mcp-deploy-manage-agents by github/awesome-copilot
npx skills add https://github.com/github/awesome-copilot --skill mcp-deploy-manage-agentsmode: 'agent'
tools: ['changes', 'search/codebase', 'edit/editFiles', 'problems']
description: '在 Microsoft 365 管理中心部署和管理基于 MCP 的声明式代理,实现治理、分配和组织分发'
model: 'gpt-4.1'
tags: [mcp, m365-copilot, deployment, admin, agent-management, governance]
---
# 部署和管理基于 MCP 的代理
使用 Microsoft 365 管理中心部署、管理和治理基于 MCP 的声明式代理,实现组织分发和控制。
## 代理类型
### 组织发布
- 使用预定义的指令和操作构建
- 遵循结构化逻辑执行可预测任务
- 需要管理员审批和发布流程
- 支持合规性和治理要求
### 创建者共享
- 在 Microsoft 365 Copilot Studio 或 Agent Builder 中创建
- 直接与特定用户共享
- 通过搜索、操作、连接器、API 增强功能
- 管理员可在代理注册表中查看
### Microsoft 代理
- 由 Microsoft 开发和维护
- 与 Microsoft 365 服务集成
- 已预先批准,可立即使用
### 外部合作伙伴代理
- 由经过验证的外部开发人员/供应商创建
- 需经管理员审批和控制
- 可配置可用性和权限
### 前沿代理
- 具有实验性或高级功能
- 可能需要有限度推出或额外监督
- 示例:
- **应用构建器代理**:通过 M365 Copilot 或 Power Platform 管理中心管理
- **工作流代理**:通过 Power Platform 管理中心管理的流程自动化
## 管理员角色和权限
### 所需角色
- **AI 管理员**:拥有完整的代理管理能力
- **全局读取者**:仅查看权限(无编辑权限)
### 最佳实践
- 使用权限最少的角色
- 将全局管理员角色限制在紧急情况下使用
- 遵循最小权限原则
## Microsoft 365 管理中心中的代理管理
### 访问代理管理
1. 转到 [Microsoft 365 admin center](https://admin.microsoft.com/)
2. 导航到 **Agents** 页面
3. 查看可用、已部署或被阻止的代理
### 可用操作
**查看代理**
- 按可用性筛选(可用、已部署、被阻止)
- 搜索特定代理
- 查看代理详细信息(名称、创建者、日期、宿主产品、状态)
**部署代理**
分发选项:
1. **代理商店**:提交到 Partner Center 进行验证和公开发布
2. **组织部署**:IT 管理员部署给所有或选定的员工
**管理代理生命周期**
- **发布**:使代理对组织可用
- **部署**:分配给特定用户或组
- **阻止**:阻止代理被使用
- **移除**:从组织中删除代理
**配置访问权限**
- 为特定用户组设置可用性
- 管理每个代理的权限
- 控制 Copilot 中显示的代理
## 部署工作流
### 发布到组织
**对于代理开发人员:**
1. 使用 Microsoft 365 Agents Toolkit 构建代理
2. 在开发环境中进行彻底测试
3. 提交代理以供审批
4. 等待管理员审核
**对于管理员:**
1. 在管理中心审核提交的代理
2. 验证合规性和安全性
3. 批准用于组织使用
4. 配置部署设置
5. 发布给选定用户或整个组织
### 通过代理商店部署
**开发人员步骤:**
1. 完成代理开发和测试
2. 打包代理以供提交
3. 提交到 Partner Center
4. 等待验证流程
5. 接收批准通知
6. 代理出现在 Copilot 商店中
**管理员步骤:**
1. 在 Copilot 商店中发现代理
2. 查看代理详细信息和权限
3. 分配给组织或用户组
4. 监控使用情况和反馈
### 部署组织代理
**管理员部署选项:**
```
Organization-wide:
- All employees with Copilot license
- Automatically available in Copilot
Group-based:
- Specific departments or teams
- Security group assignments
- Role-based access control
```
**配置步骤:**
1. 在管理中心导航到 Agents 页面
2. 选择要部署的代理
3. 选择部署范围:
- 所有用户
- 特定安全组
- 单个用户
4. 设置可用性状态
5. 配置权限(如适用)
6. 部署并监控
## 用户体验
### 代理发现
用户可在以下位置找到代理:
- Microsoft 365 Copilot 中心
- Copilot 界面中的代理选择器
- 组织的代理目录
### 代理访问控制
用户可以:
