Invesco
Conceptual architecture

Context-aware answers come from a governed Microsoft + HR ecosystem.

M365 delivers the employee experience. Azure orchestrates AI and guardrails. HR systems remain the source of truth.

M365 Tenant
Users
Microsoft Teams
Employee experience
Copilot Studio
Bot framework
Power Automate
Workflow glue
SharePoint (HR)
Approved content
Entra ID
SSO • Identity
Azure Tenant
API Management
Secure connector
AI Content Safety
In/out moderation
Key Vault • Managed Identity
Secrets & access
App Service · Orchestrator
HR DIGITAL
Buddy
Main Agent
RAG Agent
Policy Agent
Context Agent
Tool Agent
Azure AI Search
Vector & keyword
Azure OpenAI
GPT-class models
Azure Functions
Lightweight tools
Storage Account
App Insights · Monitor
Audit Logs
HR Systems of Record
Workday
Employee profile · OE state
ServiceNow HRSD
Authoritative HR knowledge
SharePoint Content
Approved policy & reference
External Web
Public benefits & gov sites
Chat flowContent / retrievalSecurity / governanceTelemetry
Conceptual Architecture
Design principles

Five rules that shape every component.

01

Experience layer

Microsoft Teams + Copilot Studio give employees a single, familiar entry point.

02

Orchestration

Azure App Service hosts the Main Agent and specialist sub-agents that coordinate retrieval, policy, and context.

03

Source of truth

ServiceNow, Workday, and approved SharePoint content remain authoritative — the Buddy never replaces them.

04

Guardrails by design

AI Content Safety, Entra ID, Key Vault, and managed identities are wired in from day one.

05

Observability

App Insights and audit logs feed a continuous improvement loop with HR content owners.