← AI Intelligence Hub
← AI Intelligence Hub / Microsoft AI / Agent 365

Work IQ MCP

A developer's field guide to Microsoft Agent 365's tooling layer — what it is, what it can actually do, and how to wire it into the agents you already have running.

By Jody Claggett · May 2026 · 22 min read · Preview Feature
Executive Summary

The short version, before the deep dive

Work IQ MCP is Microsoft's answer to a problem every enterprise agent team eventually hits: your agent is smart, but it does not know your organization. It cannot read your inbox, see your calendar, find the SharePoint deck the CFO referenced last Tuesday, or post to the project Teams channel. Work IQ MCP is the standardized, governed way to give it that ability.

It is a catalog of pre-built, Microsoft-certified Model Context Protocol servers that expose Microsoft 365 surfaces — Mail, Calendar, Teams, SharePoint, OneDrive, Word, the user directory, Dataverse, and Microsoft 365 Copilot itself — as auditable tools that any MCP-aware agent can call. It runs through a unified Agent 365 tooling gateway that handles auth, policy, rate limiting, and logging; admins control what is allowed from the Microsoft 365 admin center; every call is traceable in Microsoft Defender.

What you actually get Nine pre-certified MCP servers covering most of the M365 surface area, three integration paths (Copilot Studio low-code, Azure AI Foundry pro-code, Agent 365 SDK pro-code), an MCP Management Server for building your own, and a control plane that satisfies most enterprise compliance asks out of the box. All currently in preview, all requiring a Microsoft 365 Copilot license.

If your org is already on Microsoft 365 and Copilot, this is the lowest-friction way to give your agents real organizational context without writing Microsoft Graph wrappers, juggling delegated tokens, or building your own audit pipeline. If you are not on Copilot, the licensing math gets harder — we will get into that.

What It Is

Work IQ MCP, in one paragraph and then in three

One paragraph. Work IQ is the intelligence layer underneath Microsoft 365 Copilot. It builds a continuous, contextual understanding of how work happens across your tenant by unifying signals from files, emails, meetings, chats, and business systems. Work IQ MCP is the tool surface on top of that intelligence layer — a set of Model Context Protocol servers, hosted by Microsoft, that any MCP-aware agent can call to take real action against that work context.

Three paragraphs. The first thing to understand is that Work IQ MCP is not a single server. It is a curated catalog of nine workload-specific servers, each with a stable identifier (mcp_MailTools, mcp_CalendarTools, mcp_TeamsServer, and so on). Each server exposes a set of granular tools backed by Microsoft Graph endpoints, and each tool maps onto a specific OAuth scope (McpServers.Mail.All, McpServers.Teams.All, etc.). When your agent invokes a tool, the request flows through the Agent 365 tooling gateway, which is what gives Microsoft a consistent place to enforce policy, scan payloads, throttle usage, and emit telemetry.

The second thing to understand is the developer surface. Microsoft offers three ways in: Copilot Studio for low-code conversational agents, Azure AI Foundry for pro-code agents in the Foundry portal, and the Microsoft Agent 365 SDK (Python, .NET, JavaScript) for everything else — including agents you have already built on Agent Framework, OpenAI Agents SDK, Semantic Kernel, or LangChain. There is also a fourth path: Work IQ MCP servers can be added directly to coding tools like Claude Code, GitHub Copilot CLI, and VS Code via a standard MCP client config, which is how Microsoft is positioning it for individual developer productivity.

The third thing to understand is governance. Every Work IQ MCP server corresponds to a permission on the Agent 365 application object in Microsoft Entra. An agent only gets access to a server after an admin explicitly grants the corresponding permission. Admins can also block any server tenant-wide from the Microsoft 365 admin center, and every tool call — agent, tool, parameters, outcome — is queryable in Microsoft Defender Advanced Hunting. Block actions take precedence over configuration. This is the part that will matter most to your security team.

Preview status Work IQ MCP is currently a preview feature. Microsoft notes that tool names and parameters are subject to change and that hard-coded dependencies should be avoided — though scenario coverage is committed to be maintained. Build for the capabilities, not the schemas.
Architecture

Three layers, one gateway

Microsoft describes Work IQ as a stack of three tightly integrated layers: Data, Context, and Skills & Tools. The visualization below maps these layers and shows where Work IQ MCP plugs in.

