The RFP Reflex Is Killing Projects You Already Funded

Watch what happens to a small engagement. A $35k pilot that should start next week becomes a competitive solicitation that starts next fiscal year — if it survives the budget cycle. By the time the award lands, the requirement has drifted, the champion has moved on, and the momentum is dead. Nobody decided to kill the project. The process did it on autopilot.

The frustrating part: for a lot of focused IT work, that solicitation was never required.

What Direct Buy Actually Lets You Do

Washington’s Direct Buy authority (DES policy DES-125-03, under RCW 39.26.125(3)) lets agencies operating under delegated authority buy goods and services without a competitive solicitation, up to set thresholds. The structure is three tiers:

• Level 1 — under $40,000: any qualified vendor, no competitive solicitation.
• Level 2 — under $50,000: when the vendor is a Washington small business (RCW 39.26.010(22)) or a certified veteran-owned business (RCW 43.60A.010(7)).
• Level 3 — up to $100,000: when you invite quotes from at least three Washington small and/or veteran-owned businesses and meet the documentation and reporting requirements.

No WEBS advertising required. No protest process. The small-business and veteran-owned tiers aren’t a courtesy — they’re the rule rewarding you for hitting the supplier-diversity targets you already carry. A qualifying small business on the other side of the table raises your no-solicitation ceiling and opens the $100k lane.

The Catch You Don’t Get to Skip

Direct Buy skips the solicitation. It does not skip OCIO Policy #121. Every IT-related procurement — regardless of dollar amount — carries security and liability impact, and it still needs OCIO coordination and the approvals that come with it. Direct Buy gets you to a signed contract fast; #121 governance is exactly as real as it was before. Anyone telling you otherwise is selling you an audit finding.

Two more rules worth internalizing: use existing master or approved cooperative contracts where they fit, and never split a $90k project into three $30k purchase orders to slide under a threshold. Bundling-to-evade is the one thing the policy explicitly prohibits, and repetitive same-type purchases aggregate across the fiscal year. It’s also the first pattern an audit flags.

Where This Lands for Real Work

Most scoped engineering engagements live comfortably inside these thresholds. A citation-bound Copilot Studio agent for a policy or personnel knowledge base. A Power Automate workflow that reclaims unused M365 licenses through contextual inference. A statutory-retention records-classification build using a local model and embeddings. These are weeks of focused work, not multi-year integrator contracts — and they fit a Direct Buy. You can have an engineer scoping the actual problem in the time it would’ve taken to draft the evaluation criteria for the RFP.

Who’s on the Other End

Puget Sound AI is a veteran-owned small business out of Puyallup — SAM-active, NAICS 541512 / 611420, VOSB with certification in progress. Solo by design: the person who scopes the work is the person who builds it and the person who documents it for your staff. No account manager, no bench to keep billable, no slide deck I’ll invoice you for. Solutions are architected to operate inside Microsoft’s FedRAMP-authorized GCC (Government Community Cloud) boundary and aligned to CMMC / NIST 800-171 control objectives. Governed and audit-ready, moving at the speed of the problem instead of the speed of the procurement queue.

If you’ve got a project sitting in the RFP queue that could have shipped last quarter, let’s talk.

Microsoft’s Work IQ API is in public preview, and it introduces Agent-to-Agent communication, A2A, to the intelligence layer behind Copilot. This is worth understanding before it shows up in your tenant, because the governance work has to come first, not after.

What A2A Actually Changes

A traditional integration calls an API, gets a response, and parses it. A2A is different: agents communicate as peers. One agent can delegate a task to another agent, in natural language, and receive an answer grounded in real work context. Work IQ is the intelligence layer behind Microsoft 365 Copilot; an agent can hand it a task like “summarize the recent thread on this case,” and Work IQ reasons over the user’s emails, meetings, files, and chats to answer, honoring that user’s permissions and sensitivity labels the whole way through.

The shift is from one agent that does one thing to a network of specialized agents that delegate to each other using shared organizational context. A2A is an open standard, now at a stable v1.0, with signed agent identity and multi-tenancy built for exactly this kind of regulated, multi-party use.

Why GCC Orgs Have to Govern This First

Here is the part the launch posts skip. Work IQ and A2A are in commercial-cloud public preview right now. They are not yet generally available in GCC, and preview features carry no service-level agreement and are not built for production. That gap is not bad news; it is your window. You have time to set the rules before the capability lands in your tenant, which is the opposite of how most AI features arrive.

The reason this matters more in government than anywhere else: when an HR agent delegates to a records agent, which delegates to a legal agent, the data crossing those boundaries is regulated. Each handoff is a place where a permission could be over-honored, a sensitivity label could be ignored, or a record could be created that nobody meant to create. In a commercial company that is a privacy headache. In a government tenant it is a public-records and statutory-retention problem with legal weight.

What a Compliant Multi-Agent Pattern Looks Like

Take a real-shaped government workflow: an employee misconduct review that touches HR, records, and legal. A naive design lets one orchestrator agent reach into all three domains directly. A governed design does not.

