You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I’ve been able to deploy a chatbot using M365 Agents SDK, where my backend agent is written in Semantic Kernel. I expose that backend to Copilot Studio (Custom Engine) and use Copilot Studio as the UI layer and Azure Bot Service as an intermediate layer.
Now I want to take this one step further:
👉 Put the entire setup into a private network so that the agent and backend communicate only through Azure Private Link, with no public ingress.
Current setup:
• UI: Copilot Studio (Custom Engine)
• Agent runtime: M365 Agents SDK using Azure Bot Service
• Backend service: Semantic Kernel (AKS / Container Apps – flexible here)
Goal:
• Ensure communication between Copilot Studio, M365 Agent, and backend happens only over Private Link
• Configure Private DNS for resolution
• Ideally support Managed Identity or OBO flow for authentication
What I’m looking for:
Any reference architecture diagram for this pattern
A demo repository or sample project that provisions Private Endpoints, Private DNS zones, and handles the networking + auth
Guidance on the recommended approach for making Copilot Studio ↔ private backend communication work seamlessly
In a nutshell, two things:
Agents on Copilot Studio can communicate with the Bot Service over a private link
Bot Service to be able to communicate with the backend Agent on K8S over a private link
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
Uh oh!
There was an error while loading. Please reload this page.
-
I’ve been able to deploy a chatbot using M365 Agents SDK, where my backend agent is written in Semantic Kernel. I expose that backend to Copilot Studio (Custom Engine) and use Copilot Studio as the UI layer and Azure Bot Service as an intermediate layer.
Now I want to take this one step further:
👉 Put the entire setup into a private network so that the agent and backend communicate only through Azure Private Link, with no public ingress.
Current setup:
• UI: Copilot Studio (Custom Engine)
• Agent runtime: M365 Agents SDK using Azure Bot Service
• Backend service: Semantic Kernel (AKS / Container Apps – flexible here)
Goal:
• Ensure communication between Copilot Studio, M365 Agent, and backend happens only over Private Link
• Configure Private DNS for resolution
• Ideally support Managed Identity or OBO flow for authentication
What I’m looking for:
In a nutshell, two things:
Agents on Copilot Studio can communicate with the Bot Service over a private link
Bot Service to be able to communicate with the backend Agent on K8S over a private link
Beta Was this translation helpful? Give feedback.
All reactions