Tag: AI Topics

Configure advanced agent responses with API and Send HTTP requests (AB-620 Exam Prep)

This post is a part of the AB-620: Designing and Building Integrated AI Agent Solutions in Copilot Studio Exam Prep Hub.
This topic falls under these sections:
Plan and configure agent solutions (30–35%)
   --> Configure topics
      --> Configure advanced agent responses with API and Send HTTP requests


Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

One of the most powerful capabilities of Microsoft Copilot Studio is the ability to extend an agent beyond conversational AI. While generative AI enables agents to answer questions from knowledge sources, enterprise agents frequently need to retrieve live information, update business systems, trigger workflows, or communicate with applications that exist outside Microsoft 365.

This is accomplished through APIs (Application Programming Interfaces) and HTTP requests.

For the AB-620 exam, you should understand not only how to configure HTTP requests within Copilot Studio, but also when they should be used, how they are secured, how data flows through requests and responses, and how these capabilities support enterprise-grade AI agents.


Learning Objectives

After studying this topic, you should be able to:

  • Explain why APIs are important in enterprise AI agents.
  • Understand the HTTP communication model.
  • Differentiate HTTP request methods.
  • Configure HTTP requests in Copilot Studio.
  • Pass parameters to external services.
  • Authenticate API requests.
  • Parse API responses.
  • Use returned data within agent conversations.
  • Recognize best practices for secure integrations.

Why Use APIs in Copilot Studio?

Generative AI can answer questions based on available knowledge.

However, business processes usually require interaction with systems that contain live operational data.

Examples include:

  • CRM systems
  • ERP systems
  • HR applications
  • Inventory systems
  • Financial systems
  • Ticketing systems
  • Booking systems
  • Custom business applications
  • Third-party SaaS platforms

Rather than simply answering questions, an agent can:

  • Retrieve customer account information
  • Create service tickets
  • Update CRM records
  • Submit purchase requests
  • Check inventory
  • Reserve meeting rooms
  • Retrieve shipping status
  • Submit vacation requests
  • Trigger approval workflows

This transforms the agent from an information assistant into an intelligent business application.


When to Use HTTP Requests

Microsoft Copilot Studio supports several methods of integrating external systems.

These include:

  • Microsoft Power Platform connectors
  • REST APIs
  • Custom connectors
  • Agent tools
  • Microsoft Graph
  • Azure services

HTTP requests are typically used when:

  • No prebuilt connector exists.
  • A custom application exposes a REST API.
  • You need full control over requests.
  • The API supports operations unavailable through existing connectors.
  • You need to communicate directly with enterprise services.

What is an API?

An Application Programming Interface (API) allows one application to communicate with another.

Instead of manually opening software and entering information, software applications exchange data automatically.

Example:

A user asks:

“What is the shipping status of Order 48291?”

Instead of searching documents:

The agent:

  1. Calls the shipping API.
  2. Sends Order ID 48291.
  3. Receives current shipping information.
  4. Formats the response.
  5. Displays it to the user.

The user experiences a natural conversation while the agent communicates with backend systems.


REST APIs

Most modern enterprise systems expose REST APIs.

REST (Representational State Transfer) is an architectural style for web services.

REST APIs typically use:

  • HTTP
  • URLs
  • JSON
  • Standard HTTP methods

Example endpoint:

https://company.com/api/customers/1052

The agent sends an HTTP request.

The service returns JSON.


HTTP Fundamentals

HTTP is the communication protocol used by browsers, websites, cloud services, and APIs.

Every HTTP request contains:

  • URL
  • Method
  • Headers
  • Parameters
  • Body (optional)

The server then returns:

  • Status code
  • Headers
  • Response body

Anatomy of an HTTP Request

Example:

GET https://api.company.com/orders/48291

Headers

Authorization: Bearer token
Accept: application/json

Response

{
"OrderNumber":"48291",
"Status":"Shipped",
"Carrier":"UPS"
}

The agent can extract these values and use them during the conversation.


HTTP Methods

Understanding HTTP methods is important for the AB-620 exam.

GET

Retrieves information.

Example:

Get customer details

No data is modified.

Examples:

  • Get customer profile
  • Get inventory
  • Get weather
  • Get shipping status

Safe operation.


POST

Creates new information.

Examples:

  • Create support ticket
  • Submit expense report
  • Create employee record

Example request:

POST /tickets

Body:

{
"Priority":"High",
"Description":"Printer not working"
}

PUT

Replaces an existing resource.

Example:

Update the complete employee record.

Entire object is replaced.


PATCH

Updates part of a resource.

Example:

Only update:

Customer Phone Number

instead of replacing the entire customer record.

PATCH is generally more efficient than PUT for partial updates.


DELETE

Removes a resource.

Example:

Delete reservation.

Delete temporary record.

Delete shopping cart.

Because DELETE permanently removes data, organizations often restrict access.


URL Components

Understanding URL structure is important.

Example:

https://api.company.com/customers/1052/orders?year=2025

Breakdown:

Protocol

https

Host

api.company.com

Resource

customers

Path Parameter

1052

Subresource

orders

Query Parameter

year=2025

Path Parameters

Path parameters identify a specific resource.

Example

/customers/1052

Customer ID

1052

is embedded within the URL.

Often used for:

  • Employee ID
  • Customer ID
  • Product ID
  • Ticket ID

Query Parameters

Query parameters filter information.

Example

/orders?status=Open

Another example

/products?category=Laptops

Query parameters are optional and do not change the endpoint itself.


HTTP Headers

Headers provide metadata about the request.

Common headers include:

Authorization

Bearer Token

Accept

application/json

Content-Type

application/json

User-Agent

Application identification.

Custom headers

Many enterprise APIs require organization-specific headers.


Request Body

GET requests usually do not include a request body.

POST, PUT, and PATCH commonly include one.

Example

{
"EmployeeID":102,
"Department":"Finance"
}

The body contains the information being submitted.


JSON

Most APIs communicate using JSON.

Example

{
"CustomerID": 1052,
"Name": "John Smith",
"Status": "Gold",
"RewardPoints": 8400
}

The agent can retrieve individual values such as:

  • Name
  • Status
  • RewardPoints

and include them in responses.


Authentication

Most enterprise APIs require authentication.

Without authentication:

The request is rejected.

