Invesco
Architecture · Today & Future

Build Domain Agents Now. Orchestrate Centrally with AMA Later.

Same building blocks. Expanded reach. HR Buddy proves the model today; every new domain agent plugs into AMA tomorrow.

Step 1
Build Domain Agent

Today — ship HR Buddy on a governed stack.

Step 2
Standardize with Framework

Repeatable prompt, RAG, tools, guardrails.

Step 3
Connect to AMA

Future — unified enterprise experience.

Tip: hover tiles for context.

Today: Standalone HR Agent (HR Buddy)

Single-domain experience focused on HR needs.

Domain Owned · Built by HR
Channels
Microsoft Teams
Employee experience
Web Chat
Browser entry
Copilot Studio
Bot framework
Power Automate
Workflow glue
Entra ID
SSO · Identity
HR Agent Orchestration
HR Digital
HR Agent · HR Buddy
Main agent
RAG / Retrieval
Policy / Guardrails
Context / Memory
Tool Execution
AI + Platform
Azure OpenAI
LLM
Azure AI Search
Vector + keyword
Storage
Docs · embeddings
Functions / Tools
Monitoring · Audit
HR Systems of Record
Workday
Employee profile
ServiceNow HRSD
HR knowledge
SharePoint HR
Approved content
Cornerstone / Compass
Learning
ADP
Payroll · benefits
Concur
Travel & expense
Star Compliance
Attestations
External Web
Public references
Cross-cuttingSecurity + IdentityGovernance + ComplianceObservability
Evolve

Dual Experience: Employees + Customers

One organization, two audiences. Microsoft + Entra for employees. External channels + Bedrock for customers. One governed agent fabric in the middle.

Enterprise · Internal + External
Lane A · External Customer Experience (Client-Facing)
Channels
Public Website
Client Portal
Mobile App
Chat Widget
Customer IAM / CIAM
OIDC · external identity
Customer Orchestration
Customer-Facing
Customer AMA
Bedrock-powered
Amazon Bedrock (LLMs)External Knowledge / Search
Public + approved content only
Client-Facing Domain Agents
Client Support Agent
Product / Offering Info
Client Reporting Insights
Marketing / Content
Account Services
Optional
Meet customers where they are: external channels + Bedrock
Shared via governed fabric
Lane C · Shared Agent + Connector Fabric
One Fabric · Two Scopes
Shared MCP Server Fabric

Same hosted MCP plumbing serves both AMAs. Scope tags decide which agents and tools are reachable from internal vs external contexts.

Tool Registry
Internal vs External scopes
Policy Enforcement
Per-scope guardrails
Auth · Secrets · Tokens
Shared Observability
Schema & Tool Registry
External agents cannot access internal-only systems
Lane B · Internal Employee Experience (Microsoft)
Channels
Microsoft Teams
Web
Copilot
Entra SSO
Personalization
Employee Orchestration
Employee-Facing
AMA Orchestrator
Azure OpenAI-powered
Azure OpenAI (LLMs)Shared Context
Internal Domain Agents
HR Agent (HR Buddy)
Finance Agent
ServiceNow ITSM
Data Insights
Legal / Compliance
Meet employees where they are: Microsoft + Entra SSO
Internal Systems of Record (Internal-only)
Workday
ServiceNow HRSD
SharePoint (Internal)
ADP · Concur
Snowflake (Internal)
Legal Repositories
External / Client Systems (Approved for customer use)
Client Portal Data
CRM
Product Content
Public Web
Approved Marketing Repo
Client Reporting Data
Cross-cuttingPolicy & Content Safety (scoped)Identity: Entra (Int) · CIAM (Ext)Shared ObservabilityGovernance & Compliance
Employees: Microsoft + Entra SSO
Customers: External channels + Bedrock
Reuse: Standardized agents + governed connectors — no cross-boundary risk
The Key Differentiator

Reusable Agent Development Framework

Build once. Apply across all domains. AMA-ready by design.

Framework
Prompt + Logic
Standard pattern
Tool / API Connectors
Reusable layer
RAG Pattern
Per domain
Security + Governance
Guardrails baked in
Observability + Logging
Telemetry + audit
Agents built today using this framework connect to AMA later with minimal integration effort.
01HR can exist standalone today.
02HR becomes one of many domain agents later.
03AMA is the orchestrator — not a domain agent.
04Shared guardrails exist in both architectures.
05Repeatable framework enables scale.
Detailed reference

HR Buddy — conceptual deep-dive

Full Azure + M365 wiring with flows, guardrails, and HR systems of record.

M365 Tenant
Users
Microsoft Teams
Employee experience
Copilot Studio
Bot framework
Power Automate
Workflow glue
SharePoint (HR)
Approved content
Entra ID
SSO • Identity
Azure Tenant
API Management
Secure connector
AI Content Safety
In/out moderation
Key Vault • Managed Identity
Secrets & access
App Service · Orchestrator
HR DIGITAL
Buddy
Main Agent
RAG Agent
Policy Agent
Context Agent
Tool Agent
Azure AI Search
Vector & keyword
Azure OpenAI
GPT-class models
Azure Functions
Lightweight tools
Storage Account
App Insights · Monitor
Audit Logs
HR Systems of Record
Workday
Employee profile · OE state
ServiceNow HRSD
Authoritative HR knowledge
SharePoint Content
Approved policy & reference
Cornerstone / Compass
Learning & training records
Concur
Travel & expense
ADP
Payroll & retirement benefits
Star Compliance
Personal trading & attestations
External Web
Public benefits & gov sites
Chat flowContent / retrievalSecurity / governanceTelemetry
Conceptual Architecture
Open full AMA