# Microsoft 365 Education + Agentic OS Integration > Source: https://ibl.ai/resources/integrations/microsoft-365-agentic-os *Deploy institution-owned AI agents directly inside Microsoft 365 — Teams, SharePoint, OneDrive, and beyond — with zero vendor lock-in.* Microsoft 365 Education is already the productivity backbone for millions of students, faculty, and staff. With ibl.ai Agentic OS, you can extend that infrastructure with purpose-built AI agents that live inside your Microsoft environment — not outside it. Agentic OS connects to Microsoft 365 via secure APIs, enabling AI agents to surface inside Teams channels, SharePoint portals, and OneDrive workflows. Every agent is owned by your institution: the code, the data, and the infrastructure remain under your control. This integration is designed for institutions that want the power of AI without sacrificing compliance or autonomy. Agentic OS is FERPA, HIPAA, and SOC 2 compliant by design, making it a trusted layer on top of your existing Microsoft 365 Education tenant. ## Capabilities ### AI Agents Inside Microsoft Teams Deploy purpose-built AI agents directly into Teams channels and chats. Agents can answer student questions, support faculty workflows, and automate administrative tasks — all within the Teams interface students and staff already use. ### SharePoint-Powered Knowledge Retrieval Agents automatically index and retrieve content from SharePoint document libraries. Students and faculty get accurate, institution-specific answers grounded in your own course materials, policies, and resources. ### Role-Based Agent Access via Azure AD Leverage existing Azure AD groups and roles to control which agents are available to students, faculty, or staff. No separate identity management — agent permissions mirror your Microsoft 365 directory. ### OneDrive Workflow Automation Agents can read, process, and act on files stored in OneDrive for Education. Automate feedback on submissions, content summarization, and document routing without leaving the Microsoft ecosystem. ### Institution-Owned Agent Infrastructure Unlike Microsoft Copilot, Agentic OS agents run on your infrastructure. Your institution owns the agent code, training data, and outputs — ensuring full data sovereignty and zero vendor lock-in. ### FERPA-Compliant by Design All data exchanged between Microsoft 365 and Agentic OS stays within your institution's control boundary. Agentic OS is built for FERPA, HIPAA, and SOC 2 compliance from the ground up. ## Setup ### Step 1: Register Agentic OS in Azure Active Directory (~30 minutes) Create an Azure AD app registration for Agentic OS within your Microsoft 365 Education tenant. Grant the required Microsoft Graph API permissions for Teams, SharePoint, and OneDrive access. Requirements: - Microsoft 365 Education tenant with admin access - Azure AD Global Administrator or Application Administrator role - Microsoft Graph API permissions: Chat.ReadWrite, Files.Read.All, Sites.Read.All ### Step 2: Deploy Agentic OS on Institution Infrastructure (~2-4 hours) Provision the Agentic OS runtime on your institution's cloud or on-premises environment. Configure environment variables with your Azure AD tenant ID, client ID, and client secret. Requirements: - Institution-managed cloud environment (Azure, AWS, GCP, or on-prem) - Docker and Kubernetes support - ibl.ai Agentic OS license and deployment package ### Step 3: Configure Identity Sync with Azure AD (~1-2 hours) Enable SCIM provisioning or SAML 2.0 SSO between Azure AD and Agentic OS. Map Microsoft 365 user roles and groups to Agentic OS agent access policies. Requirements: - Azure AD SCIM endpoint configuration - Defined role mapping schema (student, faculty, staff, admin) - SAML 2.0 or OIDC metadata exchange ### Step 4: Index SharePoint Content into Agent Knowledge Bases (~1-3 hours) Connect SharePoint sites and document libraries to the Agentic OS Knowledge Indexer. Schedule batch ingestion jobs to keep agent knowledge bases current with institutional content. Requirements: - SharePoint site URLs and access permissions - Agentic OS Knowledge Indexer configured - Content governance policy review completed ### Step 5: Deploy AI Agents as Microsoft Teams Apps (~1-2 hours) Package and