The latest articles on DEV Community by Der Sascha (@saschadev). https://dev.to/saschadev https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F17720%2Fc9f0d090-121a-4a20-b572-98842a2e8de7.jpg https://dev.to/saschadev en Der Sascha Sun, 17 May 2026 17:23:09 +0000 https://dev.to/saschadev/ubiquiti-u7-lr-review-wifi-7-with-strong-range-but-no-6-ghz-2pmd https://dev.to/saschadev/ubiquiti-u7-lr-review-wifi-7-with-strong-range-but-no-6-ghz-2pmd <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.svc.ui.com%2F%3Fu%3Dhttps%253A%252F%252Fcdn.ecomm.ui.com%252Fproducts%252F7455fa2b-3074-47a0-b82f-a2cd701d4a8f%252F1ade42c7-b70d-4af6-892d-5174c8d7f2d3.png%26q%3D75%26w%3D1080" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.svc.ui.com%2F%3Fu%3Dhttps%253A%252F%252Fcdn.ecomm.ui.com%252Fproducts%252F7455fa2b-3074-47a0-b82f-a2cd701d4a8f%252F1ade42c7-b70d-4af6-892d-5174c8d7f2d3.png%26q%3D75%26w%3D1080" alt="Ubiquiti U7-LR review: WiFi 7 with strong range, but no 6 GHz" width="1080" height="771"></a></p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftzyb7xedsn3u220ysgkb.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ftzyb7xedsn3u220ysgkb.png" alt="Ubiquiti U7-LR review: WiFi 7 with strong range, but no 6 GHz" width="800" height="450"></a></p> <p><em>Image: Ubiquiti / official product image</em></p> <p>Disclosure: This article contains affiliate links. If you buy through one of these links, I may earn a small commission. The price stays the same for you.</p> <p>The Ubiquiti U7-LR is one of those access points that looks like an obvious upgrade at first glance. WiFi 7, Long Range, UniFi, 2.5 GbE, PoE. If you already run UniFi at home or in a small office, it sounds like an easy yes.</p> <p>I would still not buy it blindly.</p> <p>The U7-LR is interesting, but there is one detail you should know before ordering it: it is a WiFi 7 access point without 6 GHz. That does not make it a bad product. It just changes what you should expect from it.</p> <p><a href="https://amznto/3PsNXhx?ref=blog.bajonczak.com" rel="noopener noreferrer">View the Ubiquiti U7-LR on Amazon</a></p> <h2> Quick verdict </h2> <p>The Ubiquiti U7-LR makes the most sense if you already use UniFi and want a modern access point with good range, a 2.5 GbE uplink and PoE. For a house, a larger apartment, a small office, a medical practice or a studio, it can be a very solid choice.</p> <p>But if you hear "WiFi 7" and automatically expect 6 GHz, look closer. The U7-LR uses 2.4 GHz and 5 GHz. It does not have a 6 GHz radio. For many setups that is fine. For a full high-end WiFi 7 setup, a tri-band model may be the better fit.</p> <h2> What the U7-LR offers </h2> <p>According to Ubiquiti's official specifications, the U7-LR comes with:</p> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Feature</th> <th>Ubiquiti U7-LR</th> </tr> </thead> <tbody> <tr> <td>WiFi standard</td> <td>WiFi 7</td> </tr> <tr> <td>Frequency bands</td> <td>2.4 GHz and 5 GHz</td> </tr> <tr> <td>6 GHz band</td> <td>No</td> </tr> <tr> <td>5 GHz data rate</td> <td>up to 4.3 Gbps at 160 MHz</td> </tr> <tr> <td>2.4 GHz data rate</td> <td>up to 688 Mbps</td> </tr> <tr> <td>Spatial streams</td> <td>5</td> </tr> <tr> <td>Uplink</td> <td>1x 2.5 GbE RJ45</td> </tr> <tr> <td>Power</td> <td>PoE</td> </tr> <tr> <td>Maximum power consumption</td> <td>14 W</td> </tr> <tr> <td>Stated coverage</td> <td>up to 160 m² / 1,750 ft²</td> </tr> <tr> <td>Stated client count</td> <td>300+</td> </tr> <tr> <td>Mounting</td> <td>Ceiling or wall</td> </tr> </tbody> </table></div> <p>That is a strong spec sheet for this class of access point. The 2.5 GbE port matters because a regular gigabit uplink can become a bottleneck on newer access points. The 160 MHz channel width on 5 GHz is also nice to have, assuming your environment allows it.</p> <p>And that last part matters. In an apartment building with lots of neighboring networks, 160 MHz is not always the best idea. More channel width can mean more interference. In a detached house or a small office, it may work well. In a crowded area, stability can be more useful than a pretty speed test.</p> <h2> The main catch: WiFi 7, but no 6 GHz </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.svc.ui.com%2F%3Fu%3Dhttps%253A%252F%252Fcdn.ecomm.ui.com%252Fproducts%252F7455fa2b-3074-47a0-b82f-a2cd701d4a8f%252F9d75fc29-da2a-4ddd-adb8-7229958e6461.png%26q%3D75%26w%3D1080" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.svc.ui.com%2F%3Fu%3Dhttps%253A%252F%252Fcdn.ecomm.ui.com%252Fproducts%252F7455fa2b-3074-47a0-b82f-a2cd701d4a8f%252F9d75fc29-da2a-4ddd-adb8-7229958e6461.png%26q%3D75%26w%3D1080" alt="Ubiquiti U7-LR review: WiFi 7 with strong range, but no 6 GHz" width="1080" height="771"></a></p> <p><em>Image: Ubiquiti / official product image</em></p> <p>This is the part that can cause confusion. WiFi 7 does not automatically mean that a device supports the 6 GHz band.</p> <p>The U7-LR is a dual-band access point. It uses 2.4 GHz and 5 GHz. That can be a sensible choice for range and compatibility, since many devices still live on those bands anyway. But if your main reason for upgrading to WiFi 7 is 6 GHz, this is not the access point you are looking for.</p> <p>I would not think of the U7-LR as the ultimate WiFi 7 playground. I would think of it as a modern UniFi access point focused on range, 5 GHz performance and everyday reliability.</p> <h2> Who should consider the Ubiquiti U7-LR? </h2> <p>The U7-LR is a good fit if you already use UniFi or want to build a UniFi network properly. The appeal is not just the access point itself. It is the UniFi Network platform around it.</p> <p>Multiple SSIDs, VLANs, guest networks, roaming, band steering, client isolation and decent visibility into your network are the reasons people buy UniFi in the first place.</p> <p>Good use cases include:</p> <ul> <li>a house or larger apartment with a centrally mounted access point</li> <li>a small office with employees and a guest WiFi network</li> <li>a medical practice, agency, studio or shop</li> <li>a holiday apartment where you want managed WiFi instead of a random consumer router</li> <li>an existing UniFi setup that needs a WiFi 7 upgrade</li> </ul> <p>In these environments, the U7-LR is more interesting than a typical consumer router. Not because it magically makes your internet faster, but because it fits into a cleaner network setup.</p> <h2> Who should probably skip it? </h2> <p>If you are looking for a router that connects directly to your DSL, cable or fiber line, the U7-LR is the wrong product. It is not a router. It is not a modem. It is an access point.</p> <p>You need the rest of the network around it: a router or gateway, ideally a PoE switch or a suitable PoE injector, and some way to manage UniFi Network.</p> <p>I would probably skip it if:</p> <ul> <li>you do not want to use UniFi</li> <li>6 GHz is a must-have for you</li> <li>you do not have PoE or do not want to add it</li> <li>you expect an all-in-one home router</li> <li>you only need WiFi for one small room</li> </ul> <p>UniFi is not impossibly complicated, but it is still more of a system than a plug-and-forget consumer box. That is either the whole point, or it is unnecessary overhead.</p> <h2> What customer reviews suggest </h2> <p>On Amazon Germany, the Ubiquiti U7-LR currently sits at around 4.2 out of 5 stars with 78 global ratings. The positive reviews mostly mention good range, stable connections and easy setup inside an existing UniFi environment.</p> <p>Some reviews are very short, which is normal for Amazon. Still, the pattern is useful: people who already know UniFi seem to get along with the U7-LR quickly. Several buyers describe it as a reliable access point that does exactly what they expected.</p> <p>There is also some criticism. One international review points out that the U7-LR is not a tri-band access point. Another mentions that 2.4 GHz performance did not meet expectations compared with 5 GHz. That lines up with the main caveat above: do not read "WiFi 7" and assume you are getting every premium WiFi 7 feature.</p> <h2> PoE and 2.5 GbE are not optional details </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.svc.ui.com%2F%3Fu%3Dhttps%253A%252F%252Fcdn.ecomm.ui.com%252Fproducts%252F7455fa2b-3074-47a0-b82f-a2cd701d4a8f%252Ff3a549f7-2a60-4c4e-811b-158bb34dbf29.png%26q%3D75%26w%3D1080" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fimages.svc.ui.com%2F%3Fu%3Dhttps%253A%252F%252Fcdn.ecomm.ui.com%252Fproducts%252F7455fa2b-3074-47a0-b82f-a2cd701d4a8f%252Ff3a549f7-2a60-4c4e-811b-158bb34dbf29.png%26q%3D75%26w%3D1080" alt="Ubiquiti U7-LR review: WiFi 7 with strong range, but no 6 GHz" width="1080" height="670"></a></p> <p><em>Image: Ubiquiti / official product image</em></p> <p>The U7-LR is powered via PoE. In a clean network installation, that is great. One Ethernet cable handles data and power. For casual living-room use, it can be an extra hurdle.</p> <p>If your switch does not provide PoE, you need a suitable PoE injector. You should also think about the uplink. The access point has a 2.5 GbE port, and ideally the switch port behind it should support 2.5 GbE as well.</p> <p>That does not mean gigabit is useless. For many internet connections it is still enough. But if you are buying a WiFi 7 access point, it makes sense to check whether the rest of your network can keep up.</p> <h2> U7-LR or another UniFi access point? </h2> <p>The U7-LR is attractive if range and modern 5 GHz performance matter more to you than 6 GHz. If you already own several WiFi 7 clients with 6 GHz support and want to use that band, compare it with a proper tri-band access point before buying.</p> <p>If you want to cover a house or small office with stable UniFi WiFi, the U7-LR looks like a sensible option. I would not read the "300+ clients" figure as a realistic recommendation for hundreds of active devices hammering the network at once. It is more a sign that Ubiquiti designed this for more than three phones and a TV.</p> <h2> My take </h2> <p>What I like about the U7-LR is that it knows what it is. It is not trying to be a flashy consumer router with a friendly app and a dozen marketing claims. It is a UniFi access point. That is the reason to buy it.</p> <p>The Long Range name and the WiFi 7 label make it appealing, but the missing 6 GHz radio belongs in every buying decision. If you know that and it fits your setup, the U7-LR is a very interesting upgrade.</p> <p>If you simply want "full WiFi 7", I would compare alternatives first.</p> <h2> Should you buy it? </h2> <p>I would buy the Ubiquiti U7-LR if:</p> <ul> <li>you already use UniFi</li> <li>you want a ceiling or wall mounted access point</li> <li>you can provide PoE properly</li> <li>you care about strong 5 GHz performance and range</li> <li>6 GHz is not required for your setup</li> </ul> <p>I would not buy it if you actually need a router, or if 6 GHz is the main reason you are upgrading.</p> <p><a href="https://amzn.to/3PsNXhx?ref=blog.bajonczak.com" rel="noopener noreferrer">View the Ubiquiti U7-LR on Amazon</a></p> <p>Note: This article is not based on my own hands-on lab test. The assessment is based on Ubiquiti's official specifications, the Amazon product page and publicly visible customer reviews.</p> ubiquiti unifi networking affiliate Der Sascha Sun, 17 May 2026 17:21:45 +0000 https://dev.to/saschadev/teufel-rockster-air-2-review-powerful-portable-sound-but-should-you-buy-it-over-the-jbl-partybox-17hi https://dev.to/saschadev/teufel-rockster-air-2-review-powerful-portable-sound-but-should-you-buy-it-over-the-jbl-partybox-17hi <h1> Teufel Rockster Air 2 review: powerful portable sound, but should you buy it over the JBL PartyBox Stage 320? </h1> <p><em>Transparency note: the Amazon links in this article are affiliate links. If you buy through them, I may earn a commission at no extra cost to you. I have not run a long-term hands-on test of these speakers.</em></p> <p>If you are looking for a serious portable Bluetooth speaker, the <strong>Teufel Rockster Air 2</strong> and the <strong>JBL PartyBox Stage 320</strong> sit in a similar “big party speaker” category, but they are not really built for exactly the same buyer.</p> <p>The Teufel feels more like a compact mobile PA system: loud, flexible, long-lasting, and ready for microphones, instruments, small events, speeches, DJs, karaoke, and outdoor setups. The JBL is more obviously a party speaker: easier to move around, cheaper, flashier, and probably the better fit for most casual buyers.</p> <p>So which one should you actually buy?</p> <h2> Quick verdict </h2> <p>If I had to recommend one speaker for most people, I would pick the <strong>JBL PartyBox Stage 320</strong> because it is cheaper, easier to transport, has a built-in light show, and has very strong public ratings.</p> <p>But if you care more about <strong>battery life, PA-style flexibility, microphone/instrument inputs, and a more professional event setup</strong>, the <strong>Teufel Rockster Air 2</strong> is the more serious device.</p> <ul> <li> <strong>Buy the Teufel Rockster Air 2</strong> if you want a portable event speaker with long battery life and flexible inputs: <a href="https://amzn.to/3PJNCXS?ref=blog.bajonczak.com" rel="noopener noreferrer">check the Teufel Rockster Air 2 on Amazon</a> </li> <li> <strong>Buy the JBL PartyBox Stage 320</strong> if you want the better value party speaker for most private parties: <a href="https://amzn.to/4fqubxx?ref=blog.bajonczak.com" rel="noopener noreferrer">check the JBL PartyBox Stage 320 on Amazon</a> </li> </ul> <h2> The Teufel Rockster Air 2 at a glance </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F47t7azacfhpmuwd4jqs0.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F47t7azacfhpmuwd4jqs0.jpg" alt="Teufel Rockster Air 2" width="609" height="1094"></a></p> <p>The <strong>Teufel Rockster Air 2</strong> is a portable Bluetooth event speaker with a clear focus on power and flexibility. According to the Amazon listing, it offers:</p> <ul> <li>Bluetooth 5.0 with aptX, aptX HD and AAC</li> <li>Up to <strong>58 hours</strong> of battery life at medium volume</li> <li>Up to <strong>31 hours</strong> at maximum volume in Eco mode</li> <li>A removable LiFePO4 battery</li> <li>Microphone, instrument and AUX inputs</li> <li>USB-C power bank function</li> <li>35 mm tripod flange</li> <li>Up to <strong>103 dB RMS</strong> and <strong>115 dB peak</strong> </li> <li>Support for stereo setups with two Rockster Air 2 units</li> <li>XLR-based linking for larger setups</li> </ul> <p>That specification list tells you quite a lot about the target audience. This is not just a speaker for playing a playlist in the kitchen. It is meant for people who need loud, mobile, reasonably serious sound.</p> <p>At the time I checked the listing, the Teufel Rockster Air 2 was shown at around <strong>€529.99</strong> with a rating of around <strong>4.5 out of 5 stars</strong> from about <strong>100 reviews</strong>. Amazon prices and review counts can change, so treat those numbers as a snapshot rather than a fixed fact.</p> <h2> What I like about the Teufel Rockster Air 2 </h2> <h3> 1. The battery life is the standout feature </h3> <p>The biggest argument for the Teufel is battery life. Up to 58 hours at medium volume is excellent for this class of speaker. Even the claimed 31 hours at maximum volume in Eco mode is impressive.</p> <p>For garden parties, small events, club rooms, outdoor workouts, sports events or speeches, this matters. A speaker that still has power left after a long day is simply less annoying to own.</p> <h3> 2. It is closer to a mobile PA than a normal party speaker </h3> <p>The Teufel has microphone, instrument and AUX inputs. That makes it much more flexible than a simple Bluetooth party box. You can use it for karaoke, announcements, a guitar, small performances or DJ-style setups.</p> <p>That is where the Rockster Air 2 starts to justify its higher price. If you only want music from your phone, you may not need this. If you want a more flexible event speaker, it becomes much more interesting.</p> <h3> 3. The battery is removable </h3> <p>A removable LiFePO4 battery is a practical long-term advantage. Batteries age. A product with a replaceable battery is usually a safer buy than one where the whole device becomes less useful once the battery degrades.</p> <h3> 4. Better codec support than many party speakers </h3> <p>Bluetooth with aptX, aptX HD and AAC is a nice detail. It does not magically turn a party speaker into a studio monitor, but it does show that Teufel is paying attention to audio quality and not just loudness.</p> <h2> What I do not like about the Teufel Rockster Air 2 </h2> <h3> 1. It is expensive </h3> <p>At roughly €530 at the time of checking, the Teufel is not an impulse purchase. It costs noticeably more than the JBL PartyBox Stage 320.</p> <p>That price only makes sense if you actually need the Teufel’s strengths: battery life, input flexibility, PA-style use, and very loud output.</p> <h3> 2. It lacks the fun factor of a classic party box </h3> <p>The Teufel looks and feels more serious. That can be a good thing, but it also means you do not get the obvious party features of the JBL: the synchronized light show, the flashy design language, and the “turn it on and the room gets a vibe” effect.</p> <h3> 3. Transport looks less convenient than the JBL </h3> <p>The JBL PartyBox Stage 320 has wheels and a telescopic handle. That is boring on paper but hugely useful in real life. Big speakers are always heavier and more annoying to move than people expect.</p> <p>If you move your speaker often, the JBL has a clear practical advantage.</p> <h2> The JBL PartyBox Stage 320 as the main alternative </h2> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fschnupkxk50ut8nmcu3i.jpg" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fschnupkxk50ut8nmcu3i.jpg" alt="JBL PartyBox Stage 320" width="522" height="1281"></a></p> <p>The <strong>JBL PartyBox Stage 320</strong> is the more mainstream party speaker. It is built around JBL Pro Sound, two 6.5-inch woofers, two 1-inch tweeters, a music-synchronized light show, wheels, and a telescopic handle.</p> <p>According to the Amazon listing, it offers:</p> <ul> <li>Up to <strong>18 hours</strong> of battery life</li> <li>10-minute quick charge for about 2 additional hours of playback</li> <li>AI Sound Boost for real-time audio optimization</li> <li>Built-in light show</li> <li>Wheels and telescopic handle</li> <li>Auracast support for connecting multiple compatible JBL speakers</li> <li>Replaceable battery, sold separately</li> </ul> <p>At the time I checked the listing, it was shown at around <strong>€420</strong> with a rating of around <strong>4.8 out of 5 stars</strong> from about <strong>730 reviews</strong>.</p> <h2> Teufel Rockster Air 2 vs JBL PartyBox Stage 320 </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Category</th> <th>Teufel Rockster Air 2</th> <th>JBL PartyBox Stage 320</th> </tr> </thead> <tbody> <tr> <td>Approx. price at time of checking</td> <td>€529.99</td> <td>€420</td> </tr> <tr> <td>Battery life</td> <td>Up to 58 hours</td> <td>Up to 18 hours</td> </tr> <tr> <td>Main strength</td> <td>PA-style flexibility and long runtime</td> <td>Party features and value</td> </tr> <tr> <td>Transport</td> <td>Portable, but less comfort-focused</td> <td>Wheels and telescopic handle</td> </tr> <tr> <td>Light show</td> <td>No</td> <td>Yes</td> </tr> <tr> <td>Microphone/instrument use</td> <td>Stronger focus</td> <td>More party-oriented</td> </tr> <tr> <td>Multi-speaker setup</td> <td>Stereo / XLR options</td> <td>Auracast</td> </tr> <tr> <td>Best for</td> <td>Events, speeches, karaoke, outdoor use, semi-pro setups</td> <td>Private parties, garden parties, casual users</td> </tr> </tbody> </table></div> <h2> Which one should you buy? </h2> <h3> Buy the Teufel Rockster Air 2 if… </h3> <p>You should choose the <strong>Teufel Rockster Air 2</strong> if you want a speaker that can do more than just play music loudly.</p> <p>It is the better fit if:</p> <ul> <li>You need very long battery life</li> <li>You want microphone or instrument inputs</li> <li>You might use the speaker for speeches or small events</li> <li>You care about a more PA-like setup</li> <li>You want a removable battery</li> <li>You want to place it on a tripod</li> <li>You may later expand into stereo or linked speaker setups</li> </ul> <p>In that case, the higher price makes sense: <a href="https://amzn.to/3PJNCXS?ref=blog.bajonczak.com" rel="noopener noreferrer">Teufel Rockster Air 2 on Amazon</a></p> <h3> Buy the JBL PartyBox Stage 320 if… </h3> <p>You should choose the <strong>JBL PartyBox Stage 320</strong> if you mostly want a powerful, fun and practical party speaker.</p> <p>It is the better fit if:</p> <ul> <li>You want the better price-performance ratio</li> <li>You care about easy transport</li> <li>You like the built-in light show</li> <li>You mainly use Bluetooth playback</li> <li>You want a proven party speaker with lots of public feedback</li> <li>You do not need 50+ hours of battery life</li> </ul> <p>For most buyers, this is probably the smarter purchase: <a href="https://amzn.to/4fqubxx?ref=blog.bajonczak.com" rel="noopener noreferrer">JBL PartyBox Stage 320 on Amazon</a></p> <h2> My final recommendation </h2> <p>The <strong>Teufel Rockster Air 2</strong> is the more serious and flexible product. It is the speaker I would look at for events, long outdoor days, microphone use, karaoke, small performances, DJ-style setups or situations where battery life really matters.</p> <p>But the <strong>JBL PartyBox Stage 320</strong> is the speaker I would recommend to most people. It costs less, is easier to move, has a more obvious party feature set, and has stronger public review momentum.</p> <p>So my practical recommendation is:</p> <ul> <li> <strong>Best overall for most people:</strong> <a href="https://amzn.to/4fqubxx?ref=blog.bajonczak.com" rel="noopener noreferrer">JBL PartyBox Stage 320</a> </li> <li> <strong>Best for more serious mobile event use:</strong> <a href="https://amzn.to/3PJNCXS?ref=blog.bajonczak.com" rel="noopener noreferrer">Teufel Rockster Air 2</a> </li> </ul> <p>If your use case is “I want a great speaker for birthdays, garden parties and casual events”, get the JBL. If your use case is “I need a portable speaker that can also behave like a small PA system”, get the Teufel.</p> affiliate productreview audio buyingguide Der Sascha Thu, 14 May 2026 12:40:48 +0000 https://dev.to/saschadev/a-practical-sap-agent-in-azure-ai-foundry-odata-in-governed-answer-out-81h https://dev.to/saschadev/a-practical-sap-agent-in-azure-ai-foundry-odata-in-governed-answer-out-81h <p>Most enterprise agent demos cheat at the exact point where things get interesting.</p> <p>They show a nice chat window. They connect it to a toy API. The agent calls a function, gets a clean JSON response, and everyone nods. Then you try the same pattern against a real SAP system and suddenly the demo has to deal with authorization, OData filters, weird field names, data minimization, audit logs, and the uncomfortable fact that "ask the model to query SAP" is not an architecture.</p> <p>This post is the version I would actually start with.</p> <p>The scenario is intentionally boring: a support or operations user asks why a customer order is blocked. The agent should look up a small, approved slice of SAP data, summarize the situation, and suggest the next action. No direct database access. No model-generated OData. No magic prompt that says "be secure" and hopes for the best.</p> <h2> The shape of the solution </h2> <p>I would split the system into four parts:</p> <ol> <li>Azure AI Foundry hosts the agent and handles the conversation.</li> <li>The agent gets one narrow tool, for example <code>get_order_status</code>.</li> <li>A backend service owns the SAP integration and calls an approved OData endpoint.</li> <li>Identity, logging, and policy live outside the prompt.</li> </ol> <p>The agent is allowed to ask a question. The tool is allowed to fetch a specific business object. The SAP layer is allowed to enforce the ugly but necessary rules.</p> <p>That separation matters. If the model can invent arbitrary OData queries, it can also invent expensive, broad, or unauthorized queries. If the backend only exposes a small function with typed parameters, the blast radius is much smaller.</p> <h2> Example architecture </h2> <p>A minimal production-ish flow looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>User -&gt; Teams / web app / Copilot extension -&gt; Azure AI Foundry agent -&gt; function tool: get_order_status(order_id) -&gt; integration API -&gt; SAP OData endpoint / SAP BTP destination / API Management -&gt; sanitized JSON back to the agent -&gt; short answer + next action </code></pre> </div> <p>I like putting Azure API Management or a small integration API between Foundry and SAP. It gives you one place for throttling, logging, allow lists, correlation IDs, and request validation. You can also swap the SAP backend later without teaching the agent a new trick.</p> <h2> The SAP side: keep it boring </h2> <p>Here is a deliberately small Python client for an SAP OData endpoint. The important part is not the HTTP library. The important part is that the caller cannot pass arbitrary filters.