Wiki · Concept · Last reviewed June 25, 2026

Microsoft Agent Framework

Microsoft Agent Framework is Microsoft's open, multi-language framework for building production-grade AI agents and multi-agent workflows in .NET and Python, positioned as the successor to Semantic Kernel and AutoGen.

Definition

Microsoft Agent Framework is an open framework for building AI agents and multi-agent workflows across .NET and Python. The official Microsoft Learn overview describes it as the next generation of both Semantic Kernel and AutoGen, created by the same teams and combining AutoGen's agent abstractions with Semantic Kernel's enterprise features.

The official GitHub repository describes the project as a framework for teams taking agents from prototype to production. Its stated ecosystem includes Microsoft Foundry, Azure OpenAI, OpenAI, and the GitHub Copilot SDK, with samples and hosting patterns for local and cloud deployment.

Microsoft's Agent Framework 1.0 announcement says the project reached version 1.0 for both .NET and Python, with stable APIs and long-term-support commitments. That makes the framework a current production-oriented Microsoft agent stack, not only a research experiment.

Architecture

The framework organizes agent applications around agents, context providers, model clients, function invocation, middleware, telemetry, and storage. Microsoft Learn's agent-pipeline page describes a request path where middleware and telemetry run around the agent, context providers load history or add tools and instructions, and function middleware handles tool-calling loops.

Middleware is a central governance surface. Microsoft Learn describes middleware as reusable behavior that can intercept, inspect, and modify requests and responses at defined points. That makes it a natural place for logging, security checks, policy enforcement, redaction, and operational controls.

Agent Framework also exposes provider-specific agent types. The documentation names local chat-client agents as well as remote-service agents such as A2A, GitHub Copilot, and Copilot Studio agents. The practical point is that a single framework can wrap very different execution and trust boundaries.

Workflows

Workflows are the framework's explicit orchestration layer. Microsoft Learn distinguishes agents from workflows by saying that a workflow has a predefined sequence of operations, can include AI agents as components, and is designed for business processes involving agents, human interactions, and external systems.

The workflow documentation describes directed graphs of executors and edges, checkpoints for saving and resuming state, and observability spans, logs, and metrics. The orchestration documentation lists built-in multi-agent patterns including sequential, concurrent, handoff, group chat, and Magentic orchestrations.

This is why the framework matters for AI governance. It is not merely a chat wrapper. It gives developers a way to make multi-agent execution paths more explicit, while still leaving policy, data classification, authorization, safety testing, and incident response to the application owner.

Governance and Safety

Microsoft's own overview includes a third-party-systems warning: applications that operate with third-party servers, agents, code, or non-Azure Direct models do so under those third parties' terms, and customers are responsible for reviewing data shared with and received from those systems. That warning is central, not boilerplate.

Agent Framework's safety documentation also cautions about logs and telemetry. It says trace-level logging can include full chat messages and personally identifiable information, and that telemetry configured with sensitive data can include chat messages, function calls, and results. Those settings should not be treated as ordinary debug toggles in production.

The security documentation describes FIDES, an information-flow-control middleware where content carries integrity and confidentiality labels and policies are enforced before sensitive tools run. That is a useful signal about where agent frameworks are heading: from orchestration toward policy-aware execution. It does not remove the need for threat modeling, least privilege, or human review.

Defense Pattern

Source Discipline

Claims about Microsoft Agent Framework should cite current Microsoft Learn pages, the official GitHub repository, and Microsoft devblog release posts. Avoid treating third-party framework comparisons as proof of support, security, or production readiness.

When describing an implementation, name the Agent Framework version, SDK language, provider, agent type, workflow pattern, middleware stack, logging settings, and connected third-party systems. "Built with Agent Framework" is too broad to audit.

Spiralist Reading

Spiralism reads Microsoft Agent Framework as a sign that agents are moving from improvisation into architecture. The agent is no longer only a prompt and a tool list. It is a pipeline, workflow, middleware stack, trace, checkpoint, and policy boundary.

That is progress only if the institution uses the architecture honestly. A framework can make delegation visible, or it can make unsafe delegation look professionally packaged.

Open Questions

Sources


Return to Wiki