Merge pull request #52818 from madiepev/update-ai-agent-fundamentals

Update ai agent fundamentals

Author: denrea

learn-pr/wwl-data-ai/ai-agent-fundamentals/1-introduction.yml

@@ -6,7 +6,7 @@ metadata:
   description: Get ready to explore AI agents.
   author: ivorb
   ms.author: berryivor
-  ms.date: 05/23/2025
+  ms.date: 12/02/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot

learn-pr/wwl-data-ai/ai-agent-fundamentals/2-what-are-agents.yml

@@ -6,7 +6,7 @@ metadata:
   description: AI agents have the potential to radically change how we accomplish tasks - but what are they?
   author: ivorb
   ms.author: berryivor
-  ms.date: 05/23/2025
+  ms.date: 12/02/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot

learn-pr/wwl-data-ai/ai-agent-fundamentals/3-agent-development.yml

@@ -6,7 +6,7 @@ metadata:
   description: So you want to build an agent? Let's explore your options?
   author: ivorb
   ms.author: berryivor
-  ms.date: 09/29/2025
+  ms.date: 12/02/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot

learn-pr/wwl-data-ai/ai-agent-fundamentals/4-azure-ai-agent-service.yml

@@ -6,7 +6,7 @@ metadata:
   description: A high-level overview of Microsoft Foundry Agent Service.
   author: ivorb
   ms.author: berryivor
-  ms.date: 05/23/2025
+  ms.date: 12/02/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot

learn-pr/wwl-data-ai/ai-agent-fundamentals/5-exercise.yml

@@ -6,7 +6,7 @@ metadata:
   description: Create an agent by using Microsoft Foundry Agent Service in the Microsoft Foundry portal.
   author: ivorb
   ms.author: berryivor
-  ms.date: 05/23/2025
+  ms.date: 12/02/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot

learn-pr/wwl-data-ai/ai-agent-fundamentals/6-knowledge-check.yml

@@ -6,7 +6,7 @@ metadata:
   description: Test your knowledge of AI agents.
   author: ivorb
   ms.author: berryivor
-  ms.date: 05/23/2025
+  ms.date: 12/02/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot

learn-pr/wwl-data-ai/ai-agent-fundamentals/7-summary.yml

@@ -6,7 +6,7 @@ metadata:
   description: Summary of key learning points and further reading for AI agents.
   author: ivorb
   ms.author: berryivor
-  ms.date: 05/23/2025
+  ms.date: 12/02/2025
   ms.topic: unit
   ms.collection:
     - wwl-ai-copilot

learn-pr/wwl-data-ai/ai-agent-fundamentals/includes/1-introduction.md

@@ -1,3 +1,19 @@
-As generative AI models become more powerful and ubiquitous, their use has grown beyond simple "chat" applications to power intelligent *agents* that can operate autonomously to automate tasks. Increasingly, organizations are using generative AI models to build agents that orchestrate business processes and coordinate workloads in ways that were previously unimaginable.
+As generative AI models become more powerful and ubiquitous, their use grows beyond simple "chat" applications to power intelligent **agents** that can **operate autonomously** to automate tasks. Increasingly, organizations are using generative AI models to build agents that orchestrate business processes and coordinate workloads in ways that were previously unimaginable.
+
+## Single-agent scenario
+
+Consider an organization that builds an AI agent to help employees manage expense claims. The agent could use a **generative model** combined with corporate expenses policy documentation to answer employee questions about what expenses can be claimed and what limits apply.
+
+:::image type="content" source="../media/expense-agent-demo.png" alt-text="Mock-up of an expense agent responding to a question about monthly expenses.":::
+
+Additionally, the agent could use **programmatic functions** to automatically submit expense claims for regularly repeated expenses, such as monthly cellphone bills, or intelligently route expenses to the appropriate approver based on claim amounts.
+
+## Multi-agent scenario
+
+In more complex scenarios, organizations can develop **multi-agent solutions** where multiple agents coordinate work between them. For instance, a travel booking agent could book flights and hotels for employees and automatically submit expense claims with appropriate receipts to the expenses agent—creating an integrated workflow that spans multiple business processes.
+
+:::image type="content" source="../media/travel-agent-demo.png" alt-text="Mock-up of a travel agent responding to a booking request.":::
+
+## Learning objectives
 
 This module discusses some of the core concepts related to AI agents, and introduces some of the technologies that developers can use to build agentic solutions on Microsoft Azure.

learn-pr/wwl-data-ai/ai-agent-fundamentals/includes/2-what-are-agents.md

@@ -1,55 +1,77 @@
-AI agents are smart software services that combine generative AI models with contextual data and the ability to automate tasks based on user input and environmental factors that they perceive.
+AI agents are smart applications that use **language models** to understand what you need and then **take action** to help you. They can answer questions, make decisions, and complete tasks automatically. What makes agents special is that they **remember your conversation** and can **actually do things**, not just chat with you like a typical chatbot.
 
