Canonical Technical Recommendations

Deploying your RFQ workflow on the native Microsoft stack (client-facing)

0) Purpose

This document translates what we proved in the MVP pilot into actionable guidance for deploying a production-ready RFQ workflow inside your Microsoft tenant—without revisiting prototype internals. It is grounded in the workshop materials, operating playbooks, and research you reviewed with us.

---

1) What “good” looks like for your team

• A single source of truth: a curated, auditable Compliance Matrix produced from the RFQ set with verbatim citations (doc name, page/section) and human approval.

• Risk surfaced early: automatic High-Risk flags using your known keywords, so experts spend time on the 20% of items that create 80% of risk.

• Two operating modes on real work: (1) Upfront Collaborator before you draft the quote; (2) Quality Auditor after you draft, to check gaps.

• Trust by design: process is encoded; project data is attached at runtime (“decouple logic from data”), enabling repeatability across RFQs.

---

2) Architectural principles you should insist on

1. Decouple logic from data: your agents know the process, not any one RFQ; you attach RFQ files each run.

2. Structured outputs: every step emits strict JSON so the next step can consume it deterministically.

3. Citations are mandatory for all requirement text and every compliance/deviation assertion.

4. Operator-in-the-loop gates: humans confirm anchors, curate the compliance matrix, and approve deviations before packaging.

---

3) Microsoft-native reference architecture (what to stand up)

A. Agent roles & chaining (Copilot Studio)

• Use role-specialized agents mirroring CF00→CF04 (manifest, triage, requirements, deviation, handoff). Store JSON action contracts in each role’s instructions to keep outputs machine-readable.

• Sequential chaining: apply Copilot Studio’s generative orchestration and variables for state passing; use Power Automate where you need approvals, retries, or branching.

B. Grounding on your RFQ package (SharePoint/OneDrive + Knowledge Sources)

• Ground agents on a bounded corpus: your SharePoint/OneDrive locations for the RFQ set, respecting existing permissions.

• Where appropriate, pair Copilot Studio Knowledge Sources with the Retrieval API (preview) for snippet-level retrieval scoped to tenant boundaries.

C. Artifacts & handoffs (Copilot Pages/Loop + SharePoint)

• Persist named outputs as Copilot Pages (.loop) or Loop components for collaboration; store larger handoff files in SharePoint with links referenced by agents.

• Map artifacts to steps: Compliance Matrix (CF02), Deviation Library (CF03), Internal Handoff + Client Packet (CF04).

D. Human gates & collaboration (Teams + Approvals + Adaptive content)

• Present pause-and-approve checkpoints (e.g., “approve extracted requirements” or “approve deviations”) via Teams with Approvals; keep edits synchronized back to the artifact.

---

4) Tenant-readiness checklist (IT actions before build)

1. Licensing: assign Microsoft Copilot Studio to builders; Copilot for M365 alone is for using, not building/chaining.

2. Knowledge uploads: enable file uploads as agent knowledge for designated builders.

3. File policies: allow .json and .md; teams relied on TXT workarounds during the workshop due to blocks—remove those.

4. File limits: raise max files per interaction (recommend ≥20) to accommodate full RFQ sets.

5. Data analysis: turn on Code Interpreter for licensed users to ensure robust file reading/analysis.

---

5) Role design (who does what)

• Operator (Proposals Engineer)—curates anchors, validates extracted requirements, and signs off deviations in a clean table-based UI before packaging.

• Orchestrator (Project Orchestrator)—monitors chain timing and approvals, smoothing the historic “black-hole” delays.

• Executive Sponsor—reviews risk dashboard to eliminate “buried time bombs” pre-award.

• Chief Strategist/Final Arbiter—responsible for discipline and standards; the agents handle toil, humans decide.

---

6) Build sequence (how to start, safely)

Phase 1 — Foundation (2–3 weeks of real RFQs)

• Stand up CF00→CF02 first: manifest → triage (RFQ-at-a-Glance + RFI) → requirements extraction with citations; run in the Upfront Collaborator mode on one live RFQ.

• Acceptance gate A: show a curated matrix with page/section citations and high-risk flags; record operator decisions.

Phase 2 — Decisions & deviations (add CF03)

• Introduce Deviation Engine with status proposals, draft deviations, and Past Deviations Library write-backs.

• Acceptance gate B: operator approves deviations; library accrues institutional memory.

Phase 3 — Packaging (add CF04)

• Generate internal handoff and client packet from validated artifacts; ensure links resolve to SharePoint sources.

Parallel orchestration hardening: use Copilot Studio variables/generative orchestration; layer Power Automate for approvals/retries where needed.

---

7) Quality, metrics, and operating reviews

Track these on each RFQ to prove value and improve the chain:

• Cycle time to first RFQ-at-a-Glance and to a validated compliance matrix.

• Coverage: % of enforceable requirements captured with citations; % of High-Risk items auto-flagged.

• Deviation throughput: time from status proposal → approved deviation → library write-back.

Run a short retro after each RFQ to add new “known critical keywords” and UI tweaks that increase trust.

---

8) Governance, security, and audit (what to turn on)

• Apply Purview retention specific to Copilot interactions; Copilot retention is distinct from Teams chat retention.

• Use DLP/IRM for all Copilot surfaces; access controls on SharePoint/Graph remain the boundary of exposure.

• Ensure aiInteractionHistory logging is enabled for auditability of prompts/responses.

• Note: Copilot Pages (.loop) are artifact-grade; involve Legal/Records for eDiscovery posture before broad rollout.

---

9) Known decision forks (validate early, then lock)

• Citation precision: your extraction steps expect page/section-level proof; validate the exact citation granularity delivered by your chosen grounding path (Knowledge Sources + Retrieval API + Connectors).

• Schema fidelity: require JSON-only outputs; test nested arrays/enums under long responses; treat any drift as a blocker before you automate the chain.

• Orchestration robustness: if agent-calls-agent is brittle, promote Power Automate for human gates and retries.

---

10) How to get started this quarter (minimal, real, reversible)

1. Enable the items in the Tenant-readiness checklist (Sec. 4).

2. Pick one live RFQ and run Phase 1 with Upfront Collaborator mode; measure the metrics in Sec. 7.

3. Hold a 30-min retro; add any missing high-risk keywords; adjust your JSON contracts where ambiguity appeared.

4. Advance to CF03/CF04 only after Acceptance gates A/B are met and governance controls are verified with Legal/IT.

---

Appendix: Why this aligns to your scenario

• It targets the exact 8-hour bottleneck and buried time bomb risks you identified, while preserving operator judgment.

• It reuses your agreed specialist chain, JSON contracts, and mandatory citations so you retain auditability as the scope grows.

• It fits the way your team wants to work now—Upfront Collaborator or Quality Auditor—and scales into automated handoffs once trust is earned.