Deila með

Setup Agent blueprint

Important

You need to be part of the Frontier preview program to get early access to Microsoft Agent 365. Frontier connects you directly with Microsoft’s latest AI innovations. Frontier previews are subject to the existing preview terms of your customer agreements. As these features are still in development, their availability and capabilities may change over time.

The agent blueprint defines your agent's identity, permissions, and infrastructure requirements. Every agent instance that gets onboarded will be created off this agent blueprint.

You can learn more about Agent 365 Identity here: Agent 365 Identity

Prerequisites

Before you begin, ensure you have the following:

  1. Agent 365 CLI - See Agent 365 CLI installation

  2. Required permissions:

    • Valid tenant user with one of the following roles:
      • Global Administrator
      • Agent ID Administrator
      • Agent ID Developer
    • Access to an Azure subscription with permissions to create resources

  3. Valid a365.config.json file in your working directory, set up via this step: Setting up Agent 365 config

Create agent blueprint

The a365 setup command creates Azure resources and registers your agent blueprint. The blueprint defines your agent's identity, permissions, and infrastructure requirements. This step establishes the foundation for deploying and running your agent in Azure.

Run setup

Execute the setup command:

a365 setup -h

This will show you various options by which you can either complete the entire setup in a single command ( a365 setup all) or choose more granular options.

The entire setup process performs these operations:

  1. Creates Azure infrastructure (if it doesn't already exist):

    • Resource group
    • App Service Plan with specified SKU
    • Azure Web App with managed identity enabled

  2. Registers agent blueprint:

    • Creates the agent blueprint in your Microsoft Entra tenant
    • Creates Microsoft Entra application registrations
    • Configures the agent identity with required permissions

  3. Configures API permissions:

    • Sets up Microsoft Graph API scopes
    • Configures Messaging Bot API permissions
    • Applies inheritable permissions for agent instances

  4. Updates configuration files:

    • Saves generated IDs and endpoints to a new file in your working directory called a365.generated.config.json
    • Records managed identity and resource information

Note

During setup, browser windows will open for admin consent. Complete these consent flows to proceed. Setup typically takes 3-5 minutes and auto-saves configuration to a365.generated.config.json.

Verify setup

After setup completes successfully, you should see a summary showing all completed steps. Verify the created resources:

  1. View generated configuration:

    a365 config display -g

    Confirm these values are present:

    • agentBlueprintId - Your agent blueprint's application ID
    • agentBlueprintObjectId - Blueprint's Microsoft Entra ID
    • managedIdentityPrincipalId - System-assigned managed identity principal ID

  2. Review Azure resources in Azure Portal:

    Verify the following resources were created:

    • Resource Group:

      • Go to Resource Groups → Select your resource group
      • Verify it contains your App Service Plan and Web App

    • App Service Plan:

      • Go to App Services > App Service Plans
      • Find your plan and verify the pricing tier matches your configuration SKU

    • Web App:

      • Go to App Services > Web Apps
      • Find your web app, then go to Settings > Identity > System assigned
      • Verify status is On
      • Note the Object (principal) ID matches managedIdentityPrincipalId

  3. Verify Microsoft Entra applications in Azure Portal:

    Go to Azure Active Directory > App registrations > All applications:

    • Search for your agent blueprint by the agentBlueprintId
    • Open the application and select API permissions
    • Verify permissions are granted with green checkmarks:
      • Microsoft Graph (delegated and application permissions)
      • Messaging Bot API permissions
    • All permissions should show "Granted for [Your Tenant]"

Next steps

  • Last updated on