Process flow
How a single advisory request travels from Copilot to a cited, human-reviewable answer.
How a request flows
- The advisor asks a question in Copilot Chat.
- Copilot routes to the Horizon declarative agent, which gathers any permitted Microsoft 365 context
and passes it as a plain-text
case_context. - The agent calls
ask_horizon_advisorover the OAuth-protected MCP endpoint. - The backend retrieves cited evidence — from the in-repo corpus when run locally, or Foundry IQ + Azure AI Search when hosted — and the safety guard verifies the answer contract (citations, required sections, caveats, human approval).
- If it cannot ground the answer, Horizon escalates instead of guessing.
- The result returns as a cited answer plus the Advisor Workspace widget; any write back to Microsoft 365 is a separate, delegated tool call.
The clean data boundary
Copilot's Work IQ reads your Microsoft 365 (mail, files, chats) and passes the relevant facts as
a plain-text case_context, which the backend labels as user-provided context. That case_context
can steer retrieval toward the right corpus passages, but it can never become a citation — every
cited fact comes only from the curated corpus. The backend itself never reads your personal
mailbox, files, or chats.
Everything the backend does touch in Microsoft 365 runs through delegated Graph On-Behalf-Of, as you: it queries the curated SharePoint corpus for grounding (ACL-trimmed, so you only retrieve what you're allowed to), and makes directory lookups (people, Teams channels, SharePoint save targets) to scope the handoff. Coverage statements always require cited corpus sources.
The seven MCP tools
Three of the seven are writes; every write is a delegated Microsoft Graph On-Behalf-Of action.
| Tool | Kind |
|---|---|
ask_horizon_advisor | read — returns cited advice and opens the widget |
suggest_note_targets | read |
save_advice_note | write |
list_escalation_channels | read |
search_recipients | read |
send_escalation_email | write |
post_teams_escalation | write |