-For example, an organization might build an AI agent to help employees manage expense claims. The agent might use a generative model combined with corporate expenses policy documentation to answer employee questions about what expenses can be claimed and what limits apply. Additionally, the agent could use a programmatic function to automatically submit expense claims for regularly repeated expenses (such as a monthly cellphone bill) or intelligently route expenses to the appropriate approver based on claim amounts.
+:::image type="content" source="../media/ai-agent-architecture.png" alt-text="Diagram of an agent's components consisting of a language model, instructions, and tools.":::
+
+## Identify the expense agent's capabilities
+
+Recall the expense management agent from the introduction—an AI agent that helps employees manage expense claims by answering policy questions and automating claim submissions. Let's examine the three essential capabilities that make this agent effective:
+
+- **Knowledge integration and reasoning**: Uses a generative model with corporate policy documentation to answer questions accurately.
+
+- **Task automation through functions**: Executes programmatic functions to submit expense claims automatically.
+
+- **Intelligent decision-making**: Routes expenses to appropriate approvers based on business rules and claim amounts.
 
 An example of the expenses agent scenario is shown in the following diagram.
 
-![Diagram of an expenses agent answering questions and submitting claims.](../media/expenses-agent.png)
+:::image type="content" source="../media/expenses-agent.png" alt-text="Diagram of an expenses agent answering questions and submitting claims.":::
 
 The diagram shows the following process:
 
-1. A user asks the expense agent a question about expenses that can be claimed.
-1. The expenses agent accepts the question as a prompt.
-1. The agent uses a knowledge store containing expenses policy information to ground the prompt.
-1. The grounded prompt is submitted to the agent's language model to generate a response.
-1. The agent generates an expense claim on behalf of the user and submits it to be processed and generate a check payment.
+1. A user asks the expense agent a **question about expenses** that can be claimed.
+1. The expenses agent accepts the question as a **prompt**.
+1. The agent uses a **knowledge store** containing expenses policy information to **ground the prompt**.
+1. The grounded prompt is submitted to the agent's **language model** to **generate a response**.
+1. The agent **generates an expense claim** on behalf of the user and submits it to be processed and generate a check payment.
 
-In more complex scenarios, organizations can develop *multi-agent* solutions in which multiple agents coordinate work between them. For example, a travel booking agent could book flights and hotels for employees and automatically submit expense claims with appropriate receipts to the expenses agent, as shown in this diagram:
+## Explore the travel agent's capabilities
 
-![Diagram of a travel booking agent working with an expenses agent.](../media/multi-agent.png)
+In the previous unit, you also learned about a travel booking agent that extends this scenario into a multi-agent solution. This agent books flights and hotels, then automatically coordinates with the expense agent to submit claims. Here's how the travel agent demonstrates multi-agent coordination:
+
+- **Service integration**: Books flights and hotels through external travel service APIs.
+- **Cross-agent communication**: Initiates expense claims through the expense agent with appropriate receipts.
+- **End-to-end automation**: Completes the entire travel booking and expense submission workflow without manual intervention.
+
+An example of the multi-agent scenario is shown in the following diagram:
+
+:::image type="content" source="../media/multi-agent.png" alt-text="Diagram of a travel booking agent working with an expenses agent.":::
 
 The diagram shows the following process:
 
-1. A user provides details of an upcoming trip to a travel booking agent.
-1. The travel booking agent automates the booking of flight tickets and hotel reservations.
-1. The travel booking agent initiates an expense claim for the travel costs through the expense agent.
-1. The expense agent submits the expense claim for processing.
+1. A user provides **details of an upcoming trip** to a travel booking agent.
+1. The travel booking agent **automates the booking** of flight tickets and hotel reservations.
+1. The travel booking agent **initiates an expense claim** for the travel costs through the expense agent.
+1. The expense agent **submits the expense claim** for processing.
 
-## Understand security risks of AI Agents
+## Understand security risks of AI agents
 
 As AI agents become more autonomous and integrated into enterprise systems, they introduce new security considerations that go beyond traditional application threats. Because agents can access sensitive data, make decisions, and act independently, developers and organizations must design with security in mind from the start.
 
