Plan and configure agent solutions

Plan and configure agent solutions Detailed Explanation

Plan responsible AI, identity, audience, channel, governance, and reusable component boundaries

Exam Radar

Core Priority: This is a planning-first topic. The exam usually gives a proposed audience, a sensitive action, or an enterprise data source and asks what must be decided before implementation. The correct answer protects identity, responsible AI review, channel exposure, Power Platform environment governance, and reusable component ownership before any topic or tool is built.

High Frequency: Expect questions about internal versus external audiences, identity strategy, deployment channels, environment strategy, DLP policy, responsible AI strategy, security review, and reusable agent components.

Confusion Alert: A planning question may mention topics or connectors, but the real conflict is usually exposure risk: external audience without identity, sensitive action without review, or reusable component without environment ownership.

Scenario Logic: A developer must decide whether an internal HR agent should use Microsoft Entra ID, Teams deployment, managed Power Platform environments, and reusable agent components before building topics. The best first move is the one that preserves identity, data boundary, execution contract, or evidence collection before optimizing the conversation wording.

Version Delta: AB-620 now treats planning as broader than topic design: responsible AI strategy, identity, internal/external audience, deployment channel, security, governance, and reusable components are explicit exam scope.

Failure Trigger: Failure appears as a blocked channel publish, overexposed data source, unreviewed high-risk action, DLP-blocked connector, or duplicated component that drifts between environments.

Operational Dependency: The design must lock audience, identity, deployment channel, governance, and reuse before implementation because those choices control permission scope, data exposure, deployment model, and component ownership.

How the Exam Asks It: A question may describe a business scenario, a failing Copilot Studio configuration, or a deployment constraint and ask for the best design, first troubleshooting step, or required component.

How Distractors Are Designed: Distractors often solve a visible symptom while ignoring the owning object. They may suggest prompt tuning for a permission problem, a connector for a retrieval problem, a channel change for a flow exception, or manual deployment for an ALM dependency.

Why the Correct Answer Works: The correct option works because it chooses the design boundary that controls later implementation choices: audience drives identity, identity drives allowed data/action access, and responsible AI/governance rules decide what must be reviewed before publication.

Practice Question: A developer must decide whether an internal HR agent should use Microsoft Entra ID, Teams deployment, managed Power Platform environments, and reusable agent components before building topics. Which planning action should be completed first?

A. Start by writing topic trigger phrases and add connectors after user testing.
B. Define audience, identity, channels, responsible AI controls, environment boundaries, and reusable components before implementation.
C. Create a custom connector first because every enterprise agent requires one.
D. Use anonymous external access until the knowledge sources and tools are finalized.

Correct Answer: B

Explanation: A is wrong because topic trigger phrases are implementation details and do not decide identity, responsible AI, channel, or governance boundaries. B is correct: The design must lock audience, identity, deployment channel, governance, and reuse before implementation because those choices control permission scope, data exposure, deployment model, and component ownership. C is wrong because a custom connector may be needed later, but the scenario does not prove connector creation should precede planning. D is wrong because anonymous access removes the identity boundary needed before protected knowledge sources or tools are exposed.

Troubleshooting Practice Question: A pilot agent for external suppliers can answer public FAQ content, but when a maker adds a purchase-order status tool, the security review blocks publication. What should be checked first?

A. Add more trigger phrases so the supplier intent is clearer.
B. Review external audience identity, channel exposure, responsible AI controls, DLP policy, and the tool's data boundary.
C. Move the purchase-order tool into an adaptive card.
D. Create a separate unmanaged copy of the agent for suppliers.

Correct Answer: B

Explanation: The blocking signal is security review, not intent matching. Supplier identity, channel exposure, responsible AI controls, DLP policy, and data boundary decide whether the action can be published safely.

Exam Takeaway: For planning stems, choose the option that fixes audience, identity, responsible AI review, channel, and governance before building topics or tools; reject connector-first answers when the risk boundary is still undefined.

Best Choice Rules: If the stem mentions sensitive actions or compliance, choose responsible AI controls, escalation, and auditability before implementation. If the stem mentions internal or external users, prioritize audience, identity, and channel compatibility before topic wording. If the stem mentions reuse across agents, prioritize solution-aware reusable components over copying topics manually.

Atomic Deconstruction - Operational Level

An agent solution plan is the control document for who can use the agent, which systems it can reach, which actions require review, and which components can be reused. Responsible AI strategy is not a late documentation task; it defines escalation, sensitive-content handling, traceability, and human review boundaries before tools are exposed to users.

