ID, has a mailbox, shows presence in Teams. Every response passes through a 5-layer governance stack (identity → policy → kill switch → audit → delivery) and produces 8+ hash-chained audit events for a single interaction.
SharePoint Excel reading — governed file access in the flow of work
A user shares a spreadsheet link in Teams. The agent reads real data, computes real numbers, and returns real answers — every file access logged and policy-checked.
User Shares Excel Link
User pastes a SharePoint Excel file link into the Teams chat with Sage BA.
URL Detected & Parsed
Agent detects the SharePoint URL pattern and initiates the file enrichment pipeline. The file path, site ID, and drive item are resolved.
Policy: Auto-Approved
Policy engine classifies the action as READ_DOC_SUMMARY — risk: LOW — decision: AUTO. File access is approved without human intervention.
File Accessed via Graph
Agent accesses the Excel file via Microsoft Graph Workbook API using a delegated OAuth token — not a shared service account. Scoped to minimum required permissions.
File Access Logged
File access logged as a hash-chained audit event (type: File Read) — capturing filename, connector type, file hash, and the policy decision that authorized it.
Data Analyzed
Agent reads the Transactions sheet, calculates totals across categories, identifies top products by revenue — all within the governed runtime.
Response with Real Data
Agent replies in Teams with actual numbers from the spreadsheet — not a template, not a pre-loaded answer. Real data, governed access, complete audit trail.
Evidence Bundle Created
Complete evidence bundle generated: inputs, outputs, policy decisions, file access records, and SHA-256 checksums — exportable JSON, ready for audit.
Real data. Real governance.
The agent accessed a real Excel file, read real data, and returned real numbers — not a template, not a pre-loaded answer. Every file access was logged, policy-checked, and hash-chained. The evidence bundle includes inputs, outputs, policy decisions, and file access records — exportable JSON with SHA-256 integrity verification.
Five independent governance layers
Every agent interaction passes through all five layers. No shortcuts. No overrides. Each layer produces its own audit events.
Immutable Audit Trail
Every action hash-chained with SHA-256 — append-only, tamper-evident, cryptographically linked. One-click chain verification returns CHAIN INTACT or flags tampering.
- SHA-256 hash chain (each event links to previous)
- Filterable: Requests, Policy, Approvals, File reads, LLM, Teams/Email, Auth
- One-click integrity verification
- Exportable for external audit
Kill Switch
Instantly halt agent operations at four scopes: Global (all agents), Department, individual Agent, or single Run. Each activation is itself an audited event.
- 4 scopes: Global, Department, Agent, Run
- Instant activation — agents stop immediately
- Every activation/deactivation is hash-chained
- No silent overrides — full audit trail
Policy Engine
10 action types classified by risk. Four risk levels (Low, Medium, High, Critical) mapped to three decisions: Auto-approved, Requires Approval, or Blocked. Configurable per tenant.
- 10 classified action types
- 4 risk levels: Low, Medium, High, Critical
- 3 decisions: Auto, Approval Required, Blocked
- Per-tenant configuration
Approval Gates
Risk-based holds for sensitive actions. Approve or reject from the Operator Console with full context. Time-limited capability leases. Every decision audited.
- Risk-based approval holds
- Approve / reject with full context
- Time-limited capability leases
- Every approval decision hash-chained
Evidence Packs
Exportable JSON bundles per agent run — inputs, outputs, policy decisions, file access records, approval chains. SHA-256 checksum for integrity. Hand it to a regulator, not a screenshot.
- Per-run JSON export
- Inputs, outputs, policy, file access, approvals
- SHA-256 checksum for integrity
- Structured for regulatory submission
Role-Based Access Control
7 defined roles with module-level access control. Operators, admins, and auditors see different views. Role switches are logged. No privilege escalation without audit trail.
- 7 roles with granular module access
- Role switches are audited events
- Operator Console scoped by role
- Least-privilege by default
Not a chatbot.
A governed employee.
SageOS agents are not webhook endpoints or bot framework registrations. Each agent is provisioned with a real Microsoft 365 identity — visible in Entra ID, manageable with your existing IT tools, and governed by the same policies as your human workforce.
Real M365 Identity
UPN, mailbox, Teams presence — appears in Entra ID
8-Step Provisioning Pipeline
Governed creation: identity, license, groups, mailbox, audit
Agent Lifecycle Management
Active, Paused, Quarantined states — controllable at any time
Delegated OAuth Tokens
No shared service accounts — scoped, auditable, revocable
IT-Manageable
Use your existing Entra ID, Intune, and M365 admin tools
What's next
Meeting CTO Agent
Coming SoonSpeech-to-text in Teams meetings. Agent joins calls, transcribes, extracts action items, and routes approvals — all governed.
Multi-Agent Orchestration
In DevelopmentMultiple specialized agents collaborating through the orchestrator — with cross-agent audit trails and approval chains.
Integrations Catalog
RoadmapGoverned connectors for Jira, Salesforce, ServiceNow, and more — each with its own policy rules and audit events.
Ready to govern your AI workforce?
Every claim on this page is backed by working software. Book a demo and we'll walk you through every governance layer live.