- 在交互过程中开启/关闭代理
- 从自己的体验中添加/移除代理
- 右键单击代理以管理偏好设置
- 仅访问管理员允许的代理
### 代理使用
- 代理出现在 Copilot 侧边栏
- 用户选择代理以获取上下文
- 查询通过选定的代理路由
- 响应利用代理的能力
## 治理与合规
### 安全注意事项
- **数据访问**:审查代理可以访问哪些数据
- **API 权限**:验证所需的作用域
- **身份验证**:确保安全的 OAuth 流程
- **外部连接**:评估外部集成的风险
### 合规要求
- **数据驻留**:验证数据是否保持在边界内
- **隐私政策**:审查代理隐私声明
- **使用条款**:验证可接受使用政策
- **审核日志**:监控代理使用情况和活动
### 监控和报告
跟踪:
- 代理采用率
- 用户反馈和满意度
- 错误率和性能
- 安全事件或违规行为
## MCP 特定管理
### MCP 代理特性
- 通过 Model Context Protocol 连接到外部系统
- 使用 MCP 服务器公开的工具
- 需要 OAuth 2.0 或 SSO 身份验证
- 支持与 REST API 代理相同的治理
### MCP 代理验证
验证:
- MCP 服务器 URL 可访问
- 身份验证配置安全
- 导入的工具是合适的
- 响应数据不暴露敏感信息
- 服务器遵循安全最佳实践
### MCP 代理部署
与 REST API 代理流程相同:
1. 在管理中心审核
2. 验证 MCP 服务器合规性
3. 测试身份验证流程
4. 部署给用户/组
5. 监控性能
## 代理设置和配置
### 组织设置
在租户级别配置:
- 启用/禁用代理创建
- 设置默认权限
- 配置审批工作流
- 定义合规策略
### 每个代理的设置
为单个代理配置:
- 可用性(开/关)
- 用户分配(所有/组/个人)
- 权限作用域
- 使用限制或配额
### 环境路由
对于基于 Power Platform 的代理:
- 配置默认环境
- 为 Copilot Studio 启用环境路由
- 通过 Power Platform 管理中心管理工作流
## 共享代理管理
### 查看共享代理
管理员可以查看:
- 所有共享代理的列表
- 创建者信息
- 创建日期
- 宿主产品
- 可用性状态
### 管理共享代理
管理员操作:
- 搜索特定的共享代理
- 查看代理功能
- 阻止不安全或不合规的代理
- 监控代理生命周期
### 用户访问共享代理
用户通过以下方式访问:
- 各种界面上的 Microsoft 365 Copilot
- 代理特定的任务和协助
- 创建者定义的功能
## 最佳实践
### 部署前
- 与小型用户组进行**试点测试**
- 从早期采用者**收集反馈**
- **验证安全性和合规性**
- **记录**代理功能和限制
- **培训用户**使用代理
### 部署期间
- **分阶段推出**以管理采用率
- **监控性能和错误**
- **持续收集反馈**
- **及时解决问题**
- **向用户传达**可用性
### 部署后
- **跟踪指标**:采用率、满意度、错误
- **迭代**:根据反馈进行改进
- **更新**:使代理保持最新功能
- **停用**:移除过时或未使用的代理
- **审查**:定期进行安全和合规审计
### 沟通
- 向用户宣布新代理
- 提供文档和示例
- 分享最佳实践和使用案例
- 强调优势和能力
- 提供支持渠道
## 故障排除
### 代理未出现
- 检查管理中心中的部署状态
- 验证用户是否在分配的组中
- 确认代理未被阻止
- 检查用户是否拥有 Copilot 许可证
- 刷新 Copilot 界面
### 身份验证失败
- 验证 OAuth 凭据是否有效
- 检查用户是否拥有必要的权限
- 确认 MCP 服务器可访问
- 独立测试身份验证流程
### 性能问题
- 监控 MCP 服务器响应时间
- 检查网络连接
- 查看管理中心中的错误日志
- 验证代理是否未被速率限制
### 合规性违规
- 如果不安全,立即阻止代理
- 审查审核日志中的违规行为
- 调查数据访问模式
- 更新策略以防止再次发生
## 资源
- [Microsoft 365 admin center](https://admin.microsoft.com/)
- [Power Platform admin center](https://admin.powerplatform.microsoft.com/)
- [Partner Center](https://partner.microsoft.com/) 用于代理提交
- [Microsoft Agent 365 概述](https://learn.microsoft.com/en-us/microsoft-agent-365/overview)
- [代理注册表文档](https://learn.microsoft.com/en-us/microsoft-365/admin/manage/agent-registry)
## 工作流
询问用户:
1. 此代理是否已准备好部署,还是仍在开发中?
2. 谁应该拥有访问权限(所有用户、特定组、个人)?
3. 是否有合规性或安全要求需要解决?
4. 应发布到组织还是公共商店?
5. 需要哪些监控和报告?