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># sap_client.py </span><span class="kn">import</span> <span class="n">os</span> <span class="kn">import</span> <span class="n">requests</span> <span class="kn">from</span> <span class="n">dataclasses</span> <span class="kn">import</span> <span class="n">dataclass</span> <span class="nd">@dataclass</span><span class="p">(</span><span class="n">frozen</span><span class="o">=</span><span class="bp">True</span><span class="p">)</span> <span class="k">class</span> <span class="nc">OrderStatus</span><span class="p">:</span> <span class="n">order_id</span><span class="p">:</span> <span class="nb">str</span> <span class="n">customer_name</span><span class="p">:</span> <span class="nb">str</span> <span class="n">lifecycle_status</span><span class="p">:</span> <span class="nb">str</span> <span class="n">delivery_block</span><span class="p">:</span> <span class="nb">str</span> <span class="o">|</span> <span class="bp">None</span> <span class="n">credit_block</span><span class="p">:</span> <span class="nb">str</span> <span class="o">|</span> <span class="bp">None</span> <span class="n">net_value</span><span class="p">:</span> <span class="nb">float</span> <span class="n">currency</span><span class="p">:</span> <span class="nb">str</span> <span class="k">class</span> <span class="nc">SapClient</span><span class="p">:</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="n">self</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="n">self</span><span class="p">.</span><span class="n">base_url</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">SAP_ODATA_BASE_URL</span><span class="sh">"</span><span class="p">].</span><span class="nf">rstrip</span><span class="p">(</span><span class="sh">"</span><span class="s">/</span><span class="sh">"</span><span class="p">)</span> <span class="n">self</span><span class="p">.</span><span class="n">username</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">SAP_TECH_USER</span><span class="sh">"</span><span class="p">]</span> <span class="n">self</span><span class="p">.</span><span class="n">password</span> <span class="o">=</span> <span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">SAP_TECH_PASSWORD</span><span class="sh">"</span><span class="p">]</span> <span class="k">def</span> <span class="nf">get_order_status</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">order_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="n">OrderStatus</span><span class="p">:</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">order_id</span><span class="p">.</span><span class="nf">isdigit</span><span class="p">()</span> <span class="ow">or</span> <span class="nf">len</span><span class="p">(</span><span class="n">order_id</span><span class="p">)</span> <span class="o">&gt;</span> <span class="mi">12</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">ValueError</span><span class="p">(</span><span class="sh">"</span><span class="s">order_id must be a numeric SAP sales order id</span><span class="sh">"</span><span class="p">)</span> <span class="n">url</span> <span class="o">=</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">self</span><span class="p">.</span><span class="n">base_url</span><span class="si">}</span><span class="s">/sap/opu/odata/sap/API_SALES_ORDER_SRV/A_SalesOrder(</span><span class="sh">'</span><span class="si">{</span><span class="n">order_id</span><span class="si">}</span><span class="sh">'</span><span class="s">)</span><span class="sh">"</span> <span class="n">params</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">$select</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">,</span><span class="sh">"</span><span class="p">.</span><span class="nf">join</span><span class="p">([</span> <span class="sh">"</span><span class="s">SalesOrder</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">SoldToPartyName</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">OverallSDProcessStatus</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">DeliveryBlockReason</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">CreditBlockReason</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">TotalNetAmount</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">TransactionCurrency</span><span class="sh">"</span><span class="p">,</span> <span class="p">])</span> <span class="p">}</span> <span class="n">response</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="n">url</span><span class="p">,</span> <span class="n">params</span><span class="o">=</span><span class="n">params</span><span class="p">,</span> <span class="n">auth</span><span class="o">=</span><span class="p">(</span><span class="n">self</span><span class="p">.</span><span class="n">username</span><span class="p">,</span> <span class="n">self</span><span class="p">.</span><span class="n">password</span><span class="p">),</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Accept</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/json</span><span class="sh">"</span><span class="p">},</span> <span class="n">timeout</span><span class="o">=</span><span class="mi">10</span><span class="p">,</span> <span class="p">)</span> <span class="n">response</span><span class="p">.</span><span class="nf">raise_for_status</span><span class="p">()</span> <span class="n">data</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">d</span><span class="sh">"</span><span class="p">]</span> <span class="k">return</span> <span class="nc">OrderStatus</span><span class="p">(</span> <span class="n">order_id</span><span class="o">=</span><span class="n">data</span><span class="p">[</span><span class="sh">"</span><span class="s">SalesOrder</span><span class="sh">"</span><span class="p">],</span> <span class="n">customer_name</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">SoldToPartyName</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">),</span> <span class="n">lifecycle_status</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">OverallSDProcessStatus</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Unknown</span><span class="sh">"</span><span class="p">),</span> <span class="n">delivery_block</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">DeliveryBlockReason</span><span class="sh">"</span><span class="p">)</span> <span class="ow">or</span> <span class="bp">None</span><span class="p">,</span> <span class="n">credit_block</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">CreditBlockReason</span><span class="sh">"</span><span class="p">)</span> <span class="ow">or</span> <span class="bp">None</span><span class="p">,</span> <span class="n">net_value</span><span class="o">=</span><span class="nf">float</span><span class="p">(</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">TotalNetAmount</span><span class="sh">"</span><span class="p">,</span> <span class="mi">0</span><span class="p">)),</span> <span class="n">currency</span><span class="o">=</span><span class="n">data</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">TransactionCurrency</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">),</span> <span class="p">)</span> </code></pre> </div> <p>A real implementation would probably use OAuth, principal propagation, SAP BTP destinations, or an API Management policy instead of a technical user. Fine. The same rule still applies: the agent should not build the SAP query. Your integration layer should.</p> <h2> The tool boundary </h2> <p>Now wrap the SAP client in a tiny tool function. This is also the place where I would remove fields the user should not see.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># tools.py </span><span class="kn">from</span> <span class="n">sap_client</span> <span class="kn">import</span> <span class="n">SapClient</span> <span class="n">sap</span> <span class="o">=</span> <span class="nc">SapClient</span><span class="p">()</span> <span class="k">def</span> <span class="nf">get_order_status</span><span class="p">(</span><span class="n">order_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="nb">dict</span><span class="p">:</span> <span class="sh">"""</span><span class="s">Return a sanitized status summary for one SAP sales order.</span><span class="sh">"""</span> <span class="n">status</span> <span class="o">=</span> <span class="n">sap</span><span class="p">.</span><span class="nf">get_order_status</span><span class="p">(</span><span class="n">order_id</span><span class="p">)</span> <span class="n">blocks</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">if</span> <span class="n">status</span><span class="p">.</span><span class="n">delivery_block</span><span class="p">:</span> <span class="n">blocks</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">delivery</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">reason</span><span class="sh">"</span><span class="p">:</span> <span class="n">status</span><span class="p">.</span><span class="n">delivery_block</span><span class="p">})</span> <span class="k">if</span> <span class="n">status</span><span class="p">.</span><span class="n">credit_block</span><span class="p">:</span> <span class="n">blocks</span><span class="p">.</span><span class="nf">append</span><span class="p">({</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">credit</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">reason</span><span class="sh">"</span><span class="p">:</span> <span class="n">status</span><span class="p">.</span><span class="n">credit_block</span><span class="p">})</span> <span class="k">return</span> <span class="p">{</span> <span class="sh">"</span><span class="s">order_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">status</span><span class="p">.</span><span class="n">order_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">customer_name</span><span class="sh">"</span><span class="p">:</span> <span class="n">status</span><span class="p">.</span><span class="n">customer_name</span><span class="p">,</span> <span class="sh">"</span><span class="s">lifecycle_status</span><span class="sh">"</span><span class="p">:</span> <span class="n">status</span><span class="p">.</span><span class="n">lifecycle_status</span><span class="p">,</span> <span class="sh">"</span><span class="s">blocks</span><span class="sh">"</span><span class="p">:</span> <span class="n">blocks</span><span class="p">,</span> <span class="sh">"</span><span class="s">net_value</span><span class="sh">"</span><span class="p">:</span> <span class="n">status</span><span class="p">.</span><span class="n">net_value</span><span class="p">,</span> <span class="sh">"</span><span class="s">currency</span><span class="sh">"</span><span class="p">:</span> <span class="n">status</span><span class="p">.</span><span class="n">currency</span><span class="p">,</span> <span class="p">}</span> </code></pre> </div> <p>Notice what is missing: pricing conditions, margin, bank details, free text notes, internal partner data, and anything else that tends to leak into "just give the AI access" projects.</p> <p>The model gets the minimum amount of data needed to answer the business question.</p> <h2> Registering the tool in Azure AI Foundry </h2> <p>The current Azure AI Foundry agent pattern is straightforward: define a function tool, create an agent version, send a user prompt, execute the requested function call in your app, and submit the tool output back to the model.</p> <p>The sketch below follows that shape. It is not meant to be pasted blindly into production, but it shows the moving parts.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># foundry_agent.py </span><span class="kn">import</span> <span class="n">json</span> <span class="kn">import</span> <span class="n">os</span> <span class="kn">from</span> <span class="n">azure.ai.projects</span> <span class="kn">import</span> <span class="n">AIProjectClient</span> <span class="kn">from</span> <span class="n">azure.ai.projects.models</span> <span class="kn">import</span> <span class="n">FunctionTool</span><span class="p">,</span> <span class="n">PromptAgentDefinition</span><span class="p">,</span> <span class="n">Tool</span> <span class="kn">from</span> <span class="n">azure.identity</span> <span class="kn">import</span> <span class="n">DefaultAzureCredential</span> <span class="kn">from</span> <span class="n">openai.types.responses.response_input_param</span> <span class="kn">import</span> <span class="p">(</span> <span class="n">FunctionCallOutput</span><span class="p">,</span> <span class="n">ResponseInputParam</span><span class="p">,</span> <span class="p">)</span> <span class="kn">from</span> <span class="n">tools</span> <span class="kn">import</span> <span class="n">get_order_status</span> <span class="n">project</span> <span class="o">=</span> <span class="nc">AIProjectClient</span><span class="p">(</span> <span class="n">endpoint</span><span class="o">=</span><span class="n">os</span><span class="p">.</span><span class="n">environ</span><span class="p">[</span><span class="sh">"</span><span class="s">AZURE_AI_PROJECT_ENDPOINT</span><span class="sh">"</span><span class="p">],</span> <span class="n">credential</span><span class="o">=</span><span class="nc">DefaultAzureCredential</span><span class="p">(),</span> <span class="p">)</span> <span class="n">openai</span> <span class="o">=</span> <span class="n">project</span><span class="p">.</span><span class="nf">get_openai_client</span><span class="p">()</span> <span class="n">conversation</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="n">conversations</span><span class="p">.</span><span class="nf">create</span><span class="p">()</span> <span class="n">get_order_status_tool</span> <span class="o">=</span> <span class="nc">FunctionTool</span><span class="p">(</span> <span class="n">name</span><span class="o">=</span><span class="sh">"</span><span class="s">get_order_status</span><span class="sh">"</span><span class="p">,</span> <span class="n">description</span><span class="o">=</span><span class="sh">"</span><span class="s">Get the sanitized status of one SAP sales order by numeric order id.</span><span class="sh">"</span><span class="p">,</span> <span class="n">parameters</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">object</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">properties</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">order_id</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">string</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">description</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Numeric SAP sales order id, for example 4711000420</span><span class="sh">"</span><span class="p">,</span> <span class="p">}</span> <span class="p">},</span> <span class="sh">"</span><span class="s">required</span><span class="sh">"</span><span class="p">:</span> <span class="p">[</span><span class="sh">"</span><span class="s">order_id</span><span class="sh">"</span><span class="p">],</span> <span class="sh">"</span><span class="s">additionalProperties</span><span class="sh">"</span><span class="p">:</span> <span class="bp">False</span><span class="p">,</span> <span class="p">},</span> <span class="n">strict</span><span class="o">=</span><span class="bp">True</span><span class="p">,</span> <span class="p">)</span> <span class="n">tools</span><span class="p">:</span> <span class="nb">list</span><span class="p">[</span><span class="n">Tool</span><span class="p">]</span> <span class="o">=</span> <span class="p">[</span><span class="n">get_order_status_tool</span><span class="p">]</span> <span class="n">agent</span> <span class="o">=</span> <span class="n">project</span><span class="p">.</span><span class="n">agents</span><span class="p">.</span><span class="nf">create_version</span><span class="p">(</span> <span class="n">agent_name</span><span class="o">=</span><span class="sh">"</span><span class="s">sap-order-status-agent</span><span class="sh">"</span><span class="p">,</span> <span class="n">definition</span><span class="o">=</span><span class="nc">PromptAgentDefinition</span><span class="p">(</span> <span class="n">model</span><span class="o">=</span><span class="sh">"</span><span class="s">gpt-4.1-mini</span><span class="sh">"</span><span class="p">,</span> <span class="n">instructions</span><span class="o">=</span><span class="p">(</span> <span class="sh">"</span><span class="s">You help operations users understand SAP sales order status. </span><span class="sh">"</span> <span class="sh">"</span><span class="s">Use the provided tool when an order id is present. </span><span class="sh">"</span> <span class="sh">"</span><span class="s">Do not ask for or expose sensitive personal, payroll, banking, or margin data. </span><span class="sh">"</span> <span class="sh">"</span><span class="s">Answer briefly. If a block exists, explain the likely owner and next action.</span><span class="sh">"</span> <span class="p">),</span> <span class="n">tools</span><span class="o">=</span><span class="n">tools</span><span class="p">,</span> <span class="p">),</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="nb">input</span><span class="o">=</span><span class="sh">"</span><span class="s">Why is sales order 4711000420 blocked?</span><span class="sh">"</span><span class="p">,</span> <span class="n">conversation</span><span class="o">=</span><span class="n">conversation</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">extra_body</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">agent_reference</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="n">agent</span><span class="p">.</span><span class="n">name</span><span class="p">,</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">agent_reference</span><span class="sh">"</span><span class="p">}},</span> <span class="p">)</span> <span class="n">tool_outputs</span><span class="p">:</span> <span class="n">ResponseInputParam</span> <span class="o">=</span> <span class="p">[]</span> <span class="k">for</span> <span class="n">item</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="n">output</span><span class="p">:</span> <span class="k">if</span> <span class="n">item</span><span class="p">.</span><span class="nb">type</span> <span class="o">==</span> <span class="sh">"</span><span class="s">function_call</span><span class="sh">"</span> <span class="ow">and</span> <span class="n">item</span><span class="p">.</span><span class="n">name</span> <span class="o">==</span> <span class="sh">"</span><span class="s">get_order_status</span><span class="sh">"</span><span class="p">:</span> <span class="n">args</span> <span class="o">=</span> <span class="n">json</span><span class="p">.</span><span class="nf">loads</span><span class="p">(</span><span class="n">item</span><span class="p">.</span><span class="n">arguments</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">get_order_status</span><span class="p">(</span><span class="o">**</span><span class="n">args</span><span class="p">)</span> <span class="n">tool_outputs</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span> <span class="nc">FunctionCallOutput</span><span class="p">(</span> <span class="nb">type</span><span class="o">=</span><span class="sh">"</span><span class="s">function_call_output</span><span class="sh">"</span><span class="p">,</span> <span class="n">call_id</span><span class="o">=</span><span class="n">item</span><span class="p">.</span><span class="n">call_id</span><span class="p">,</span> <span class="n">output</span><span class="o">=</span><span class="n">json</span><span class="p">.</span><span class="nf">dumps</span><span class="p">(</span><span class="n">result</span><span class="p">),</span> <span class="p">)</span> <span class="p">)</span> <span class="n">final_response</span> <span class="o">=</span> <span class="n">openai</span><span class="p">.</span><span class="n">responses</span><span class="p">.</span><span class="nf">create</span><span class="p">(</span> <span class="nb">input</span><span class="o">=</span><span class="n">tool_outputs</span><span class="p">,</span> <span class="n">conversation</span><span class="o">=</span><span class="n">conversation</span><span class="p">.</span><span class="nb">id</span><span class="p">,</span> <span class="n">extra_body</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">agent_reference</span><span class="sh">"</span><span class="p">:</span> <span class="p">{</span><span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">:</span> <span class="n">agent</span><span class="p">.</span><span class="n">name</span><span class="p">,</span> <span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">agent_reference</span><span class="sh">"</span><span class="p">}},</span> <span class="p">)</span> <span class="nf">print</span><span class="p">(</span><span class="n">final_response</span><span class="p">.</span><span class="n">output_text</span><span class="p">)</span> </code></pre> </div> <p>A possible answer might be:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Sales order 4711000420 is blocked because it has a credit block. The order value is 18,420 EUR for Contoso Retail GmbH. Next action: ask credit management to review the customer exposure before release. </code></pre> </div> <p>That is the right level of boring. The agent did not browse SAP. It did not decide which table to query. It called one approved capability.</p> <h2> Add correlation IDs before you add more tools </h2> <p>Before I would add a second or third SAP tool, I would add tracing.</p> <p>Every request should carry a correlation ID from the UI to Foundry, from Foundry to the integration API, and from the integration API to SAP or API Management logs.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># api.py </span><span class="kn">from</span> <span class="n">fastapi</span> <span class="kn">import</span> <span class="n">FastAPI</span><span class="p">,</span> <span class="n">Header</span><span class="p">,</span> <span class="n">HTTPException</span> <span class="kn">from</span> <span class="n">tools</span> <span class="kn">import</span> <span class="n">get_order_status</span> <span class="n">app</span> <span class="o">=</span> <span class="nc">FastAPI</span><span class="p">()</span> <span class="nd">@app.get</span><span class="p">(</span><span class="sh">"</span><span class="s">/orders/{order_id}/status</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">order_status</span><span class="p">(</span><span class="n">order_id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">x_correlation_id</span><span class="p">:</span> <span class="nb">str</span> <span class="o">|</span> <span class="bp">None</span> <span class="o">=</span> <span class="nc">Header</span><span class="p">(</span><span class="n">default</span><span class="o">=</span><span class="bp">None</span><span class="p">)):</span> <span class="k">if</span> <span class="ow">not</span> <span class="n">x_correlation_id</span><span class="p">:</span> <span class="k">raise</span> <span class="nc">HTTPException</span><span class="p">(</span><span class="n">status_code</span><span class="o">=</span><span class="mi">400</span><span class="p">,</span> <span class="n">detail</span><span class="o">=</span><span class="sh">"</span><span class="s">Missing X-Correlation-ID</span><span class="sh">"</span><span class="p">)</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">get_order_status</span><span class="p">(</span><span class="n">order_id</span><span class="p">)</span> <span class="c1"># In production, log this as structured telemetry. </span> <span class="c1"># Never log secrets or full SAP payloads. </span> <span class="nf">print</span><span class="p">({</span> <span class="sh">"</span><span class="s">correlation_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">x_correlation_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">tool</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">get_order_status</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">order_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">order_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">block_count</span><span class="sh">"</span><span class="p">:</span> <span class="nf">len</span><span class="p">(</span><span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">blocks</span><span class="sh">"</span><span class="p">]),</span> <span class="p">})</span> <span class="k">return</span> <span class="n">result</span> </code></pre> </div> <p>This is the part that gets skipped in demos and then hurts later. When a user says "the agent told me the wrong thing," you need to reconstruct what it saw, which tool it called, what SAP returned, and which policy version was active.</p> <p>Without that, you are debugging vibes.</p> <h2> Where the avatar fits </h2> <p>If you are building a Casandra-style avatar on top of this, I would keep the avatar layer dumb.</p> <p>The avatar can make the interaction feel nicer. It can speak, explain, ask follow-up questions, and show the answer in a more human way. But it should not own the SAP permissions, the OData query, or the policy decisions.</p> <p>A clean split looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Avatar / UI: - captures the user request - shows status and confidence - asks for missing order id - renders the final answer Foundry agent: - decides whether a tool call is needed - turns tool output into an explanation - follows response policy Integration backend: - validates input - calls SAP - trims data - logs access - enforces authorization </code></pre> </div> <p>That makes the avatar replaceable. Today it is a web avatar. Tomorrow it might be Teams, Copilot, a mobile app, or a voice interface. The SAP contract stays the same.</p> <h2> The policies I would enforce early </h2> <p>I would not wait for an enterprise governance board to invent a 40-page document. Start with five rules in code:</p> <ul> <li>Only approved tools can access SAP.</li> <li>Tools must have typed schemas and <code>additionalProperties: false</code>.