Operationally, planning starts with a risk inventory. List every audience, channel, enterprise system, connector, human-review point, and reusable component. Then decide which Power Platform environment owns the asset, which policies can block or allow connectors, and which administrator role must approve publication. This keeps security and responsible AI decisions upstream of maker convenience.

Component Specifications

Object	Attribute	Value Range	Default State	Dependency	Failure State
Audience model	Internal or external users	Internal, external, mixed	Unset until channel chosen	Identity provider and channel policy	Wrong audience exposes private tools or blocks valid users
Identity strategy	Authentication boundary	Entra ID, connector identity, delegated user	Environment inherited	Power Platform environment and data connector policy	Tool calls fail with 401/403 or run under the wrong principal
Channel plan	Deployment surface	Teams, website, Microsoft 365 Copilot, supported channels	Draft agent only	Channel authentication and publishing policy	Agent cannot reach intended users or cannot satisfy compliance review
Reuse model	Component ownership	Topics, tools, flows, prompts, knowledge sources	Local to agent	Solution packaging and naming standards	Duplicated components create drift across agents
Responsible AI strategy	Human review and safety boundary	Refuse, confirm, escalate, audit	Implicit default behavior	Sensitive action classification and policy review	Agent performs or explains sensitive actions without review evidence

Step-by-Step Execution Path

In Copilot Studio, inspect the agent audience, channel, authentication, and environment settings before editing topics. This establishes the control boundary that later tool calls must obey.
Classify each planned action by business risk and decide whether it needs confirmation, refusal, escalation, or human review. This places responsible AI strategy before tool exposure.
In the Power Platform admin center, verify the target environment, data loss prevention policy, and connector availability. This prevents a design that works in a maker sandbox but fails in a governed environment.
Map each planned enterprise system to an access method: Copilot connector, Power Platform connector, custom connector, REST API, MCP server, Fabric data agent, or Foundry agent. The map separates knowledge retrieval from action execution.
Document which components are reusable across agents and which are agent-specific. Reusable tools and flows should be solution-aware so ALM can move them predictably.

Evidence note: planning checks rely on design-review records, Copilot Studio settings, Power Platform environment configuration, DLP policy state, and administrator approval evidence rather than unverified CLI commands.

Technical Chain

A planning decision starts with the intended audience and data/action risk. Audience choice drives authentication and channel constraints; authentication drives connector identity and permission trimming; environment and DLP policy decide which connectors and flows are allowed; responsible AI rules decide when the agent must refuse, escalate, ask for confirmation, or require human approval. If this chain is skipped, the agent may appear functional in a maker test but fail security review, expose the wrong data, or perform actions without the review boundary the scenario requires.

Operational Skills Matrix

Task	Precise Command or Path	Verification Standard
Validate environment boundary	Power Platform admin center > Environments > select environment > Policies and resources	Environment, region, security group, and DLP policy match the planned audience
Verify channel readiness	Copilot Studio > agent > Channels	Only channels approved for the audience and authentication model are enabled or planned
Review component reuse	Copilot Studio > agent > Tools, Topics, Knowledge; Power Apps solution view	Shared components are named, owned, and packageable inside the intended solution
Confirm identity dependency	Connector connection references and agent authentication settings	Tool execution identity aligns with least-privilege access and expected user delegation
Validate responsible AI boundary	Design review evidence for sensitive actions, escalation rules, refusal behavior, and audit trail	High-risk actions have an explicit confirmation, escalation, or review path before publishing

Create and monitor agent flows including human-in-the-loop approval, inputs, outputs, connectors, and error handling

Exam Radar

Core Priority: This is an execution-contract topic. AB-620 may describe a failed action, a pending approval, or a vague completion message and expect the candidate to inspect input mapping, output schema, connector status, human-in-the-loop state, and run-history evidence.

High Frequency: Expect scenarios about creating agent flows, creating human-in-the-loop agent flows, adding input/output parameters, configuring connectors, monitoring flows, and implementing handled error paths.

Confusion Alert: A flow question may look like a prompt-quality problem, but the decisive clue is often a missing input, unhandled connector status, unresolved approval state, or absent run-history detail.

Scenario Logic: A support agent calls an agent flow to create a ticket. The flow works for happy-path values but silently fails when the API returns a validation error. The best first move is the one that preserves identity, data boundary, execution contract, or evidence collection before optimizing the conversation wording.