Authentication verifies:

  • Who is calling
  • Whether permission exists
  • Which resources are accessible

Common Authentication Methods

API Keys

Simple authentication method.

Example

x-api-key:

Advantages:

  • Easy

Disadvantages:

  • Less secure
  • Key management required

OAuth 2.0

Most Microsoft services use OAuth.

Workflow:

User authenticates.

Identity provider issues access token.

Agent sends Bearer token.

API validates token.

Request proceeds.

OAuth supports:

  • Delegated permissions
  • Application permissions
  • Token expiration
  • Refresh tokens

It is considered the enterprise standard.


Microsoft Entra ID

Many enterprise APIs authenticate through Microsoft Entra ID.

Benefits include:

  • Centralized identity
  • Role-based access
  • Conditional Access
  • Multifactor Authentication
  • Secure token management

This is the preferred authentication mechanism for Microsoft enterprise environments.


Configuring HTTP Requests in Copilot Studio

Within Copilot Studio, HTTP requests can be configured as actions or tools that execute during conversations.

A typical configuration includes:

  1. Define the endpoint URL.
  2. Select the HTTP method.
  3. Configure authentication.
  4. Add headers.
  5. Add parameters.
  6. Configure the request body if needed.
  7. Send the request.
  8. Capture the response.
  9. Store returned values in variables.
  10. Continue the conversation using the returned data.

Passing Dynamic Values

Most APIs require information supplied by the user.

Example:

User says:

“Check order 84592.”

The conversation stores:

OrderID = 84592

The HTTP request inserts that variable into:

https://api.company.com/orders/84592

instead of using a hardcoded value.

Dynamic parameters make APIs reusable across conversations.


Using Responses in Conversations

After receiving JSON, Copilot Studio can:

  • Store values
  • Display values
  • Evaluate conditions
  • Pass values into other actions
  • Use values inside prompts
  • Populate Adaptive Cards
  • Trigger additional API calls

Example:

API returns:

{
"Status":"Delivered",
"Carrier":"FedEx",
"Date":"2026-06-14"
}

The agent responds:

“Your package was delivered on June 14 by FedEx.”

The user never sees the underlying API call.


Best Practices

When designing HTTP integrations:

  • Prefer HTTPS over HTTP.
  • Never hard-code secrets.
  • Use secure authentication mechanisms.
  • Validate user input before sending requests.
  • Minimize the amount of sensitive data transmitted.
  • Return only information required by the conversation.
  • Reuse existing connectors when appropriate instead of creating unnecessary custom integrations.
  • Document API endpoints and expected responses.
  • Test APIs independently before integrating them into an agent.
  • Design requests to be idempotent where appropriate, particularly for update operations.

Exam Tips

For the AB-620 exam, remember the following:

  • REST APIs are the primary mechanism for integrating enterprise systems.
  • HTTP requests enable agents to retrieve live data and perform actions.
  • GET retrieves data, POST creates data, PUT replaces data, PATCH partially updates data, and DELETE removes data.
  • Authentication is typically performed using OAuth 2.0 or Microsoft Entra ID in enterprise environments.
  • JSON is the most common format for request and response payloads.
  • Dynamic variables collected during conversations are frequently inserted into URLs, query parameters, headers, or request bodies.
  • Agent responses are generated by parsing API responses and presenting the returned data in a conversational format.
  • Security, authentication, and proper handling of API responses are core skills emphasized throughout the AB-620 exam.

Quick Orientation Summary

In the topics above, you learned the fundamentals of using APIs and HTTP requests in Microsoft Copilot Studio, including REST principles, HTTP methods, authentication, request construction, and response handling.

In the next set of topics below, we will build upon that foundation by exploring advanced implementation techniques, enterprise design patterns, security considerations, performance optimization, and common exam scenarios.


Advanced HTTP Integration Patterns

Enterprise AI agents rarely execute a single API call. Instead, they often perform multiple requests, make decisions based on returned data, and coordinate actions across several systems.

Common integration patterns include:

  • Sequential API requests
  • Conditional API execution
  • Parallel data retrieval
  • Data enrichment
  • Multi-system orchestration
  • Event-driven integrations

These patterns allow an agent to perform sophisticated business processes while maintaining a natural conversational experience.


Sequential API Calls

Sometimes one API request provides information needed by another request.

Example:

User asks:

“Show me all orders for customer John Smith.”

Workflow:

  1. Search Customers API
  2. Retrieve Customer ID
  3. Pass Customer ID to Orders API
  4. Retrieve order list
  5. Present results

Example flow:

User Question
Search Customer API
Customer ID Returned
Retrieve Orders API
Return Orders

This pattern is common in CRM and ERP integrations.


Conditional API Execution

An agent may determine whether another API call is necessary.

Example:

Get Order Status
Delivered?
/ \
Yes No
↓ ↓
End Call Shipping API

Conditional execution reduces unnecessary API calls while improving performance.


Data Enrichment

Multiple systems often contain complementary information.

Example:

CRM:

  • Customer name
  • Email

ERP:

  • Orders

Shipping system:

  • Tracking

The agent combines all three into one response.

Example:

Customer: John Smith
Gold Member
Last Order: June 10
Tracking Number: 874623

The user experiences a single conversation despite multiple backend requests.


Working with JSON Responses

Most enterprise APIs return JSON.

Example:

{
"customer": {
"id": 125,
"name": "John Smith",
"status": "Gold",
"orders": [
{
"number": 4521,
"total": 275
},
{
"number": 4528,
"total": 118
}
]
}
}

The agent may extract:

  • customer.name
  • customer.status
  • orders[0].number
  • orders[1].total

Understanding nested JSON structures is valuable for the exam.


Mapping JSON to Variables

Returned values are commonly stored as variables.

Example:

CustomerName
John Smith
MembershipStatus
Gold
RewardPoints
12450

These variables can later be referenced in prompts, Adaptive Cards, conditions, or additional HTTP requests.


Chaining Multiple Requests

Many business processes require several connected API operations.

Example:

Vacation request:

Employee submits request
Retrieve manager
Check leave balance
Create approval
Notify manager
Update HR system

Each step may involve a separate HTTP request.


Long-Running Operations

Some APIs require time to complete.