</li> <li>The model never receives raw SAP payloads.</li> <li>Every tool call gets a user id, tenant/context id, and correlation id.</li> <li>Tool output is logged as metadata, not as full business data.</li> </ul> <p>Those five rules already avoid a lot of trouble.</p> <h2> A small test that catches a big mistake </h2> <p>Here is the kind of test I would add before showing the agent to anyone outside the team:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1"># test_tools.py </span><span class="kn">import</span> <span class="n">pytest</span> <span class="kn">from</span> <span class="n">tools</span> <span class="kn">import</span> <span class="n">get_order_status</span> <span class="k">def</span> <span class="nf">test_rejects_non_numeric_order_ids</span><span class="p">():</span> <span class="k">with</span> <span class="n">pytest</span><span class="p">.</span><span class="nf">raises</span><span class="p">(</span><span class="nb">ValueError</span><span class="p">):</span> <span class="nf">get_order_status</span><span class="p">(</span><span class="sh">"</span><span class="s">4711; $filter=NetValue gt 0</span><span class="sh">"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">test_tool_does_not_return_internal_fields</span><span class="p">(</span><span class="n">monkeypatch</span><span class="p">):</span> <span class="k">class</span> <span class="nc">FakeSap</span><span class="p">:</span> <span class="k">def</span> <span class="nf">get_order_status</span><span class="p">(</span><span class="n">self</span><span class="p">,</span> <span class="n">order_id</span><span class="p">):</span> <span class="k">return</span> <span class="nf">type</span><span class="p">(</span><span class="sh">"</span><span class="s">OrderStatus</span><span class="sh">"</span><span class="p">,</span> <span class="p">(),</span> <span class="p">{</span> <span class="sh">"</span><span class="s">order_id</span><span class="sh">"</span><span class="p">:</span> <span class="n">order_id</span><span class="p">,</span> <span class="sh">"</span><span class="s">customer_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Contoso Retail GmbH</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">lifecycle_status</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Blocked</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">delivery_block</span><span class="sh">"</span><span class="p">:</span> <span class="bp">None</span><span class="p">,</span> <span class="sh">"</span><span class="s">credit_block</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Credit exposure exceeded</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">net_value</span><span class="sh">"</span><span class="p">:</span> <span class="mf">18420.0</span><span class="p">,</span> <span class="sh">"</span><span class="s">currency</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">EUR</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">margin</span><span class="sh">"</span><span class="p">:</span> <span class="mf">0.42</span><span class="p">,</span> <span class="sh">"</span><span class="s">internal_note</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">Do not expose this</span><span class="sh">"</span><span class="p">,</span> <span class="p">})()</span> <span class="kn">import</span> <span class="n">tools</span> <span class="n">monkeypatch</span><span class="p">.</span><span class="nf">setattr</span><span class="p">(</span><span class="n">tools</span><span class="p">,</span> <span class="sh">"</span><span class="s">sap</span><span class="sh">"</span><span class="p">,</span> <span class="nc">FakeSap</span><span class="p">())</span> <span class="n">result</span> <span class="o">=</span> <span class="nf">get_order_status</span><span class="p">(</span><span class="sh">"</span><span class="s">4711000420</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="sh">"</span><span class="s">margin</span><span class="sh">"</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">result</span> <span class="k">assert</span> <span class="sh">"</span><span class="s">internal_note</span><span class="sh">"</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">result</span> <span class="k">assert</span> <span class="n">result</span><span class="p">[</span><span class="sh">"</span><span class="s">blocks</span><span class="sh">"</span><span class="p">][</span><span class="mi">0</span><span class="p">][</span><span class="sh">"</span><span class="s">type</span><span class="sh">"</span><span class="p">]</span> <span class="o">==</span> <span class="sh">"</span><span class="s">credit</span><span class="sh">"</span> </code></pre> </div> <p>A test like this is not glamorous. Good. Glamour is usually where agent projects start lying to themselves.</p> <h2> My take </h2> <p>For SAP integration, Azure AI Foundry becomes interesting when you stop treating it as a chatbot builder and start treating it as an orchestration layer with strict tool contracts.</p> <p>The model should explain. Your backend should decide what data exists, who can see it, and how it is fetched.</p> <p>That is less flashy than "natural language over SAP," but it is much closer to something I would trust in a real environment.</p> <p>Originally published at <a href="https://blog.bajonczak.com/a-practical-sap-agent-in-azure-ai-foundry-odata-in-governed-answer-out/" rel="noopener noreferrer">https://blog.bajonczak.com/a-practical-sap-agent-in-azure-ai-foundry-odata-in-governed-answer-out/</a>.</p> azure sap ai odata Der Sascha Mon, 16 Mar 2026 11:16:23 +0000 https://dev.to/saschadev/if-you-still-print-and-scan-contracts-in-2026-thats-a-security-bug-2p58 https://dev.to/saschadev/if-you-still-print-and-scan-contracts-in-2026-thats-a-security-bug-2p58 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq5ka4nh9ymd52ii29kgw.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fq5ka4nh9ymd52ii29kgw.png" alt="If You Still Print and Scan Contracts in 2026, That’s a Security Bug" width="800" height="533"></a></p> <p>In almost every company I visit, I still see the same scene: someone prints a contract, signs it with a pen, walks it over to a manager for a second signature, then scans it back in and sends a PDF around by email. Nobody really questions it, because “we’ve always done it that way”.</p> <p>In 2012, that was normal. In 2026, I’d call it a <strong>security bug</strong>.</p> <p>Not because paper is evil, but because the whole print–sign–scan workflow lives <em>outside</em> the security and compliance world you’ve already invested in. It’s hard to reconstruct who saw what, when. Copies land in places nobody tracks. And while you spend a lot of time and money hardening Microsoft 365 – Entra ID, Conditional Access, DLP, retention – one of your most important processes, signing agreements, is often running as a side quest next to it.</p> <p>In this post I want to explain why I see it that way and why Microsoft 365 eSignature is not just a “nice convenience feature”, but a real security and compliance upgrade.</p> <h2> What actually happens when you print and scan </h2> <p>Let’s be honest about what your paper signing flow really looks like.</p> <p>It usually starts in some system – ERP, CRM, DMS, whatever. Someone exports a contract as a PDF and saves it somewhere: on the desktop, in a random file share, in a personal OneDrive folder, wherever they have muscle memory.</p> <p>They print it. From that moment on, you have a physical copy lying around: on the printer, on a desk, in a stack of “I’ll deal with this later”. Nobody knows exactly how many people walk past it or glance at it.</p> <p>Then come signatures. The first person signs, the second is hunted down in the hallway, maybe there’s a last-minute change, so the whole thing is printed again, re-signed, re-scanned. At the end, the contract hits a scanner – often a shared multi‑function device that “belongs” to no one. The device drops a PDF into some generic scan folder or sends it via email from a technical SMTP account.</p> <p>From there, the file goes on tour: legal, finance, the customer, internal stakeholders. Everyone saves their own copy. Some people forward it, some print it again. Six months later, when you try to reconstruct who saw which version and who signed what, you end up doing email archaeology and digging through files named <code>final_contract_v7_signed_scan.pdf</code>.</p> <p>Formally, the process might still be “okay enough” to get by. But from a security and compliance perspective it’s a mess: uncontrolled digital copies, at least one physical copy, and at best a fuzzy audit trail.</p> <h2> What changes with Microsoft 365 eSignature </h2> <p>With Microsoft 365 eSignature, you move that signing flow into an environment that already knows a lot about your users and your documents:</p> <ul> <li>who the user is (Entra ID identity),</li> <li>which tenant they belong to,</li> <li>which policies apply (MFA, Conditional Access, DLP, retention),</li> <li>and where content is supposed to live.</li> </ul> <p>Instead of loosely connected PDFs and scans, you get a tracked signing workflow:</p> <ul> <li>a clear request that is initiated from within Microsoft 365,</li> <li>recipients that are real identities (internal Entra users or properly onboarded guests),</li> <li>and an audit trail that sits inside your existing compliance boundaries.</li> </ul> <p>On the practical side, that means:</p> <ul> <li>far fewer “Scan_0001.pdf” zombies in random mailboxes,</li> <li>no guessing which PDF is actually the final one,</li> <li>a much cleaner story for your DPO and your auditors.</li> </ul> <h3> Screenshot 1: Sending a request inside Microsoft 365 </h3> <p>This is where a visual helps. If you open the Microsoft adoption page for eSignature, you can see how the “send for signature” experience is meant to look directly inside Microsoft 365.</p> <p><em>In your blog, this is a good place to show a screenshot like:</em></p> <ul> <li>a real eSignature send dialog in Word, Outlook or SharePoint,</li> <li>with a document already selected, recipients added and fields configured.</li> </ul> <p>The point of that image is simple: signing doesn’t start on a printer anymore – it starts where the document already lives, inside Microsoft 365.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy8u38q00vn8svqybkv1l.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy8u38q00vn8svqybkv1l.png" alt="If You Still Print and Scan Contracts in 2026, That’s a Security Bug" width="151" height="104"></a></p> <h2> Why I call print–sign–scan a security bug </h2> <p>Security is not just about crypto and fancy products. It’s also about how easy it is for normal people to accidentally do the wrong thing.</p> <p>The classic print–sign–scan flow makes it trivial to do things you don’t actually want:</p> <ul> <li>leave sensitive contracts on shared printers,</li> <li>store “final” versions in personal file locations,</li> <li>forward PDFs from unmanaged devices or even private email accounts,</li> <li>lose track of which copy is the one that matters.</li> </ul> <p>You don’t need a malicious insider for this to be a problem. Normal, well‑meaning people create unnecessary attack surface simply because the process is messy and unstructured.</p> <p>When you move the same use case into Microsoft 365 eSignature, you don’t instantly become perfectly compliant. But you do something important:</p> <ul> <li>you anchor signing in your identity system (Entra ID),</li> <li>you reuse policies you already have (MFA, Conditional Access, DLP),</li> <li>and you cut down the number of uncontrolled copies by design.</li> </ul> <p>For me, that’s the difference between “we sort of manage” and “we are actively reducing attack surface”.</p> <h2> Where Microsoft 365 eSignature fits in the real world </h2> <p>I’m not saying Microsoft 365 eSignature replaces every signing solution on the planet. There are absolutely scenarios where a specialised provider like Adobe Acrobat Sign or DocuSign still makes more sense – for example:</p> <ul> <li>very complex external signing chains,</li> <li>highly regulated cross‑border scenarios,</li> <li>or very specific legal requirements in certain industries or jurisdictions.</li> </ul> <p>But there is a <em>huge</em> middle ground that looks the same in many organisations:</p> <ul> <li>internal HR flows (contracts, policy acknowledgements, consent forms),</li> <li>standard customer contracts and renewals,</li> <li>smaller vendor agreements,</li> <li>one‑off approvals and sign‑offs.</li> </ul> <p>For that space, the combination of Microsoft 365 + eSignature is almost too obvious:</p> <ul> <li>you already create and store documents there,</li> <li>your employees already authenticate with Entra ID,</li> <li>you already pay for the platform and its security features.</li> </ul> <p>Enabling eSignature doesn’t mean introducing yet another tool with its own identity silo. It means attaching a structured signing experience to something you’ve already secured.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi0vye7mlfr59nz8gl12q.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fi0vye7mlfr59nz8gl12q.png" alt="If You Still Print and Scan Contracts in 2026, That’s a Security Bug" width="800" height="449"></a></p> <p>This makes it obvious that signers are not dealing with some random scan attachment, but a structured flow with clear steps.</p> <h2> How I’d approach this as a security or IT owner </h2> <p>If I were responsible for security or IT in a mid‑sized company, I wouldn’t treat signing as a background chore anymore. I’d do a one‑time mapping of the main signing flows:</p> <ul> <li>Which flows are internal (HR, internal approvals)?</li> <li>Which flows hit customers or partners?</li> <li>Which flows are legally critical vs. “nice to have on record”?</li> </ul> <p>Then I’d split them into two buckets:</p> <ul> <li> <strong>high complexity / high risk</strong> – this is where a specialised provider might remain the best option,</li> <li> <strong>high volume / moderate complexity</strong> – this is where Microsoft 365 eSignature is a very strong default.</li> </ul> <p>For that second bucket, I’d explicitly flip the default:</p> <blockquote> <p>“If this scenario can run through Microsoft 365 eSignature, that’s what we do. Printing and scanning is the exception, not the standard.”</p> </blockquote> <p>That change alone doesn’t transform your entire security posture overnight, but it nudges a huge amount of day‑to‑day work into a safer, more traceable pattern. And it gives you a far cleaner story when someone asks:</p> <ul> <li>Who approved this?</li> <li>When exactly did they sign?</li> <li>How long do we keep the signed version?</li> <li>What happens if we need to prove this in front of an auditor or a regulator?</li> </ul> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuenhdy04986se6enw0rv.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuenhdy04986se6enw0rv.png" alt="If You Still Print and Scan Contracts in 2026, That’s a Security Bug" width="800" height="447"></a></p> <p>This is the picture you want in people’s heads when they think about “how signing works here” – not a pile of PDFs in someone’s mailbox.</p> <h2> Conclusion: stop treating signatures as a side quest </h2> <p>Print–sign–scan survived for a long time because it “kind of worked” and everyone knew how to use a printer. But in 2026, when you’re already investing heavily into identity, cloud security and compliance, it doesn’t make sense to run a core business process on the side, disconnected from all of that.</p> <p>Taking Microsoft 365 eSignature seriously means treating signing like any other critical process:</p> <ul> <li>bound to real identities,</li> <li>protected by the policies you already have,</li> <li>and visible in an audit trail you can actually explain.</li> </ul> <p>That’s why I’m comfortable calling the old print–sign–scan approach a security bug in 2026. Not because it never worked, but because there’s now a much better default available – and choosing not to use it is, in many environments, a conscious decision to accept more risk than you need to.</p> m365 esignature security compliance Der Sascha Sun, 15 Mar 2026 11:15:59 +0000 https://dev.to/saschadev/mcp-is-not-magic-its-just-a-cleaner-way-to-admit-you-need-an-orchestrator-am9 https://dev.to/saschadev/mcp-is-not-magic-its-just-a-cleaner-way-to-admit-you-need-an-orchestrator-am9 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4kjgrqbq69kmw6fydw8y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F4kjgrqbq69kmw6fydw8y.png" alt="MCP Is Not Magic – It’s Just a Cleaner Way to Admit You Need an Orchestrator" width="800" height="533"></a></p> <p>Every few months there is a new framework that supposedly “changes everything” about how we build AI systems.</p> <p>Right now, MCP and Foundry are in that spotlight.</p> <p>If you read some of the marketing posts, you get the impression that MCP is a kind of magic dust you sprinkle on your agents and suddenly everything is more powerful, safer and easier to manage.</p> <p>I don’t buy that.</p> <p>I like MCP. I like Foundry. But not because they are magic.</p> <blockquote> <p>MCP is essentially a cleaner way to admit that you need an orchestrator.</p> </blockquote> <p>In this post I want to unpack what that means, using a very concrete example: an agent that understands the gap between SAP / SuccessFactors and Entra ID, and reports identity drift back to you.</p> <h2> 1. The reality before MCP: ad-hoc glue everywhere </h2> <p>Before MCP/Foundry, most “agents” in companies looked like this:</p> <ul> <li>a chat UI somewhere (Teams bot, web frontend, Slack app),</li> <li>a backend service written in whoever’s favourite language,</li> <li>a bunch of custom HTTP endpoints or SDK calls to systems like SAP, Entra, Jira, Confluence, ServiceNow, …</li> <li>some prompt engineering and an LLM call glued on top.</li> </ul> <p>If you were disciplined, you at least hid those systems behind a minimal set of APIs:</p> <ul> <li> <code>getUserProfile(email)</code> instead of “call SAP, then Graph, then some random DB”,</li> <li> <code>createTicket(summary, details)</code> instead of “POST to Jira with a half-baked payload”.</li> </ul> <p>If you weren’t, your agent prompt probably contained a free-form explanation like:</p> <blockquote> <p>“When you need SAP data, call this URL with this payload. When you need Entra data, call this other URL…”</p> </blockquote> <p>It worked, but it was fragile and hard to reason about.</p> <h2> 2. What MCP actually gives you </h2> <p>MCP (Model Context Protocol) formalises something many of us were already doing intuitively:</p> <ul> <li>you describe tools in a machine-readable way,</li> <li>you keep business logic and credentials on your side,</li> <li>the agent gets a clean menu of what it can do and how to call it.</li> </ul> <p>Instead of informal “when you need SAP…” paragraphs, you get structured capabilities like:</p> <ul> <li><code>sap_list_users(limit)</code></li> <li><code>entra_list_users(limit)</code></li> <li><code>report_mismatches(filter)</code></li> </ul> <p>Foundry builds on top of this by giving you a consistent runtime, hosting and lifecycle around those tools.</p> <p>None of that is magic. It’s just good software engineering discipline encoded into a protocol and a platform.</p> <h2> 3. Example: A Sync Insights agent on MCP/Foundry </h2> <p>Let’s make this less abstract.</p> <p>Imagine you want an agent that can answer questions like:</p> <ul> <li>“Show me active SAP employees who don’t have an Entra account.”</li> <li>“Where do department attributes differ between SAP and Entra?”</li> <li>“Which Entra accounts look like they should have been deprovisioned already?”</li> </ul> <p>Under the hood you need three things:</p> <ol> <li>an SAP/SuccessFactors API client,</li> <li>an Entra ID client (Microsoft Graph),</li> <li>a bit of logic that compares both and reports mismatches.</li> </ol> <p>With MCP/Foundry, you expose this as a small set of tools instead of one giant do-everything endpoint.</p> <h3> 3.1. Tool-level view </h3> <p>The tools might look like this in conceptual terms:</p> <ul> <li> <code>sap_list_users(limit, departmentFilter)</code> – returns a normalised list of SAP users.</li> <li> <code>entra_list_users(limit, departmentFilter)</code> – returns a normalised list of Entra users.</li> <li> <code>report_mismatches(scope)</code> – returns a summary of differences between both sides.</li> </ul> <p>The Sync Insights agent doesn’t need to know how SAP authentication works or which Entra Graph scopes you requested. It only “sees” the tools.</p> <p>Behind those tools lives your service code – written in Node, .NET, whatever you like – that you can test like any other backend.</p> <h3> 3.2. Why this is better than pure prompt glue </h3> <p>The benefits are subtle but important:</p> <ul> <li> <strong>Discoverability</strong> : tools are explicit. You can introspect them, generate docs, reason about what the agent can and cannot do.</li> <li> <strong>Security</strong> : credentials stay in your server. The agent never sees SAP passwords or client secrets.</li> <li> <strong>Reusability</strong> : the same toolset can be used by multiple agents, CLI tools, scripts.</li> <li> <strong>Testability</strong> : you can unit test <code>report_mismatches()</code> without an LLM in the loop.</li> </ul> <p>You could have built all of this without MCP, of course. But MCP gives you a shared language and wiring for it.</p> <h2> 4. Where Foundry adds value </h2> <p>Foundry is essentially a home for your MCP tools and agents.</p> <p>From my perspective, its value in this story comes from:</p> <ul> <li> <strong>standardised hosting</strong> for your agents and tools (no more “where is that container running again?”),</li> <li> <strong>configuration and environment separation</strong> (dev vs. prod, different tenants),</li> <li> <strong>observability</strong> : calls, latency, errors per tool,</li> <li>and a place to evolve your agents over time without rewriting everything.</li> </ul> <p>For the Sync Insights agent, a Foundry setup might look like:</p> <ul> <li>one Foundry project per organisation/tenant,</li> <li>a tool bundle exposing SAP and Entra operations,</li> <li>an “Insights” agent that knows how to combine them.</li> </ul> <p>From there, you can connect different frontends:</p> <ul> <li>a Teams message extension,</li> <li>a simple web UI for identity admins,</li> <li>scheduled runs that post reports into a channel.</li> </ul> <h2> 5. The orchestrator question you can’t dodge </h2> <p>MCP and Foundry don’t change a fundamental truth about non-trivial AI systems:</p> <blockquote> <p>Somewhere, you need an orchestrator that decides which tools to call, in which order, and with which data.</p> </blockquote> <p>You can pretend that this logic “just happens” inside the LLM because you wrote a long prompt. Or you can admit that:</p> <ul> <li>part of that orchestration belongs in the model (planning, natural language understanding),</li> <li>and part of it belongs in your code (validation, retries, safety checks, state).</li> </ul> <p>MCP makes that split a bit more honest: tools are first-class citizens. Foundry gives you a place to run them.</p> <p>But you still have to design:</p> <ul> <li>which tools an agent is allowed to use,</li> <li>what a “good plan” looks like for a given workflow,</li> <li>and where you want a human in the loop.</li> </ul> <h2> 6. Where I see the sweet spot for MCP + Foundry </h2> <p>In my own projects, the combination of MCP and Foundry shines when:</p> <ul> <li>I have to integrate multiple enterprise systems (SAP, Entra, Jira, Confluence, ticketing),</li> <li>I want to keep all real credentials and complexity in a backend I own,</li> <li>but I want agents to feel like they have a unified “brain” for these systems.</li> </ul> <p>The Sync Insights agent is a great fit for this:</p> <ul> <li>it’s cross-system by nature (HR vs. Identity),</li> <li>it’s read-heavy and insight-focused (perfect for AI summarisation),</li> <li>it benefits massively from being able to call multiple tools in a single conversation.</li> </ul> <p>I wouldn’t use MCP/Foundry for a one-off “call this single API and return JSON” plugin – that’s overkill. But the moment you’re juggling several systems and workflows, you need an orchestrator anyway. MCP just gives that orchestrator a standard shape.</p> <h2> 7. My take </h2> <p>I don’t see MCP or Foundry as magic. I see them as an honest acknowledgement that:</p> <ul> <li>tool calls matter,</li> <li>backends matter,</li> <li>and orchestration is too important to hide in a prompt.</li> </ul> <p>For scenarios like SAP ↔ Entra Sync Insights, that’s exactly what I want:</p> <ul> <li>a clean set of tools that express what my backend can do,</li> <li>a platform that runs them with proper observability,</li> <li>and agents that are powerful because their world is well-structured – not because we believed in magic.</li> </ul> <p>If you go into MCP/Foundry with that mindset, you’re less likely to be disappointed – and much more likely to build something that survives the next hype cycle.</p> mcp foundry aiagents orchestration Der Sascha Sat, 14 Mar 2026 12:02:47 +0000 https://dev.to/saschadev/sap-vs-entra-id-why-your-user-sync-should-be-a-product-not-a-script-1227 https://dev.to/saschadev/sap-vs-entra-id-why-your-user-sync-should-be-a-product-not-a-script-1227 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxti8jk8a828jr92b94b4.