Version Delta: The current scope calls out human-in-the-loop agent flows in addition to ordinary agent flows, so approval state, reviewer outcome, timeout behavior, and flow monitoring should be treated as first-class execution evidence.

Failure Trigger: Failure appears as no run history for the expected step, no approval state, a connector 4xx/5xx status, a timeout without mapped output, or a topic response that says completed when the flow is still pending.

Operational Dependency: Agent flows require a clear execution contract and observable failure handling; typed parameters and run monitoring expose whether the tool failed because of input shape, connector authentication, or downstream API validation.

Why the Correct Answer Works: The correct option works because it observes the flow as a contract: inputs enter, connector or approval steps execute, errors are handled, outputs return, and run history proves which stage failed.

Practice Question: A support agent calls an agent flow to create a ticket. The flow works for happy-path values but silently fails when the API returns a validation error. Which flow design and monitoring action should you take?

A. Increase the agent's generative response temperature so it can rewrite failed requests.
B. Move all business logic into the topic and remove the connector from the flow.
C. Define typed input/output parameters, configure connector actions, add error handling branches, and monitor run history.
D. Publish the agent to a different channel because channel publishing controls flow exception handling.

Correct Answer: C

Explanation: A is wrong because temperature cannot repair an API validation error because the downstream action fails after the request is built. B is wrong because removing connector logic loses the deterministic workflow and does not fix the execution contract. C is correct: Agent flows require a clear execution contract and observable failure handling; typed parameters and run monitoring expose whether the tool failed because of input shape, connector authentication, or downstream API validation. D is wrong because channel publishing changes where the agent is available; it does not control flow exception handling.

Troubleshooting Practice Question: A refund flow shows no final confirmation to the user, and the run history shows the approval step is still pending. What should you configure?

A. Increase the agent temperature.
B. Publish to a new channel.
C. Map pending, approved, rejected, and timeout approval states to flow outputs and topic responses.
D. Remove the connector action from the flow.

Correct Answer: C

Explanation: The failure signal is the pending approval state. The topic needs mapped outputs for each approval outcome so it does not report completion before the human decision exists.

Exam Takeaway: For flow failures, inspect parameters, connector action status, approval state, error branch, and run history before changing prompts or channels.

Best Choice Rules: If the stem mentions approval, reviewer decision, or manual confirmation, inspect human-in-the-loop flow behavior before generic retry logic. If the stem mentions API validation errors, inspect input mapping, connector action details, error handling, and run history before prompts. If the stem mentions user-visible confirmation, verify the output parameter contract returned by the flow.

Atomic Deconstruction - Operational Level

An agent flow is the deterministic execution layer behind a conversational request. It receives typed values from the topic or orchestration layer, performs connector or approval work, and returns a structured result. A human-in-the-loop flow adds a review state: the agent must pause or continue based on approval outcome instead of pretending the action finished immediately.

Operationally, the flow should be read as a state machine. Required inputs must be present before a connector action runs; approval nodes must return approved, rejected, pending, or timed-out states; error branches must preserve the downstream status; outputs must be mapped back to topic variables so the agent can explain the result without inventing completion.

Component Specifications

Object	Attribute	Value Range	Default State	Dependency	Failure State
Input parameter	Name and data type	Text, number, boolean, record-like values where supported	Not present	Topic variable mapping	Flow receives null or malformed values and connector action rejects request
Output parameter	Returned value contract	Status, ID, message, structured output	Not present	Agent response node	Agent cannot present confirmed result or recoverable error
Connector action	Connection reference	Standard, premium, custom connector	Maker-owned connection	DLP policy and authentication	Runtime failure from blocked connector or invalid token
Error branch	Failure path	Retry, fallback message, escalation, logged error	Unmodeled failure	Connector status and exception payload	User receives vague response while action did not complete
Human approval step	Decision state	Approved, rejected, pending, timed out	No approval gate	Approver identity and notification path	Agent reports completion before a human decision exists

Step-by-Step Execution Path

Open Copilot Studio > agent > Tools or Topics and inspect where the agent flow is invoked. This confirms which user values are mapped into the flow contract.
Open the agent flow and verify input and output parameters before connector logic. Parameters must represent the exact values the topic can supply and the response can consume.
For human-in-the-loop scenarios, add an approval or review step before the irreversible connector action and map approved, rejected, and timeout states to output values. This prevents the topic from treating a pending human decision as a completed business transaction.
Inspect each connector action connection reference and DLP compatibility in the target environment. This excludes authentication and policy failure before debugging business logic.
Run a controlled test with a known invalid value and review flow run history. The error branch should capture connector status, validation message, and user-safe response text.

