How to deploy M365 Agents SDK + Copilot Studio (Custom Engine) with Semantic Kernel backend over Private Link?

[hardik-id]

I’ve been able to deploy a chatbot using M365 Agents SDK, where my backend agent is written in Semantic Kernel. I expose that backend to Copilot Studio (Custom Engine) and use Copilot Studio as the UI layer and Azure Bot Service as an intermediate layer.

Now I want to take this one step further:
👉 Put the entire setup into a private network so that the agent and backend communicate only through Azure Private Link, with no public ingress.

Current setup:
• UI: Copilot Studio (Custom Engine)
• Agent runtime: M365 Agents SDK using Azure Bot Service
• Backend service: Semantic Kernel (AKS / Container Apps – flexible here)

Goal:
• Ensure communication between Copilot Studio, M365 Agent, and backend happens only over Private Link
• Configure Private DNS for resolution
• Ideally support Managed Identity or OBO flow for authentication

What I’m looking for:
1. Any reference architecture diagram for this pattern
2. A demo repository or sample project that provisions Private Endpoints, Private DNS zones, and handles the networking + auth
3. Guidance on the recommended approach for making Copilot Studio ↔ private backend communication work seamlessly

In a nutshell, two things:

1. Agents on Copilot Studio can communicate with the Bot Service over a private link
2. Bot Service to be able to communicate with the backend Agent on K8S over a private link

[nicholasdbrady]

Hey @hardik-id!

Thank you for your thoughtful and detailed question about securely connecting Copilot Studio, M365 Agents SDK, and Semantic Kernel backends using Azure Private Link and related networking features. It’s clear you’ve put a lot of effort into architecting a highly secure and
modern solution.

While your use case is important, I wanted to share that the focus of the Azure AI Foundry project (and this discussion forum) is a bit more targeted—specifically around enabling open-source, composable AI systems and frameworks within the Foundry ecosystem. Deep-dive
topics such as configuring M365 Copilot Studio, Bot Service private endpoints, and strict network isolation across managed services go somewhat beyond the current support boundaries of the Foundry team.

That said, your scenario is absolutely common across enterprise Azure solutions. Here are a few support options that might better match your needs:

• Azure Private Link & Networking: Azure Private Endpoint Overview
• Reference Architectures: Secure private web app with Azure Private Link
• Product-Specific Guidance: For Copilot Studio and Bot Service, consider the respective Microsoft documentation, product community forums, or Stack Overflow.
• Microsoft Enterprise Support: If you have a Premier or Unified support plan, submitting a support request may connect you with architectural specialists for confidential and tailored advice.

We truly appreciate your interest in building secure and scalable AI solutions! If you’re interested in exploring how Azure AI Foundry could help you compose and deploy advanced AI workloads (with strong governance, flexibility, and even experimental prototypes), I’d love
to learn more. Foundry focuses on composability, security, and enterprise-grade workflows, and we’re always happy to brainstorm architectural patterns that might align.

This community can share examples about securing workloads with Foundry or help explore ways your agent-backend model might integrate with Foundry approaches.

Thanks again for reaching out! If you find the above pointers helpful, please mark this answer as accepted. And if you’d like to pivot the conversation toward solving aspects of your scenario with Foundry, we're delighted continue the discussion!

Warm regards,
@nicholasdbrady