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fxti8jk8a828jr92b94b4.png" alt="SAP vs. Entra ID: Why Your User Sync Should Be a Product, Not a Script" width="800" height="533"></a></p> <p>In a lot of organisations I talk to, the story sounds like this:</p> <ul> <li>SAP (or SuccessFactors) is the source of truth for people and org structure.</li> <li>Entra ID (formerly Azure AD) is the front door for apps and services.</li> <li>Somewhere between them lives a “sync”.</li> </ul> <p>When you ask what that sync is, you usually get one of these answers:</p> <ul> <li>“We have a script for that.”</li> <li>“That’s handled by a black-box connector, don’t touch it.”</li> <li>“IT and HR sort it out manually when things break.”</li> </ul> <p>That might have been acceptable in 2012. In 2026, with hundreds of SaaS apps behind Entra, compliance requirements and AI agents that can act on top of your identity graph, I think that mindset is dangerous.</p> <p>My argument in this post is simple:</p> <blockquote> <p>Your SAP ↔ Entra ID user sync is not a script. It’s a <strong>product</strong>.</p> </blockquote> <p>And you should treat it like one.</p> <h2> 1. What goes wrong when sync is “just a script” </h2> <p>When user sync is an invisible background job, a couple of things tend to happen:</p> <ul> <li>Responsibilities are fuzzy (“Is this HR’s fault or IT’s fault?”).</li> <li>There is no clear SLO (“How long until changes in SAP show up in Entra?”).</li> <li>Drift accumulates silently:</li> <li>departments don’t match,</li> <li>people who left still have accounts,</li> <li>service accounts live forever,</li> <li>shadow roles are assigned and never cleaned up.</li> <li>Nobody has a simple answer to “How many users are in SAP but not in Entra (and vice versa)?”.</li> </ul> <p>When you then start layering things like Conditional Access, Just-in-Time access or Copilot on top of Entra, this drift turns from nuisance into real risk.</p> <h2> 2. Thinking of sync as a product </h2> <p>If you treat the SAP ↔ Entra sync as a product, the conversation changes.</p> <p>A product has:</p> <ul> <li>a clear <strong>scope</strong> and responsible owner,</li> <li>defined <strong>inputs</strong> and <strong>outputs</strong> ,</li> <li> <strong>health metrics</strong> and SLOs,</li> <li>and a roadmap for improvement.</li> </ul> <p>In this framing, the sync product might be responsible for:</p> <ul> <li>keeping core identity attributes aligned (name, department, manager, employment status),</li> <li>ensuring there are no “orphaned” accounts (SAP-only or Entra-only, within agreed rules),</li> <li>providing reliable data for downstream systems (RBAC, licences, security policies),</li> <li>and giving HR / IT <strong>insights</strong> about drift, not just blind automation.</li> </ul> <p>This is where I like the idea of an AI-assisted <strong>Sync Insights agent</strong> on top of the raw mechanics.</p> <h2> 3. A Sync Insights agent as a first-class tool </h2> <p>In a previous post, I sketched an MCP-based agent that:</p> <ul> <li>talks to SAP/SuccessFactors via API,</li> <li>talks to Entra ID via Microsoft Graph,</li> <li>compares both sides,</li> <li>and returns a structured report of mismatches.</li> </ul> <p>The key twist is: it doesn’t auto-fix anything. It gives you visibility.</p> <p>Conceptually the flow looks like this:</p> <p><a href="https://mermaid.live/edit?ref=blog.bajonczak.com#pako:eNplkF9rwjAUxb9KuM_V1dpomodBmU6FbYy6p7U-hPbaFmwi-cPmxO--pMJe9hC4nJz87sm5Qq0aBA7Hk_qqO6EteSkqScg-fy_9IQ9k7-oajXkWtVXaHMhkQpxBbfzwSPJNub_Imuyk6dvOGpK3KO0hENZvH0VerqXVguxW_94FS74Jqsaz8nuDvC3KbeF37hpP6e2FfKAYRhohEMGAehB94-Neg1aB7XDACrgfGzwKd7IVVPLmrcJZFZIBP4qTwQjcuREWV71otRiAW-28eBYS-BW-gc-W6TTJaDpjLFnGcbxYRnDxMp16KZsvUsYWSZrQ9BbBj1KeMJvSOYszmswpS1LK6Ij7HO_udGx6X9nrveCx5wi0cm33F6rV4Td3t0bZoH5STlrg2e0Xy9F9vA" rel="noopener noreferrer"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Ff8bhy0747yvr3a4ivg1c.png" alt="SAP vs. Entra ID: Why Your User Sync Should Be a Product, Not a Script" width="800" height="172"></a></p> <p>The agent can answer questions like:</p> <ul> <li>“Show me all active employees in SAP who have no Entra account.”</li> <li>“List Entra accounts not present in SAP (excluding technical accounts).”</li> <li>“Where do department attributes differ between SAP and Entra?”</li> </ul> <p>Under the hood, you can structure it as a small Node/TypeScript service (or a Foundry agent) with tools like:</p> <ul> <li><code>sap_list_users(limit)</code></li> <li><code>entra_list_users(limit)</code></li> <li><code>report_mismatches(filters)</code></li> </ul> <p>From a Foundry/MCP perspective, the implementation details are less important than the principle: you expose <strong>high-level capabilities</strong> , not raw SQL or shell.</p> <h3> 3.1. Example: computing mismatches </h3> <p>This is roughly what the core comparison might look like (simplified):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="kd">type</span> <span class="nx">SapUser</span> <span class="o">=</span> <span class="p">{</span> <span class="na">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">department</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="p">};</span> <span class="kd">type</span> <span class="nx">EntraUser</span> <span class="o">=</span> <span class="p">{</span> <span class="na">userPrincipalName</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">mail</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">department</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="p">};</span> <span class="kd">type</span> <span class="nx">SyncMismatch</span> <span class="o">=</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MissingInEntra</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">MissingInSap</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">AttributeMismatch</span><span class="dl">'</span><span class="p">;</span> <span class="nl">sapUser</span><span class="p">?:</span> <span class="nx">SapUser</span><span class="p">;</span> <span class="nl">entraUser</span><span class="p">?:</span> <span class="nx">EntraUser</span><span class="p">;</span> <span class="nl">details</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> <span class="kd">function</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">):</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">email</span> <span class="p">?</span> <span class="nx">email</span><span class="p">.</span><span class="nf">trim</span><span class="p">().</span><span class="nf">toLowerCase</span><span class="p">()</span> <span class="p">:</span> <span class="kc">null</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">computeMismatches</span><span class="p">(</span> <span class="nx">sapUsers</span><span class="p">:</span> <span class="nx">SapUser</span><span class="p">[],</span> <span class="nx">entraUsers</span><span class="p">:</span> <span class="nx">EntraUser</span><span class="p">[]</span> <span class="p">):</span> <span class="nx">SyncMismatch</span><span class="p">[]</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">mismatches</span><span class="p">:</span> <span class="nx">SyncMismatch</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">entraByEmail</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">entraByUpn</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Map</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">e</span> <span class="k">of</span> <span class="nx">entraUsers</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailNorm</span> <span class="o">=</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">mail</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">)</span> <span class="nx">entraByEmail</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">,</span> <span class="nx">e</span><span class="p">);</span> <span class="nx">entraByUpn</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">userPrincipalName</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">(),</span> <span class="nx">e</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// SAP -&gt; Entra</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">s</span> <span class="k">of</span> <span class="nx">sapUsers</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailNorm</span> <span class="o">=</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">email</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">match</span><span class="p">:</span> <span class="nx">EntraUser</span> <span class="o">|</span> <span class="kc">undefined</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">)</span> <span class="nx">match</span> <span class="o">=</span> <span class="nx">entraByEmail</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">match</span><span class="p">)</span> <span class="nx">match</span> <span class="o">=</span> <span class="nx">entraByUpn</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">());</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">match</span><span class="p">)</span> <span class="p">{</span> <span class="nx">mismatches</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MissingInEntra</span><span class="dl">'</span><span class="p">,</span> <span class="na">sapUser</span><span class="p">:</span> <span class="nx">s</span><span class="p">,</span> <span class="na">details</span><span class="p">:</span> <span class="s2">`No Entra user for SAP userId=</span><span class="p">${</span><span class="nx">s</span><span class="p">.</span><span class="nx">userId</span><span class="p">}</span><span class="s2">, email=</span><span class="p">${</span><span class="nx">s</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">});</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">sapDept</span> <span class="o">=</span> <span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">department</span> <span class="o">||</span> <span class="dl">''</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">entraDept</span> <span class="o">=</span> <span class="p">(</span><span class="nx">match</span><span class="p">.</span><span class="nx">department</span> <span class="o">||</span> <span class="dl">''</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">sapDept</span> <span class="o">&amp;&amp;</span> <span class="nx">entraDept</span> <span class="o">&amp;&amp;</span> <span class="nx">sapDept</span> <span class="o">!==</span> <span class="nx">entraDept</span><span class="p">)</span> <span class="p">{</span> <span class="nx">mismatches</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">AttributeMismatch</span><span class="dl">'</span><span class="p">,</span> <span class="na">sapUser</span><span class="p">:</span> <span class="nx">s</span><span class="p">,</span> <span class="na">entraUser</span><span class="p">:</span> <span class="nx">match</span><span class="p">,</span> <span class="na">details</span><span class="p">:</span> <span class="s2">`Department mismatch: SAP="</span><span class="p">${</span><span class="nx">sapDept</span><span class="p">}</span><span class="s2">" vs ENTRA="</span><span class="p">${</span><span class="nx">entraDept</span><span class="p">}</span><span class="s2">"`</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// Entra -&gt; SAP</span> <span class="kd">const</span> <span class="nx">sapEmails</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">(</span> <span class="nx">sapUsers</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">s</span> <span class="o">=&gt;</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">email</span><span class="p">)).</span><span class="nf">filter</span><span class="p">((</span><span class="nx">e</span><span class="p">):</span> <span class="nx">e</span> <span class="k">is</span> <span class="kr">string</span> <span class="o">=&gt;</span> <span class="o">!!</span><span class="nx">e</span><span class="p">)</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">sapUserIds</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">(</span><span class="nx">sapUsers</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">s</span> <span class="o">=&gt;</span> <span class="nx">s</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">()));</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">e</span> <span class="k">of</span> <span class="nx">entraUsers</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailNorm</span> <span class="o">=</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">mail</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">upn</span> <span class="o">=</span> <span class="nx">e</span><span class="p">.</span><span class="nx">userPrincipalName</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">emailInSap</span> <span class="o">=</span> <span class="nx">emailNorm</span> <span class="o">&amp;&amp;</span> <span class="nx">sapEmails</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">idInSap</span> <span class="o">=</span> <span class="nx">sapUserIds</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">upn</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">emailInSap</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">idInSap</span><span class="p">)</span> <span class="p">{</span> <span class="nx">mismatches</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MissingInSap</span><span class="dl">'</span><span class="p">,</span> <span class="na">entraUser</span><span class="p">:</span> <span class="nx">e</span><span class="p">,</span> <span class="na">details</span><span class="p">:</span> <span class="s2">`No SAP user for Entra UPN=</span><span class="p">${</span><span class="nx">e</span><span class="p">.</span><span class="nx">userPrincipalName</span><span class="p">}</span><span class="s2">, mail=</span><span class="p">${</span><span class="nx">e</span><span class="p">.</span><span class="nx">mail</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">mismatches</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <p>You can then have the agent format this into a CSV, a table in Teams, or a ticket summary – whatever your identity team prefers.</p> <h2> 4. Where Foundry fits into this picture </h2> <p>Foundry (and MCP in general) gives you a more structured way to expose these tools to agents:</p> <ul> <li>you describe tools like <code>sap_list_users</code>, <code>entra_list_users</code>, <code>report_mismatches</code> in a machine-readable schema,</li> <li>you keep all credentials and real logic in your backend,</li> <li>the agent orchestrates calls and presents results, but doesn’t hold secrets.</li> </ul> <p>In practice, I’d see a stack like:</p> <ul> <li>SAP API client + Entra Graph client (Node/TS, .NET, whatever you like),</li> <li>a thin Foundry/MCP server that exposes “Sync Insights” tools,</li> <li>a Foundry agent (or Copilot Studio scenario) that uses those tools to answer identity questions.</li> </ul> <p>The key point is: Foundry is not the sync engine. It’s the orchestration/interaction layer on top of the engine.</p> <h2> 5. Security trimming and guardrails </h2> <p>Identity data is sensitive. A Sync Insights agent should be held to the same standards as any identity admin tool.</p> <p>A few guardrails I’d put in place:</p> <ul> <li>Run the backend under a dedicated identity with scoped permissions:</li> <li>for SAP: read-only on the relevant endpoints,</li> <li>for Entra: limited Graph permissions (no Directory.AccessAsUser.All in production).</li> <li>Record who asked which question and when, for auditing.</li> <li>Make clear that the agent does <strong>not</strong> auto-fix anything; it only reports.</li> <li>Expose “dangerous” actions (e.g. disable accounts, modify groups) via separate, more tightly controlled tools – or not at all.</li> </ul> <p>The goal is to have an agent that helps you see problems early, not an unsupervised system that changes identities on the fly because a prompt asked nicely.</p> <h2> 6. Treating sync as a product: what changes in practice? </h2> <p>If you accept the idea that SAP ↔ Entra sync is a product, a few concrete changes tend to follow:</p> <ul> <li>You assign an owner (or small team) responsible for identity integrity between the two systems.</li> <li>You define what “healthy” looks like (drift thresholds, sync latency, allowed exceptions).</li> <li>You invest in <strong>observability</strong> (reports, dashboards, agents) instead of just “it runs at 3am”.</li> <li>You give HR and IT a shared view of where reality and systems disagree.</li> </ul> <p>Once you have that foundation, layering Foundry/MCP-style agents on top becomes a force multiplier instead of a risky experiment.</p> <h2> 7. My take </h2> <p>In 2026, SAP and Entra are not going away. If anything, they’re getting tighter and more central as identity sources.</p> <p>You can treat the sync between them as:</p> <ul> <li>“that one script we inherited from someone who left”,</li> <li>or as a small but critical <strong>product</strong> with proper attention.</li> </ul> <p>If you pick the second option, things like Sync Insights agents, Foundry tools and AI-based reporting suddenly make a lot more sense – because sie sitzen auf einem Fundament, das jemand bewusst gebaut und verantwortet.</p> <p>And that, in my view, is the only way to bring AI into identity management without waking up one day and realising nobody really knows who is supposed to have access to what.</p> sap entraid identity foundry Der Sascha Wed, 11 Mar 2026 17:35:21 +0000 https://dev.to/saschadev/stop-feeding-copilot-everything-where-bring-your-own-data-should-have-hard-limits-53e https://dev.to/saschadev/stop-feeding-copilot-everything-where-bring-your-own-data-should-have-hard-limits-53e <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6e0jbv03m5q7pzpyxsth.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F6e0jbv03m5q7pzpyxsth.png" alt="Stop Feeding Copilot Everything: Where ‘Bring Your Own Data’ Should Have Hard Limits" width="800" height="533"></a></p> <p>“Bring your own data” is the new magic phrase in the Copilot world. Vendors demo it as if you can just flip a switch and suddenly your AI assistant knows everything your company knows.</p> <p>Technically, you <em>can</em> plug a lot of sources into Microsoft 365 Copilot: SharePoint, file shares, Confluence, Jira, databases, custom APIs…</p> <p>The more interesting question is:</p> <blockquote> <p>Which data should you <strong>never</strong> feed into a generic Copilot in the first place?</p> </blockquote> <p>In this post I’ll argue for some hard limits on “bring your own data”, based on:</p> <ul> <li>where Security Trimming actually works out of the box,</li> <li>where you need your own guardrails,</li> <li>and where the right answer is simply “No, this doesn’t go into Copilot at all.”</li> </ul> <h2> 1. Where Copilot is naturally strong: M365 content with sane permissions </h2> <p>Let’s start with the part that works best:</p> <ul> <li>documents in SharePoint and OneDrive,</li> <li>conversations in Teams,</li> <li>emails in Exchange,</li> <li>tasks/plans in Planner, etc.</li> </ul> <p>All of this flows into the Microsoft Graph index and Microsoft Search. When Copilot asks Graph for context, <strong>Graph enforces ACLs</strong> for the current user. If Alice doesn’t have access to a file, it doesn’t show up in her Copilot answers.</p> <p>That doesn’t mean you’re done – you still need to:</p> <ul> <li>stop dumping “secret CEO docs” into broad collaboration sites,</li> <li>avoid overusing “Everyone except external users” on sensitive libraries,</li> <li>and generally treat SharePoint as a real DMS, not a file dump.</li> </ul> <p>But at least the security model is clear and enforced at the platform level.</p> <h2> 2. Where BYO data starts to hurt: external sources without proper trimming </h2> <p>The story changes once you plug in external systems:</p> <ul> <li>Confluence wikis,</li> <li>file shares,</li> <li>line-of-business apps,</li> <li>databases, custom APIs…</li> </ul> <p>There are roughly two ways people do this today:</p> <ol> <li>Microsoft Graph connectors that index external content as <code>externalItem</code>.</li> <li>Custom agents/plugins that call your APIs at runtime.</li> </ol> <p>Both are valid. Both can be safe. Both can be incredibly dangerous if you ignore Security Trimming.</p> <h3> 2.1. The “god mode service account” trap </h3> <p>A common anti-pattern looks like this:</p> <ul> <li>Copilot calls a custom connector / agent.</li> <li>The agent uses a technical account to query Confluence, Jira, SQL, etc.</li> <li>That account can see “everything”.</li> <li>The agent returns whatever it finds to Copilot, regardless of who is asking.</li> </ul> <p>You’ve effectively built a very polite internal data exfiltration tool.</p> <p>Queries like:</p> <ul> <li>“List upcoming restructurings.”</li> <li>“What are the salaries of senior engineers in Germany?”</li> <li>“Show me current investigation reports.”</li> </ul> <p>might not return anything in normal M365 search, but suddenly work great via Copilot – because you gave one backend user access to all of it.</p> <h2> 3. Categories of data that should trigger a hard “why?” </h2> <p>Before talking about mechanics, let’s be very clear on <strong>what</strong> we’re talking about.</p> <p>Whenever someone suggests “let’s bring system X into Copilot”, I’d ask:</p> <ul> <li>Does this system contain any of the following?</li> <li> <strong>HR &amp; compensation data</strong> Salaries, bonuses, performance reviews, promotion decisions, layoff lists.</li> <li> <strong>Legal &amp; compliance data</strong> Investigations, incident reports, privileged legal advice, whistleblower cases.</li> <li> <strong>Security-sensitive logs &amp; configs</strong> Firewall rules, security incident logs, vulnerability reports, secrets.</li> <li> <strong>Highly regulated customer data</strong> Health records, financial transaction details, anything under strict regulation.</li> </ul> <p>If the answer is “yes”, I’d default to:</p> <ul> <li> <strong>no generic Copilot access</strong> to that system,</li> <li>or only carefully scoped, role-specific agents with explicit topic guards.</li> </ul> <p>Not “never”, but “only with a very conscious design”.</p> <h2> 4. Graph connectors: powerful, but ACLs are everything </h2> <p>Graph connectors extend the Microsoft Search/Copilot index to external content sources. They’re great when:</p> <ul> <li>content is mostly read-only,</li> <li>you can express permissions as ACLs,</li> <li>and you’re okay with near-real-time instead of per-request freshness.</li> </ul> <p>The security story:</p> <ul> <li>you push items as <code>externalItem</code> into an <code>externalConnection</code>,</li> <li>each item carries an <code>acl</code> array,</li> <li>Graph uses that ACL when answering searches and Copilot requests.</li> </ul> <p>If your ACLs are wrong, your security is wrong.</p> <p>Example (TypeScript, simplified):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="nx">fetch</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">node-fetch</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">GRAPH_BASE</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">https://graph.microsoft.com/v1.0</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">CONNECTION_ID</span> <span class="o">=</span> <span class="dl">'</span><span class="s1">contosoConfluence</span><span class="dl">'</span><span class="p">;</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getAppToken</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="c1">// client credentials flow for your app registration</span> <span class="k">return</span> <span class="dl">'</span><span class="s1">&lt;token&gt;</span><span class="dl">'</span><span class="p">;</span> <span class="p">}</span> <span class="kd">type</span> <span class="nx">SourcePage</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">url</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">body</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">allowedUsers</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="c1">// AAD IDs or UPNs</span> <span class="nl">forbiddenUsers</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="c1">// optional explicit deny list</span> <span class="p">};</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">pushExternalItem</span><span class="p">(</span><span class="nx">page</span><span class="p">:</span> <span class="nx">SourcePage</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAppToken</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">grantAcl</span> <span class="o">=</span> <span class="nx">page</span><span class="p">.</span><span class="nx">allowedUsers</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">userId</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">userId</span><span class="p">,</span> <span class="na">accessType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">grant</span><span class="dl">'</span> <span class="k">as</span> <span class="kd">const</span> <span class="p">}));</span> <span class="kd">const</span> <span class="nx">denyAcl</span> <span class="o">=</span> <span class="p">(</span><span class="nx">page</span><span class="p">.</span><span class="nx">forbiddenUsers</span> <span class="o">??</span> <span class="p">[]).</span><span class="nf">map</span><span class="p">(</span><span class="nx">userId</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">user</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">userId</span><span class="p">,</span> <span class="na">accessType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">deny</span><span class="dl">'</span> <span class="k">as</span> <span class="kd">const</span> <span class="p">}));</span> <span class="kd">const</span> <span class="nx">item</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="nx">page</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="nx">page</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="nx">page</span><span class="p">.