In a compliant pattern, every delegation runs on-behalf-of a specific signed-in user, so each agent only ever sees what that user could see; no agent inherits broader rights by being a machine. Sensitivity labels and DLP travel with the data across every handoff, not just at the edge. Each agent has a narrow, declared capability, an agent card that says what it is allowed to do, rather than a general-purpose mandate. And every delegation is logged, so the chain of “which agent asked which agent for what, on whose behalf” is auditable after the fact. Retention-bearing actions, anything that creates or classifies a record, stay with a human in the loop until you have proven the agent behaves.

The architecture that survives a real government environment is boring on purpose: least-privilege identity per agent, labels and DLP enforced end to end, narrow capabilities, full audit logging, and humans gating the irreversible steps. Commercial multi-agent demos skip all of that because they can. You cannot.

The Move To Make Now

You do not need to deploy A2A this quarter. You need to decide, before it reaches GCC, what your rules are: which agents may delegate, on whose authority, with what logging, and where a human stays in the loop. Write that down while the stakes are still theoretical. The orgs that govern multi-agent patterns before they sprawl will adopt safely; the ones that wait will spend next year untangling agents that talked to each other in ways nobody approved.

Who’s Behind This

I’m Jacob, the engineer behind Puget Sound AI, a veteran-owned small business that architects AI agents and automation for government GCC environments, compliance-first, aligned to CMMC and NIST 800-171 control objectives from day one. If your governance team wants a multi-agent pattern written down before the capability arrives, that is the kind of work I do directly, no integrator overhead. Let’s talk.

That’s not a discipline problem. It’s a design outcome, and right now it’s the single biggest unmanaged data-exposure path in government IT.

The Shadow AI Numbers Are Worse Than the Anecdote

This stopped being a hunch a while ago. The 2026 Verizon Data Breach Investigations Report now lists shadow AI as the third most common non-malicious insider action showing up in data-loss tooling, roughly four times what it was a year earlier. Netskope’s 2026 reporting puts close to half of all workplace AI use on personal accounts with no enterprise agreement behind them, and the average organization pushing more than eight gigabytes a month into AI apps, across more than fifteen hundred distinct services. A year before, that number was around three hundred.

Microsoft’s own threat intelligence says nearly three-quarters of organizations have detected unsanctioned AI use, and under a third can actually monitor or block it. Gartner expects more than forty percent of enterprises to hit a security or compliance incident from unauthorized AI by 2030.

The motive in almost every case is boring. It’s convenience. The same instinct that makes someone email a document to a personal account to keep working from home now makes them drop a draft memo into a consumer model to summarize it before a meeting. Nobody’s trying to leak anything. They’re trying to go home on time.

Why GCC Makes the Pull Toward Consumer AI Stronger

Here’s the part specific to your world. In Government Community Cloud (GCC), the sanctioned tool is deliberately constrained. Web grounding is off by default. The model floor lags the commercial one. Certain connectors and grounding options aren’t on the menu at all. Those constraints exist for good reasons; they protect Controlled Unclassified Information (CUI) and keep you inside the compliance boundary.

But constraint without enablement has a predictable side effect. Your staff feel the difference between the governed tool, which feels slow and limited, and the consumer tool in their pocket, which feels instant and unlimited. The wider that gap feels, the more traffic routes around your boundary entirely. So the same controls that keep your sanctioned AI safe are quietly pushing the risky usage somewhere you can’t see, log, or audit. You didn’t eliminate the exposure. You relocated it to a place with no DLP and a retention policy you never agreed to.

Why Banning ChatGPT Doesn’t Work

The reflex is to block the consumer domains and send a sternly worded acceptable-use email. Samsung tried the hard version of that after engineers pasted source code into ChatGPT; they banned it, then quietly reversed course and built a governed internal option instead, because the ban didn’t change the behavior, it just drove it further underground.

Every serious analysis lands in the same place: governance has to happen at the data layer, and the first move is giving people a sanctioned path that’s actually good enough to use. People will use AI either way. The only decision you control is whether they use it through infrastructure that enforces your policy and keeps a log, or through a personal account on infrastructure you’ve never reviewed.

For a regulated agency, the gap between those two options isn’t a productivity footnote. It’s the difference between an audit-ready system and a public-records or CUI incident with your name on the after-action report.

The Fix Is Governed AI Plus Training

You close the convenience gap two ways at once. You make the governed tool genuinely capable, and you teach people to reach for it first.

That means building a Copilot Studio agent inside the boundary that’s grounded only in your approved sources and citation-bound, so it answers the question your staff are currently taking to ChatGPT and shows where the answer came from. It means a Power Automate flow that does the repetitive thing people are tempted to outsource, while respecting your DLP policy instead of tripping it. And it means sitting your staff down, on your licenses, in your tenant, and showing them what the sanctioned tool can actually do, so the consumer version stops being the path of least resistance.

That last part is the whole game. A capable governed tool that nobody knows how to drive loses to a consumer tool everybody already knows. Training is what flips that. You can see what that workshop covers on the Copilot and Power Platform training for government page.