Examples include:

  • AI document analysis
  • Video processing
  • Image generation
  • Data exports
  • Large database operations

Typical workflow:

Submit Job
Receive Job ID
Check Status API
Completed?
Retrieve Results

This polling pattern is common in cloud services.


HTTP Status Codes

Understanding status codes is essential.

200 OK

The request completed successfully.


201 Created

A new resource was successfully created.

Example:

Create support ticket.


202 Accepted

The request has been accepted but processing continues.

Often used for asynchronous operations.


204 No Content

The operation succeeded without returning data.

Common with DELETE requests.


400 Bad Request

The request is invalid.

Possible causes:

  • Missing fields
  • Invalid parameters
  • Incorrect formatting

401 Unauthorized

Authentication failed.

Usually indicates:

  • Invalid token
  • Expired token
  • Missing credentials

403 Forbidden

Authentication succeeded.

Permission is denied.

Example:

User lacks required role.


404 Not Found

Requested resource does not exist.


429 Too Many Requests

Rate limit exceeded.

Clients should wait before retrying.


500 Internal Server Error

Unexpected server failure.

Retry may succeed later.


Error Handling Strategies

Good enterprise agents never expose raw API errors directly to users.

Poor response:

Error 500.

Better response:

“The customer database is temporarily unavailable. Please try again in a few minutes.”

The technical details should be logged while presenting a friendly message.


Retry Logic

Temporary failures should not always terminate a conversation.

Good candidates for retries:

  • Network timeout
  • Temporary server outage
  • HTTP 429
  • HTTP 503

Poor candidates:

  • Invalid credentials
  • Missing permissions
  • Incorrect request format

Retry strategies typically use exponential backoff to reduce server load.


Timeouts

Every HTTP request should define an appropriate timeout.

Without one:

  • Conversations may hang.
  • User experience suffers.
  • Resources remain occupied.

Enterprise solutions balance responsiveness with backend processing time.


Logging

Successful enterprise solutions record important execution details.

Typical information includes:

  • Timestamp
  • Endpoint
  • Status code
  • Duration
  • User ID (when appropriate)
  • Correlation ID
  • Request outcome

Sensitive information such as passwords or tokens should never be logged.


Security Best Practices

For the AB-620 exam, security is heavily emphasized.

Recommended practices include:

  • Always use HTTPS.
  • Store secrets securely.
  • Use OAuth or Microsoft Entra ID whenever possible.
  • Implement least-privilege access.
  • Validate all user input.
  • Sanitize request data.
  • Encrypt sensitive information.
  • Rotate credentials regularly.
  • Monitor API usage.
  • Audit access to critical resources.

Protecting Sensitive Information

Avoid exposing:

  • Passwords
  • Tokens
  • API keys
  • Internal URLs
  • Database identifiers
  • Personally identifiable information (PII)

Agents should display only the information users are authorized to see.


Rate Limiting

External APIs often restrict request volume.

Example:

500 requests/hour

If exceeded:

HTTP 429

Design strategies include:

  • Request batching
  • Caching
  • Retry delays
  • Limiting unnecessary calls

Performance Optimization

Well-designed agents minimize latency.

Optimization techniques include:

  • Reuse previously retrieved information.
  • Avoid duplicate API calls.
  • Cache frequently requested data.
  • Request only required fields.
  • Combine related operations when supported.
  • Minimize payload sizes.
  • Execute independent requests in parallel where appropriate.

Choosing Between Connectors and HTTP Requests

In Copilot Studio, both connectors and HTTP requests provide integration capabilities.

Use Connectors WhenUse HTTP Requests When
Microsoft provides a supported connectorNo connector exists
Standard authentication is sufficientFull control over requests is required
Low-code development is preferredCustom APIs must be accessed
Minimal maintenance is desiredSpecialized API features are needed
Enterprise governance favors managed connectorsAdvanced REST functionality is required

The exam may ask you to choose the most appropriate integration method.


Common Enterprise Scenarios

Customer Support

  • Retrieve account
  • Create ticket
  • Update ticket
  • Escalate issue

Sales

  • Search CRM
  • Retrieve opportunities
  • Update customer records
  • Generate quotes

Human Resources

  • Vacation requests
  • Employee lookup
  • Benefits information
  • Payroll inquiries

Finance

  • Expense submission
  • Invoice lookup
  • Budget approval
  • Payment status

IT Help Desk

  • Password reset
  • Device lookup
  • Software requests
  • Incident management

Common Exam Pitfalls

Watch for these common mistakes:

  • Using POST when GET is appropriate.
  • Sending sensitive information in URLs instead of secure request bodies or headers.
  • Hard-coding API keys.
  • Ignoring authentication requirements.
  • Assuming every successful request returns HTTP 200 (201, 202, and 204 are also successful responses).
  • Failing to validate user input before making API calls.
  • Displaying raw server errors to users.
  • Using HTTP requests when an existing connector is the better choice.
  • Not accounting for rate limits or transient failures.
  • Returning more data than necessary, increasing security and performance risks.

AB-620 Exam Tips

Remember these key points:

  • APIs enable agents to interact with live enterprise systems.
  • REST and JSON are the dominant standards for enterprise integrations.
  • OAuth 2.0 and Microsoft Entra ID are preferred authentication methods.
  • Understand the purpose of each HTTP method.
  • Differentiate client errors (4xx) from server errors (5xx).
  • Design secure, maintainable, and reusable integrations.
  • Handle failures gracefully with retries where appropriate.
  • Protect sensitive information throughout the integration process.
  • Choose connectors when possible and HTTP requests when customization is required.

Topic Summary

An enterprise Copilot Studio agent becomes significantly more powerful when it can communicate with external systems through APIs and HTTP requests. By combining conversational AI with secure integrations, organizations can automate business processes, retrieve live operational data, and perform transactions across enterprise applications.

For the AB-620 exam, focus on understanding the complete lifecycle of an HTTP request, authentication mechanisms, JSON handling, response processing, error handling, and secure integration design. These concepts are foundational to designing enterprise-grade AI agent solutions.


Practice Exam Questions

Question 1

A Copilot Studio agent must retrieve a customer’s current loyalty points without modifying any data. Which HTTP method should be used?

A. POST

B. GET

C. PATCH

D. DELETE

Answer: B

Explanation: GET is used to retrieve information without modifying server-side resources.


