Registry sync in the Microsoft 365 agent registry (preview)

Important

  • This is a preview feature.
  • Preview features aren't meant for production use and might have restricted functionality. These features are subject to supplemental terms of use, and are available before an official release so that customers can get early access and provide feedback.

Registry sync in Microsoft Agent 365 agent registry, in the Microsoft 365 admin center, enables you, as an administrator, to securely connect external AI agent environments and synchronize agents into the Agent 365 agent registry for centralized visibility and governance.

AI agents are often deployed across multiple environments such as Amazon Bedrock, Google Vertex AI, Salesforce, and Databricks. Without a centralized agent registry, you must manually track agents across disconnected platforms.

By using the registry sync, you can:

  • Connect supported third‑party AI platforms.
  • Authenticate once per environment.
  • Synchronize agents from external environments into Microsoft Agent 365 agent registry.
  • Perform agent management actions supported by the AI platform APIs.

Manage external platform connections

You can create and manage external platform connections from the Registry sync page in the Microsoft 365 admin center.

Screenshot of Registry sync page in Microsoft 365 admin center showing Google Cloud connection details pane with sync status and synced agents.

From this page, you can:

  • Create new platform connections.
  • View connection sync status.
  • Monitor last sync activity.
  • Review errors associated with sync attempts.
  • Delete existing connections.

Create a platform connection

To synchronize agents from an external platform, follow these steps:

  1. Open the Microsoft 365 admin center in your browser.
  2. In the navigation pane, select Agents > All Agents to see the agent registry.
  3. In the Registry sync web part, select Manage. The Registry sync page is displayed.
  4. Select + Connect a platform.
  5. Enter a connection name for the external environment and provide a description.
  6. Select the external platform.
  7. Select the region.
  8. Indicate if you want to import agents automatically.
  9. Enter the required authentication credentials.
  10. Validate credentials.
  11. Save the connection.

After successful validation and setup:

  • The Microsoft 365 admin can trigger a sync by using the Sync agents button.
  • Agents from the connected environment synchronize into the agent registry.
  • You can configure future synchronizations to occur on a scheduled basis, in a future release.

View details after a sync

Select an existing connection to view sync details and monitor synchronization status.

Connection details include:

  • Platform provider
  • Regions
  • Last run date
  • Last sync status
  • Total synced agents
  • Synchronization results

Supported platforms

Registry sync supports synchronization from the following platforms:

  • Amazon Bedrock
  • Google Vertex AI
  • Salesforce Agentforce
  • Databricks Genie

Note

Microsoft product teams are actively working to expand support to more platforms. Check back frequently to learn about new platform integrations.

Authentication requirements

This section provides platform-specific authentication requirements and setup instructions for registry sync.

Amazon Bedrock

To set up a connection to an Amazon Bedrock environment for the registry sync, verify that you have the permission, context, and these Amazon Bedrock credentials:

  • AWS Region: Knowledge about the Amazon Web Services region where the agents are deployed

  • Amazon Bedrock access key ID

  • Amazon Bedrock secret access key

    To generate access key ID and secret access key:

    • Create new or use an existing IAM user with the following permissions to agent resources:

      • bedrock:ListAgents
      • bedrock:GetAgent
      • bedrock:ListAgentAliases
      • bedrock:GetAgentAlias
      • bedrock:ListAgentVersions
      • bedrock:GetAgentVersion
      • bedrock:InvokeModel
      • bedrock:InvokeAgent
      • bedrock:InvokeInlineAgent
      • bedrock:DeleteAgent

    • Create a new access key.

For more information about creating an access and secret key, see Amazon Bedrock and Amazon Web Services documentation. For more information about Amazon Bedrock and Microsoft Entra Agent ID, see Secure an Amazon Bedrock agent with Microsoft Entra Agent ID.

Google Vertex AI

Provide credentials associated with your Google Cloud environment to authenticate and synchronize agents.

To set up a connection to a Google Vertex AI environment for registry sync, verify that you have the permission, context, and these Google Vertex AI credentials:

  • Google Cloud Region: Knowledge about the Vertex region where the agents are deployed.
  • Google Vertex AI project ID: The ID of your Google Vertex AI project.
  • Google Vertex AI credentials: Secret access key
    • Create a new or use an existing service account with the following access to project resources:

      • Vertex AI Administrator role or custom role with permissions:

        • aiplatform.reasoningEngines.list
        • aiplatform.reasoningEngines.get
        • aiplatform.reasoningEngines.delete
    • Generate a new secret key

For more information about creating a service account key, see Google Cloud Vertex AI and Google Cloud documentation.

Salesforce Agentforce

To set up a connection to a Salesforce Agentforce environment for registry sync, make sure you have a Salesforce account with the right permissions, DomainURL, consumer key, and consumer secret.

The following sections provide more guidance on how to set up OAuth in Salesforce:

Set up a connected app

  1. Go to Setup > Search App Manager.
  2. Select External Client App Manager.
  3. Select New External Client app and fill in the details.
  4. Check Enable OAuth.
  5. Set the Callback URL.
    • For testing: https://login.salesforce.com/services/oauth2/success
  6. Move the following scopes from Available to Selected:
    • Access chatbot services (chatbot_api)
    • Access the Salesforce API Platform (sfap_api)
    • Manage user data via APIs (api)
    • Perform requests at any time (refresh_token, offline_access)
  7. Enable Client Credentials Flow.
  8. Select Save.
  9. Go to Policies > OAuth Policies.
  10. Enable Client Credentials Flow and set Run As to a user with API access (for example, usernamd1.eb52cfb153dc@agentforce.com).

Get your My Domain URL

  1. Go to Setup > Search My Domain.
  2. Copy the current My Domain URL.

Retrieve consumer key and secret

  1. After saving the connected app, go back to External Client App Manager.
  2. Locate your app.
  3. Select Settings and OAuth Settings.
  4. Select Consumer Key and Secret to see:
    • Consumer Key
    • Consumer Secret (select Click to reveal)

For more information about setting up OAuth and getting a consumer key and consumer secret, see Salesforce Agentforce documentation.

Databricks Genie

To set up a connection to Databricks for registry sync, you need a service principal in your Databricks account with admin access in the workspace.

To create a valid connection, you need:

  • Workspace URL: (Retrieve from) Databricks portal URL
  • Client ID: Service Principal Client/Application ID
  • Client Secret: Service Principal Client Secret

For more details about service principal creation, see Databricks public documentation.

  • Last updated on