Who Delivers It

When this comes from a large integrator, the person teaching your staff is usually two layers removed from anyone who has built an agent inside a real government boundary. With me, the engineer who builds GCC AI and automation systems is the person standing at the front of your room. U.S. Navy veteran, M365 and AI engineer, veteran-owned small business (VOSB; SBA VetCert in progress).

Everything I teach is architected to operate within Microsoft’s FedRAMP-authorized GCC boundary and aligned to CMMC and NIST 800-171 control objectives. No account manager, no junior handoff, no slide deck I invoice you for and disappear.

Frequently Asked Questions

What is shadow AI?

Shadow AI is the use of AI tools that an organization hasn’t sanctioned or can’t see, most often staff using consumer ChatGPT, Gemini, or Claude through personal accounts on personal devices. The data goes to infrastructure the organization has never reviewed and can’t audit.

Is shadow AI a real problem in government and GCC?

Yes. Because the sanctioned GCC tool is deliberately constrained, the gap between it and consumer AI feels larger, which pushes more usage onto personal accounts. That can move CUI and other sensitive data outside your compliance boundary entirely, where there’s no DLP and no audit trail.

Does blocking ChatGPT stop shadow AI?

Rarely. Bans tend to drive the behavior underground onto personal devices rather than ending it. The pattern across organizations, including Samsung, is that a ban gets reversed in favor of a governed internal option. The durable fix is a sanctioned tool good enough that people choose it.

How do you stop staff from using consumer AI with sensitive data?

Make the governed tool capable and train people to use it. A citation-bound Copilot Studio agent inside the GCC boundary, plus DLP-respecting automation and hands-on staff training, closes the convenience gap that drives people to consumer tools in the first place.

Find Out Where Your Tenant Actually Stands

You almost certainly have shadow AI happening right now. The question is how much, where, and how far outside your boundary it’s running. A short scoping conversation gets you a real read on the exposure and a clear path to a sanctioned tool people will actually choose.

If that’s worth a half hour, book a GCC AI scoping call.

That is a bigger deal than the announcement made it sound. Let me explain what it actually does, where it stops, and why it is the right first move for teams tired of waiting.

What Agent Builder Actually Is

Agent Builder lives inside Microsoft 365 Copilot. You type a description of the job; it packages your instructions, prompts, and chosen knowledge sources into a reusable declarative agent. Point it at SharePoint, Teams, Outlook, or a Microsoft 365 connector, and it answers in a way that respects the permissions the user already has. Nobody sees data they could not already open. In GCC you can also upload files as knowledge and govern who is allowed to share the agents people create.

The honest pitch: this is the ten-minute FAQ agent, the onboarding guide, the “where is the policy on X” assistant. Narrow scope, fast build, real value. An onboarding agent that connects to your HR SharePoint and answers new-hire questions is a single afternoon, not a project plan.

Where It Stops

Agent Builder is deliberately simple, and simple has edges. There are no multi-step workflows, no custom connectors, no approval logic, no automated actions that write back to a system. It answers questions grounded in content; it does not run a process. If you need an agent to open a ticket, route an approval, or call PowerShell against your tenant, you have outgrown the tool.

That is not a flaw. It is the line between a knowledge agent and an automation. Knowing which side of that line your idea falls on is most of the battle.

Agent Builder Versus Full Copilot Studio

Think of them as the same kitchen at two different sizes. Agent Builder is the countertop: fast, no setup, anyone can use it. Full Copilot Studio is the full build-out, with workflows, custom connectors, topics, channels, and the governance surface to manage all of it. Microsoft built a one-click promotion between them. You can copy an agent out of Agent Builder into Copilot Studio and your instructions, knowledge, and configuration carry over, then you layer on the workflow logic.

The practical sequence is: prototype in Agent Builder, prove the value with real users, and graduate to Copilot Studio only when the agent needs to do something, not just say something. Starting in Studio for a simple Q and A agent is over-engineering. Starting in Agent Builder for a five-step approval workflow is a dead end. Match the tool to the job.

Why This Is the Right Entry Point

The quiet truth in most government tenants is that the AI is already licensed and barely used. The gap is not capability; it is the distance between a Copilot license and someone who knows what to build with it. Agent Builder shrinks that distance to almost nothing. A records clerk, a court administrator, an HR lead can build the thing they have been asking IT to build, and they can do it this week.

The risk worth naming early: when everyone can build agents, you will get a lot of agents, some pointed at content that should not be widely surfaced. The GCC sharing controls exist for exactly this. Turn them on before the sprawl, not after. A short policy on who can publish, what knowledge sources are approved, and a quarterly review keeps citizen development from becoming shadow IT.

Who’s Behind This

I’m Jacob, the engineer behind Puget Sound AI, a veteran-owned small business that builds AI agents and Power Platform automation inside government GCC environments. No account managers, no slide decks you pay for; direct access to the person who does the work. If your team wants to start with Agent Builder and have a plan for what happens when you outgrow it, that is exactly the conversation I like having. Let’s talk.