Your Agent
Copilot Studio · Foundry · Agent 365 SDK · Coding Tool
Discovers tools via ToolingManifest.json or Foundry catalog. Invokes via MCP.
Skills & Tools Layer
Work IQ MCP Servers (9) + MCP Management Server + Custom Servers
Mail · Calendar · Teams · SharePoint · OneDrive · Word · User · Dataverse · Copilot
Tooling Gateway (Agent 365 Control Plane)
Auth · Policy · Rate Limits · Payload Scans · Tracing
Every call routed through here. Defender logs each invocation.
Context Layer
Persistent organizational understanding
Who works with whom, what priorities are active, how teams operate — carried across tasks and sessions.
Data Layer
Microsoft 365 Signal Graph
Files, emails, meetings, chats, business system signals across the tenant.

For a developer, the practically relevant box is the tooling gateway. It is the single chokepoint through which every MCP call passes, which is why Microsoft can promise things like centralized governance, real-time threat protection, and consistent observability without you having to wire any of it up.

The gateway also resolves a question that comes up the moment you start composing tools: how does the agent know who the user is? Two flows are supported. Agentic identity uses the agent's own Entra agent ID and acts as itself — ideal for autonomous, scheduled, or background work. On-Behalf-Of (OBO) exchanges a delegated user token so the agent acts as the signed-in user, with that user's permissions and audit trail. You will use both, often in the same agent. OBO is what makes "summarize my unread emails from this morning" work correctly when ten different employees say it.

Tool Catalog

What is actually in the box

This is the table to bookmark. It is a synthesis of the nine Work IQ MCP server reference pages on Microsoft Learn. Each row gives you the server ID you will use in your tooling manifest, the OAuth scope your admin needs to grant, and a working summary of capabilities.

Server IDDisplay NameOAuth ScopeCapabilities
mcp_M365Copilot Work IQ Copilot McpServers.Search.All Chat directly with Microsoft 365 Copilot. Multi-turn conversations, file grounding via SharePoint/OneDrive URIs, persistent conversationId. The fallback when no workload-specific tool fits.
mcp_MailTools Work IQ Mail McpServers.Mail.All Create / send / reply / reply-all / update / delete messages. Draft management. KQL semantic search across mailbox. HTML body support. preferHtml rendering, ETag concurrency control.
mcp_CalendarTools Work IQ Calendar McpServers.Calendar.All Create / update / delete events. Accept / decline / cancel invites. findMeetingTimes with attendee availability. getSchedule free/busy. Recurring events, Teams online meetings, time-zone aware. Idempotent creation via transactionId.
mcp_TeamsServer Work IQ Teams McpServers.Teams.All Full chat & channel CRUD. Post messages, reply to threads, manage members and roles. Create private and shared channels. Soft-delete with compliance retention.
mcp_SharePointRemoteServer Work IQ SharePoint McpServers.SharePoint.All Find sites, browse libraries, manage files and folders (≤5MB), share with role-based access, manage lists and columns of any type, set sensitivity labels. Async copy/move with operation tokens.
mcp_OneDriveRemoteServer Work IQ OneDrive McpServers.OneDrive.All Personal OneDrive: file/folder CRUD, search, share, sensitivity labels. Same 5MB ceiling. Same async copy/move pattern. getOnedrive exposes quota and owner.
mcp_WordServer Work IQ Word McpServers.Word.All Create new .docx files in OneDrive from HTML or plain text. Read full document content (text + comments) by sharing URL. Add and reply to comments — the comment-thread support is the interesting part for review workflows.
mcp_MeServer Work IQ User McpServers.User.All Get the signed-in user's profile and manager, look up other users by UPN or object ID, fetch direct reports, search the directory. The "who works for whom" graph — quietly the most useful server for any agent that needs to route or escalate.
Dataverse Microsoft Dataverse MCP Server Dataverse-scoped Full CRUD against any Dataverse table. list_tables, describe_table (T-SQL schema), read_query (SELECT), create_record, update_record, delete_record, search, fetch. Schema management included (create_table, update_table, delete_table).

The patterns that repeat across servers

Three patterns show up enough that they are worth internalizing before you start writing code against any individual server.

OData query parameters are everywhere. If you have used Microsoft Graph, you already know the dialect: $select to pick fields, $filter to constrain, $top to paginate, $expand for related entities, $orderby for sorting. Every server that lists or retrieves things accepts these — use them aggressively. $select in particular has a real impact on token cost in long-running agents, because what comes back is what gets shoved into your model context.