然后提供:
- 分步部署指南
- 管理中心配置步骤
- 用户分配建议
- 治理和合规性检查清单
- 监控和报告计划
广告位招租
在这里展示您的产品或服务
触达数万 AI 开发者,精准高效
每周安装量
7.3K
仓库
GitHub 星标数
26.7K
首次出现
2026年2月25日
安全审计
安装于
codex7.2K
gemini-cli7.2K
opencode7.2K
cursor7.2K
github-copilot7.2K
amp7.2K
mode: 'agent'
tools: ['changes', 'search/codebase', 'edit/editFiles', 'problems']
description: 'Deploy and manage MCP-based declarative agents in Microsoft 365 admin center with governance, assignments, and organizational distribution'
model: 'gpt-4.1'
tags: [mcp, m365-copilot, deployment, admin, agent-management, governance]
---
# Deploy and Manage MCP-Based Agents
Deploy, manage, and govern MCP-based declarative agents in Microsoft 365 using the admin center for organizational distribution and control.
## Agent Types
### Published by Organization
- Built with predefined instructions and actions
- Follow structured logic for predictable tasks
- Require admin approval and publishing process
- Support compliance and governance requirements
### Shared by Creator
- Created in Microsoft 365 Copilot Studio or Agent Builder
- Shared directly with specific users
- Enhanced functionality with search, actions, connectors, APIs
- Visible to admins in agent registry
### Microsoft Agents
- Developed and maintained by Microsoft
- Integrated with Microsoft 365 services
- Pre-approved and ready to use
### External Partner Agents
- Created by verified external developers/vendors
- Subject to admin approval and control
- Configurable availability and permissions
### Frontier Agents
- Experimental or advanced capabilities
- May require limited rollout or additional oversight
- Examples:
- **App Builder agent**: Managed via M365 Copilot or Power Platform admin center
- **Workflows agent**: Flow automation managed via Power Platform admin center
## Admin Roles and Permissions
### Required Roles
- **AI Admin**: Full agent management capabilities
- **Global Reader**: View-only access (no editing)
### Best Practices
- Use roles with fewest permissions
- Limit Global Administrator to emergency scenarios
- Follow principle of least privilege
## Agent Management in Microsoft 365 Admin Center
### Access Agent Management
1. Go to [Microsoft 365 admin center](https://admin.microsoft.com/)
2. Navigate to **Agents** page
3. View available, deployed, or blocked agents
### Available Actions
**View Agents**
- Filter by availability (available, deployed, blocked)
- Search for specific agents
- View agent details (name, creator, date, host products, status)
**Deploy Agents**
Options for distribution:
1. **Agent Store**: Submit to Partner Center for validation and public availability
2. **Organization Deployment**: IT admin deploys to all or selected employees
**Manage Agent Lifecycle**
- **Publish**: Make agent available to organization
- **Deploy**: Assign to specific users or groups
- **Block**: Prevent agent from being used
- **Remove**: Delete agent from organization
**Configure Access**
- Set availability for specific user groups
- Manage permissions per agent
- Control which agents appear in Copilot
## Deployment Workflows
### Publish to Organization
**For Agent Developers:**
1. Build agent with Microsoft 365 Agents Toolkit
2. Test thoroughly in development
3. Submit agent for approval
4. Wait for admin review
**For Admins:**
1. Review submitted agent in admin center
2. Validate compliance and security
3. Approve for organizational use
4. Configure deployment settings
5. Publish to selected users or organization-wide
### Deploy via Agent Store
**Developer Steps:**
1. Complete agent development and testing
2. Package agent for submission
3. Submit to Partner Center
4. Await validation process
5. Receive approval notification
6. Agent appears in Copilot store
**Admin Steps:**
1. Discover agents in Copilot store
2. Review agent details and permissions
3. Assign to organization or user groups
4. Monitor usage and feedback
### Deploy Organizational Agent
**Admin Deployment Options:**
```
Organization-wide:
- All employees with Copilot license
- Automatically available in Copilot
Group-based:
- Specific departments or teams
- Security group assignments
- Role-based access control
```
**Configuration Steps:**
1. Navigate to Agents page in admin center
2. Select agent to deploy
3. Choose deployment scope:
- All users
- Specific security groups
- Individual users
4. Set availability status
5. Configure permissions if applicable
6. Deploy and monitor
## User Experience
### Agent Discovery
Users find agents in:
- Microsoft 365 Copilot hub
- Agent picker in Copilot interface
- Organization's agent catalog
### Agent Access Control
Users can:
- Toggle agents on/off during interactions
- Add/remove agents from their experience
- Right-click agents to manage preferences
- Only access admin-allowed agents
### Agent Usage
- Agents appear in Copilot sidebar
- Users select agent for context
- Queries routed through selected agent
- Responses leverage agent's capabilities
## Governance and Compliance
### Security Considerations
- **Data access**: Review what data agent can access