Question 2

An API returns HTTP status code 401 Unauthorized. What is the most likely cause?

A. The requested resource does not exist.

B. The request exceeded the rate limit.

C. Authentication credentials are missing or invalid.

D. The request completed successfully.

Answer: C

Explanation: A 401 status indicates that authentication failed because valid credentials were not provided or have expired.


Question 3

A developer needs to update only a customer’s phone number. Which HTTP method is most appropriate?

A. PUT

B. POST

C. PATCH

D. GET

Answer: C

Explanation: PATCH performs partial updates, making it ideal for modifying a single property without replacing the entire resource.


Question 4

Which authentication mechanism is recommended for securing enterprise APIs integrated with Microsoft Copilot Studio?

A. Anonymous authentication

B. Basic authentication using hardcoded credentials

C. OAuth 2.0 with Microsoft Entra ID

D. Query string authentication

Answer: C

Explanation: OAuth 2.0 integrated with Microsoft Entra ID provides secure, token-based authentication and centralized identity management.


Question 5

An agent receives the following response:

{
"Status":"Approved",
"Manager":"Karen Lee"
}

What should the agent do next?

A. Ignore the response.

B. Store the values in variables for use later in the conversation.

C. Convert the response into XML.

D. Retry the request immediately.

Answer: B

Explanation: JSON values are typically parsed and stored in variables for use in responses, conditions, or subsequent actions.


Question 6

A REST API limits clients to 1,000 requests per hour. Which design strategy best helps avoid exceeding this limit?

A. Retry every request immediately.

B. Disable authentication.

C. Cache frequently requested data and avoid unnecessary calls.

D. Send duplicate requests for verification.

Answer: C

Explanation: Caching and reducing redundant API calls are common strategies for working within rate limits.


Question 7

A company already has a fully supported Microsoft Power Platform connector for its CRM system. Which integration approach should generally be chosen?

A. Build every interaction using raw HTTP requests.

B. Use the existing connector unless custom functionality requires direct API access.

C. Export CRM data to spreadsheets.

D. Replace the CRM with a custom application.

Answer: B

Explanation: Managed connectors simplify development, maintenance, authentication, and governance, making them the preferred option when available.


Question 8

Which status code indicates that a new resource has been successfully created?

A. 200

B. 201

C. 404

D. 500

Answer: B

Explanation: HTTP 201 Created indicates that a new resource was successfully created by the server.


Question 9

What is the primary benefit of chaining multiple API requests within an agent flow?

A. It reduces authentication requirements.

B. It eliminates the need for variables.

C. It enables complex business processes that span multiple systems.

D. It guarantees faster execution than a single request.

Answer: C

Explanation: Chained API calls allow agents to orchestrate multi-step workflows involving several enterprise applications.


Question 10

Why should an agent avoid displaying raw HTTP error messages directly to users?

A. HTTP errors are never useful.

B. Raw errors may expose technical details and create a poor user experience.

C. HTTP errors always indicate a network problem.

D. Users cannot understand status codes.

Answer: B

Explanation: Enterprise agents should present friendly, actionable messages while logging technical details internally to maintain security and usability.


Go to the AB-620 Exam Prep Hub main page

Add tools to a topic (AB-620 Exam Prep)

This post is a part of the AB-620: Designing and Building Integrated AI Agent Solutions in Copilot Studio Exam Prep Hub.
This topic falls under these sections:
Plan and configure agent solutions (30–35%)
   --> Configure topics
      --> Add tools to a topic


Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

Topics define how a Microsoft Copilot Studio agent responds to user requests and performs business tasks. While conversational responses can answer questions, most enterprise agents must also perform actions such as retrieving customer information, creating support tickets, updating records, approving requests, or interacting with external applications.

These capabilities are provided through tools. A tool enables an agent to move beyond answering questions and interact with business systems, APIs, workflows, databases, and AI services.

Understanding how to select, configure, and use tools within topics is an important objective for the AB-620 certification exam.


What Are Tools?

A tool is a reusable capability that an agent can invoke while executing a topic.

Rather than writing custom code, tools allow designers to connect an agent to business processes and enterprise systems.

A tool can:

  • Retrieve information
  • Create or update records
  • Execute workflows
  • Call external APIs
  • Generate AI responses
  • Search enterprise knowledge
  • Perform calculations
  • Trigger approvals
  • Invoke child agents
  • Connect to third-party applications

A topic determines when a tool should be called, while the tool determines what action is performed.


Why Add Tools to Topics?

Without tools, an agent is primarily informational.

With tools, an agent becomes capable of completing real business tasks.

Examples include:

  • Looking up customer orders
  • Creating help desk tickets
  • Updating CRM records
  • Scheduling appointments
  • Processing purchase requests
  • Retrieving inventory information
  • Sending emails
  • Creating Microsoft Teams messages
  • Accessing SharePoint documents
  • Initiating approval workflows

How Topics and Tools Work Together

A typical conversation follows this pattern:

  1. User asks a question.
  2. The topic is triggered.
  3. The topic collects required information.
  4. A tool is called.
  5. The tool performs its task.
  6. Results are returned.
  7. The topic formats the response.
  8. The conversation continues.

Example:

User:

“Create an IT support ticket.”

Topic:

  • Collects issue description
  • Collects priority
  • Collects device information

Tool:

Creates the ticket in ServiceNow or another ticketing system.

Topic:

Returns:

“Your ticket has been created successfully.”


Types of Tools Available

Copilot Studio supports several categories of tools.

Understanding when to use each one is important for the exam.


Built-in Tools

Built-in tools are native capabilities available within Copilot Studio.

Examples include:

  • Asking questions
  • Collecting user input
  • Sending responses
  • Ending conversations
  • Calling another topic
  • Using variables
  • Performing simple logic

Advantages:

  • Easy to configure
  • No coding required
  • Fast implementation
  • Low maintenance

Best for:

  • Simple business logic
  • Conversation management
  • User interaction

Connector Tools

Connector tools interact with external business applications using Power Platform connectors.

Examples include:

  • Microsoft Dataverse
  • Microsoft Teams
  • Outlook
  • SharePoint
  • Dynamics 365
  • SQL Server
  • Salesforce
  • SAP
  • ServiceNow
  • Azure DevOps

Advantages

  • Hundreds of available connectors
  • Low-code implementation
  • Secure authentication
  • Enterprise support

Example

A topic retrieves customer information from Dynamics 365 using a connector.