One thing up front. DATA-04 binds state agencies under WaTech governance. Counties, cities, and special districts are not directly named. But it is already the reference standard everyone gets measured against, and the moment your work touches a state contract or a state data feed, these requirements come downhill at you anyway. Reading it as optional is a bet I would not make.

Know What You Have Before You Defend It

The first real obligation is an inventory. Agencies have to identify and document every AI-enabled application, and specifically flag the ones using generative AI, as part of the annual application certification they already do. You cannot govern what you have not catalogued, and “we are not sure what is using AI” is the answer that turns into an audit finding.

You also have to name an AI Contact. Not necessarily a technical role, but someone who actually knows what AI is running in the building. Then, before standing up anything new, you have to define the business outcome you expect and confirm the tool actually fits it. The policy is quietly telling agencies to stop buying AI because it is AI.

Risk Is the Whole Game

Sections 5 through 8 are the spine. Agencies must maintain a process to identify, assess, and manage AI risk and put controls in place sized to that risk. High-risk systems, including high-risk generative AI, get singled out: you determine high-risk status during any security design review or required risk assessment, and you complete a formal AI Risk Assessment before a high-risk system goes live.

“High-risk” is defined as anything that threatens a person’s health, safety, or fundamental rights. Think biometrics, employment decisions, health care, law enforcement, critical infrastructure, elections. If your AI makes or shapes a decision that lands on a citizen, assume you are in scope until you have proven otherwise.

Accuracy is not aspirational here. Generative output used in public communication or decision-making has to be reviewed, fact-checked, and edited for bias by an actual human. Then you monitor outputs on an ongoing basis, scaled to the risk level. Low risk gets a light touch. High risk gets watched.

The Parts That Will Trip People Up

Three requirements are going to generate the most pain because they touch people and contracts, not just architecture.

Training is mandatory for every employee, not just the IT shop. Basic AI literacy covering how AI works, common uses, ethical responsibilities, and automation bias has to happen within 60 days of onboarding and at least annually after that. That is a real recurring lift for any sizable workforce.

Data handling has teeth. You cannot drop non-public data into unlicensed AI tools without proper contracts. Sharing Category 3 or 4 data outside the agency requires a written data sharing agreement, and any vendor selling a high-risk generative AI system has to certify it runs an AI governance program aligned to the NIST AI Risk Management Framework. If your vendor cannot say that with a straight face, that is your signal.

And there is a flat prohibition: no using AI to clone a real person’s face, image, or voice without their knowledge and consent. Short, blunt, and a good idea.

The High-Risk Adoption Plan Is the Big One

If you deploy high-risk generative AI, Section 14 requires a written adoption plan, and it is a long list. Defined use cases and goals. Bias and disparate-impact controls. Environmental impact, including water and energy. Data quality standards. Measurable results. At least annual post-deployment monitoring. Opt-out rights for affected individuals, or a documented reason you cannot offer them. And a human-review path where due process is on the line. This is the section that separates a real deployment from a demo someone wired into production.

One last clause for union shops: if any part of an agency’s AI policy conflicts with a collective bargaining agreement, the CBA wins. Worth knowing before you write internal rules someone has already negotiated against.

Where This Leaves You

DATA-04 is not the wall it looks like. Most of it is inventory, risk assessment, monitoring, and documentation, the same disciplines that make AI work in the first place. The agencies that struggle will be the ones who bought the tool first and went looking for the governance later.

I build inside the FedRAMP-authorized GCC (Government Community Cloud) boundary and architect to NIST 800-171 and CMMC control objectives, which is most of this checklist by another name. I am a one-person veteran-owned small business, so when we talk you are talking to the engineer who does the work, not an account manager. If you are staring at this policy wondering where your AI inventory and risk posture actually stand, let’s talk.

What Shipped

On April 2, 2026, Microsoft turned on a set of Copilot Chat improvements across GCC (Government Community Cloud), GCC-High, and DoD. The one that matters for analysts is Code Interpreter: secure, in-chat Python execution for data analysis and complex problem solving, alongside image upload with OCR. An analyst uploads a file, asks a question in plain English, and Copilot writes and runs Python in a sandbox to answer it. No environment to provision, no subscription, no code to write yourself.

What It Can Do

It runs real Python on real data. Load a CSV or Excel file and it will clean it, compute, model a trend, find outliers, and chart the result. It handles the work that used to mean a notebook and an afternoon: pivots that Excel chokes on, joins across files, statistical summaries, parsing semi-structured text. Output comes back as tables, charts, or a written summary, with the code visible if you want to check its work.

The sandbox is the whole point in GCC. Execution is isolated, with no path into internal systems or networks, and it operates inside the government cloud boundary under the Purview labels, DLP policies, and access controls your tenant already enforces. The analysis happens where your data already lives, not on someone’s laptop.

Three Jobs It’s Actually Good For

Financial trend analysis. Drop in a few years of expenditure or budget data and ask for year-over-year change, seasonality, or anomalies. It computes and charts it, and you interrogate the result in follow-up questions instead of rebuilding a pivot table every time the question shifts.

