Your data never leaves your perimeter.
theywork365 agents run entirely inside your Microsoft 365 environment. Your data, your infrastructure, your control — with Microsoft's security guarantees on top.
Six principles we never compromise on.
Security isn't a feature we add on top — it's the foundation of how theywork365 agents are built.
-
Your data never leaves your perimeter
Every agent runs inside your Microsoft 365 tenant. No data is routed through external servers or third-party infrastructure. Your intellectual property stays yours.
-
Models hosted on Azure AI Foundry
All AI model inference happens on Azure AI Foundry — Microsoft's enterprise AI platform. Microsoft contractually guarantees your data is never used for model training.
-
Role-based access by design
Each agent sees only what the user interacting with it is authorized to see. Your existing Microsoft 365 permission model is fully respected — no overrides, no bypasses.
-
No shadow AI
Agents built on our platform are governed, monitored, and controlled by IT. We eliminate the risk of employees using unsanctioned AI tools that bypass your security policies.
-
Full audit trail
Every agent action is logged. You can see what the agent did, what data it accessed, and when — through your governance dashboard or directly in your Azure logs.
-
Continuous model updates, safely
When AI models are updated, we test the new version against your agent's agreed metrics before deploying. No surprise behavior changes in production.
Built on Microsoft's enterprise security infrastructure.
Every layer of the stack uses tools your IT team already knows, audits, and controls.
-
Identity & Access
Microsoft Entra ID
All authentication uses your existing Entra ID tenant. Agents inherit your MFA and conditional access policies.
-
Agent Runtime
Copilot Studio
Agents run natively inside Copilot Studio within your M365 tenant. No external agent hosting.
-
AI Model Hosting
Azure AI Foundry
Model inference happens on Azure AI Foundry. Microsoft's data processing addendum applies — your data is not used for training.
-
Data Access
MCP Servers
Secure Model Context Protocol servers expose your data to agents. Each server enforces the same RBAC as your underlying systems.
-
Knowledge Base
SharePoint & Teams
Agents access knowledge through native M365 connectors. Documents stay in SharePoint; agents read through Microsoft Graph.
-
Monitoring
Governance Dashboard
All agent activity is tracked in your governance dashboard. Usage, actions, and anomalies are visible to your IT team in real time.
Designed for regulated industries.
theywork365 agents inherit Microsoft's compliance certifications. If your M365 tenant is compliant, your agents are too.
- GDPR-compliant by architecture — data remains in your EU Azure region
- Microsoft's data processing addendum covers all AI model usage
- No data sharing with any third party outside your M365 tenant
- Full compatibility with ISO 27001 and SOC 2 environments
- Supports data residency requirements for regulated industries
- Shadow AI governance included from Enterprise tier
Everything inside your perimeter.
The diagram below shows how data flows between your systems and your agents — all within your Microsoft 365 boundary.
Your Microsoft 365 Tenant
Your data
SharePoint, Teams, ERP, CRM
Azure AI Foundry
AI model inference
AI Agent
Governed, monitored, logged
Your team
Teams, email, web — via M365
Zero data exits the dashed boundary — Microsoft's contractual guarantee
Ready to run AI inside your perimeter?
Talk to our team about your security requirements and we'll walk you through the architecture.