ETags for concurrency control. Update and delete operations across SharePoint, OneDrive, and Mail accept an optional etag (or If-Match) parameter. If your agent reads then modifies, you should round-trip the ETag — without it, you can race an interactive user editing the same item. The cost of doing this right is one parameter; the cost of not doing it is a stale-write data corruption bug that will be hard to reproduce.

Async operations return tokens. The SharePoint and OneDrive servers handle copy/move asynchronously. They return an operation token; you call checkOperationStatus to poll. Build your agent prompts to handle the "I started it, let me check on it" pattern, or wrap the polling in a helper. The 5MB file ceiling on these servers is also worth designing around — for anything larger, you are building a Graph passthrough, not using Work IQ.

The composition that matters The most useful agents will not call one Work IQ server — they will compose several. The Calendar server, for instance, depends on the User server to resolve attendees by display name into UPNs before scheduling. Word + SharePoint + Mail together is a complete document-review loop. User + Teams gives you organizational routing. Plan your agent's tool inventory like a small workflow rather than a checklist.
Integration Paths

The three (and a half) ways in

Microsoft has converged on a consistent integration story across surfaces, but the experience is meaningfully different depending on which one you pick. Choose based on where your agent already lives, not where Microsoft's marketing wants it to live.

Copilot Studio (low-code)

Best for conversational business agents owned by a non-engineering team. Add Work IQ MCP servers from the Tools tab in a few clicks. Permissions are pre-granted for prebuilt servers.

Azure AI Foundry (pro-code)

Best for pro-code agents in the Foundry portal. Browse the tool catalog, filter by Provider > Microsoft, connect via the same gateway. Approve tool calls in the Chat Playground.

Agent 365 SDK (pro-code)

Best for agents you have already built on Agent Framework, OpenAI Agents SDK, Semantic Kernel, or LangChain. Manifest-driven; one CLI command to add a server, one SDK call to register all of them with your orchestrator.

Coding tools (Claude Code / Copilot CLI / VS Code)

Best for individual developer productivity. Standard MCP client config pointing at agent365.svc.cloud.microsoft. Useful when you want your IDE assistant to actually know what is in your inbox.

For your two prioritized stacks — Python with the Agent 365 SDK targeting Foundry-style agents, and Copilot Studio for the broader org — the next two sections walk through what the actual integration looks like.

Python & Foundry

Wiring Work IQ into a Python agent

The Agent 365 SDK is built around a manifest-driven flow. You use the CLI to add servers; the CLI generates a ToolingManifest.json; an admin grants the corresponding permissions to the agent blueprint; at runtime your code reads the manifest and registers all the tools with whatever orchestrator you are using. The whole point is that you do not have to know per-server scopes, audiences, or endpoints — the CLI populates them for you.

Step 1 — Add servers via the CLI

From your project directory, list available servers and add the ones you want. This only updates the local manifest — it does not grant permissions yet.

PowerShell · Agent 365 CLI
# See everything available
a365 develop list-available

# Add the servers your agent needs
a365 develop add-mcp-servers mcp_MailTools
a365 develop add-mcp-servers mcp_CalendarTools
a365 develop add-mcp-servers mcp_MeServer
a365 develop add-mcp-servers mcp_M365Copilot

# Confirm what is configured
a365 develop list-configured

The generated ToolingManifest.json looks like this. Note that scope and audience are auto-populated from the MCP server catalog — you do not maintain these by hand.

ToolingManifest.json
{
  "mcpServers": [
    {
      "mcpServerName": "mcp_MailTools",
      "mcpServerUniqueName": "mcp_MailTools",
      "scope": "McpServers.Mail.All",
      "audience": "api://05879165-0320-489e-b644-f72b33f3edf0"
    }
  ]
}

Step 2 — Grant permissions to the agent blueprint

This is the step that always trips first-time setups. Adding to the manifest does not grant anything — a Global Administrator has to consent. Either run a365 setup all (first-time blueprint creation) or, if your blueprint already exists, a365 setup permissions mcp separately. Until this completes, the new server permissions will not be visible in the blueprint and your agent will get permission-denied errors at runtime.

Step 3 — Register the tools with your orchestrator

The Python SDK exposes a registration service per orchestration framework. The pattern is identical: import, instantiate, call add_tool_servers_to_agent. Pick the package that matches your orchestrator.