Records deduplication. Public-records and case exports are full of near-duplicate rows: same record, different spelling, trailing whitespace, inconsistent dates. Code Interpreter can normalize fields, fuzzy-match, and hand back a deduplicated set with a count of what it merged. Hours of manual reconciliation collapse into a prompt.

Log parsing. Sign-in logs, audit exports, and system logs are where answers hide behind sheer volume. Upload an export and ask which accounts spiked, what failed and when, or which events cluster together. It parses, aggregates, and visualizes without you writing a single line of regex.

What It Can’t Do, and Where People Will Trip

It is not Azure ML. There is no model training pipeline, no scheduled job, no persistent workspace; each session is scoped and ephemeral. When the session ends, the environment resets. This is for analysis and answers, not for standing up production data infrastructure.

It is also not the Copilot Studio code interpreter. Those are two different features. The Copilot Studio version, the one that runs inside custom agents, is still not available in GCC or GCC-High as of this spring. If a vendor tells you they will embed code execution inside a custom GCC agent today, check that claim hard before you sign anything.

And it inherits the data you give it. It can’t reach systems it has no permission to, which is correct in a regulated environment, but it also means garbage in, confident garbage out. Sandbox isolation governs access; it does not validate your source data. That is still your job.

Who’s Behind This

I work in GCC every day, building the automation and agents that sit above tools like this, and steering teams toward the out-of-box capability when it already does the job. Code Interpreter is one of those cases where the platform quietly handed your analysts a real tool. Use it before you buy something to replace it. Veteran-owned small business, solo, so you reach the engineer directly.

If you want help mapping which of your analyst workflows this covers and which still need a built solution, let’s talk.

The GCC AI Gap Is Not a License Problem Anymore

For years, government tenants watched commercial organizations ship Copilot features while sitting behind a wall of “not available in GCC.” That changed. Microsoft 365 Copilot reached general availability in GCC on December 13, 2024. The April 2026 expansion added the Analyst and Researcher agents, Agent Builder, and the ability to publish Copilot Studio agents to Teams and Microsoft 365 surfaces — all inside the GCC boundary. The GSA’s September 2025 OneGov agreement with Microsoft, a multi-billion-dollar deal structured around the federal digital transformation push, made M365 Copilot available at no cost for the first year to G5 customers. The licensing excuse is gone. What remains is the harder problem: engineering something that actually works under compliance constraints.

Microsoft Copilot Studio in GCC: What’s Actually Available in June 2026

Copilot Studio has been available as a GCC plan since December 2019, and the compliance posture is real: the environment operates against FedRAMP High controls, data is physically stored in U.S. data centers, and Microsoft personnel access is restricted to screened U.S. citizens. That architecture matters when you’re building agents that touch CJIS data, records subject to retention law, or anything that crosses a sensitivity label boundary.

As of June 2026, here is what you can actually build with in GCC. Generative orchestration is available — the LLM-driven planning layer that interprets user intent, selects the right topics, knowledge sources, and Power Automate actions, and chains them without hard-coded conversation trees. SharePoint, public websites, and uploaded files are supported as knowledge sources. Power Automate Cloud Flows work as agent actions, which means any business logic you can wire in a flow becomes a callable tool. Copilot Studio agents can be published directly to Microsoft Teams in GCC. Agent Builder — Microsoft’s low-code tool for packaging reusable agents — landed in GCC with the April 2026 rollout. Multi-agent orchestration patterns, where a coordinator agent delegates to specialized child agents, are architecturally supported. Entra ID agent identities for individual agents are now in preview, giving administrators a meaningful way to apply conditional access and audit logging at the agent level.

What is not available matters equally. Computer Use Agents — Copilot Studio’s vision-and-reasoning capability for Windows desktop automation — are confirmed commercial-only; sovereign clouds including GCC are excluded as of the May 2026 general availability rollout. GCC connector payload limits are capped at 450 KB versus 5 MB in commercial, which affects agents pulling large documents through connector actions. Web grounding is off by default to prevent data from traveling outside the FedRAMP boundary. Third-party connectors that have not been cleared for government use require explicit DLP policy classification before they will function — since early 2025, data policy enforcement is active for all tenants with no opt-out.

How to Build a Production Agent in Copilot Studio GCC: The Actual Steps

The build sequence that holds up in a regulated environment follows this order: provision the environment with intent, configure governance before touching the agent designer, then build. Skipping the governance step and wiring it in after is a recurring source of rework.

Start in the Power Platform admin center. Create a dedicated Dataverse environment for the agent — not the default environment, not a sandbox shared with Power Apps citizen developers. Assign environment-level DLP policies that explicitly classify your Microsoft 365 connectors, SharePoint, and any approved Graph API connectors into the “Business” data group. Any connector not explicitly classified lands in “Non-business” by default and will be blocked at runtime. This is not a gotcha; it is the documented enforcement behavior since MC973179. Get your DLP right before you write a single topic.