</span><span class="nx">url</span> <span class="p">},</span> <span class="na">content</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">text</span><span class="dl">'</span><span class="p">,</span> <span class="na">value</span><span class="p">:</span> <span class="nx">page</span><span class="p">.</span><span class="nx">body</span> <span class="p">},</span> <span class="na">acl</span><span class="p">:</span> <span class="p">[...</span><span class="nx">grantAcl</span><span class="p">,</span> <span class="p">...</span><span class="nx">denyAcl</span><span class="p">]</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">res</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">fetch</span><span class="p">(</span> <span class="s2">`</span><span class="p">${</span><span class="nx">GRAPH_BASE</span><span class="p">}</span><span class="s2">/external/connections/</span><span class="p">${</span><span class="nx">CONNECTION_ID</span><span class="p">}</span><span class="s2">/items/</span><span class="p">${</span><span class="nx">page</span><span class="p">.</span><span class="nx">id</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">{</span> <span class="na">method</span><span class="p">:</span> <span class="dl">'</span><span class="s1">PUT</span><span class="dl">'</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/json</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Authorization</span><span class="dl">'</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="na">body</span><span class="p">:</span> <span class="nx">JSON</span><span class="p">.</span><span class="nf">stringify</span><span class="p">(</span><span class="nx">item</span><span class="p">)</span> <span class="p">}</span> <span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">res</span><span class="p">.</span><span class="nx">ok</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">Failed to push externalItem</span><span class="dl">'</span><span class="p">,</span> <span class="k">await</span> <span class="nx">res</span><span class="p">.</span><span class="nf">text</span><span class="p">());</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">graph_error</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="p">}</span> </code></pre> </div> <p>If you take the time to map your external permissions into these ACLs properly, Graph will do the trimming for you. If you don’t, you’re back to square one.</p> <h2> 5. Custom agents: your backend <em>is</em> the security model </h2> <p>For live data and actions (“create ticket”, “get current balance”, “trigger deployment”), Graph connectors aren’t enough. You need an agent that calls your APIs.</p> <p>The architecture looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>flowchart LR U[User] -- ask --&gt; C[Copilot] C -- call tool --&gt; A[Agent] A -- HTTP --&gt; B[Your Backend] B --&gt; SYS[Systems] </code></pre> </div> <p>Here, your backend is the entire security model.</p> <p>Minimal pattern in Node/Express:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// permissions.ts</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">UserContext</span> <span class="o">=</span> <span class="p">{</span> <span class="na">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">roles</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">groups</span><span class="p">:</span> <span class="kr">string</span><span class="p">[];</span> <span class="p">};</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getUserPermissions</span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">UserContext</span> <span class="o">|</span> <span class="kc">null</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">entry</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">directoryLookup</span><span class="p">(</span><span class="nx">email</span><span class="p">);</span> <span class="c1">// Entra / IAM lookup</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">entry</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="p">{</span> <span class="nx">email</span><span class="p">,</span> <span class="na">roles</span><span class="p">:</span> <span class="nx">entry</span><span class="p">.</span><span class="nx">roles</span><span class="p">,</span> <span class="na">groups</span><span class="p">:</span> <span class="nx">entry</span><span class="p">.</span><span class="nx">groups</span> <span class="p">};</span> <span class="p">}</span> <span class="c1">// acl.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">UserContext</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./permissions</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">DocumentAcl</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">allowedRoles</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">allowedGroups</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="nl">forbiddenRoles</span><span class="p">?:</span> <span class="kr">string</span><span class="p">[];</span> <span class="p">};</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">ExternalDoc</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">url</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">content</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">acl</span><span class="p">:</span> <span class="nx">DocumentAcl</span><span class="p">;</span> <span class="p">};</span> <span class="kd">function</span> <span class="nf">hasAccess</span><span class="p">(</span><span class="nx">doc</span><span class="p">:</span> <span class="nx">ExternalDoc</span><span class="p">,</span> <span class="nx">user</span><span class="p">:</span> <span class="nx">UserContext</span><span class="p">):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">allowedRoles</span><span class="p">,</span> <span class="nx">allowedGroups</span><span class="p">,</span> <span class="nx">forbiddenRoles</span> <span class="p">}</span> <span class="o">=</span> <span class="nx">doc</span><span class="p">.</span><span class="nx">acl</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">forbiddenRoles</span> <span class="o">&amp;&amp;</span> <span class="nx">forbiddenRoles</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&gt;</span> <span class="nx">user</span><span class="p">.</span><span class="nx">roles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">r</span><span class="p">)))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">allowedRoles</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">allowedGroups</span><span class="p">)</span> <span class="p">{</span> <span class="c1">// Default: visible to all employees</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">allowedRoles</span> <span class="o">&amp;&amp;</span> <span class="nx">allowedRoles</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&gt;</span> <span class="nx">user</span><span class="p">.</span><span class="nx">roles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">r</span><span class="p">)))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="nx">allowedGroups</span> <span class="o">&amp;&amp;</span> <span class="nx">allowedGroups</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">g</span> <span class="o">=&gt;</span> <span class="nx">user</span><span class="p">.</span><span class="nx">groups</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">g</span><span class="p">)))</span> <span class="p">{</span> <span class="k">return</span> <span class="kc">true</span><span class="p">;</span> <span class="p">}</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">filterDocsByAcl</span><span class="p">(</span><span class="nx">docs</span><span class="p">:</span> <span class="nx">ExternalDoc</span><span class="p">[],</span> <span class="nx">user</span><span class="p">:</span> <span class="nx">UserContext</span><span class="p">):</span> <span class="nx">ExternalDoc</span><span class="p">[]</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">docs</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">doc</span> <span class="o">=&gt;</span> <span class="nf">hasAccess</span><span class="p">(</span><span class="nx">doc</span><span class="p">,</span> <span class="nx">user</span><span class="p">));</span> <span class="p">}</span> </code></pre> </div> <p>Then your agent endpoint:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// agentHandler.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">Response</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">express</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">getUserPermissions</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./permissions</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">filterDocsByAcl</span><span class="p">,</span> <span class="nx">ExternalDoc</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./acl</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">buildAnswerFromDocs</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./rag</span><span class="dl">'</span><span class="p">;</span> <span class="kr">interface</span> <span class="nx">AskRequest</span> <span class="p">{</span> <span class="nl">question</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">userEmail</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="kr">interface</span> <span class="nx">AskResponse</span> <span class="p">{</span> <span class="nl">answer</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">sources</span><span class="p">:</span> <span class="p">{</span> <span class="na">title</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">url</span><span class="p">:</span> <span class="kr">string</span> <span class="p">}[];</span> <span class="p">}</span> <span class="kd">function</span> <span class="nf">isForbiddenQuestion</span><span class="p">(</span><span class="nx">question</span><span class="p">:</span> <span class="kr">string</span><span class="p">,</span> <span class="nx">userRoles</span><span class="p">:</span> <span class="kr">string</span><span class="p">[]):</span> <span class="nx">boolean</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">lower</span> <span class="o">=</span> <span class="nx">question</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">sensitivePatterns</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">salary</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">compensation</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">bonus</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">layoff</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">termination list</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">performance review</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">investigation</span><span class="dl">'</span><span class="p">,</span> <span class="p">];</span> <span class="kd">const</span> <span class="nx">isSensitive</span> <span class="o">=</span> <span class="nx">sensitivePatterns</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">p</span> <span class="o">=&gt;</span> <span class="nx">lower</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">p</span><span class="p">));</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">isSensitive</span><span class="p">)</span> <span class="k">return</span> <span class="kc">false</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">privilegedRoles</span> <span class="o">=</span> <span class="p">[</span><span class="dl">'</span><span class="s1">HR</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">HR_ADMIN</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">LEGAL</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">C_LEVEL</span><span class="dl">'</span><span class="p">];</span> <span class="kd">const</span> <span class="nx">isPrivileged</span> <span class="o">=</span> <span class="nx">privilegedRoles</span><span class="p">.</span><span class="nf">some</span><span class="p">(</span><span class="nx">r</span> <span class="o">=&gt;</span> <span class="nx">userRoles</span><span class="p">.</span><span class="nf">includes</span><span class="p">(</span><span class="nx">r</span><span class="p">));</span> <span class="k">return</span> <span class="o">!</span><span class="nx">isPrivileged</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">copilotAgentHandler</span><span class="p">(</span><span class="nx">req</span><span class="p">:</span> <span class="nx">Request</span><span class="p">,</span> <span class="nx">res</span><span class="p">:</span> <span class="nx">Response</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="nx">req</span><span class="p">.</span><span class="nx">body</span> <span class="k">as</span> <span class="nx">AskRequest</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">body</span><span class="p">.</span><span class="nx">question</span> <span class="o">||</span> <span class="o">!</span><span class="nx">body</span><span class="p">.</span><span class="nx">userEmail</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">400</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">question and userEmail are required</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">user</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getUserPermissions</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">userEmail</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">user</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">status</span><span class="p">(</span><span class="mi">403</span><span class="p">).</span><span class="nf">json</span><span class="p">({</span> <span class="na">error</span><span class="p">:</span> <span class="dl">'</span><span class="s1">unknown_user</span><span class="dl">'</span> <span class="p">});</span> <span class="p">}</span> <span class="c1">// 1) Topic guard: block certain questions for non‑privileged roles</span> <span class="k">if </span><span class="p">(</span><span class="nf">isForbiddenQuestion</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">question</span><span class="p">,</span> <span class="nx">user</span><span class="p">.</span><span class="nx">roles</span><span class="p">))</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">answer</span><span class="p">:</span> <span class="dl">"</span><span class="s2">I’m not allowed to answer this type of question for your role.</span><span class="dl">"</span><span class="p">,</span> <span class="na">sources</span><span class="p">:</span> <span class="p">[]</span> <span class="p">}</span> <span class="nx">satisfies</span> <span class="nx">AskResponse</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 2) Fetch docs from your system</span> <span class="kd">const</span> <span class="nx">rawDocs</span><span class="p">:</span> <span class="nx">ExternalDoc</span><span class="p">[]</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">rawSearchDocs</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">question</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">docs</span> <span class="o">=</span> <span class="nf">filterDocsByAcl</span><span class="p">(</span><span class="nx">rawDocs</span><span class="p">,</span> <span class="nx">user</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">docs</span><span class="p">.</span><span class="nx">length</span> <span class="o">===</span> <span class="mi">0</span><span class="p">)</span> <span class="p">{</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">({</span> <span class="na">answer</span><span class="p">:</span> <span class="s2">`I couldn't find any documents you are allowed to see that answer "</span><span class="p">${</span><span class="nx">body</span><span class="p">.</span><span class="nx">question</span><span class="p">}</span><span class="s2">".`</span><span class="p">,</span> <span class="na">sources</span><span class="p">:</span> <span class="p">[]</span> <span class="p">}</span> <span class="nx">satisfies</span> <span class="nx">AskResponse</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 3) Use an LLM to build the final answer</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">answer</span><span class="p">,</span> <span class="nx">usedDocs</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">buildAnswerFromDocs</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">question</span><span class="p">,</span> <span class="nx">docs</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span><span class="p">:</span> <span class="nx">AskResponse</span> <span class="o">=</span> <span class="p">{</span> <span class="nx">answer</span><span class="p">,</span> <span class="na">sources</span><span class="p">:</span> <span class="nx">usedDocs</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">d</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">title</span><span class="p">:</span> <span class="nx">d</span><span class="p">.</span><span class="nx">title</span><span class="p">,</span> <span class="na">url</span><span class="p">:</span> <span class="nx">d</span><span class="p">.</span><span class="nx">url</span> <span class="p">}))</span> <span class="p">};</span> <span class="k">return</span> <span class="nx">res</span><span class="p">.</span><span class="nf">json</span><span class="p">(</span><span class="nx">response</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <p>Two important observations:</p> <ul> <li>you can say “no” at the question level (topic guard),</li> <li>and you can say “no” at the data level (ACL filter).</li> </ul> <h2> 6. A simple decision table for BYO data </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scenario</th> <th>Approach</th> <th>Security trimming</th> <th>My default stance</th> </tr> </thead> <tbody> <tr> <td>Docs already in SharePoint/OneDrive/Teams</td> <td>Let Graph handle it</td> <td>Graph ACLs based on M365 permissions</td> <td>✅ Good starting point, focus on cleaning permissions.</td> </tr> <tr> <td>External wiki / KB</td> <td>Graph connector</td> <td>ACLs you attach per item</td> <td>✅ Do it, if you can map permissions cleanly.</td> </tr> <tr> <td>On‑prem file shares</td> <td>File share / Azure Files connector</td> <td>Connector maps existing ACLs</td> <td>✅ Good bridge if moving to M365 is not trivial.</td> </tr> <tr> <td>Live business data (status, metrics, actions)</td> <td>Custom agent + backend API</td> <td>Backend enforces roles/groups + topic guards</td> <td>✅ With care; design security into the API.</td> </tr> <tr> <td>HR / compensation / legal investigations</td> <td>Generic Copilot access</td> <td>N/A</td> <td>🚫 Default “no”; only very scoped agents if really needed.</td> </tr> </tbody> </table></div> <h2> 7. Guardrails I’d put in place </h2> <p>Independent of the technical path, I’d hard-code a few rules into any “bring your own data” story:</p> <ul> <li> <strong>No global service accounts without filters</strong> If an agent uses an account that can see everything, you must filter aggressively in your backend.</li> <li> <strong>Logging and auditing</strong> Log which user asked what, and which systems were queried. You don’t need to store content, but you should know when someone repeatedly pokes around sensitive areas.</li> <li> <strong>Topic-level deny lists</strong> It’s okay to hard-block certain topics in generic agents (“salary”, “layoff list”, “investigation”). For those, build a separate, role-specific agent if needed.</li> <li> <strong>Start with low-risk sources</strong> Bring in policies, guidelines, runbooks, KB articles first. Leave HR/Legal/Security data for last – or never.</li> </ul> <h2> 8. Conclusion: BYO data is not about dumping everything into Copilot </h2> <p>“Bring your own data” for Copilot should not mean “dump every system we have into a single model and hope for the best.”</p> <p>Instead, I’d frame it like this:</p> <ul> <li>Use native M365 content where possible and fix your permissions.</li> <li>Use Graph connectors for read‑mostly knowledge sources where you can express ACLs cleanly.</li> <li>Use custom agents for live systems, but treat your backend as the security boundary and enforce roles, groups and topic guards there.</li> <li>Accept that some data is better handled by dedicated, role-specific tools – not a general company-wide Copilot.</li> </ul> <p>If you get those basics right, “bring your own data” stops being ein Buzzword und wird zu etwas, das deinen Kolleg:innen echte Antworten liefert – ohne, dass sie Dinge sehen, die sie nie hätten sehen sollen.</p> m365copilot security graphconnectors integration Der Sascha Tue, 10 Mar 2026 06:03:26 +0000 https://dev.to/saschadev/openclaw-in-2026-power-risk-and-how-to-keep-your-self-hosted-ai-agent-in-check-8a8 https://dev.to/saschadev/openclaw-in-2026-power-risk-and-how-to-keep-your-self-hosted-ai-agent-in-check-8a8 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F13599ucem8y0lz0pb32k.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F13599ucem8y0lz0pb32k.png" alt="OpenClaw in 2026: Power, Risk, and How to Keep Your Self-Hosted AI Agent in Check" width="800" height="533"></a></p> <p>OpenClaw is one of those projects that looks harmless in a README and very different once you’ve given it real access to your life.</p> <p>From the outside it’s “just” a self-hosted AI agent:</p> <ul> <li>a control plane on your own machine or VPS,</li> <li>a chat interface where you “DM your assistant like a friend”,</li> <li>and skills that let it work with your files, calendar, home automation, dev tools, etc.</li> </ul> <p>From the inside it’s something else:</p> <blockquote> <p>You’re effectively giving an AI a remote control for everything you can do on that system.</p> </blockquote> <p>That’s both the point and the risk.</p> <p>In this post I want to walk through how I see OpenClaw in 2026 from a <strong>security</strong> angle:</p> <ul> <li>what it actually is,</li> <li>why self-hosted doesn’t automatically mean “safe”,</li> <li>a few concrete misconfiguration risks that have already shown up in the wild,</li> <li>and some practical hardening advice – plus a couple of use cases where the trade-off is worth it.</li> </ul> <h2> What OpenClaw actually is (in practice) </h2> <p>If you strip away buzzwords, OpenClaw is:</p> <ul> <li>a daemon that runs under your user account (on a server, a Mac Mini, a VM…),</li> <li>a toolbox for AI agents: shell access, HTTP, file I/O, messaging, cron, browser automation, …</li> <li>a chat/control surface (Telegram, Signal, Discord, web UI) to talk to that daemon,</li> <li>and a skills system that wires specific workflows together.</li> </ul> <p>The security model is very simple:</p> <blockquote> <p>The agent can do anything you can do on that machine, plus whatever external APIs you wire in.</p> </blockquote> <p>That’s powerful:</p> <ul> <li>you can have an AI look through log files,</li> <li>auto-generate blog drafts,</li> <li>monitor services,</li> <li>interact with Jira, M365, home automation, dev tools, etc.</li> </ul> <p>But it’s also a clear warning sign: if you wouldn’t trust a human with your shell and API keys, you shouldn’t trust an unconstrained agent with them either.</p> <h2> Self-hosted ≠ automatically safe </h2> <p>A lot of people mentally equate “self-hosted” with “secure”.</p> <p>That’s not how it works.</p> <p>Self-hosted AI agents like OpenClaw remove one layer of risk:</p> <ul> <li>Your <strong>control plane</strong> and context live on a machine you manage.</li> <li>Data doesn’t flow through a SaaS provider’s infrastructure (beyond the LLM API you choose).</li> </ul> <p>But they add another layer:</p> <ul> <li>You have to harden the host yourself.</li> <li>You are responsible for network exposure, API keys, file permissions, cron jobs, etc.</li> <li>If you misconfigure it, there is no vendor kill switch.</li> </ul> <p>The security posture of OpenClaw is basically:</p> <blockquote> <p>As secure as the machine you run it on, and as careful as you are with its capabilities.</p> </blockquote> <p>That can be very good – or very bad.</p> <h2> Common risk patterns we’re already seeing </h2> <p>When you look at write-ups from cloud providers and security firms around OpenClaw, a few themes show up:</p> <h3> 1. Exposed instances on the public internet </h3> <ul> <li>Some people run OpenClaw on a VPS and expose the control port directly to the internet (no firewall, no reverse proxy, default config).</li> <li>If there’s any bug or weak auth in the control channel, you’ve essentially opened a remote shell to anyone who finds it.</li> </ul> <p><strong>Mitigation:</strong></p> <ul> <li>keep the control plane behind a VPN / private network,</li> <li>or at least protect it with a reverse proxy (nginx, Caddy) + strong auth + IP restrictions.</li> </ul> <h3> 2. Running as root / with too-broad permissions </h3> <ul> <li>Running OpenClaw as root means any agent action is effectively root.</li> <li>Even as a normal user, if that user has passwordless sudo or access to sensitive directories, the agent inherits that power.</li> </ul> <p><strong>Mitigation:</strong></p> <ul> <li>run OpenClaw under a <strong>dedicated, least-privilege user</strong> ,</li> <li>restrict that user’s access to only what the agent really needs,</li> <li>avoid passwordless sudo or broad sudoers rules tied to that account.</li> </ul> <h3> 3. Dropping secrets and API keys directly into skills </h3> <ul> <li>Hardcoding API keys in skill scripts or environment without scoping them.</li> <li>Giving the agent “all the keys to everything” instead of per-skill/per-service keys with tight scopes.</li> </ul> <p><strong>Mitigation:</strong></p> <ul> <li>keep secrets in a dedicated, minimal <code>.env</code> or secrets manager,</li> <li>use different keys/tokens per service with least privilege (e.g. read-only where possible),</li> <li>never give the agent access to banking, HR, or other high-risk systems unless you really know what you’re doing.