- **API permissions**: Validate required scopes
- **Authentication**: Ensure secure OAuth flows
- **External connections**: Assess risk of external integrations
### Compliance Requirements
- **Data residency**: Verify data stays within boundaries
- **Privacy policies**: Review agent privacy statement
- **Terms of use**: Validate acceptable use policies
- **Audit logs**: Monitor agent usage and activity
### Monitoring and Reporting
Track:
- Agent adoption rates
- User feedback and satisfaction
- Error rates and performance
- Security incidents or violations
## MCP-Specific Management
### MCP Agent Characteristics
- Connect to external systems via Model Context Protocol
- Use tools exposed by MCP servers
- Require OAuth 2.0 or SSO authentication
- Support same governance as REST API agents
### MCP Agent Validation
Verify:
- MCP server URL is accessible
- Authentication configuration is secure
- Tools imported are appropriate
- Response data doesn't expose sensitive info
- Server follows security best practices
### MCP Agent Deployment
Same process as REST API agents:
1. Review in admin center
2. Validate MCP server compliance
3. Test authentication flow
4. Deploy to users/groups
5. Monitor performance
## Agent Settings and Configuration
### Organizational Settings
Configure at tenant level:
- Enable/disable agent creation
- Set default permissions
- Configure approval workflows
- Define compliance policies
### Per-Agent Settings
Configure for individual agents:
- Availability (on/off)
- User assignment (all/groups/individuals)
- Permission scopes
- Usage limits or quotas
### Environment Routing
For Power Platform-based agents:
- Configure default environment
- Enable environment routing for Copilot Studio
- Manage flows via Power Platform admin center
## Shared Agent Management
### View Shared Agents
Admins can see:
- List of all shared agents
- Creator information
- Creation date
- Host products
- Availability status
### Manage Shared Agents
Admin actions:
- Search for specific shared agents
- View agent capabilities
- Block unsafe or non-compliant agents
- Monitor agent lifecycle
### User Access to Shared Agents
Users access through:
- Microsoft 365 Copilot on various surfaces
- Agent-specific tasks and assistance
- Creator-defined capabilities
## Best Practices
### Before Deployment
- **Pilot test** with small user group
- **Gather feedback** from early adopters
- **Validate security** and compliance
- **Document** agent capabilities and limitations
- **Train users** on agent usage
### During Deployment
- **Phased rollout** to manage adoption
- **Monitor performance** and errors
- **Collect feedback** continuously
- **Address issues** promptly
- **Communicate** availability to users
### Post-Deployment
- **Track metrics**: Adoption, satisfaction, errors
- **Iterate**: Improve based on feedback
- **Update**: Keep agent current with new features
- **Retire**: Remove obsolete or unused agents
- **Review**: Regular security and compliance audits
### Communication
- Announce new agents to users
- Provide documentation and examples
- Share best practices and use cases
- Highlight benefits and capabilities
- Offer support channels
## Troubleshooting
### Agent Not Appearing
- Check deployment status in admin center
- Verify user is in assigned group
- Confirm agent is not blocked
- Check user has Copilot license
- Refresh Copilot interface
### Authentication Failures
- Verify OAuth credentials are valid
- Check user has necessary permissions
- Confirm MCP server is accessible
- Test authentication flow independently
### Performance Issues
- Monitor MCP server response times
- Check network connectivity
- Review error logs in admin center
- Validate agent isn't rate-limited
### Compliance Violations
- Block agent immediately if unsafe
- Review audit logs for violations
- Investigate data access patterns
- Update policies to prevent recurrence
## Resources
- [Microsoft 365 admin center](https://admin.microsoft.com/)
- [Power Platform admin center](https://admin.powerplatform.microsoft.com/)
- [Partner Center](https://partner.microsoft.com/) for agent submissions
- [Microsoft Agent 365 Overview](https://learn.microsoft.com/en-us/microsoft-agent-365/overview)
- [Agent Registry Documentation](https://learn.microsoft.com/en-us/microsoft-365/admin/manage/agent-registry)
## Workflow
Ask the user:
1. Is this agent ready for deployment or still in development?
2. Who should have access (all users, specific groups, individuals)?
3. Are there compliance or security requirements to address?
4. Should this be published to the organization or the public store?
5. What monitoring and reporting is needed?
Then provide:
- Step-by-step deployment guide
- Admin center configuration steps
- User assignment recommendations
- Governance and compliance checklist
- Monitoring and reporting plan
Weekly Installs
7.3K
Repository
GitHub Stars
26.7K
First Seen
Feb 25, 2026
Security Audits
Gen Agent Trust HubPassSocketPassSnykPass
Installed on
codex7.2K
gemini-cli7.2K
opencode7.2K
cursor7.2K
github-copilot7.2K
amp7.2K
76,500 周安装