Create the agent in Copilot Studio and immediately enable generative orchestration. This is the mode that allows the LLM planning layer to select topics and actions dynamically based on intent, rather than requiring rigid trigger phrase matching. In GCC as of late 2025, GPT-4o remained the generative orchestration model while commercial tenants moved to GPT-4.1 — that version gap is a known GCC-specific constraint worth flagging during planning. Write a precise system prompt for the agent. Describe what it does, what it refuses, what data it is authorized to access, and what its citation behavior should be. A vague system prompt in a generative orchestration agent produces unpredictable routing. Write it like a policy document, not a product description.

Add knowledge sources with descriptions. When generative orchestration is active and you have more than 25 knowledge sources, the orchestrator uses an internal GPT model to filter which sources are relevant per query — and it bases that filtering on your source descriptions. A SharePoint site added with a blank description is a knowledge source the orchestrator cannot reliably route to. Write descriptions that specify the type of content, the relevant topics, and the audience. This is not optional configuration; it is how the engine works.

Build Power Automate agent flows for any action that reaches outside the knowledge retrieval layer — writing to Dataverse, querying Graph API, updating a SharePoint list, sending a notification. Convert existing Cloud Flows to agent flows where appropriate. Wire each action to the agent with a precise description of what it does, what inputs it requires, and what conditions should trigger its use. Descriptions on actions are the mechanism by which generative orchestration decides to invoke them. Vague descriptions produce missed invocations or incorrect parameter mapping.

Configure authentication. For any agent accessing Microsoft 365 data in GCC, set authentication to “Authenticate with Microsoft” using Entra ID. This is also required to enable Work IQ — the semantic index layer that improves SharePoint knowledge retrieval quality and supports files up to 200 MB (versus the 7 MB default cap for agents without a co-located M365 Copilot license). With Work IQ off, large SharePoint documents become unreliable knowledge sources. With it on and a M365 Copilot license in the same GCC tenant, the retrieval behavior improves substantially.

Test with the activity map. Copilot Studio’s built-in test interface shows the orchestrator’s decision path — which topics and actions were evaluated, in what order, and why. Use it to validate that intent routing lands where you expect before any user touches the agent. Testing from the embedded chat does not consume capacity billing, so run it extensively. Once the agent is scoped and the routing is confirmed, publish to Teams or the Microsoft 365 Copilot surface, depending on your target channel.

Why Commercial AI Playbooks Fail in GCC

The pattern that kills most government AI projects is importing a commercial deployment template without accounting for the GCC constraint surface. Commercial tenants can enable web grounding and let the agent search the internet for current information. In GCC, that is off by default and requires deliberate architectural decisions about what data the agent is authorized to reach. Commercial tenants can use the full 5 MB connector payload limit and deploy Computer Use Agents to automate legacy desktop applications. GCC cannot, today. Commercial tenants running GPT-4.1 for orchestration are working with a newer model than GCC tenants, which affects reasoning quality on complex multi-step queries.

None of this is unsolvable. The workarounds are real engineering: custom connectors that call Azure Government endpoints for data retrieval, RAG patterns that retrieve from Dataverse instead of external web sources, agent flows that handle the orchestration logic that a higher-model version would handle natively. But the work exists, and a team that does not know the constraint surface will discover it after deployment, not before. That is an expensive discovery sequence in a government engagement.

The GSA OneGov agreement and Microsoft’s April 2026 agentic capability expansion are accelerating federal and state/local agency interest in production AI deployment. Prime contractors scoping GCC AI engagements for the next 18 months are running into the same problem: commercial AI bench strength does not map to GCC delivery capability. The engineers who can build inside the compliance boundary, instrument audit trails, align agent behavior to NIST 800-171 control objectives, and hand off documented, governed systems — that is the work the market needs and is not finding at scale.

Who Builds This Work

I’m Jacob, a U.S. Navy veteran and the engineer behind Puget Sound AI, a veteran-owned small business (VOSB; SBA VetCert in progress) based in Puyallup, WA. I scope, build, and deliver GCC AI and automation engagements directly — no account managers, no offshore delivery, no demo-to-discovery bait-and-switch. The work I’ve described in this post is the kind I build in production GCC environments: generative orchestration agents grounded in SharePoint and Dataverse, Power Automate action layers wired for audit logging, DLP-aligned connector architectures, and the documentation that survives a real compliance review.

If you are a prime evaluating GCC AI subcontract capacity, or a government IT team that owns M365 Copilot licenses and wants to ship something real before the budget cycle closes, let’s talk.

What Actually Shipped

On April 2, 2026, Microsoft expanded its agentic Copilot stack into U.S. government clouds. Researcher is rolling out now, starting with GCC (Government Community Cloud). Analyst is live across GCC, GCC-High, and DoD. Agent Builder is available in GCC and GCC-High, and Copilot Studio publishing landed at the GCC level so you can share vetted agents into Teams and Microsoft 365.

Researcher is the one most teams will misread. It runs multi-step research across your work content and produces grounded, source-cited drafts, inside the government cloud compliance boundary. It is not a chatbot. It plans, gathers, and synthesizes, then shows you where every claim came from.

The Decision That Actually Matters

Three tools, three jobs. Match the tool to the job and you skip weeks of build.