</li> </ul> <h3> 4. Over-trusting model behaviour </h3> <ul> <li>Prompting an LLM to “run whatever commands you think are needed” without guardrails.</li> <li>Letting it auto-accept or auto-execute actions from external inputs (webhooks, emails, chat, etc.).</li> </ul> <p><strong>Mitigation:</strong></p> <ul> <li>keep a <strong>human in the loop</strong> for destructive or sensitive actions,</li> <li>design skills so that the agent proposes actions, but you confirm,</li> <li>log actions and review unusual commands.</li> </ul> <h2> Practical hardening tips for an OpenClaw deployment </h2> <p>If I had to summarise a baseline hardening checklist for a serious OpenClaw instance:</p> <h3> 1. Use a dedicated user and machine </h3> <ul> <li>Run OpenClaw under a user (<code>openclaw</code>, <code>ai-agent</code>, …) that:</li> <li>has no sudo rights,</li> <li>only has access to directories you consciously allow (workspace, logs, some project folders).</li> <li>Prefer a dedicated VPS or small server over your daily-use laptop.</li> </ul> <h3> 2. Keep the control port private </h3> <ul> <li>Bind the control server to <code>localhost</code> or a private network interface.</li> <li>Use a VPN (WireGuard, Tailscale) or SSH tunnelling for remote access.</li> <li>If you must expose it via HTTP(S), put it behind a reverse proxy with:</li> <li>HTTPS,</li> <li>strong auth (OIDC, access tokens, IP allowlist),</li> <li>and rate limiting.</li> </ul> <h3> 3. Scope skills tightly </h3> <ul> <li>Instead of a skill that can <code>exec</code> arbitrary shell commands everywhere, prefer:</li> <li>specific scripts for specific tasks,</li> <li>limited working directories,</li> <li>explicit allowlists of commands.</li> <li>For external systems (Jira, M365, SAP, …), use service principals with minimal scopes.</li> </ul> <h3> 4. Log and monitor </h3> <ul> <li>Log all agent-initiated commands and API calls.</li> <li>Set up simple alerts for:</li> <li>unusual command patterns,</li> <li>high error rates,</li> <li>spikes in external API usage.</li> <li>Periodically review logs like you would for a CI/CD system.</li> </ul> <h3> 5. Separate “toy” and “production” </h3> <ul> <li>Have a sandbox instance where you play with new skills,</li> <li>and a more locked-down instance for anything that touches important infrastructure.</li> <li>Don’t test experimental agents on the same machine that has access to production secrets.</li> </ul> <h2> Use cases where OpenClaw shines (and the security trade-offs) </h2> <p>Despite the risks, there are use cases where a well-hardened OpenClaw instance is worth it.</p> <h3> 1. Personal AI ops assistant </h3> <ul> <li>Monitor services (via cron + curl + logs parsing),</li> <li>summarise incidents,</li> <li>open/triage tickets,</li> <li>generate postmortems.</li> </ul> <p><strong>Security angle:</strong></p> <ul> <li>Treat it like a junior SRE with read-only access to prod metrics/logs and limited ticket/alert rights,</li> <li>not like a root shell glued to a model.</li> </ul> <h3> 2. Developer productivity hub </h3> <ul> <li>Generate and update documentation from your codebase,</li> <li>run safe automated refactors in local clones,</li> <li>help you navigate multiple repos and PRs.</li> </ul> <p><strong>Security angle:</strong></p> <ul> <li>Give it access only to the repos where it’s needed,</li> <li>keep it away from deployment keys and secrets,</li> <li>enforce human review before any change gets merged.</li> </ul> <h3> 3. Knowledge and blog assistant </h3> <ul> <li>Draft posts,</li> <li>aggregate notes and links,</li> <li>keep track of “what did I do on project X last month?”.</li> </ul> <p><strong>Security angle:</strong></p> <ul> <li>Low risk as long as you don’t feed it sensitive docs,</li> <li>perfect playground for new skills.</li> </ul> <h3> 4. Home automation / personal life admin </h3> <ul> <li>Interact with Home Assistant, calendars, todo lists, shopping…</li> <li>Very comfortable, but also very revealing about your private life.</li> </ul> <p><strong>Security angle:</strong></p> <ul> <li>Run it on a local machine/Mac Mini behind your home router/VPN,</li> <li>think carefully before wiring in anything with cameras, locks or finances.</li> </ul> <h2> Concrete security ideas I’d put into config </h2> <p>If I were writing an OpenClaw config/skill set for myself or someone like you, I’d:</p> <ul> <li> <strong>tag skills by risk level</strong> : <code>safe</code>, <code>sensitive</code>, <code>dangerous</code>.</li> <li>require:</li> <li>no confirmation for <code>safe</code> (read-only queries, summaries),</li> <li>explicit confirmation for <code>sensitive</code> (writes, API calls),</li> <li>two-step confirmation or even a separate instance for <code>dangerous</code> (anything with infra or finances).</li> </ul> <p>I’d also consider:</p> <ul> <li>a simple <strong>denylist of prompt topics</strong> for certain skills:</li> <li>no HR/compensation data,</li> <li>no copying entire password stores,</li> <li>no scraping banking emails.</li> </ul> <p>You don’t have to forbid everything – but a few hard “No, this agent never does that” help avoid accidents.</p> <h2> My take: OpenClaw is powerful, but it needs an adult in the room </h2> <p>OpenClaw’s promise is compelling:</p> <ul> <li>your own AI agent,</li> <li>on your own hardware,</li> <li>with deep integrations into the stuff you actually care about.</li> </ul> <p>From a security point of view, I see it as a mix of:</p> <ul> <li>CI/CD system,</li> <li>home lab server,</li> <li>and a very curious co-worker with shell and API keys.</li> </ul> <p>If you treat it that way – with:</p> <ul> <li>clear permissions,</li> <li>separate environments,</li> <li>logging &amp; monitoring,</li> <li>and a conscious scope,</li> </ul> <p>you can get a lot of value out of OpenClaw without putting your environment at unnecessary risk.</p> <p>If you treat it like a toy that “just runs on the side” and can access everything, it’s only a matter of time until you shoot yourself in the foot – with or without a hyperactive agent.</p> openclaw security aiagents selfhosted Der Sascha Sun, 08 Mar 2026 11:00:58 +0000 https://dev.to/saschadev/bringing-your-own-data-into-microsoft-365-copilot-without-breaking-security-3ple https://dev.to/saschadev/bringing-your-own-data-into-microsoft-365-copilot-without-breaking-security-3ple <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fay3i8rfq615020thbytp.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fay3i8rfq615020thbytp.png" alt="Bringing Your Own Data into Microsoft 365 Copilot (Without Breaking Security)" width="800" height="533"></a></p> <p>When people first see Microsoft 365 Copilot, the first questions are usually fun:</p> <ul> <li>“Summarise this document.”</li> <li>“Draft a reply to this email.”</li> </ul> <p>Nice for demos – but not why I’m interested.</p> <p>The interesting part starts when you ask Copilot things like:</p> <ul> <li>“How do we deploy project Phoenix?”</li> <li>“What did we decide about feature X last quarter?”</li> <li>“Show me our API guidelines.”</li> </ul> <p>Those answers live in your <em>own</em> systems: SharePoint, Confluence, Jira, custom apps, file shares. Bringing that data into Copilot is where the value is – and where you can easily break security if you’re not careful.</p> <p>In this post I want to give a pragmatic overview of how to:</p> <ul> <li>bring your own data into Microsoft 365 Copilot,</li> <li>understand where security trimming happens,</li> <li>and actively prevent certain things from being answered at all.</li> </ul> <p>Code is copy‑paste‑able; adapt it to your stack.</p> <h2> 1. Three main paths for your own data </h2> <p>Simplified, you have three options:</p> <ol> <li> <strong>Data already in M365</strong> SharePoint, OneDrive, Teams, Exchange – indexed by Microsoft Search/Graph out of the box.</li> <li> <strong>External content via Microsoft Graph connectors</strong> Confluence, Jira, on‑prem file shares, custom data – indexed as <code>externalItem</code> objects.</li> <li> <strong>Custom agents/plugins that call your APIs at runtime</strong> For live data and actions.</li> </ol> <p>We’ll go through each with one question in mind: <strong>who decides what the user is allowed to see?</strong></p> <h2> 2. Data already in M365: Graph trims for you </h2> <p>For content living in SharePoint/OneDrive/Teams/Exchange, the flow looks like this:</p> <p><a href="https://mermaid.live/edit?ref=blog.bajonczak.com#pako:eNo9kMtuwjAQRX_FmnWgmEceXnQDqEIqAjVdIBIWVjJJLCV2NDgtFPHvdRKJ1cz13Dka3wdkJkcQUNTmN6skWfb5lWrG4mMSO4lHo7Rlb-ygcUPqBy9sMnlnu80p2auMzNUUlsUoKauc6YNkW7GdzvF26SHbU7K9Oaou0U2_UTbX134_d2WQ68MxWZtW1ca6PfCgQWqkyt1dj96Xgq2wwRSEa3MsZFfbFFL9dFbZWRPfdQaikPUVPejaXFrcKFmSbEBY6txjKzWIB9xAcO5PZ3y-DH0_nHO-4HMP7iCCYBoso2ixjFYzP-RB9PTgzxgHmE3DYDUQzoMegZgra2g_hjdk6AGZrqxed5TUf2B0E7pMaG06bUFEz39KoXXm" rel="noopener noreferrer"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fqxvhmt7j8xwz38uf0ed7.png" alt="Bringing Your Own Data into Microsoft 365 Copilot (Without Breaking Security)" width="706" height="174"></a></p> <p>Security trimming happens in Graph/Search:</p> <ul> <li>Items have ACLs tied to users/groups.</li> <li>Graph only returns items the <strong>current user</strong> can see.</li> </ul> <p>Your job here ist „nur“:</p> <ul> <li>Docs, die für Copilot relevant sein sollen, wirklich nach M365 ziehen.</li> <li>Berechtigungen in SharePoint/Teams sinnvoll pflegen (keine „Everyone“-Rechte auf sensible Sites).</li> <li>Nicht am Graph vorbei direkt auf Datenbanken/Storage zugreifen.</li> </ul> <p>Wenn du nichts anderes tust, ist „erstmal alles in M365 ordentlich ablegen“ der wichtigste Schritt.</p> <h2> 3. External content: Graph connectors + ACLs </h2> <p>Für Systeme, die nicht in M365 leben können oder sollen (Confluence, on‑prem shares, Legacy‑Apps), sind <strong>Microsoft Graph connectors</strong> das Mittel der Wahl.</p> <p>Ein Connector:</p> <ul> <li>zieht oder erhält Items aus einem externen System,</li> <li>legt sie als <code>externalItem</code> in einer <code>externalConnection</code> im Graph ab,</li> <li>und versieht sie mit einer <code>acl</code>, die Security Trimming steuert.</li> </ul> <h3> 3.1. Connection anlegen </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// src/graphConnection.ts import fetch from 'node-fetch'; const GRAPH_BASE = 'https://graph.microsoft.com/v1.0'; async function getAppToken(): Promise&lt;string&gt; { // Implement client credentials flow for your app registration // return access token with ExternalConnection.ReadWrite.All etc. return '&lt;token&gt;'; } export async function createExternalConnection(connectionId: string, name: string, description: string) { const token = await getAppToken(); const res = await fetch(`${GRAPH_BASE}/external/connections`, { method: 'POST', headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${token}` }, body: JSON.stringify({ id: connectionId, name, description }) }); if (!res.ok) { console.error('Failed to create connection', await res.text()); throw new Error('graph_error'); } } </code></pre> </div> <h3> 3.2. Items mit ACLs pushen </h3> <p>Angenommen, du ziehst Seiten aus Confluence und bekommst:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>type SourcePage = { id: string; title: string; url: string; body: string; allowedUsers: string[]; // AAD IDs oder UPNs forbiddenUsers?: string[]; // optional: explizite Ausschlüsse }; </code></pre> </div> <p>Du kannst das in ein <code>externalItem</code> mit <code>acl</code> mappen:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// src/graphItems.ts import fetch from 'node-fetch'; const GRAPH_BASE = 'https://graph.microsoft.com/v1.0'; const CONNECTION_ID = 'contosoConfluence'; async function pushExternalItem(page: SourcePage) { const token = await getAppToken(); const grantAcl = page.allowedUsers.map(userId =&gt; ({ type: 'user', value: userId, accessType: 'grant' as const })); const denyAcl = (page.forbiddenUsers ?? []).map(userId =&gt; ({ type: 'user', value: userId, accessType: 'deny' as const })); const item = { id: page.id, properties: { title: page.title, url: page.url }, content: { type: 'text', value: page.body }, acl: [...grantAcl, ...denyAcl] }; const res = await fetch( `${GRAPH_BASE}/external/connections/${CONNECTION_ID}/items/${page.id}`, { method: 'PUT', headers: { 'Content-Type': 'application/json', 'Authorization': `Bearer ${token}` }, body: JSON.stringify(item) } ); if (!res.ok) { console.error('Failed to push externalItem', await res.text()); throw new Error('graph_error'); } } </code></pre> </div> <p>Wichtig:</p> <ul> <li> <strong>Security Trimming hängt an dieser ACL</strong>. Wenn hier Mist steht, sieht Copilot denselben Mist.</li> <li>„Forbidden“‑User kannst du mit <code>accessType: 'deny'</code> explizit ausschließen (je nach Szenario sinnvoll).</li> </ul> <p>Ab dann behandelt Microsoft Search/Copilot diese Items wie native Inhalte – natürlich nur, wenn du sie im Copilot‑Scope aktiviert hast.</p> <h2> 4. Custom Agents: Live-Daten mit eigenem Backend </h2> <p>Connectors sind super für „Was wissen wir?“‑Fragen. Für „Was ist gerade der Status?“ oder „Leg ein Ticket an“ brauchst du eine HTTP‑Schnittstelle, an die Copilot Tools/Agents Aufrufe schicken können.</p> <p>Architektur:</p> <p><a href="https://mermaid.live/edit?ref=blog.bajonczak.com#pako:eNo9kFFrwjAUhf9KuM9Vam1s7cNAO2EPG4ypMNf6ENprLaa5kiZMJ_73pRF8uuGcj3Nvzg0qqhEyOEj6rY5CG_b-VSrGtsW2R71noxET_cmNF5YXOZ1bSWY_APlgVUJKZoikBxZFbntDHVs0qB7UYqDeNptPDyyLHVnNlqI6oao9sPTG6ntTrC4GtRKSra-9wc65EECHuhNt7Q68DXQJ5ogdlpC5Z40HYaUpoVR3hwpraH1VFWQHIXsMwJ5rYfC1FY0W3VM9CwXZDS6QTZJ4HM15PEnTKAnDcJYEcHUyHztpPp3FaTqL4ojH9wD-iFzEZMynaTjn0ZSnUcxT7uN-vGe0delYt4b0x6NTX20AmmxzfO5v9PCdB61dC6hzsspAloT3f7awejg" rel="noopener noreferrer"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Froto3w9tk2sszmwy2cib.png" alt="Bringing Your Own Data into Microsoft 365 Copilot (Without Breaking Security)" width="800" height="54"></a></p> <p>Hier liegt <strong>Security Trimming komplett bei dir</strong>.</p> <h3> 4.1. User-Kontext und Rollen </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// src/permissions.ts export type UserContext = { email: string; roles: string[]; // e.g. ['EMPLOYEE', 'HR', 'ENGINEERING_MANAGER'] groups: string[]; // e.g. ['project-phoenix', 'dept-engineering'] }; export async function getUserPermissions(email: string): Promise&lt;UserContext | null&gt; { const entry = await directoryLookup(email); // Implement: query Entra ID / your IAM if (!entry) return null; return { email, roles: entry.roles, groups: entry.groups }; } </code></pre> </div> <h3> 4.2. ACL für externe Dokumente </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// src/acl.ts import { UserContext } from './permissions'; export type DocumentAcl = { allowedRoles?: string[]; allowedGroups?: string[]; forbiddenRoles?: string[]; }; export type ExternalDoc = { id: string; title: string; url: string; content: string; acl: DocumentAcl; }; function hasAccess(doc: ExternalDoc, user: UserContext): boolean { const { allowedRoles, allowedGroups, forbiddenRoles } = doc.acl; if (forbiddenRoles &amp;&amp; forbiddenRoles.some(r =&gt; user.roles.includes(r))) { return false; } // default: visible to all employees if nothing is specified if (!allowedRoles &amp;&amp; !allowedGroups) { return true; } if (allowedRoles &amp;&amp; allowedRoles.some(r =&gt; user.roles.includes(r))) { return true; } if (allowedGroups &amp;&amp; allowedGroups.some(g =&gt; user.groups.includes(g))) { return true; } return false; } export function filterDocsByAcl(docs: ExternalDoc[], user: UserContext): ExternalDoc[] { return docs.filter(doc =&gt; hasAccess(doc, user)); } </code></pre> </div> <h3> 4.3. Agent-Endpoint mit Trimming und Query-Guard </h3> <p>Jetzt der eigentliche Handler, den Copilot aufruft:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>// src/copilotAgent.ts import { Request, Response } from 'express'; import { getUserPermissions } from './permissions'; import { searchSystemDocs } from './systemDocs'; import { buildAnswerFromDocs } from './rag'; interface AskRequest { question: string; userEmail: string; } interface AskResponse { answer: string; sources: { title: string; url: string }[]; } // Simple guard against disallowed topics function isForbiddenQuestion(question: string, userRoles: string[]): boolean { const lower = question.toLowerCase(); // Example: HR-only topics const sensitivePatterns = [ 'salary', 'compensation', 'layoff', 'termination list', 'performance review' ]; const isSensitive = sensitivePatterns.some(p =&gt; lower.includes(p)); if (!isSensitive) return false; // Only allow HR / C-level roles to ask these topics const privilegedRoles = ['HR', 'HR_ADMIN', 'C_LEVEL']; const isPrivileged = privilegedRoles.some(r =&gt; userRoles.includes(r)); return !isPrivileged; } export async function copilotAgentHandler(req: Request, res: Response) { const body = req.body as AskRequest; if (!body.question || !body.userEmail) { return res.status(400).json({ error: 'question and userEmail are required' }); } const user = await getUserPermissions(body.userEmail); if (!user) { return res.status(403).json({ error: 'unknown_user' }); } // 1) Block certain topics for non-privileged roles if (isForbiddenQuestion(body.question, user.roles)) { return res.json({ answer: "I’m not allowed to answer this type of question for your role.", sources: [] } satisfies AskResponse); } // 2) Query docs with ACL const docs = await searchSystemDocs(body.question, user); if (docs.length === 0) { return res.json({ answer: `I couldn't find any documents you are allowed to see that answer "${body.question}".`, sources: [] } satisfies AskResponse); } // 3) Build answer via LLM const { answer, usedDocs } = await buildAnswerFromDocs(body.question, docs); const response: AskResponse = { answer, sources: usedDocs.map(d =&gt; ({ title: d.title, url: d.url })) }; return res.json(response); } </code></pre> </div> <p>Damit hast du zwei Ebenen von Schutz:</p> <ul> <li> <strong>Topic Guard</strong> : bestimmte Fragen werden für normale Rollen gar nicht erst beantwortet.</li> <li> <strong>ACL-Filter</strong> : selbst wenn die Frage erlaubt ist, kommen nur Dokumente durch, deren ACL zum User passt.</li> </ul> <h2> 5. Decision table: which path to use when </h2> <div class="table-wrapper-paragraph"><table> <thead> <tr> <th>Scenario</th> <th>Recommended path</th> <th>Security trimming</th> </tr> </thead> <tbody> <tr> <td>Docs already in SharePoint/OneDrive/Teams</td> <td>Native M365 (Graph)</td> <td>Graph enforces ACLs; keep SharePoint/Teams permissions tidy.</td> </tr> <tr> <td>External wiki / KB (Confluence, CMS) with mostly read-only content</td> <td>Graph connector</td> <td>You attach ACLs per item (<code>acl</code>); Graph trims based on user token.</td> </tr> <tr> <td>On-prem file shares</td> <td>File share / Azure Files connector</td> <td>Connector maps original ACLs to AAD identities; Graph handles trimming.</td> </tr> <tr> <td>Live line-of-business data (status, metrics, actions)</td> <td>Custom agent + backend API</td> <td>Your backend enforces roles/groups + topic guards before every call.</td> </tr> <tr> <td>Highly sensitive HR/legal data</td> <td>Separate, role-specific agents or no Copilot access</td> <td>Explicitly exclude from generic agents; only scoped tools for HR/legal.</td> </tr> </tbody> </table></div> <h2> 6. Guardrails I’d put in place </h2> <p>Unabhängig vom Weg würde ich ein paar Regeln fest einbauen:</p> <ul> <li> <strong>Kein God-Mode-Service-Account ohne weiteren Filter</strong> Wenn ein Agent mit einem Konto liest, das alles sieht, brauchst du zwingend ein ACL-Filter im Backend (wie oben).</li> <li> <strong>Logging</strong> Logge (mindestens intern), welcher Agent für welchen User welche Systeme abgefragt hat – nicht unbedingt den kompletten Content, sondern Metadaten.</li> <li> <strong>„No-go“-Daten explizit ausschließen</strong> Es ist okay zu sagen: „Bestimmte HR-/Legal- oder Security-Daten tauchen in Copilot nie auf.“ Bau diese Ausschlüsse bewusst ein.</li> <li> <strong>Start small</strong> Lieber zwei gut abgesicherte Datenquellen als zehn halbgar integrierte.</li> </ul> <h2> 7. Fazit </h2> <p>„Bring your own data“ für Microsoft 365 Copilot ist kein einziger Schalter, sondern eine Reihe von Entscheidungen:</p> <ul> <li>Was gehört in M365 selbst?</li> <li>Was wird über Graph Connectors indexiert?</li> <li>Was braucht einen eigenen Agenten, der live mit Systemen redet?</li> <li>Und wo sagen wir bewusst: „Das bleibt außerhalb der Reichweite von Copilot“?</li> </ul> <p>Wenn du jede dieser Entscheidungen mit Security Trimming im Kopf triffst, kann Copilot viel näher an das kommen, was du in Meetings ständig hörst: „Frag doch mal jemanden, der sich auskennt.“ Nur dass „jemand“ diesmal ein Agent ist, der deine Daten kennt – aber nicht mehr, als er kennen darf.</p> m365copilot graphconnectors security integration Der Sascha Sat, 07 Mar 2026 17:00:46 +0000 https://dev.to/saschadev/orchestrating-sap-and-entra-id-with-mcp-a-practical-sync-insights-agent-55pm https://dev.to/saschadev/orchestrating-sap-and-entra-id-with-mcp-a-practical-sync-insights-agent-55pm <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjj2mzpcjek50cu7hh6d6.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fjj2mzpcjek50cu7hh6d6.png" alt="Orchestrating SAP and Entra ID with MCP: A Practical Sync &amp; Insights Agent"></a></p> <p>In many enterprises, SAP (especially SuccessFactors) is still the <strong>source of truth</strong> for people and org data, while Entra ID (formerly Azure AD) is the <strong>front door</strong> for apps and services.</p> <p>Bridging both worlds is usually done with brittle custom scripts, point-to-point sync jobs, or black-box connectors that are hard to debug.</p> <p>In this post I will show how to use the <strong>Model Context Protocol (MCP)</strong> as a thin orchestration layer between SAP and Entra ID:</p> <ul> <li>to <strong>compare</strong> what exists in both systems,</li> <li>to generate a <strong>delta report</strong> ,</li> <li>and to provide <strong>safe hooks</strong> for remediation (tickets, follow-ups) – without giving an agent god-mode access.</li> </ul> <p>I will keep it concrete and code-backed, not just architecture diagrams.</p> <h2> 1. What we want to achieve </h2> <p>The goal is a small MCP server that exposes tools like:</p> <ul> <li> <code>sap_list_users</code> – fetch users from SAP/SuccessFactors</li> <li> <code>entra_list_users</code> – fetch users from Entra ID</li> <li> <code>report_mismatches</code> – compute and return deltas:</li> <li>users in SAP but not in Entra</li> <li>users in Entra but not in SAP</li> <li>users with mismatched attributes (e.g. department, manager)</li> </ul> <p>An LLM/agent (Copilot or any MCP-aware client) can then ask:</p> <blockquote> <p>“Check if there are mismatches between SAP and Entra ID for the Engineering department and give me a summary plus CSV.”</p> </blockquote> <p>The agent does the orchestration, but all hard security and connectivity lives in your backend, not in the model.</p> <h2> 2. High-level architecture </h2> <p>At a high level, the setup looks like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuxex400knzeeniboyd5y.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fuxex400knzeeniboyd5y.png" alt="Orchestrating SAP and Entra ID with MCP: A Practical Sync &amp; Insights Agent"></a></p> <p>The MCP server exposes tools, tools delegate to typed backend clients for SAP and Entra. The agent only sees high-level operations; it never touches raw credentials.</p> <h2> 3. Project setup </h2> <p>We will build a minimal Node.js / TypeScript project:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>mcp-sap-entra-agent <span class="nb">cd </span>mcp-sap-entra-agent npm init <span class="nt">-y</span> npm <span class="nb">install </span>typescript ts-node @types/node axios npm <span class="nb">install</span> @modelcontextprotocol/sdk npx tsc <span class="nt">--init</span> </code></pre> </div> <p>Folder structure:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>mcp-sap-entra-agent/ src/ config.ts sapClient.ts entraClient.ts mismatches.ts mcpServer.ts .env package.json tsconfig.json </code></pre> </div> <p>Environment (<code>.env</code>, never commit this):<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>SAP_BASE_URL="https://api.successfactors.eu/odata/v2" SAP_USERNAME="..." SAP_PASSWORD="..." # or OAuth token ENTRA_TENANT_ID="..." ENTRA_CLIENT_ID="..." ENTRA_CLIENT_SECRET="..." </code></pre> </div> <h2> 4. Configuration helper </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/config.ts</span> <span class="k">import</span> <span class="dl">'</span><span class="s1">dotenv/config</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">SAP_BASE_URL</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SAP_BASE_URL</span><span class="o">!</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">SAP_USERNAME</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SAP_USERNAME</span><span class="o">!</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">SAP_PASSWORD</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">SAP_PASSWORD</span><span class="o">!</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">ENTRA_TENANT_ID</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ENTRA_TENANT_ID</span><span class="o">!</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">ENTRA_CLIENT_ID</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ENTRA_CLIENT_ID</span><span class="o">!