Evidence note: flow checks rely on Copilot Studio or Power Automate run history, approval state, connector action details, and mapped output values.

Technical Chain

The topic passes collected values into the agent flow. The flow binds those values to parameters, evaluates connector actions and optional human approval steps, then writes action-level run history. If the approval owner rejects or times out, the flow must return a status the topic can explain. If the connector returns a validation error, the error branch must preserve the status and message. Without typed outputs, the conversation layer cannot distinguish completed, rejected, pending, and failed states.

Operational Skills Matrix

Task	Precise Command or Path	Verification Standard
Inspect flow run status	Copilot Studio or Power Automate run history for the agent flow	Run shows success, failed, or handled failure with timestamp and action-level details
Validate parameter mapping	Copilot Studio topic node > flow input mapping	Every required input is bound to a topic variable with the expected type
Check connector policy	Power Platform admin center > DLP policy > connector classification	Connector used by the flow is allowed in the environment's policy group
Confirm error response	Test pane conversation transcript and flow run details	User receives a specific recoverable message and the run records the downstream error
Validate approval state	Agent flow run history > approval or review action detail	Run records approved, rejected, pending, or timed-out state and returns a mapped output to the topic

Configure topics with variables, Power Fx expressions, tools, generative answers, custom prompts, API calls, and adaptive cards

Exam Radar

Core Priority: This is a conversation-orchestration topic. The exam tests whether the candidate can place variables, Power Fx expressions, tools, generative answers, custom prompts, API calls, response formatting, and adaptive cards in the correct topic sequence.

High Frequency: Expect topic questions that combine trigger conditions, topic variables, global variables, Power Fx expressions, response formatting, tool nodes, generative answers, adaptive cards, and Send HTTP request behavior.

Confusion Alert: A topic question often hides the fault in state management: a stale global variable, a Power Fx expression returning the wrong type, or an adaptive card binding that runs before the API response exists.

Scenario Logic: A sales operations agent must answer policy questions from a knowledge source, call an API for customer status, and show a compact card for confirmation. The best first move is the one that preserves identity, data boundary, execution contract, or evidence collection before optimizing the conversation wording.

Version Delta: Topic configuration now spans variables, Power Fx-style logic, response formatting, generative answers, custom prompts, custom knowledge, API/Send HTTP requests, tools, and adaptive cards rather than only trigger phrases.

Failure Trigger: Failure appears as an empty topic variable, stale global variable, Power Fx type mismatch, missing tool input, unsupported adaptive card field, or Send HTTP request node that receives a malformed body.

Operational Dependency: The topic owns the conversation path: it decides when to ground, when to call a tool, when to call an API, and how to format the final response.

Why the Correct Answer Works: The correct option works because it places orchestration in the topic, where variables, Power Fx expressions, knowledge grounding, tool calls, API requests, and adaptive card output can be sequenced.

Practice Question: A sales operations agent must answer policy questions from a knowledge source, call an API for customer status, and show a compact card for confirmation. Which topic configuration best satisfies the requirement?

A. Use a topic that routes intent, invokes the required tool or HTTP action, grounds generative answers in the selected knowledge source, and formats the result with an adaptive card.
B. Put all instructions in the agent description and rely on general conversation behavior.
C. Create only an adaptive card because cards can retrieve enterprise knowledge automatically.
D. Disable generative answers to force every response through a connector.

Correct Answer: A

Explanation: A is correct: The topic owns the conversation path: it decides when to ground, when to call a tool, when to call an API, and how to format the final response. B is wrong because global instructions cannot replace topic-level state, variable mapping, Power Fx expressions, or action sequencing. C is wrong because adaptive cards format available data; they do not retrieve enterprise knowledge automatically. D is wrong because disabling generative answers removes a valid grounding option and does not prove every answer must come from a connector.

Troubleshooting Practice Question: A topic calls a REST API with an account ID from yesterday's conversation even after the user enters a new ID. What should be inspected first?

A. The API server CPU metric.
B. The adaptive card background color.
C. Topic variables, global variables, and Power Fx expressions used to assign the request body.
D. The Power Platform pipeline stage.

Correct Answer: C

Explanation: The stale value points to topic state. Variable scope and Power Fx assignment must be checked before assuming the API or deployment pipeline is broken.