REST API Tools

Some business systems do not have built-in connectors.

REST API tools allow the agent to communicate directly with web services.

Common operations include:

  • GET
  • POST
  • PUT
  • PATCH
  • DELETE

Example

A shipping company exposes an API that returns package tracking information.

The topic calls the REST API and presents the tracking results.

REST APIs provide maximum flexibility when integrating enterprise applications.


Power Automate Flow Tools

Power Automate allows complex business processes to be executed from within a topic.

Typical uses include:

  • Multi-step approvals
  • Email notifications
  • Database updates
  • File creation
  • Scheduled processing
  • Document generation
  • ERP integration

Example

A vacation request topic:

  • Collects employee information
  • Calls a Power Automate flow
  • Sends approval to a manager
  • Waits for approval
  • Returns the result

Power Automate is ideal when business logic extends beyond a single API call.


AI Tools

Copilot Studio can leverage AI-powered tools for intelligent processing.

Examples include:

  • Summarization
  • Classification
  • Translation
  • Entity extraction
  • Content generation
  • Question answering
  • Enterprise knowledge retrieval

Example

A customer uploads a lengthy support log.

An AI tool summarizes the document before presenting key findings.

AI tools reduce manual effort and improve productivity.


Knowledge Tools

Knowledge tools retrieve information from trusted enterprise content.

Knowledge sources include:

  • SharePoint
  • Websites
  • Dataverse
  • Microsoft Fabric
  • Azure AI Search
  • Uploaded documents
  • Internal knowledge bases

Instead of storing static answers inside every topic, knowledge tools retrieve current information dynamically.

Example

An HR policy changes.

Rather than updating multiple topics, the knowledge source is updated once.

The agent automatically retrieves the latest information.


Model Context Protocol (MCP) Tools

Model Context Protocol (MCP) provides a standardized method for connecting agents to external services.

Benefits include:

  • Standardized integrations
  • Reusable tool definitions
  • Cross-platform interoperability
  • Reduced custom integration effort
  • Simplified maintenance

As MCP adoption grows, organizations can expose business capabilities through standardized tool interfaces that multiple AI agents can consume.


Child Agents as Tools

In multi-agent architectures, one agent can invoke another specialized agent.

Examples include:

General Employee Assistant

Benefits Agent

Payroll Agent

IT Agent

Each child agent specializes in a specific business domain.

Advantages include:

  • Better organization
  • Easier maintenance
  • Reusable business logic
  • Independent development
  • Improved scalability

Choosing the Correct Tool

When selecting a tool, consider several factors.

Simplicity

Use the simplest solution that meets the requirement.

Avoid unnecessary complexity.


Existing Connectors

If a connector already exists, use it instead of building a custom REST integration.


Business Logic

Simple task:

Connector

Complex workflow:

Power Automate


External Systems

If no connector exists:

REST API

If standardized services are available:

MCP


AI Requirements

Need summarization?

Use AI.

Need document retrieval?

Use enterprise knowledge.

Need workflow automation?

Use Power Automate.


Adding a Tool to a Topic

The general process includes:

  1. Open the topic.
  2. Navigate to the appropriate conversation step.
  3. Insert a tool node.
  4. Select the desired tool.
  5. Configure required inputs.
  6. Map outputs to variables.
  7. Continue the conversation.

The topic controls when the tool is executed.


Passing Input Parameters

Tools usually require information.

Examples include:

Customer ID

Order Number

Email Address

Product Name

Employee Number

Start Date

Priority

Department

These values are collected from:

  • User input
  • Variables
  • Previous tool results
  • System context

Example

User:

“Track package 84592.”

Package number becomes an input parameter for the tracking tool.


Receiving Output Parameters

After execution, tools often return results.

Examples include:

Customer Name

Order Status

Tracking Number

Ticket ID

Approval Result

Balance

Appointment Time

Confirmation Number

Outputs should be stored in variables for later use within the topic.


Variables and Data Mapping

Data mapping connects topic variables to tool parameters.

Example

Conversation variable:

CustomerEmail

Tool input:

EmailAddress

API parameter:

email

Correct mapping ensures the tool receives accurate data.

Incorrect mapping frequently causes tool failures.


Authentication Considerations

Many enterprise tools require authentication.

Common authentication methods include:

  • Microsoft Entra ID
  • OAuth 2.0
  • API keys
  • Service principals
  • Managed identities (where applicable)

Authentication should:

  • Follow least privilege principles.
  • Protect credentials.
  • Avoid hard-coded secrets.
  • Comply with organizational security policies.

Designers should understand authentication requirements even if administrators configure the connections.


Handling Tool Failures

External systems may occasionally fail.

Common causes include:

  • Network outages
  • Expired credentials
  • Invalid inputs
  • Service downtime
  • Permission errors
  • Rate limiting
  • API timeouts

Topics should anticipate failures and respond gracefully.

Example

Instead of:

“Unexpected Error.”

Return:

“I’m unable to retrieve your order information right now. Please try again later or contact support if the issue continues.”

Graceful error handling improves user trust.


Performance Considerations

Each tool invocation consumes time and resources.

To optimize performance:

  • Minimize unnecessary tool calls.
  • Reuse retrieved information when possible.
  • Avoid duplicate API requests.
  • Retrieve only required data.
  • Prefer connectors over custom integrations when appropriate.
  • Design efficient workflows.

Well-designed topics provide faster responses and reduce infrastructure costs.


Security Considerations

Tools often access sensitive enterprise data.

Best practices include:

  • Grant only required permissions.
  • Validate user inputs.
  • Protect confidential information.
  • Encrypt communications.
  • Use secure authentication.
  • Avoid exposing internal system details.
  • Log actions for auditing where appropriate.

Security planning is a recurring theme throughout the AB-620 exam.


Reusability

Rather than building identical tools repeatedly:

  • Reuse connectors.
  • Reuse Power Automate flows.
  • Reuse child agents.
  • Reuse MCP integrations.
  • Standardize common actions.

Reusable tools reduce maintenance effort and improve consistency across multiple agents.