</span><span class="p">;</span> <span class="k">export</span> <span class="kd">const</span> <span class="nx">ENTRA_CLIENT_SECRET</span> <span class="o">=</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">ENTRA_CLIENT_SECRET</span><span class="o">!</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">SAP_BASE_URL</span> <span class="o">||</span> <span class="o">!</span><span class="nx">SAP_USERNAME</span> <span class="o">||</span> <span class="o">!</span><span class="nx">SAP_PASSWORD</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">[WARN] SAP config incomplete – SAP tools will not work until configured.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">ENTRA_TENANT_ID</span> <span class="o">||</span> <span class="o">!</span><span class="nx">ENTRA_CLIENT_ID</span> <span class="o">||</span> <span class="o">!</span><span class="nx">ENTRA_CLIENT_SECRET</span><span class="p">)</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">warn</span><span class="p">(</span><span class="dl">'</span><span class="s1">[WARN] Entra config incomplete – Entra tools will not work until configured.</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> </code></pre> </div> <h2> 5. SAP client (SuccessFactors via OData) </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/sapClient.ts</span> <span class="k">import</span> <span class="nx">axios</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">axios</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">SAP_BASE_URL</span><span class="p">,</span> <span class="nx">SAP_USERNAME</span><span class="p">,</span> <span class="nx">SAP_PASSWORD</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./config</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">SapUser</span> <span class="o">=</span> <span class="p">{</span> <span class="na">userId</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">email</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">firstName</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">lastName</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">department</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="p">};</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">listSapUsers</span><span class="p">(</span><span class="nx">limit</span> <span class="o">=</span> <span class="mi">500</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">SapUser</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">SAP_BASE_URL</span><span class="p">)</span> <span class="p">{</span> <span class="k">throw</span> <span class="k">new</span> <span class="nc">Error</span><span class="p">(</span><span class="dl">'</span><span class="s1">SAP_BASE_URL not configured</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="s2">`</span><span class="p">${</span><span class="nx">SAP_BASE_URL</span><span class="p">}</span><span class="s2">/User?$format=json&amp;$top=</span><span class="p">${</span><span class="nx">limit</span><span class="p">}</span><span class="s2">&amp;$select=userId,email,firstName,lastName,department`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">resp</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="p">{</span> <span class="na">auth</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="nx">SAP_USERNAME</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="nx">SAP_PASSWORD</span><span class="p">,</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">results</span> <span class="o">=</span> <span class="nx">resp</span><span class="p">.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">d</span><span class="p">?.</span><span class="nx">results</span> <span class="o">??</span> <span class="p">[];</span> <span class="k">return</span> <span class="nx">results</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="na">r</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">userId</span><span class="p">:</span> <span class="nx">r</span><span class="p">.</span><span class="nx">userId</span><span class="p">,</span> <span class="na">email</span><span class="p">:</span> <span class="nx">r</span><span class="p">.</span><span class="nx">email</span> <span class="o">||</span> <span class="kc">null</span><span class="p">,</span> <span class="na">firstName</span><span class="p">:</span> <span class="nx">r</span><span class="p">.</span><span class="nx">firstName</span> <span class="o">||</span> <span class="kc">null</span><span class="p">,</span> <span class="na">lastName</span><span class="p">:</span> <span class="nx">r</span><span class="p">.</span><span class="nx">lastName</span> <span class="o">||</span> <span class="kc">null</span><span class="p">,</span> <span class="na">department</span><span class="p">:</span> <span class="nx">r</span><span class="p">.</span><span class="nx">department</span> <span class="o">||</span> <span class="kc">null</span><span class="p">,</span> <span class="p">}));</span> <span class="p">}</span> </code></pre> </div> <h2> 6. Entra ID client (Microsoft Graph) </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/entraClient.ts</span> <span class="k">import</span> <span class="nx">axios</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">axios</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">ENTRA_TENANT_ID</span><span class="p">,</span> <span class="nx">ENTRA_CLIENT_ID</span><span class="p">,</span> <span class="nx">ENTRA_CLIENT_SECRET</span><span class="p">,</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./config</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">EntraUser</span> <span class="o">=</span> <span class="p">{</span> <span class="na">id</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">userPrincipalName</span><span class="p">:</span> <span class="kr">string</span><span class="p">;</span> <span class="nl">mail</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">displayName</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="nl">department</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">;</span> <span class="p">};</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">getAccessToken</span><span class="p">():</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="kr">string</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="s2">`https://login.microsoftonline.com/</span><span class="p">${</span><span class="nx">ENTRA_TENANT_ID</span><span class="p">}</span><span class="s2">/oauth2/v2.0/token`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">params</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">URLSearchParams</span><span class="p">();</span> <span class="nx">params</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">client_id</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ENTRA_CLIENT_ID</span><span class="p">);</span> <span class="nx">params</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">client_secret</span><span class="dl">'</span><span class="p">,</span> <span class="nx">ENTRA_CLIENT_SECRET</span><span class="p">);</span> <span class="nx">params</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">scope</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">https://graph.microsoft.com/.default</span><span class="dl">'</span><span class="p">);</span> <span class="nx">params</span><span class="p">.</span><span class="nf">append</span><span class="p">(</span><span class="dl">'</span><span class="s1">grant_type</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">client_credentials</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">resp</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="nx">params</span><span class="p">);</span> <span class="k">return</span> <span class="nx">resp</span><span class="p">.</span><span class="nx">data</span><span class="p">.</span><span class="nx">access_token</span> <span class="k">as</span> <span class="kr">string</span><span class="p">;</span> <span class="p">}</span> <span class="k">export</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">listEntraUsers</span><span class="p">(</span><span class="nx">limit</span> <span class="o">=</span> <span class="mi">500</span><span class="p">):</span> <span class="nb">Promise</span><span class="o">&lt;</span><span class="nx">EntraUser</span><span class="p">[]</span><span class="o">&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">token</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">getAccessToken</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">url</span> <span class="o">=</span> <span class="s2">`https://graph.microsoft.com/v1.0/users?$top=</span><span class="p">${</span><span class="nx">limit</span><span class="p">}</span><span class="s2">&amp;$select=id,userPrincipalName,mail,displayName,department`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">resp</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">axios</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">url</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="na">Authorization</span><span class="p">:</span> <span class="s2">`Bearer </span><span class="p">${</span><span class="nx">token</span><span class="p">}</span><span class="s2">`</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">value</span> <span class="o">=</span> <span class="nx">resp</span><span class="p">.</span><span class="nx">data</span><span class="p">?.</span><span class="nx">value</span> <span class="o">??</span> <span class="p">[];</span> <span class="k">return</span> <span class="nx">value</span><span class="p">.</span><span class="nf">map</span><span class="p">((</span><span class="na">u</span><span class="p">:</span> <span class="kr">any</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">({</span> <span class="na">id</span><span class="p">:</span> <span class="nx">u</span><span class="p">.</span><span class="nx">id</span><span class="p">,</span> <span class="na">userPrincipalName</span><span class="p">:</span> <span class="nx">u</span><span class="p">.</span><span class="nx">userPrincipalName</span><span class="p">,</span> <span class="na">mail</span><span class="p">:</span> <span class="nx">u</span><span class="p">.</span><span class="nx">mail</span> <span class="o">||</span> <span class="kc">null</span><span class="p">,</span> <span class="na">displayName</span><span class="p">:</span> <span class="nx">u</span><span class="p">.</span><span class="nx">displayName</span> <span class="o">||</span> <span class="kc">null</span><span class="p">,</span> <span class="na">department</span><span class="p">:</span> <span class="nx">u</span><span class="p">.</span><span class="nx">department</span> <span class="o">||</span> <span class="kc">null</span><span class="p">,</span> <span class="p">}));</span> <span class="p">}</span> </code></pre> </div> <h2> 7. Computing mismatches </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/mismatches.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">SapUser</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./sapClient</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">EntraUser</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./entraClient</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="kd">type</span> <span class="nx">SyncMismatch</span> <span class="o">=</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MissingInEntra</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">MissingInSap</span><span class="dl">'</span> <span class="o">|</span> <span class="dl">'</span><span class="s1">AttributeMismatch</span><span class="dl">'</span><span class="p">;</span> <span class="nl">sapUser</span><span class="p">?:</span> <span class="nx">SapUser</span><span class="p">;</span> <span class="nl">entraUser</span><span class="p">?:</span> <span class="nx">EntraUser</span><span class="p">;</span> <span class="nl">details</span><span class="p">?:</span> <span class="kr">string</span><span class="p">;</span> <span class="p">};</span> <span class="kd">function</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">email</span><span class="p">:</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span><span class="p">):</span> <span class="kr">string</span> <span class="o">|</span> <span class="kc">null</span> <span class="p">{</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">email</span><span class="p">)</span> <span class="k">return</span> <span class="kc">null</span><span class="p">;</span> <span class="k">return</span> <span class="nx">email</span><span class="p">.</span><span class="nf">trim</span><span class="p">().</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="p">}</span> <span class="k">export</span> <span class="kd">function</span> <span class="nf">computeMismatches</span><span class="p">(</span> <span class="nx">sapUsers</span><span class="p">:</span> <span class="nx">SapUser</span><span class="p">[],</span> <span class="nx">entraUsers</span><span class="p">:</span> <span class="nx">EntraUser</span><span class="p">[],</span> <span class="p">):</span> <span class="nx">SyncMismatch</span><span class="p">[]</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">mismatches</span><span class="p">:</span> <span class="nx">SyncMismatch</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[];</span> <span class="kd">const</span> <span class="nx">entraByEmail</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">EntraUser</span><span class="o">&gt;</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">entraByUpn</span> <span class="o">=</span> <span class="k">new</span> <span class="nb">Map</span><span class="o">&lt;</span><span class="kr">string</span><span class="p">,</span> <span class="nx">EntraUser</span><span class="o">&gt;</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">e</span> <span class="k">of</span> <span class="nx">entraUsers</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailNorm</span> <span class="o">=</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">mail</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">)</span> <span class="p">{</span> <span class="nx">entraByEmail</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">,</span> <span class="nx">e</span><span class="p">);</span> <span class="p">}</span> <span class="nx">entraByUpn</span><span class="p">.</span><span class="nf">set</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">userPrincipalName</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">(),</span> <span class="nx">e</span><span class="p">);</span> <span class="p">}</span> <span class="c1">// 1) SAP -&gt; Entra</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">s</span> <span class="k">of</span> <span class="nx">sapUsers</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailNorm</span> <span class="o">=</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">email</span><span class="p">);</span> <span class="kd">let</span> <span class="nx">match</span><span class="p">:</span> <span class="nx">EntraUser</span> <span class="o">|</span> <span class="kc">undefined</span><span class="p">;</span> <span class="k">if </span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">)</span> <span class="p">{</span> <span class="nx">match</span> <span class="o">=</span> <span class="nx">entraByEmail</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">);</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">match</span> <span class="o">&amp;&amp;</span> <span class="nx">s</span><span class="p">.</span><span class="nx">userId</span><span class="p">)</span> <span class="p">{</span> <span class="nx">match</span> <span class="o">=</span> <span class="nx">entraByUpn</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">());</span> <span class="p">}</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">match</span><span class="p">)</span> <span class="p">{</span> <span class="nx">mismatches</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MissingInEntra</span><span class="dl">'</span><span class="p">,</span> <span class="na">sapUser</span><span class="p">:</span> <span class="nx">s</span><span class="p">,</span> <span class="na">details</span><span class="p">:</span> <span class="s2">`No Entra user matching SAP userId=</span><span class="p">${</span><span class="nx">s</span><span class="p">.</span><span class="nx">userId</span><span class="p">}</span><span class="s2">, email=</span><span class="p">${</span><span class="nx">s</span><span class="p">.</span><span class="nx">email</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">});</span> <span class="k">continue</span><span class="p">;</span> <span class="p">}</span> <span class="c1">// compare attributes</span> <span class="kd">const</span> <span class="nx">sapDept</span> <span class="o">=</span> <span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">department</span> <span class="o">||</span> <span class="dl">''</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">entraDept</span> <span class="o">=</span> <span class="p">(</span><span class="nx">match</span><span class="p">.</span><span class="nx">department</span> <span class="o">||</span> <span class="dl">''</span><span class="p">).</span><span class="nf">trim</span><span class="p">();</span> <span class="k">if </span><span class="p">(</span><span class="nx">sapDept</span> <span class="o">&amp;&amp;</span> <span class="nx">entraDept</span> <span class="o">&amp;&amp;</span> <span class="nx">sapDept</span> <span class="o">!==</span> <span class="nx">entraDept</span><span class="p">)</span> <span class="p">{</span> <span class="nx">mismatches</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">AttributeMismatch</span><span class="dl">'</span><span class="p">,</span> <span class="na">sapUser</span><span class="p">:</span> <span class="nx">s</span><span class="p">,</span> <span class="na">entraUser</span><span class="p">:</span> <span class="nx">match</span><span class="p">,</span> <span class="na">details</span><span class="p">:</span> <span class="s2">`Department mismatch: SAP="</span><span class="p">${</span><span class="nx">sapDept</span><span class="p">}</span><span class="s2">" vs ENTRA="</span><span class="p">${</span><span class="nx">entraDept</span><span class="p">}</span><span class="s2">"`</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="c1">// 2) Entra -&gt; SAP</span> <span class="kd">const</span> <span class="nx">sapEmails</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">(</span> <span class="nx">sapUsers</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">s</span> <span class="o">=&gt;</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">s</span><span class="p">.</span><span class="nx">email</span><span class="p">)).</span><span class="nf">filter</span><span class="p">((</span><span class="nx">e</span><span class="p">):</span> <span class="nx">e</span> <span class="k">is</span> <span class="kr">string</span> <span class="o">=&gt;</span> <span class="o">!!</span><span class="nx">e</span><span class="p">),</span> <span class="p">);</span> <span class="kd">const</span> <span class="nx">sapUserIds</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">(</span> <span class="nx">sapUsers</span><span class="p">.</span><span class="nf">map</span><span class="p">(</span><span class="nx">s</span> <span class="o">=&gt;</span> <span class="nx">s</span><span class="p">.</span><span class="nx">userId</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">()),</span> <span class="p">);</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">e</span> <span class="k">of</span> <span class="nx">entraUsers</span><span class="p">)</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">emailNorm</span> <span class="o">=</span> <span class="nf">normalizeEmail</span><span class="p">(</span><span class="nx">e</span><span class="p">.</span><span class="nx">mail</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">upn</span> <span class="o">=</span> <span class="nx">e</span><span class="p">.</span><span class="nx">userPrincipalName</span><span class="p">.</span><span class="nf">toLowerCase</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">emailInSap</span> <span class="o">=</span> <span class="nx">emailNorm</span> <span class="o">&amp;&amp;</span> <span class="nx">sapEmails</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">emailNorm</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">idInSap</span> <span class="o">=</span> <span class="nx">sapUserIds</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">upn</span><span class="p">);</span> <span class="k">if </span><span class="p">(</span><span class="o">!</span><span class="nx">emailInSap</span> <span class="o">&amp;&amp;</span> <span class="o">!</span><span class="nx">idInSap</span><span class="p">)</span> <span class="p">{</span> <span class="nx">mismatches</span><span class="p">.</span><span class="nf">push</span><span class="p">({</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">MissingInSap</span><span class="dl">'</span><span class="p">,</span> <span class="na">entraUser</span><span class="p">:</span> <span class="nx">e</span><span class="p">,</span> <span class="na">details</span><span class="p">:</span> <span class="s2">`No SAP user for Entra UPN=</span><span class="p">${</span><span class="nx">e</span><span class="p">.</span><span class="nx">userPrincipalName</span><span class="p">}</span><span class="s2">, mail=</span><span class="p">${</span><span class="nx">e</span><span class="p">.</span><span class="nx">mail</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="p">});</span> <span class="p">}</span> <span class="p">}</span> <span class="k">return</span> <span class="nx">mismatches</span><span class="p">;</span> <span class="p">}</span> </code></pre> </div> <h2> 8. Wiring it into an MCP server </h2> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="c1">// src/mcpServer.ts</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">createMcpServer</span><span class="p">,</span> <span class="nx">ToolDefinition</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@modelcontextprotocol/sdk</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">listSapUsers</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./sapClient</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">listEntraUsers</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./entraClient</span><span class="dl">'</span><span class="p">;</span> <span class="k">import</span> <span class="p">{</span> <span class="nx">computeMismatches</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">./mismatches</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">tools</span><span class="p">:</span> <span class="nx">ToolDefinition</span><span class="p">[]</span> <span class="o">=</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">sap_list_users</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">List users from SAP / SuccessFactors. Optional: limit.</span><span class="dl">'</span><span class="p">,</span> <span class="na">inputSchema</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">limit</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="na">minimum</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maximum</span><span class="p">:</span> <span class="mi">2000</span> <span class="p">},</span> <span class="p">},</span> <span class="na">required</span><span class="p">:</span> <span class="p">[],</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">input</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">limit</span> <span class="o">=</span> <span class="nx">input</span><span class="p">.</span><span class="nx">limit</span> <span class="o">??</span> <span class="mi">500</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">sapUsers</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">listSapUsers</span><span class="p">(</span><span class="nx">limit</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">users</span><span class="p">:</span> <span class="nx">sapUsers</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">entra_list_users</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">List users from Entra ID (Azure AD). Optional: limit.</span><span class="dl">'</span><span class="p">,</span> <span class="na">inputSchema</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">limit</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="na">minimum</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maximum</span><span class="p">:</span> <span class="mi">5000</span> <span class="p">},</span> <span class="p">},</span> <span class="na">required</span><span class="p">:</span> <span class="p">[],</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">input</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">limit</span> <span class="o">=</span> <span class="nx">input</span><span class="p">.</span><span class="nx">limit</span> <span class="o">??</span> <span class="mi">500</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">entraUsers</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">listEntraUsers</span><span class="p">(</span><span class="nx">limit</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">users</span><span class="p">:</span> <span class="nx">entraUsers</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">report_mismatches</span><span class="dl">'</span><span class="p">,</span> <span class="na">description</span><span class="p">:</span> <span class="dl">'</span><span class="s1">Compare SAP and Entra ID users and return mismatches (missing users, attribute mismatches).