Researcher. Use it when the task is “read across a pile of my tenant’s content and give me a sourced synthesis.” Policy comparisons; a background memo assembled from scattered SharePoint and email; a year of meeting notes distilled into a decision brief. Zero build. You point it at content you already have permission to see, and it cites its sources.

Agent Builder. Use it when you want Researcher-style grounding plus a fixed job, packaged so a team gets the same answer every time. You bundle instructions, prompts, and a knowledge source into a reusable agent. No code, no orchestration, no connectors. Think the onboarding assistant or the procurement-policy explainer that ten people share.

Custom Copilot Studio agent. Use it when the agent has to do something, not just read and answer. Multi-system actions, a custom tool or MCP server, a Graph or PowerShell call, a topic tree with branching logic, line-of-business connectors. That is real engineering, and it is the right call only when the simpler two can’t reach.

Where Government Teams Overbuild

The pattern I see constantly: someone needs a “policy assistant,” and the reflex is a full Copilot Studio build with custom topics and a vector index. Half the time Agent Builder with the right knowledge source does it in an afternoon; the other half, Researcher answers the question with citations and no build at all. The custom agent only earns its cost when you need actions, external systems, or orchestration the platform tools can’t express.

GCC sharpens this. Every custom agent you stand up is another thing to govern: data boundaries, Purview labels, conditional access, audit logging, a publish-and-review path. In a regulated environment, the cheapest agent to secure is the one you didn’t build. Out-of-box tools inherit the platform’s compliance posture; your custom orchestration inherits your mistakes.

A Quick Test Before You Build

Ask three questions, in order. One: does Researcher already produce the synthesis I need from content I can already access? If yes, stop. Two: can Agent Builder package the job with a knowledge source and consistent instructions? If yes, stop. Only if the agent must take actions, call external systems, or run custom tools do you open Copilot Studio. Most requests die at question one or two, and that is a feature, not a failure.

Who’s Behind This

I build the third category, custom GCC agents with citation-bound retrieval, MCP tooling, and audit logging, when the job genuinely needs it. I also tell government teams when it doesn’t, because billing you to rebuild Researcher would be a poor way to earn repeat work. Veteran-owned small business, solo by design, so you talk to the engineer who builds it, not an account manager.

If your team is sizing an agent and isn’t sure which of the three you actually need, let’s talk.

Here’s the uncomfortable part. The most impressive AI models that shipped to commercial Microsoft 365 over the last six months were carved out of GCC by name.

The Demo Is Always One Cloud Ahead of Your Tenant

GPT-5 reached general availability “excluding GCC environments.” The newest Claude models in Copilot Studio carry the same exclusion. Computer-using agents, the ones that watch a screen and click through an app on their own, went generally available in May 2026 to every commercial geography and were explicitly excluded from GCC, GCC-High, and DoD. If your trainer demoed any of that, they demoed something your people cannot open.

This is the structural flaw in buying commercial training for a regulated tenant. The slides are honest; they’re just not yours. A commercial trainer builds the curriculum on the fastest model and the flashiest feature because that wins the room. Then your staff walk back into GCC, where the default model is older, web grounding is off, and the connector they just watched isn’t on the menu. The training didn’t fail to transfer. It was built on an environment you don’t have.

You can confirm this yourself in an afternoon. Pull Microsoft’s Copilot Studio “what’s new” page, search the model names, and count how many times “excluding GCC” appears. The feature parity lag isn’t a rumor. It’s printed in Microsoft’s own release notes.

What Microsoft Shipped to GCC in 2026, and What It Skipped

Now the half that’s an opportunity. While the headline models skipped GCC, Microsoft quietly shipped the pieces that matter for building inside the boundary.

Agent Builder went generally available in GCC. You can now package instructions, prompts, and approved knowledge into reusable agents that give consistent, grounded answers, all inside the compliance boundary. Publishing Copilot Studio agents to Teams and Microsoft 365 also landed in GCC, which means a vetted agent can live where your staff already work instead of in a sandbox nobody opens twice.

So the capability arrived. The training to use it correctly did not. Your people got handed a tool the day after the only available course taught a different tool on a different cloud. That’s the real state of GCC AI right now: the useful thing is sitting in your tenant, unused, because the curriculum is chasing the demo.

“We Bought Copilot” and “We Use Copilot” Are Different Sentences

Across all of Microsoft 365, the workplace conversion rate for Copilot sits around thirty-six percent. A large share of paid seats go effectively unused. And of the people who tried it and quit, the most common reason was distrust of the answers, cited by more than forty percent of them.

Read that last number again, because it defines the engineering work. People don’t abandon these tools because they’re slow. They abandon them because the tool confidently said something wrong. In government, a confidently wrong answer about a policy, a statute, or a personnel rule isn’t a productivity loss, it’s a liability. The fix is not a better webinar. It’s an agent grounded only in your approved sources and bound to cite where every answer came from, so a person can verify it in one click instead of trusting it on faith.

What GCC-Native Copilot Training Actually Looks Like

Real GCC Copilot training happens in your environment, on your licenses, against your constraints. Not a clean demo tenant where everything works.