Python · OpenAI Agents SDK + Work IQ MCP
from microsoft.agents.a365.tooling import McpToolServerConfigurationService
from microsoft.agents.a365.tooling.extensions.openai import (
    mcp_tool_registration_service,
)

class MyAgent:
    def __init__(self):
        self.config_service = McpToolServerConfigurationService()
        self.tool_service = (
            mcp_tool_registration_service.McpToolRegistrationService()
        )

    async def setup_mcp_servers(self, auth, context):
        """Register every server in ToolingManifest.json with the agent."""
        use_agentic_auth = (
            os.getenv("USE_AGENTIC_AUTH", "false").lower() == "true"
        )

        if use_agentic_auth:
            self.agent = await self.tool_service.add_tool_servers_to_agent(
                agent=self.agent,
                agentic_app_id=agentic_app_id,
                auth=auth,
                context=context,
            )
        else:
            # On-Behalf-Of: agent acts as the signed-in user
            self.agent = await self.tool_service.add_tool_servers_to_agent(
                agent=self.agent,
                agentic_app_id=agentic_app_id,
                auth=auth,
                context=context,
                auth_token=self.auth_options.bearer_token,
            )

For Microsoft Agent Framework, swap the import to microsoft.agents.a365.tooling.extensions.agentframework. For Azure AI Foundry, use ...extensions.azureaifoundry. For Semantic Kernel, ...extensions.semantickernel. The signature is consistent across all of them, so you can switch orchestrators without rewriting your tool-registration code.

The Python package map

Worth pinning these in requirements.txt early. The Agent 365 SDK is split into a core tooling package plus per-framework extensions plus per-framework observability extensions.

PackagePurpose
microsoft-agents-a365-toolingCore MCP tool server management. Always required.
microsoft-agents-a365-tooling-extensions-agentframeworkMicrosoft Agent Framework integration.
microsoft-agents-a365-tooling-extensions-azureaifoundryAzure AI Foundry integration.
microsoft-agents-a365-tooling-extensions-openaiOpenAI Agents SDK integration.
microsoft-agents-a365-tooling-extensions-semantickernelSemantic Kernel integration.
microsoft-agents-a365-runtimePower Platform API discovery, environment config, auth scope resolution.
microsoft-agents-a365-observability-coreOpenTelemetry-based tracing, metrics, structured spans for tool calls.
microsoft-agents-a365-observability-extensions-*Per-framework instrumentation (agent-framework, openai, langchain, semantic-kernel).
microsoft-agents-a365-notificationsNotifications and lifecycle event routing.

Foundry, in case you want the portal-driven path

Foundry covers the same servers from the other direction. Create an agent at ai.azure.com, configure a model (GPT-4o is the default suggestion), then in the Tools section browse the catalog filtered by Provider > Microsoft. The Microsoft 365 Frontier tools (User Profile, Outlook Calendar, Copilot Search) appear as connectable resources. Connect with default endpoint and auth, test in the Chat Playground — you will be prompted to approve each tool call interactively.

Mock tooling server for local dev Before any of the above, if you just want to iterate on agent logic without wiring up auth, run a365 develop start-mock-tooling-server and point MCP_PLATFORM_ENDPOINT at http://localhost:5309. It returns predictable shapes for every tool. Good for unit tests, demos, and onboarding new devs without giving them permissions on the real tenant.
Copilot Studio

The low-code path, in nine clicks

For agents that live in Copilot Studio — especially the ones owned by business teams — adding a Work IQ MCP server is a Tools-tab operation. Sign in to Copilot Studio, open or create your agent, then:

  1. Tools tab → Add Tool.
  2. On the Add tool page, choose Model Context Protocol.
  3. Search for the server you want (e.g. type mail).
  4. Pick Work IQ Mail, expand the connection dropdown, choose Create New Connection.
  5. Sign in with your credentials.
  6. Select Add and Configure.
  7. In Test Copilot, type a prompt that needs the tool: "Send an email to alex@contoso.com asking how the lab is going."
  8. Approve the connection request when prompted.
  9. Repeat for every additional Work IQ server you want.

For agents using generative mode on top of M365 services, the agent must have an Exchange license — this is a common gotcha. The prebuilt Work IQ tools you see in Copilot Studio already have the necessary permissions consented for your org and role, which is why the experience feels frictionless. If you build a custom MCP server, expect to do the consent step explicitly.

Custom MCP Servers

When the catalog runs out

You will hit the edges of the prebuilt catalog. Maybe you need a tool that wraps your ticketing system, or your domain-specific Dataverse custom API, or an internal REST service. The MCP Management Server is Microsoft's API-first answer.