</span><span class="dl">'</span><span class="p">,</span> <span class="na">inputSchema</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">object</span><span class="dl">'</span><span class="p">,</span> <span class="na">properties</span><span class="p">:</span> <span class="p">{</span> <span class="na">limitSap</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="na">minimum</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maximum</span><span class="p">:</span> <span class="mi">2000</span> <span class="p">},</span> <span class="na">limitEntra</span><span class="p">:</span> <span class="p">{</span> <span class="na">type</span><span class="p">:</span> <span class="dl">'</span><span class="s1">number</span><span class="dl">'</span><span class="p">,</span> <span class="na">minimum</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span> <span class="na">maximum</span><span class="p">:</span> <span class="mi">5000</span> <span class="p">},</span> <span class="p">},</span> <span class="na">required</span><span class="p">:</span> <span class="p">[],</span> <span class="p">},</span> <span class="na">handler</span><span class="p">:</span> <span class="k">async </span><span class="p">(</span><span class="nx">input</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">sapUsers</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">listSapUsers</span><span class="p">(</span><span class="nx">input</span><span class="p">.</span><span class="nx">limitSap</span> <span class="o">??</span> <span class="mi">1000</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">entraUsers</span> <span class="o">=</span> <span class="k">await</span> <span class="nf">listEntraUsers</span><span class="p">(</span><span class="nx">input</span><span class="p">.</span><span class="nx">limitEntra</span> <span class="o">??</span> <span class="mi">2000</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">mismatches</span> <span class="o">=</span> <span class="nf">computeMismatches</span><span class="p">(</span><span class="nx">sapUsers</span><span class="p">,</span> <span class="nx">entraUsers</span><span class="p">);</span> <span class="k">return</span> <span class="p">{</span> <span class="na">totalSap</span><span class="p">:</span> <span class="nx">sapUsers</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="na">totalEntra</span><span class="p">:</span> <span class="nx">entraUsers</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="na">mismatchCount</span><span class="p">:</span> <span class="nx">mismatches</span><span class="p">.</span><span class="nx">length</span><span class="p">,</span> <span class="nx">mismatches</span><span class="p">,</span> <span class="p">};</span> <span class="p">},</span> <span class="p">},</span> <span class="p">];</span> <span class="k">async</span> <span class="kd">function</span> <span class="nf">startServer</span><span class="p">()</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">server</span> <span class="o">=</span> <span class="nf">createMcpServer</span><span class="p">({</span> <span class="nx">tools</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">server</span><span class="p">.</span><span class="nf">listen</span><span class="p">(</span><span class="mi">3000</span><span class="p">);</span> <span class="nx">console</span><span class="p">.</span><span class="nf">log</span><span class="p">(</span><span class="dl">'</span><span class="s1">[MCP] SAP/Entra agent listening on :3000</span><span class="dl">'</span><span class="p">);</span> <span class="p">}</span> <span class="nf">startServer</span><span class="p">().</span><span class="k">catch</span><span class="p">((</span><span class="nx">err</span><span class="p">)</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">console</span><span class="p">.</span><span class="nf">error</span><span class="p">(</span><span class="dl">'</span><span class="s1">[MCP] Failed to start server</span><span class="dl">'</span><span class="p">,</span> <span class="nx">err</span><span class="p">);</span> <span class="nx">process</span><span class="p">.</span><span class="nf">exit</span><span class="p">(</span><span class="mi">1</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <h2> 9. Hardening and next steps </h2> <ul> <li>Scope your Graph permissions carefully (no unnecessary Directory.Read.All in production).</li> <li>Add logging &amp; auditing around which user triggered which comparison.</li> <li>Keep remediation (creating/updating users) as a separate, well-controlled flow.</li> <li>Consider adding department filters or project keys to narrow down the comparison.</li> </ul> <p>In a follow-up, you could plug this MCP server into an agent that not only generates the delta report, but also opens Jira tickets or compiles a weekly summary for your identity team.</p> mcp sap entra agents Der Sascha Fri, 06 Mar 2026 11:17:28 +0000 https://dev.to/saschadev/how-to-enable-microsoft-365-esignature-in-your-tenant-2a8b https://dev.to/saschadev/how-to-enable-microsoft-365-esignature-in-your-tenant-2a8b <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmrf3b71ml5k6hmo1uagq.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fmrf3b71ml5k6hmo1uagq.png" alt="How to Enable Microsoft 365 eSignature in Your Tenant" width="800" height="533"></a></p> <p>In my <a href="https://blog.bajonczak.com/security-trimming-with-microsoft-365-copilot-asking-the-right-data-in-the-right-context/" rel="noopener noreferrer">last post</a> I looked at <strong>why</strong> Microsoft 365 eSignature is interesting: you can request and collect electronic signatures directly in SharePoint, OneDrive and Word, without sending your documents off to a separate platform.</p> <p>This follow-up is for a different audience:</p> <ul> <li>Microsoft 365 admins,</li> <li>SharePoint admins,</li> <li>and technically inclined people who get asked: “Can you please turn this on for us?”</li> </ul> <p>In other words: this is the <strong>“how do I actually enable this in a tenant?”</strong> post.</p> <p>I’ll keep it business-friendly at the top and concrete at the bottom, with screenshots replaced by clear descriptions and some PowerShell where it makes sense.</p> <h2> 1. What you’re enabling – in business terms </h2> <p>Before touching any admin portal, it helps to be able to explain in one sentence what you’re doing:</p> <blockquote> <p>“We’re enabling a Microsoft 365 feature that lets people request and sign documents directly in SharePoint / OneDrive / Word, with usage billed via Azure.”</p> </blockquote> <p>Key points you can use when talking to stakeholders:</p> <ul> <li> <strong>No extra platform</strong> for many scenarios – signing happens where the files already live.</li> <li> <strong>Existing providers can stay</strong> – if you use Adobe Sign or DocuSign, you can plug them in behind the M365 eSignature UI.</li> <li> <strong>Pay-per-use</strong> via Azure – no new fixed M365 plan, but a usage-based service you can monitor and cap.</li> <li> <strong>Same identity model</strong> – signers are M365 users or guests, so you stay inside your existing compliance and audit framework.</li> </ul> <p>Once people are comfortable with that, you can move to the actual steps.</p> <h2> 2. High-level architecture </h2> <p>Early on, I found this mental model helpful:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>flowchart LR subgraph M365 SP[SharePoint / OneDrive] W[Word] end M365 -- uses --&gt; ESig[eSignature Service] ESig -- billed via --&gt; AZ[Azure Subscription] </code></pre> </div> <p>From the tenant’s perspective:</p> <ul> <li>Users trigger sign requests from SharePoint / Word.</li> <li>Behind the scenes, the eSignature service runs and bills usage to an Azure subscription.</li> <li>Signed documents land back in your libraries.</li> </ul> <h2> 3. Prerequisites checklist </h2> <p>Before doing anything else, make sure these boxes are ticked:</p> <ul> <li> <strong>Azure subscription</strong> with a valid billing setup (credit card, CSP, etc.).</li> <li> <strong>Microsoft 365 tenant</strong> with SharePoint Online and OneDrive for Business.</li> <li> <strong>Office apps for Enterprise</strong> if you want the Word integration (desktop/web).</li> <li> <strong>External collaboration policy</strong> that allows guests, if you plan to have external signers.</li> </ul> <p>I strongly recommend doing the initial enablement in a <strong>test tenant</strong> or at least on a test site collection before you roll this out to everyone.</p> <h2> 4. Linking Microsoft 365 to Azure pay-as-you-go </h2> <p>The eSignature feature is part of the broader “pay-as-you-go services for Microsoft 365”. You need to link your M365 tenant to an Azure subscription so usage can be billed.</p> <p>High-level steps:</p> <ol> <li>Sign in to the Azure portal as a subscription owner.</li> <li>Verify that you have a subscription ready for pay-as-you-go services (or create one).</li> <li>Sign in to the <strong>Microsoft 365 admin center</strong> as a global admin.</li> <li>Navigate to the section for <strong>pay-as-you-go services</strong> (typically under Settings → Org settings → SharePoint / SharePoint Premium).</li> <li>Choose the Azure subscription you want to link to your M365 tenant for document processing.</li> </ol> <p>Once this link is in place, SharePoint/M365 can start using eSignature and other document processing features against that Azure subscription.</p> <h3> 4.1. Verifying with PowerShell (optional) </h3> <p>If you like to double-check settings via script, you can use the SharePoint Online Management Shell:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Connect to your tenant Connect-SPOService -Url https://&lt;your-tenant&gt;-admin.sharepoint.com # Check if SharePoint Premium is enabled (naming may vary by SKU) Get-SPOTenant | Select-Object IsSharePointPremiumEnabled # Enable SharePoint Premium if required Set-SPOTenant -IsSharePointPremiumEnabled $true </code></pre> </div> <p>Always cross-check the exact property names with the latest Microsoft documentation; they sometimes change between previews and GA.</p> <h2> 5. Guest access and sharing – don’t skip this </h2> <p>Because eSignature uses secure share links and M365 identities, external signers need to exist as guests and be allowed to sign in.</p> <p>Two places to review:</p> <h3> 5.1. External collaboration settings (Entra ID / Azure AD) </h3> <ul> <li>In the Entra ID portal, go to <strong>External identities → External collaboration settings</strong>.</li> <li>Confirm that guests are allowed.</li> <li>Check who is allowed to invite guests (admins only, members, specific roles).</li> <li>Review any domain allow/block lists – make sure you’re not blocking the domains you want to sign with.</li> </ul> <h3> 5.2. SharePoint / OneDrive sharing policies </h3> <ul> <li>In the SharePoint admin center, go to <strong>Policies → Sharing</strong>.</li> <li>For the tenant and for the specific sites you will use, ensure at least “Existing guests” or “New and existing guests” are allowed.</li> <li>You do not need anonymous links for eSignature, and I’d recommend keeping them off for sensitive libraries.</li> </ul> <p>Without this, sign requests to external people will fail in confusing ways (“link doesn’t work”, “I can’t access the document”). Better to align with your security team upfront.</p> <h2> 6. Enabling eSignature in the M365 admin experience </h2> <p>With billing and guest access ready, you can finally flip the actual feature switch.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo0wqos7rbc3abzb5kklt.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fo0wqos7rbc3abzb5kklt.png" alt="How to Enable Microsoft 365 eSignature in Your Tenant" width="800" height="385"></a></p> <ol> <li>In the Microsoft 365 admin center, go to the <strong>SharePoint admin center</strong>.</li> <li>Look for <strong>SharePoint Premium</strong> or content services settings.</li> <li>Find the section for <strong>eSignature</strong>.</li> <li>Enable eSignature for your tenant and confirm it can use the linked Azure subscription.</li> </ol> <p>If your organisation already uses Adobe Sign or DocuSign and you want to keep them in the loop:</p> <ul> <li>connect your Adobe/DocuSign tenant as a provider in the eSignature settings,</li> <li>grant the required API permissions so M365 can orchestrate sign requests via that provider.</li> </ul> <p>From a user’s perspective, they will see “Request signature” in M365; under the hood, the actual signature may still be processed by Adobe/DocuSign.</p> <h2> 7. Where users will see eSignature once it’s enabled </h2> <p>After the switches are on, you can validate the setup by looking in three places.</p> <h3> 7.1. SharePoint document libraries </h3> <ul> <li>Go to a test document library.</li> <li>Upload a sample Word/PDF file.</li> <li>Open the context menu or command bar → you should see an option like “Request eSignature” or similar.</li> </ul> <h3> 7.2. Word (desktop / web) </h3> <ul> <li>Open a document stored in SharePoint/OneDrive.</li> <li>Look for a “Sign” / “Request signatures” entry in the ribbon or File menu.</li> </ul> <p>Note: this may depend on your Office build and licensing; make sure you test with an account that has the right SKU.</p> <h3> 7.3. Power Automate </h3> <ul> <li>Open Power Automate and create a new flow.</li> <li>Search for eSignature-related actions or for your provider connector (Adobe Sign, DocuSign) if you integrated one.</li> <li>You should see actions to start a signing process, check status, etc.</li> </ul> <h2> 8. A minimal end-to-end flow to prove it works </h2> <p>Before you tell everyone “it’s live”, I’d build at least one simple end-to-end flow to prove the whole chain.</p> <p>Example:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Trigger: When a file is created in Library "Contracts/Pending" Action: Get file metadata Action: Start eSignature request (document = file, signers from a column or manual list) Action: Wait until eSignature status = Completed Action: Copy or move signed file to Library "Contracts/Signed" Action: Post message in Teams channel "Legal" with link to the signed file </code></pre> </div> <p>This doesn’t have to be your final production flow, but it gives you confidence that:</p> <ul> <li>billing works,</li> <li>guest access is configured correctly,</li> <li>and your users will actually see signed files where you expect them.</li> </ul> <h2> 9. Admin checklist before rolling out broadly </h2> <p>In tenant projects I like to ask a few questions before we roll eSignature out to everyone:</p> <ul> <li>Do we know which document types should use M365 eSignature and which stay on specialised providers?</li> <li>Have we defined who can request signatures and from which sites/libraries?</li> <li>Is guest access configured in line with our security policy?</li> <li>Do we have monitoring in place for Azure usage/costs for eSignature?</li> <li>Do we know how to quickly disable eSignature if something unexpected happens?</li> </ul> <p>Once those are answered, the technical enablement is straightforward – and you can point your colleagues to the previous article for the “why” and this one for the “how”.</p> m365 esignature administration howto Der Sascha Thu, 05 Mar 2026 07:27:35 +0000 https://dev.to/saschadev/electronic-signatures-in-microsoft-365-using-esignature-without-leaving-your-tenant-2h29 https://dev.to/saschadev/electronic-signatures-in-microsoft-365-using-esignature-without-leaving-your-tenant-2h29 <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2mgt2iyb8vynqx8cbzw2.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2F2mgt2iyb8vynqx8cbzw2.png" alt="Electronic Signatures in Microsoft 365: Using eSignature Without Leaving Your Tenant" width="800" height="533"></a></p> <p>Watching people in 2026 still print out Word documents, sign them by hand, scan them and send them back by email feels a bit surreal. We have video calls with AI live captions, but contracts still travel as PDFs that bounce between inboxes.</p> <p>For a long time the default answer was: “Just use DocuSign / Adobe Sign / whatever, upload the PDF and let people sign there.” That works. But it also means:</p> <ul> <li>another platform, another login,</li> <li>extra subscriptions just for signatures,</li> <li>and documents leaving your Microsoft 365 environment.</li> </ul> <p>Since late 2025, there’s another option that a lot of people seem to miss: <strong>Microsoft 365 eSignature</strong>. It lets you request and collect electronic signatures directly in M365 – and it can even sit on top of existing providers like Adobe Sign and DocuSign.</p> <p>In this post I’ll walk through:</p> <ul> <li>what M365 eSignature actually is,</li> <li>what you need to use it, and where the limits are,</li> <li>a simple, practical signing flow with Power Automate,</li> <li>and how I’d think about security and identity when you modernise your signing process.</li> </ul> <h2> What Microsoft 365 eSignature actually is </h2> <p>eSignature is a feature in the SharePoint Premium / Microsoft 365 ecosystem that lets you:</p> <ul> <li>request signatures,</li> <li>sign documents,</li> <li>and store the signed versions</li> </ul> <p><em>directly inside</em> Microsoft 365:</p> <ul> <li>SharePoint document libraries,</li> <li>OneDrive,</li> <li>and the desktop/web versions of Word (Enterprise).</li> </ul> <p>The core idea is simple:</p> <blockquote> <p>You shouldn’t have to upload your contract to a third-party website just to get a legally valid electronic signature.</p> </blockquote> <p>On top of that, if your company already uses <strong>Adobe Acrobat Sign</strong> or <strong>DocuSign</strong> , you don’t have to throw them away. M365 eSignature can use them as providers under the hood:</p> <ul> <li>users stay in the M365 UI,</li> <li>your existing eSignature provider still handles the actual signing workflow and compliance,</li> <li>and you avoid a tool zoo from the end-user perspective.</li> </ul> <h2> Requirements and the guest-account catch </h2> <p>The basic requirements to use eSignature are:</p> <ul> <li>an <strong>Azure subscription with billing enabled</strong> (pay-as-you-go for document processing),</li> <li>Enterprise Office apps if you want to start signing directly from Word.</li> </ul> <p>Pricing is usage-based; you pay per document/signature transaction. Microsoft has a dedicated pricing page for that on Learn.</p> <p>There’s one important catch that the docs sometimes mention only briefly:</p> <blockquote> <p>People who sign via M365 eSignature need to be <strong>users or guests</strong> in your tenant.</p> </blockquote> <p>In other words:</p> <ul> <li>Internal staff: no issue, they’re already in Azure AD / Entra ID.</li> <li>External signers: need a guest account (B2B) to access the document and sign it.</li> </ul> <p>For some organisations that’s totally fine – they already collaborate with partners via guests in Teams/SharePoint. For others, guest access is tightly locked down or historically disabled, so this becomes an organisational and security conversation before it becomes a technical one.</p> <h2> A simple signing flow in M365 </h2> <p>Let’s look at a practical scenario:</p> <blockquote> <p>“We have a contract as a Word document in SharePoint. We want it signed by one or more people. Once it’s signed, it should live in a ‘Signed Contracts’ library and relevant people should be notified.”</p> </blockquote> <p>On a high level, the flow looks like this:</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpbnqneam2tomcffzo9ps.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fpbnqneam2tomcffzo9ps.png" alt="Electronic Signatures in Microsoft 365: Using eSignature Without Leaving Your Tenant" width="800" height="41"></a></p> <h3> Option 1: start directly from Word / SharePoint </h3> <p>This is the simplest option:</p> <ul> <li>Author saves the document in a specific SharePoint library.</li> <li>In the UI, they choose something like “Request eSignature”.</li> <li>They select signers (internal users and/or guests).</li> <li>M365 eSignature sends out the sign requests and tracks completion.</li> </ul> <p>The final signed document ends up back in the same place (or a configured destination), with an audit trail.</p> <h3> Option 2: embed it into a Power Automate process </h3> <p>If you want to treat signing as just one step in a longer business process, Power Automate is the natural place to glue things together.</p> <p>Very simplified:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>Trigger: When a file is created or modified in Library "Contracts" Action: Get file metadata Action: Start eSignature request (document = file, signers = metadata.Signers) Action: Wait for eSignature status = Completed Action: Copy signed document to Library "Signed Contracts" Action: Post message in Teams channel "Legal" with link to signed file </code></pre> </div> <p>Depending on your license and the eSignature provider you use (native M365 vs. Adobe/DocuSign connector), the exact actions differ, but the pattern stays the same: document in, signature request out, signed document back in, plus notifications.</p> <h2> Identity and security: who may see and sign what? </h2> <p>As soon as signatures are involved, identity and security move to the front of the stage.</p> <p>A few principles I keep in mind:</p> <h3> 1. Signatures are only as strong as your identity </h3> <p>The value of an electronic signature depends on:</p> <ul> <li>how strong the identity verification is,</li> <li>how good your audit trail is (who signed what, when, from where),</li> <li>and whether you can show that the document didn’t change after signing.</li> </ul> <p>Using M365 identities – including guests – is not a workaround, it’s part of that chain of trust. If you’re serious about compliance, you want signers to be tied to proper identities, not anonymous links.</p> <h3> 2. “Can see” and “can sign” are different roles </h3> <p>Someone being allowed to view a file in SharePoint doesn’t automatically mean they should be allowed to sign it.</p> <p>In practice it helps to distinguish:</p> <ul> <li>readers (can view the document),</li> <li>approvers (can give internal approval, e.g. via Power Automate approvals),</li> <li>signers (can legally sign the document).</li> </ul> <p>When you design your libraries and flows, it’s worth taking five minutes to map these roles to groups/permissions instead of letting “whoever can open the file” also be in the signer list.</p> <h3> 3. Don’t build God-mode Flows </h3> <p>There’s a similar anti-pattern here as with Copilot connectors: using a single service account that can see and sign everything.</p> <p>Where possible:</p> <ul> <li>use dedicated service identities with scoped permissions (e.g. only certain libraries),</li> <li>avoid giving Flows blanket rights to every contract library in the organisation,</li> <li>log who requested a signature for which document and which signers were added.</li> </ul> <p>It’s very easy to accidentally turn “streamlined signing” into “anyone with access to the Flow can make anyone sign anything”. You want to avoid that.</p> <h2> How this fits with external providers like Adobe/DocuSign </h2> <p>In a lot of organisations, Adobe Acrobat Sign or DocuSign are already in place for critical contracts, with legal and procurement being comfortable with their processes.</p> <p>In that case, I wouldn’t see M365 eSignature as a replacement so much as a new front door:</p> <ul> <li>make the user experience more consistent (requests from SharePoint/Word instead of from a separate portal),</li> <li>keep signed docs in your existing SharePoint structures,</li> <li>and let Adobe/DocuSign continue doing what they’re already doing well in the background.</li> </ul> <p>For “lighter” internal documents, you might decide the native M365 eSignature path is enough. For high-stakes, high-risk contracts, you keep the dedicated provider and just surface it through M365.</p> <h2> A quick note on legal aspects </h2> <p>I’m not a lawyer, so this is not legal advice. But roughly:</p> <ul> <li>Electronic signatures are recognised in many jurisdictions, with different levels (simple, advanced, qualified).</li> <li>Which level you need depends on the type of document and local regulations.</li> <li>Large providers (including Microsoft + integrated partners) typically have detailed guidance on which of their options meet which legal standards.</li> </ul> <p>The practical takeaway for me:</p> <ul> <li>don’t over-engineer simple internal approvals – eSignature is often good enough there,</li> <li>for critical, regulated use cases, involve Legal and stay on the supported path of your chosen provider.</li> </ul> <h2> My take: where M365 eSignature makes sense </h2> <p>For me, Microsoft 365 eSignature is most interesting in three situations:</p> <ol> <li> <strong>Internal agreements and routine contracts</strong> Stuff like NDAs, internal approvals, standard vendor contracts, where the main pain is the ping-pong of PDFs and email.</li> <li> <strong>Teams that already live in M365</strong> If your users spend most of their day in Teams, SharePoint and Outlook, keeping the signing flow in that world removes friction.</li> <li> <strong>Organisations with a mix of needs</strong> You can use native eSignature for “lightweight” cases and still integrate your heavyweight provider for the contracts that really matter.</li> </ol> <p>The main thing I’d keep in mind is the same theme that came up in my Copilot posts: identity and security are not an afterthought.</p> <p>If you take the time to:</p> <ul> <li>clean up who is allowed to see and sign what,</li> <li>design your libraries and Flows with clear roles,</li> <li>and avoid god-mode service accounts,</li> </ul> <p>then M365 eSignature can turn a surprisingly stubborn part of your process – “print, sign, scan” – into something that finally fits the rest of your digital workspace.</p> m365 esignature sharepoint powerautomate