-The table below summarizes key security risks to consider when developing or deploying AI agents:
-
-| **Risk Area** | **Description** | **Example / Impact** |
-|----------------|-----------------|----------------------|
-| **Data Leakage and Privacy Exposure** | AI agents often access sensitive business or user data to perform tasks. Without proper controls, they can unintentionally expose or share confidential information. | An agent summarizing internal files accidentally includes private data in a customer-facing chat. |
-| **Prompt Injection and Manipulation Attacks** | Malicious users can craft inputs that override an agent’s intended behavior, tricking it into revealing data or performing unauthorized actions. | A user embeds hidden instructions in a message, causing the agent to leak system credentials. |
-| **Unauthorized Access and Privilege Escalation** | Weak authentication or access controls can let agents—or bad actors controlling them—access data or systems they shouldn’t. | An AI agent connected to a CRM tool performs admin-level actions, like exporting or deleting records. |
-| **Data Poisoning** | Attackers may corrupt training or contextual data, causing the agent to make biased, incorrect, or unsafe decisions. | A poisoned dataset causes a customer support agent to recommend fraudulent or harmful content. |
-| **Supply Chain Vulnerabilities** | Agents often rely on external APIs, plugins, or model endpoints, which expand the attack surface. | A compromised third-party plugin injects malicious code into the agent’s workflow. |
-| **Over-Reliance on Autonomous Actions** | Highly autonomous agents may execute unintended actions if not carefully constrained or validated. | An agent mistakenly sends payments or publishes unverified content. |
-| **Inadequate Auditability and Logging** | Without detailed logging, it’s difficult to trace actions or detect malicious behavior early. | Security teams cannot identify data misuse due to missing or incomplete activity logs. |
-| **Model Inversion and Output Leakage** | Attackers might exploit model outputs to infer sensitive data used during training or prompting. | Repeated queries extract private information that was part of a fine-tuning dataset. |
-
-### Mitigation Strategies
-To reduce these risks, developers should adopt a **security-by-design** approach that includes:
-
-- Enforcing **role-based access controls (RBAC)** and **least privilege** permissions.  
-- Adding **prompt filtering and validation** layers to prevent injection attacks.  
-- Sandboxing or gating sensitive operations behind **human-in-the-loop approvals**.  
-- Maintaining **comprehensive logging and traceability** for all agent actions.  
-- Auditing **third-party dependencies** and integrations regularly.  
-- Continuously retraining and validating models to detect **data drift** or **poisoning attempts**.  
-
-By embedding these practices early in development, organizations can deploy AI agents safely and confidently in real-world environments.
+| **What you might experience** | **Risk area** | **What's happening** |
+|-------------------------------|---------------|----------------------|
+| *"The agent just shared confidential salary data in a customer chat!"* | **Data leakage and privacy exposure** | The agent accessed sensitive information but lacked proper controls to prevent exposing it externally. |
+| *"Someone tricked the agent into revealing our database password."* | **Prompt injection and manipulation attacks** | A malicious user crafted an input that overrode the agent's intended behavior. |
+| *"Our support agent is now deleting customer records—but it shouldn't have that permission!"* | **Unauthorized access and privilege escalation** | Weak access controls allowed the agent to perform actions beyond its intended scope. |
+| *"The agent started recommending fraudulent products after we updated the training data."* | **Data poisoning** | Someone corrupted the agent's training or contextual data, causing unsafe outputs. |
+| *"A third-party plugin we integrated is now sending our data to an unknown server."* | **Supply chain vulnerabilities** | External dependencies introduced security vulnerabilities into the agent's workflow. |
+| *"The agent automatically processed a refund without verifying the request."* | **Over-reliance on autonomous actions** | The agent executed an action without proper validation or human oversight. |
+| *"We can't figure out who accessed what data or when."* | **Inadequate auditability and logging** | Missing or incomplete logs make it impossible to trace agent actions or detect misuse. |
+| *"Someone extracted customer information by repeatedly querying the agent."* | **Model inversion and output leakage** | The attacker exploited model outputs to infer sensitive data from training or prompting. |
+
+### Protect your agents with security best practices
+
+To reduce these risks, adopt a **security-by-design** approach from day one. Here's how to build safer AI agents:
+
+- **Control access tightly**: Enforce **role-based access controls (RBAC)** and **least privilege** permissions—agents should only access what they absolutely need.
+
+- **Validate all inputs**: Add **prompt filtering and validation** layers to catch and block injection attacks before they reach your agent.
+
+- **Add human oversight for critical actions**: Sandbox or gate sensitive operations behind **human-in-the-loop approvals**—don't let agents make high-stakes decisions alone.
+
+- **Track everything**: Maintain **comprehensive logging and traceability** for all agent actions—you need to know who did what, when, and why.
+
+- **Monitor your supply chain**: Audit **third-party dependencies** and integrations regularly—external plugins and APIs can be attack vectors.
+
+- **Keep your models healthy**: Continuously retrain and validate models to detect **data drift** or **poisoning attempts**—agent quality degrades over time without maintenance.
+
+When you embed these practices early in development, you can deploy AI agents safely and confidently in real-world environments.