It is itself an MCP server — you talk to it from Visual Studio Code (or any MCP client) and use its tools to create new servers and tools programmatically. Five core tools are exposed:

ToolPurpose
CreateMCPServerStand up a new MCP server instance.
CreateToolWithConnectorAdd tools backed by 1,500+ Power Platform connectors, Microsoft Graph endpoints, Dataverse custom APIs, or arbitrary REST.
UpdateToolModify an existing tool definition.
DeleteMCPServerRemove a server when no longer needed.
PublishMCPServerPublish for organizational use.

To connect from VS Code, add an HTTP MCP server pointing at https://agent365.svc.cloud.microsoft/mcp/environments/{environmentId}/servers/MCPManagement, name it MCPManagement, choose Global scope, sign in. From there you compose new servers conversationally or via direct API calls.

One current limitation Only tenant administrators can publish custom MCP servers within a tenant today. Microsoft has stated they are actively working to enable this for developers — until then, expect to coordinate with IT for any custom server you want to ship beyond your dev environment.

The tradeoff to weigh: a custom server gives you exact-fit tools and brings them under the same gateway / Defender / admin-center governance umbrella as the prebuilt ones. The cost is the build, the publish ceremony, and the ongoing maintenance. For one or two domain-specific actions, OpenAPI plugins via Copilot actions may be the lighter path. For anything that resembles a stable, multi-tool surface (a CRM, a scheduling system, an internal knowledge base), the MCP Management Server is the right home.

Security & Governance

What your security team will ask, and what to tell them

This is where Work IQ MCP earns its enterprise framing. The same things that make agent platforms hard to ship in regulated environments — opaque permissions, no audit trail, no kill switch, no tenant boundary — are all addressed by design.

Admin control via the M365 admin center

IT admins manage every Work IQ MCP server (and any custom server) from the Microsoft 365 admin center under Agents and Tools. They can view what is activated, allow or block specific servers, and apply scoped permissions per agent. Block actions take precedence over configuration — if a server is blocked, no agent in the tenant can use it, regardless of what manifest the agent ships with.

One thing to flag: the ability to allow or disallow servers in the admin center may not be available in your region yet during preview. Worth checking before you commit a roadmap to it.

Permission model

Each MCP server corresponds to a permission on the Agent 365 application object in Microsoft Entra. When an agent is onboarded, the admin grants the required permissions to the agent's blueprint. The agent only gains access to a server after consent. Permissions live at three levels: blueprint-wide defaults, agent-instance specifics, and per-agent-user overrides for OBO scenarios.

Observability via Microsoft Defender

Every tool call — agent identity, tool name, parameters, outcome — is queryable in Microsoft Defender's Advanced Hunting. This is the audit trail your compliance team wants. It is also the operational tool you will use to debug "why did my agent call delete-message at 3 a.m." production incidents. The fact that it is the same query surface security uses is a real advantage.

Runtime enforcement

The tooling gateway enforces rate limits, payload size and content scans, and security policies at every hop. You do not configure these per agent — they are part of the gateway. For agents handling user data at scale, this matters: it means a poorly written agent cannot accidentally exfiltrate a SharePoint library because the gateway will throttle and scan before any tool even runs.

Identity integration

Agents in Agent 365 have first-class identities — an agent blueprint, agent instance, and agent user (a specialized user subtype that can be licensed, mailbox-enabled, mentioned in Teams, and managed by conditional access). They appear in the org chart. They have UPNs. They cannot have passwords or MFA factors, which means you control them through conditional access policies and group membership rather than credential management. For the Defender / Purview / Entra story, this is what makes it coherent.

The pitch to leadership "Same identity layer as our employees. Same admin center to govern them. Same Defender to audit them. Same Purview to apply DLP. Built on a documented standard (MCP) we can leave behind if we ever need to." That is roughly the story your IT and security functions need to hear — and it is largely true today.
Prerequisites

What you need before any of this works

The licensing and setup gates are real. Worth knowing them before you commit a sprint.

Licensing

You must have a Microsoft 365 Copilot license to use Work IQ MCP servers. This is non-negotiable per Microsoft's documentation, and it is per-user. Agents that need their own mailboxes, OneDrives, Teams presence, etc. need agent users with appropriate licenses (typically Microsoft 365 E5, Teams Enterprise, plus Copilot). Resource provisioning for an agent user (mailbox, OneDrive) usually completes in 10–15 minutes after license assignment but can take up to 24 hours.