Common Design Mistakes

Candidates should recognize poor design decisions such as:

  • Calling multiple tools when one is sufficient.
  • Using REST APIs when an existing connector is available.
  • Ignoring authentication requirements.
  • Not validating required inputs.
  • Failing to store outputs in variables.
  • Exposing raw API responses directly to users.
  • Building duplicate tools for the same function.
  • Not planning for service failures.
  • Hard-coding values that should be dynamic.

Best Practices

When adding tools to topics:

  • Select the simplest tool that satisfies the requirement.
  • Prefer existing connectors before creating custom integrations.
  • Keep tools focused on a single responsibility.
  • Validate all inputs before execution.
  • Store outputs in meaningful variables.
  • Handle failures gracefully.
  • Secure connections using enterprise authentication.
  • Reuse existing tools whenever possible.
  • Test tools independently before integrating them into topics.
  • Document tool purpose and dependencies.

AB-620 Exam Tips

For the exam, you should be able to:

  • Explain the purpose of tools within a topic.
  • Distinguish between connectors, REST APIs, Power Automate flows, AI tools, knowledge tools, MCP tools, and child agents.
  • Identify the best tool for common business scenarios.
  • Understand how topics invoke tools and process their outputs.
  • Configure input and output parameters using variables.
  • Recognize authentication and security considerations.
  • Design reusable and maintainable tool integrations.
  • Select appropriate error-handling strategies.
  • Optimize tool usage for performance and scalability.
  • Evaluate scenario-based questions that require choosing the most appropriate integration approach based on business requirements.

Mastering how tools extend topics is fundamental to building enterprise-ready Copilot Studio agents. The AB-620 exam emphasizes selecting the right tool for the right scenario, configuring it securely, and integrating it into conversational workflows that are reliable, maintainable, and user-friendly.


AB-620 Exam Preparation

Configure Topics: Add Tools to a Topic (Part 2)

This part continues the discussion of adding tools to topics in Microsoft Copilot Studio. It focuses on implementation strategies, best practices, troubleshooting, design considerations, and concludes with 10 practice exam questions complete with answers and explanations.


Advanced Tool Integration Strategies

As Copilot Studio solutions become more sophisticated, topics often interact with multiple tools during a single conversation. Instead of simply calling one connector, enterprise-grade agents frequently coordinate several tools to complete a business process.

For example:

User asks:

“Book a meeting with Sarah next Tuesday and email everyone on the project.”

The topic might perform the following:

  1. Query Microsoft 365 Users
  2. Check Outlook Calendar
  3. Create calendar event
  4. Query Dataverse for project members
  5. Send Outlook email
  6. Log activity in Dynamics 365
  7. Return confirmation

Although the user experiences one seamless conversation, multiple tools execute behind the scenes.


Chaining Multiple Tools

Complex topics commonly chain tool calls together.

Example workflow:

User Request
Validate request
Retrieve customer
Retrieve order
Retrieve shipment
Update CRM
Send confirmation email
Respond to user

Benefits include:

  • Reduced manual work
  • Consistent business processes
  • Better user experience
  • Improved automation
  • Easier maintenance

Passing Data Between Tools

Outputs from one tool frequently become inputs for another.

Example

Tool 1:

Get Customer
Returns
CustomerID

Tool 2

Get Orders
Input
CustomerID

Tool 3

Get Shipment
Input
OrderID

Tool 4

Send Email
Uses shipment details

Proper variable mapping is critical for successful tool orchestration.


Using Variables with Tools

Variables make tool interactions dynamic.

Examples include:

Conversation variables

  • Customer Name
  • Order Number
  • Product Name
  • Email Address

System variables

  • Current Date
  • User ID
  • Locale
  • Conversation ID

Tool outputs

  • Record IDs
  • API responses
  • Status values
  • URLs

Variables eliminate hard-coded values and enable reusable conversations.


Designing Reusable Tool Calls

Rather than creating duplicate logic across many topics, organizations should centralize reusable business operations.

Poor design

Topic A
Create Customer
Topic B
Create Customer
Topic C
Create Customer

Every topic duplicates logic.

Better design

Reusable Tool
Create Customer
Used by
Topic A
Topic B
Topic C

Advantages include:

  • Easier maintenance
  • Fewer errors
  • Consistent business rules
  • Simpler updates
  • Improved scalability

Designing for Performance

Every tool invocation introduces some latency.

Good design minimizes unnecessary tool calls.

Instead of:

Get Customer
Get Customer Again
Get Customer Again

Store the response once and reuse it.

Additional performance practices include:

  • Cache values when appropriate.
  • Avoid duplicate connector calls.
  • Retrieve only required fields.
  • Reduce unnecessary API requests.
  • Use efficient branching logic.

Handling Missing Information

Sometimes a tool requires information that the user has not yet provided.

Example

User says:

“Cancel my reservation.”

The tool requires:

  • Reservation number

The topic should ask:

“Could you provide your reservation number?”

Only after receiving the required information should the tool execute.


User Confirmation Before Tool Execution

Certain business actions should require explicit user confirmation.

Examples include:

  • Delete record
  • Cancel order
  • Submit expense
  • Approve invoice
  • Create purchase order
  • Send payment

Conversation example

User:

“Delete customer.”

Agent:

“Are you sure you want to permanently delete customer Contoso?”

User:

“Yes.”

Tool executes.

Confirmation reduces accidental business changes.


Handling Tool Failures Gracefully

External systems occasionally become unavailable.

Good topics anticipate failures.

Instead of displaying technical messages such as:

HTTP 500 Internal Server Error

Use business-friendly responses.

Example

“I’m unable to access the customer database right now. Please try again in a few minutes.”

Or

“I couldn’t retrieve your order information. Would you like me to connect you with a support representative?”


Timeout Considerations

External services may take several seconds to respond.

Topics should:

  • Inform users when processing takes time.
  • Avoid repeated submissions.
  • Prevent duplicate actions.
  • Handle timeout exceptions.
  • Retry when appropriate.

Security When Using Tools

Tools often access enterprise data.

Developers should follow least privilege principles.

Only expose:

  • Required tables
  • Required APIs
  • Required operations

Avoid granting unnecessary permissions.

Example

Instead of allowing:

Read All Customers
Write All Customers
Delete All Customers

Grant only:

Read Assigned Customers

This reduces security risks.