publish Agentic OS agents as custom Microsoft Teams applications via the Teams Admin Center. Assign agents to specific channels, courses, or user groups. Requirements: - Microsoft Teams Admin Center access - Agentic OS Teams app manifest - Teams app deployment policy configured for education users ### Step 6: Test, Monitor, and Iterate (~1-2 weeks (pilot period)) Run end-to-end tests with pilot users across Teams and SharePoint. Use Agentic OS dashboards to monitor agent performance, usage analytics, and compliance logs. Requirements: - Pilot user group identified - Agentic OS monitoring dashboard access - Feedback collection process established ## Technical Requirements **Microsoft 365 Environment:** - Microsoft 365 Education A1, A3, or A5 license - Azure Active Directory tenant with admin access - Microsoft Teams deployed for students and faculty - SharePoint Online enabled with relevant site collections - Microsoft Graph API access enabled for the tenant - Teams app sideloading or custom app publishing policy enabled **ibl.ai Agentic OS Infrastructure:** - ibl.ai Agentic OS license (contact ibl.ai for education pricing) - Institution-managed compute environment (cloud or on-premises) - Docker 20.x+ and Kubernetes 1.24+ support - Minimum 8 vCPU, 32GB RAM for base agent runtime - Outbound HTTPS access to Microsoft Graph API endpoints - SSL/TLS certificates for secure API communication **Security & Compliance:** - Azure AD app registration with least-privilege Graph API permissions - Data residency requirements reviewed and configured - FERPA data handling agreement with ibl.ai in place - Network security group rules permitting Graph API traffic - Audit logging enabled on both Microsoft 365 and Agentic OS sides ## FAQ **Q: How is ibl.ai Agentic OS different from Microsoft Copilot for Education?** Microsoft Copilot runs on Microsoft's infrastructure and is controlled by Microsoft. Agentic OS runs on your institution's own infrastructure — you own the agent code, data, and outputs. This means full data sovereignty, no vendor lock-in, and the ability to customize agents beyond what Copilot allows. **Q: Is this integration FERPA compliant?** Yes. Agentic OS is built FERPA-compliant by design. All student data processed through the Microsoft 365 integration stays within your institution's control boundary. ibl.ai provides a FERPA-compliant data handling agreement as part of the platform. **Q: Do students and faculty need to learn a new tool to use Agentic OS agents?** No. Agents are deployed directly inside Microsoft Teams as native apps. Students and faculty interact with them in the same Teams interface they already use daily — no new login, no new platform to learn. **Q: Can Agentic OS agents access all SharePoint content in our tenant?** Only the SharePoint sites and document libraries you explicitly grant access to during setup. Agentic OS follows least-privilege principles and uses scoped Microsoft Graph API permissions. Your IT team controls exactly what content agents can index. **Q: What happens to our data if we stop using ibl.ai?** Because Agentic OS runs on your infrastructure, all agent code, training data, knowledge bases, and interaction logs remain with your institution. There is no data held hostage by ibl.ai — zero vendor lock-in is a core design principle. **Q: Can we integrate Agentic OS with other systems alongside Microsoft 365?** Yes. Agentic OS is designed to integrate with existing institutional systems including Canvas, Blackboard, Banner, PeopleSoft, and more. Microsoft 365 is one integration layer — agents can pull context from multiple systems simultaneously. **Q: How long does it take to deploy the Microsoft 365 and Agentic OS integration?** A standard deployment takes 1-2 days for technical setup, followed by a 1-2 week pilot period. Timeline varies based on the number of agents deployed, SharePoint content volume, and your institution's IT review processes. **Q: What Microsoft 365 Education license tier is required for this integration?** The integration works with Microsoft 365 Education A1, A3, and A5 licenses. Microsoft Graph API access and Teams app deployment capabilities are available across all tiers, though some advanced Teams features require A3 or A5.