Exam Takeaway: For topic behavior, follow the state path: trigger, variables, Power Fx expressions, grounding node, tool/API input mapping, then adaptive card binding.

Best Choice Rules: If the stem mentions wrong values in a tool call, inspect topic variables, global variables, and Power Fx expressions before changing the connector. If the stem mentions response formatting, separate adaptive card/schema problems from retrieval or API execution problems. If the stem mentions generative answers, verify the knowledge source and grounding node before adding unrelated tools.

Atomic Deconstruction - Operational Level

A topic is a stateful conversation path. Variables hold collected facts, global variables carry shared context, and Power Fx expressions can transform values, branch conditions, or format data before the agent calls a tool or shows a response. Without variable discipline, a topic can call the right API with the wrong value or render an adaptive card before required data exists.

Operationally, the topic should be walked node by node. Confirm the trigger, inspect each variable assignment, check Power Fx expressions with sample values, verify the grounding node, then review tool/API input mapping and card binding. This order prevents the common mistake of debugging the API when the actual failure is a stale variable or formula result.

Component Specifications

Object	Attribute	Value Range	Default State	Dependency	Failure State
Trigger and condition	Intent boundary	Phrases, variables, topic conditions	Broad match	User utterance and topic priority	Wrong topic intercepts request or misses valid intent
Generative answers node	Grounding source	Selected knowledge source or search connection	Unconfigured	Knowledge source availability	Ungrounded answer or no answer for known content
Tool/API action	Invocation point	Connector tool, agent flow, Send HTTP request, REST API	Not added	Authentication and input mapping	Tool runs with missing values or wrong permission
Adaptive card	Schema and variable binding	Supported Adaptive Cards schema subset	Plain text response	Topic variables and channel support	Card renders blank, invalid, or unsupported in channel
Topic variable	Scope and type	Topic-scoped value, global variable, system variable	Unset until collected or assigned	Question node, Power Fx expression, tool output	Tool receives stale, empty, or wrongly transformed value
Power Fx expression	Transformation or condition	Formula returning text, number, boolean, table-like value where supported	No formula	Variable type and function availability	Branch or API payload uses a technically valid but semantically wrong value

Step-by-Step Execution Path

In Copilot Studio, open the topic and validate the trigger phrases or conditions. This makes sure the topic is reached only for the intended scenario.
Open variable management for the topic and identify topic variables, global variables, and any Power Fx expressions used for conditions or formatting. This excludes stale or incorrectly transformed values before blaming the connector.
Add or inspect the generative answers node and bind it to the intended knowledge source. This prevents the model from answering from unsupported context when policy accuracy matters.
Add the tool, agent flow, REST API, or Send HTTP request node after the topic has collected required inputs. Tool calls should happen after grounding or clarification when the downstream action needs exact values.
Use an adaptive card only after the result variables exist. Validate the card schema and variable binding in the test pane for each target channel.

Evidence note: topic checks rely on the authoring canvas, variable inspector, formula or condition editor, test-pane transcript, and target-channel rendering.

Technical Chain

The user utterance selects a topic, topic nodes collect or derive variables, Power Fx may transform or validate those variables, and the topic then chooses a grounding node, prompt, tool, HTTP request, or adaptive card. The response is reliable only when each variable has a known source, type, and scope. If a topic variable is empty, a global variable is stale, or a Power Fx expression returns an unexpected value, the downstream action may execute with a technically valid but semantically wrong payload.

Operational Skills Matrix

Task	Precise Command or Path	Verification Standard
Validate topic matching	Copilot Studio test pane > send scenario utterances	Expected topic is selected and no unrelated topic takes priority
Check grounding behavior	Topic node settings > generative answers knowledge source	Node points to the intended source and returns citations or grounded answer evidence where supported
Inspect API/tool inputs	Topic action node > input mapping	Required parameters are populated from confirmed variables before execution
Verify adaptive card rendering	Copilot Studio test pane and target channel preview	Card displays expected fields and actions without schema or channel rendering errors
Inspect variable scope	Copilot Studio topic authoring canvas > variables or node variable mapping	Topic, global, and system variables have expected source, type, and latest value
Validate Power Fx result	Copilot Studio formula or condition editor with test input values	Expression returns the expected type and value before the tool or response node uses it

Shopping cart

Subtotal:

AB-620 Plan and configure agent solutions

Detailed list of AB-620 knowledge points