Auditing Tool Usage

Organizations frequently monitor tool usage.

Auditing can record:

  • User identity
  • Timestamp
  • Tool executed
  • Parameters
  • Result
  • Errors
  • Duration

Benefits include:

  • Compliance
  • Troubleshooting
  • Usage reporting
  • Security investigations

Common Tool Design Mistakes

Calling too many tools

Problem

Slow conversations

Better

Retrieve only necessary information.


Duplicating connector logic

Problem

Maintenance becomes difficult.

Better

Create reusable tools.


Poor variable management

Problem

Wrong data passed to connectors.

Better

Use meaningful variable names.


Ignoring failures

Problem

Conversation stops unexpectedly.

Better

Implement error handling and fallback responses.


Excessive permissions

Problem

Security risk.

Better

Apply least privilege access.


Best Practices

Choose the right tool

Different business needs require different tool types.

Examples:

  • Microsoft 365 → Microsoft connectors
  • Dynamics 365 → Dataverse connector
  • SAP → Custom connector
  • REST API → REST tool
  • Internal services → MCP or REST

Build reusable business capabilities

Instead of embedding business logic inside every topic:

  • Create reusable tools.
  • Reuse connectors.
  • Standardize API calls.
  • Centralize business logic.

Test every tool thoroughly

Testing should include:

  • Valid inputs
  • Invalid inputs
  • Missing values
  • Authentication failures
  • Timeout scenarios
  • Permission issues
  • Large datasets

Keep conversations natural

The user should not notice tool complexity.

Good experience:

User:

“Where is my order?”

Agent:

“Your order shipped yesterday and is expected to arrive Friday.”

Poor experience:

“I’m calling connector 4…waiting for API…processing response…”


Exam Tips

Remember the following concepts:

  • Topics orchestrate business conversations.
  • Tools perform business operations.
  • Connectors communicate with external systems.
  • Variables pass data between conversation steps.
  • Tool outputs can feed subsequent actions.
  • Reusable tools reduce maintenance.
  • Confirmation should precede destructive actions.
  • Errors should produce friendly responses.
  • Least privilege improves security.
  • Proper testing ensures reliable automation.

Practice Exam Questions

Question 1

A topic retrieves customer information before creating a support ticket. Which design approach is most efficient?

A. Retrieve the customer information every time it is needed.

B. Store the customer information in a variable and reuse it throughout the topic.

C. Ask the user to enter the information multiple times.

D. Create separate connectors for each step.

Correct Answer: B

Explanation:
Retrieving the information once and storing it in a variable reduces connector calls, improves performance, and simplifies the conversation.


Question 2

A topic updates customer records and then sends a confirmation email. What is happening?

A. Parallel execution

B. Conversation branching

C. Tool chaining

D. Topic merging

Correct Answer: C

Explanation:
Tool chaining occurs when the output or completion of one tool triggers the execution of another tool in sequence.


Question 3

A tool requires an Order ID, but the user has not provided one. What should the topic do?

A. Use a random Order ID.

B. Skip the tool execution.

C. Generate a placeholder value.

D. Prompt the user to provide the missing Order ID.

Correct Answer: D

Explanation:
Topics should collect all required information before invoking a tool.


Question 4

Which practice best supports reusable agent design?

A. Embed identical connector logic in every topic.

B. Duplicate actions across multiple topics.

C. Create centralized reusable tools that multiple topics can call.

D. Build separate connectors for every conversation.

Correct Answer: C

Explanation:
Reusable tools centralize business logic, making updates easier and ensuring consistent behavior.


Question 5

A connector returns an HTTP error. What is the best user experience?

A. Display the raw HTTP error.

B. End the conversation immediately.

C. Ask the user to debug the connector.

D. Present a friendly message explaining that the service is temporarily unavailable.

Correct Answer: D

Explanation:
Users should receive understandable messages rather than technical error details.


Question 6

Which security principle should guide tool permissions?

A. Full administrative access

B. Least privilege

C. Anonymous access

D. Shared administrator accounts

Correct Answer: B

Explanation:
Grant only the permissions necessary for the tool to perform its intended function.


Question 7

Why should developers audit tool usage?

A. To slow down execution

B. To increase connector costs

C. To support compliance, troubleshooting, and monitoring

D. To replace authentication

Correct Answer: C

Explanation:
Audit logs provide visibility into tool execution and support governance and compliance.


Question 8

When should an agent request confirmation before executing a tool?

A. Before every read-only operation

B. Before displaying help information

C. Before listing products

D. Before deleting or making significant business changes

Correct Answer: D

Explanation:
Confirmation helps prevent accidental execution of irreversible or high-impact actions.


Question 9

What is the primary purpose of passing variables between tools?

A. To reduce conversation quality

B. To transfer outputs from one action as inputs to another

C. To eliminate authentication

D. To avoid using connectors

Correct Answer: B

Explanation:
Variables enable data produced by one tool to be reused by subsequent tools in the workflow.


Question 10

A topic repeatedly calls the same connector to retrieve unchanged customer data. What is the recommended improvement?

A. Increase the number of connector calls.

B. Replace the connector with a chatbot response.

C. Cache or store the retrieved data in variables and reuse it.

D. Split the topic into multiple unrelated topics.

Correct Answer: C

Explanation:
Reusing previously retrieved data reduces latency, minimizes API calls, and improves overall performance.


Go to the AB-620 Exam Prep Hub main page

Add agent flows to a topic (AB-620 Exam Prep)

This post is a part of the AB-620: Designing and Building Integrated AI Agent Solutions in Copilot Studio Exam Prep Hub.
This topic falls under these sections:
Plan and configure agent solutions (30–35%)
   --> Configure topics
      --> Add agent flows to a topic


Note that there are 10 practice questions (with answers) at the end of each section to help you solidify your knowledge of the material. Also, there are 4 practice tests with 30 questions each available from the hub's main page below the exam topics section.

Introduction

One of the most powerful capabilities in Microsoft Copilot Studio is the ability to combine conversational topics with agent flows. While topics define how an agent interacts with users through conversation, agent flows enable the agent to perform business processes, automate tasks, integrate with enterprise systems, and orchestrate complex workflows.

