MCP & Semantic Kernel AI Agents: Building IT Ops Automation That Actually Takes Action

(00:00:00) Transforming AI from Talker to Worker (00:00:40) The Shift from Q&A to Action (00:01:50) The Three Ingredients of AI Orchestration (00:04:30) The Six Parts of a Capable IT OPS Agent (00:10:08) Microsoft Stack: The Containment Field (00:16:45) Blueprint I: SK Planner + Graph via MCP (00:22:32) Blueprint II: Azure Open AI Tool Calling with Managed Identity (00:27:40) Blueprint III: Incident Autoremediation and IT OPS (00:35:28) The Power of Guardrails and Responsibility (00:41:48) Key Takeaways and Future Directions In this episode of M365.fm, Mirko Peters shows how to turn AI from chatty assistant into a disciplined IT Operations agent that plans, executes, verifies, and stays inside governance—from Semantic Kernel and MCP to Azure OpenAI with Managed Identity.WHAT YOU WILL LEARNWhy “chatbots that give advice” are wasting your AI potential compared to agents that actually actHow to move from Q&A loops to a closed‑loop cycle: Intention → Plan → Tool Use → Result → Self‑Check → Next StepHow real SRE teams wire agents to handle incidents end‑to‑end before a human even wakes upHow MCP exposes tools like Microsoft Graph, Intune, App Insights, and internal APIs in a standard, discoverable wayHow Semantic Kernel turns those tools into orchestrated plans with sequential, parallel, and graph‑shaped tasksHow Azure OpenAI with Managed Identity keeps credentials out of prompts and enforces RBAC at the tool boundaryHow to design stable “agent molecules” with persona, memory, planner, tools, policy, and verifier working togetherTHE CORE INSIGHTMost AI projects stall at “better answers.” The real value appears when agents are allowed to do work in a closed loop with tools, checks, and guardrails.MCP makes your tools visible, Semantic Kernel orchestrates the plan, Azure OpenAI reasons about steps, and Managed Identity constrains what’s actually allowed.Instead of magic prompts, you get small, testable workflows where every action is logged, validated, and reversible.This episode argues that serious AI in Microsoft shops is not about smarter chat—it is about building verifiable, identity‑bound agents that behave like cautious SREs.WHY MCP + SEMANTIC KERNEL + MANAGED IDENTITY WORKMCP standardizes tool exposure so Graph, Intune, Service Health, and internal services describe themselves via schemas—not ad‑hoc pluginsSemantic Kernel wraps MCP tools as functions, builds JSON payloads, and handles planning across multiple steps and branchesAzure OpenAI uses tool‑calling while Managed Identity decides what each tool is actually allowed to doHigh‑risk actions (rollback, redeploy, bulk changes) require explicit approvals encoded in tools, not “pretty please” in promptsAudit envelopes and telemetry turn every tool call into evidence you can review, replay, or red‑teamKEY TAKEAWAYSAgents need six parts to stay predictable: persona, memory, planner, tools, policy, and verifierStart with narrow, high‑value flows like post‑deployment incident handling or password reset automationPut power in tools and identity scopes, not in giant prompts and hidden capabilitiesMeasure success in MTTR reduction, ticket deflection, burnout reduction, and audit quality—not just “AI usage”Treat safety as physics: split Managed Identities, hard schemas, approval tokens, immutable logs, and scope‑drift monitoringWHO THIS EPISODE IS FORThis episode is ideal for SREs, platform engineers, IT operations teams, and cloud architects who want AI to fix real incidents, not just summarize them.If you’re under pressure to “use AI” but worried about production safety, this conversation gives you a blueprint for governed, observable, and identity‑bound IT Ops agents on the Microsoft stack.TOPICS COVEREDFrom chatbots to acting agents in IT OperationsMCP as the standard wiring for tools across Graph, Intune, App Insights, and internal APIsSemantic Kernel planning patterns and the six‑part agent moleculeAzure OpenAI tool‑calling with Managed Identity for safe executionBlueprints for auto‑remediation, password reset, and post‑deploy incident handlingGuardrails: approvals, identity splits, logging, red‑teaming, and model rotation strategiesABOUT THE HOSTMirko Peters is a Microsoft 365 consultant and digital workplace architect focused on building safe, observable automation on the Microsoft cloud.Through M365.fm, Mirko shares blueprints, governance patterns, and real‑world stories that help IT and SRE teams turn AI agents into reliable colleagues instead of new risk surfacesBecome a supporter of this podcast: https://www.spreaker.com/podcast/m365-fm-modern-work-security-and-productivity-with-microsoft-365--6704921/support.