It means building a Copilot Studio agent grounded in approved sources and citation-bound, so it points to the source instead of inventing one. It means a Power Automate flow that respects your DLP policy instead of tripping it. It means showing an admin how to query Graph in plain language to pull what used to take a scripted afternoon, and showing where that breaks under conditional access. Your people leave able to do the work Monday morning, with documentation they own, not a certificate of attendance that fades by lunch.

Everything I teach is architected to operate within Microsoft’s FedRAMP-authorized GCC boundary and aligned to CMMC and NIST 800-171 control objectives. Not as a selling point. Because in your world, it’s the only version that runs. You can see the workshop format and what it covers on the Copilot and Power Platform training for government page.

Who Delivers the Training

When you book training from a large integrator, you usually get someone two layers removed from anyone who has built the thing. With me, the engineer who builds GCC AI and automation systems is the person standing at the front of your room. U.S. Navy veteran, M365 and AI engineer, veteran-owned small business (VOSB; SBA VetCert in progress).

No account manager, no handoff to a junior, no slide deck I invoice you for and then disappear. You get the engineer. That’s the whole company, by design.

Frequently Asked Questions

Is GPT-5 available in GCC?

As of mid-2026, no. GPT-5 reached general availability in Copilot Studio for commercial environments while being explicitly excluded from GCC. GCC tenants run an older model floor. This is why commercial Copilot demos don’t reflect what your tenant can do.

Can you build Copilot Studio agents in GCC?

Yes. Agent Builder is now generally available in GCC, and you can publish Copilot Studio agents to Teams and Microsoft 365 inside the GCC boundary. The capability is there. What’s usually missing is staff trained to build agents that are grounded and governed correctly.

Why doesn’t my Copilot training transfer to GCC?

Most Copilot training is built on a commercial tenant with the newest models, web grounding on, and connectors that GCC restricts. When staff return to GCC, those features aren’t there, so the workflow they learned doesn’t run. GCC-native training is built on your constraints from the start.

What does GCC Copilot training cover?

A focused workshop runs in your environment and covers building citation-bound Copilot Studio agents, Power Automate flows that respect your DLP policy, and plain-language Graph administration, all inside CMMC and NIST 800-171 control objectives. Details are on the training page.

If Your Team Owns AI It Can’t Use

The capability is already in your tenant and already on your bill. The roadmap moved, and your training didn’t move with it. A focused one-to-two-day workshop, run in your environment, closes that gap and gets your staff using what you already pay for, correctly, inside the controls you answer to.

If that’s the gap you’re staring at, book a GCC AI scoping call and we’ll figure out where your tenant actually stands.

Most managers who licensed Copilot think of it as a writing assistant that lives in Word and Outlook. Analyst is a different animal, and because nobody announced it to your staff, nobody is using it.

What Analyst Actually Is

Analyst is a code-backed data analysis agent. Microsoft frames it as a virtual data scientist: you hand it structured or unstructured data, it writes and runs secure Python against that data inside the compliance boundary, and it returns visualizations, pattern detection, and written summaries built for decisions and briefings.

Read that again. It writes and runs code. It is not autocompleting a sentence; it is doing the analysis a junior analyst would do, on data you point it at, without leaving your tenant.

What People Think It Does, and What It Doesn’t

Two wrong assumptions kill adoption. First, people think it is a Power BI replacement. It is not; it is the thing you point at a messy export before you have built a dashboard, when you just need to know what is in the data. Second, people think it replaces their analysts. It does not; it does the grunt work, the pivot tables and the first-pass charts, so your analyst spends their time framing the question instead of formatting cells.

How to Turn It On

Capability is not the gap; activation is. A GCC admin enables agents in the Microsoft 365 admin center. Once enabled, users reach Analyst in the Microsoft 365 Copilot app or by @mention. Your tenant’s agent governance and data policies may gate which users see it, which is a configuration decision, not a missing feature, and worth confirming before you tell a room full of people to go try it.

Two Things It Is Good At Right Now

Budget analysis. Drop in the line-item export, ask it to find variance against the last cycle and flag anything that moved past a threshold you set. It returns the chart and the three sentences you would put under it in a briefing, in about the time it takes to find an open conference room.

Incident pattern detection. Point it at a ticket or incident export and ask what is recurring. It clusters the data, surfaces the patterns a human skims past at volume, and tells you which category is quietly eating your team’s week.

Why GCC Makes This Worth Doing Right

Analyst runs inside Microsoft’s FedRAMP-authorized GCC boundary. The Python executes in a sandbox, it honors your Purview sensitivity labels and Entra permissions, and the data does not leave the tenant. The commercial instinct of “just upload it to some tool” dies in a government environment; this is the compliant version of that instinct, which is exactly why it belongs in your workflow instead of shadow AI someone is already using on the side.

Who Is Behind This

I am Jacob, a U.S. Navy veteran and the engineer behind Puget Sound AI, a veteran-owned small business (VOSB). I build and deploy this kind of workflow inside government GCC environments, then hand it to your staff with documentation so it survives after I leave.

If you licensed Copilot and your team forgot Analyst exists, that is an adoption problem with a short fix. Let’s talk.