Identity setup

Decide between agentic identity and OBO. Many real agents use both. For agentic identity, complete the agent registration process to create the Entra agent ID and agent user. For OBO, no agent user identity is required — the agent exchanges a delegated user token at runtime.

Service principal setup

One-time per tenant, requires Global Admin. Microsoft ships a PowerShell script: New-Agent365ToolsServicePrincipalProdPublic.ps1. Run it once, sign in with admin creds, you are done.

Tooling

Agent 365 CLI installed and configured. .NET 8.0 SDK or higher (even for Python projects — the CLI requires it). Global Administrator privileges for the consent steps.

For coding-tool integration (Claude Code, Copilot CLI, VS Code)

Register an enterprise application in Microsoft Entra. Add API permissions corresponding to each Work IQ server you want to use (e.g. WorkIQ-MailServer). Add a redirect URI: http://localhost:8080/callback works, as do several other localhost variants. Then use a .mcp.json (or mcp.json for VS Code) pointing at https://agent365.svc.cloud.microsoft/agents/tenants/{tenantId}/servers/{serverName} with your client ID.

.mcp.json · Claude Code or Copilot CLI
{
  "mcpServers": {
    "WorkIQ-MailServer": {
      "type": "http",
      "url": "https://agent365.svc.cloud.microsoft/agents/tenants/{tenantId}/servers/mcp_MailTools",
      "oauth": {
        "clientId": "{your-app-client-id}",
        "callbackPort": 8080
      }
    }
  }
}
Recommendation

Should we adopt this

The honest answer depends on three things: your existing Microsoft 365 footprint, whether you have already invested in a competing agent stack, and how much value you place on having governance solved.

Strong signal to adopt: you are already on M365 + Copilot, you have agents on Foundry / Copilot Studio / Agent Framework / Semantic Kernel, and your security team blocks projects that lack tenant-scoped audit logging. Work IQ MCP gives you 90% of what you would otherwise build over a quarter, and the governance story is the closest thing to "ready out of the box" that exists in the agent space right now.

Weak signal to adopt: your agents do not need Microsoft 365 context (no Mail, Calendar, Teams, SharePoint surfaces in their workflows), or you have a strong investment in a non-Microsoft agent platform that already has its own connectors. The Copilot license requirement makes the entry cost real; if you are not getting Copilot benefit, paying for a Copilot license to unlock Work IQ MCP is hard to justify.

Wait-and-see signal: you are early in agent adoption and your priority is one or two narrow workflows. Microsoft's MCP-server-as-a-tool-shape is a useful idea regardless of whether you adopt the Work IQ catalog — building your own MCP servers, exposing them to Copilot Studio or to a generic MCP client like Claude Code, is a reasonable middle path. You do not have to be all-in on Agent 365 to benefit from MCP as a pattern.

Suggested first project

If you do adopt it, start with a low-stakes, high-volume internal workflow that touches three Work IQ servers: User, Calendar, and Mail. A meeting-prep agent (looks up the next meeting, fetches the attendees' profiles, summarizes recent email threads with each, drops the brief into your inbox) exercises the gateway, the OBO flow, multi-server composition, and gives a tangible deliverable everyone can feel. From there, expand into SharePoint and Word for document workflows, then Teams for routing.

What to watch

The unified remote Work IQ MCP server. Microsoft has flagged that the current per-workload catalog will eventually be consolidated into a single server with a curated tool set, simplifying configuration. When that ships, expect to refactor your manifest. The promise of stable scenarios but unstable schemas is real — build your tool wrappers, do not hard-code tool IDs in prompts.

Also watch the regional rollout of admin-center governance, the per-developer publish flow for custom MCP servers (currently tenant-admin only), and pricing / licensing as the preview moves toward GA. None of these are blockers; all of them affect timing.

Bottom line for the org Work IQ MCP is the most coherent story Microsoft has told about giving enterprise agents real organizational context. For an org already on Microsoft 365 and Copilot, the integration cost is low, the governance is real, and the catalog covers most of what an internal-facing agent will ever need. Pilot it. Pick a real workflow. Plan for schema churn during preview. Bring IT in early on the consent and admin-center pieces — that is where projects stall, not in the code.
Sources

Where this came from

Every claim above is grounded in Microsoft Learn documentation. The pages below are the working set — the overview, every Work IQ MCP server reference, the developer integration docs, and the Agent 365 SDK package list.