For the AB-620 certification exam, you should understand how topics and agent flows work together, when to invoke an agent flow, how data is passed between topics and flows, and how to build resilient, reusable conversational experiences.


Understanding Topics and Agent Flows

Before discussing how to add agent flows to a topic, it is important to understand the role of each component.

Topics

A topic represents a conversational pathway that allows an agent to:

  • Respond to user requests
  • Ask questions
  • Collect information
  • Make decisions
  • Guide users through conversations
  • Call actions and tools
  • Invoke agent flows

Topics determine when something should happen.


Agent Flows

Agent flows define the business logic that performs actions such as:

  • Calling APIs
  • Running Power Automate flows
  • Accessing Dataverse
  • Updating CRM records
  • Sending emails
  • Creating support tickets
  • Querying databases
  • Calling AI models
  • Executing approval workflows

Agent flows determine how the work is completed.


Relationship Between Topics and Agent Flows

Think of the relationship like this:

Topic

  • Conducts the conversation
  • Collects user input
  • Determines intent
  • Decides what action is required

Agent Flow

  • Executes the requested business process
  • Returns results
  • Provides output back to the topic

Topic

  • Continues the conversation
  • Explains the outcome
  • Requests additional information if necessary

Why Use Agent Flows Instead of Placing All Logic in a Topic?

Separating conversational logic from business logic provides several advantages.

Benefits include:

  • Better maintainability
  • Reusable workflows
  • Easier testing
  • Simpler troubleshooting
  • Consistent business processes
  • Reduced duplication
  • Easier governance

Instead of rebuilding the same process in multiple topics, several topics can invoke the same agent flow.


When Should a Topic Invoke an Agent Flow?

Typical scenarios include:

  • Creating a support ticket
  • Looking up customer information
  • Checking inventory
  • Approving requests
  • Booking appointments
  • Updating CRM records
  • Searching enterprise knowledge
  • Calling external REST APIs
  • Sending notifications
  • Creating work items

Designing Topics Before Adding Flows

A well-designed topic should first determine:

  • What information is needed?
  • Which data must be collected?
  • What validation is required?
  • Which flow should execute?
  • What outputs are expected?
  • What should happen if the flow fails?

Planning these elements simplifies implementation.


Collecting Required Inputs

Topics typically gather user information before invoking an agent flow.

Examples include:

  • Customer ID
  • Product name
  • Order number
  • Email address
  • Department
  • Date
  • Priority
  • Approval comments

These values become the input parameters for the flow.

Example conversation:

Agent:
“What is your order number?”

User:
“100548”

Store value in variable.

Pass variable to the flow.


Input Parameters

Agent flows commonly accept parameters such as:

ParameterExample
Customer IDC10245
Emailnorm@company.com
Ticket PriorityHigh
Product NameSurface Laptop
Order NumberORD-14589
DepartmentHR

The topic passes these values to the flow when invoking it.


Output Parameters

Flows also return information.

Examples include:

  • Success status
  • Error message
  • Order status
  • Customer name
  • Case number
  • Appointment confirmation
  • Inventory quantity

The topic can use these outputs to continue the conversation.

Example:

Flow returns:

  • Success = True
  • TicketNumber = INC-45891

Topic responds:

“Your support ticket has been created successfully. Your ticket number is INC-45891.”


Passing Variables Between Topics and Flows

Copilot Studio variables enable communication between conversations and workflows.

Typical process:

  1. User provides input.
  2. Topic stores values in variables.
  3. Variables are passed into the flow.
  4. Flow executes.
  5. Flow returns output variables.
  6. Topic displays results.

This creates a seamless conversational experience.


Triggering an Agent Flow

Within a topic, an agent flow is typically invoked after:

  • Required inputs are collected
  • Validation succeeds
  • User confirms the request

Avoid invoking flows before all required information has been collected.


Validating Data Before Calling a Flow

Validation reduces failures.

Examples include validating:

  • Email addresses
  • Dates
  • Numeric values
  • Required fields
  • Customer IDs
  • Business rules

Example:

Incorrect:

Call flow first.

Receive error.

Correct:

Validate first.

Call flow only after validation succeeds.


Handling Flow Results

Every flow should return meaningful outputs.

Typical outcomes include:

Success

Continue conversation.

Example:

“Your vacation request has been submitted.”


Business Failure

Example:

“No customer exists with that ID.”

The topic can ask for a different ID.


System Failure

Example:

“The HR system is temporarily unavailable.”

The topic may:

  • Retry
  • Escalate
  • Ask the user to return later

Conditional Logic After Flow Execution

Topics frequently branch based on flow outputs.

Examples:

If Success = True

→ Confirm completion

If Success = False

→ Explain failure

If Approval Required

→ Route for approval

If Customer Not Found

→ Ask again


Reusing Agent Flows

One of the biggest advantages of agent flows is reuse.

Example:

Customer Lookup Flow

Used by:

  • Sales topic
  • Support topic
  • Billing topic
  • Warranty topic

Instead of maintaining four lookup implementations, only one flow requires maintenance.


Integrating Enterprise Systems

Topics frequently invoke flows that connect to:

  • Microsoft Dataverse
  • Dynamics 365
  • SharePoint
  • Microsoft Teams
  • SQL Server
  • Azure AI Search
  • SAP
  • ServiceNow
  • Salesforce
  • Custom REST APIs

The topic itself remains conversational while the flow manages integration.


Long-Running Operations

Some workflows require several minutes.

Examples:

  • Report generation
  • Data synchronization
  • Large database updates
  • AI document processing

Best practices include:

  • Inform users processing has begun.
  • Provide progress messages when possible.
  • Notify users when processing completes.
  • Continue asynchronously if supported.

Human-in-the-Loop Scenarios

Some flows require human approval.

Examples include:

  • Expense approvals
  • Vacation approvals
  • Purchase requests
  • Legal review
  • Financial authorization

The topic may:

  • Submit the request.
  • Inform the user approval is pending.
  • Resume once approval completes.

Error Handling

Topics should never assume a flow succeeds.

Always plan for:

  • Authentication failures
  • Connector failures
  • Missing inputs
  • Invalid responses
  • Timeout errors
  • API failures
  • Network outages

Provide friendly error messages rather than technical details.

Example:

“I couldn’t complete your request because the service is temporarily unavailable.”


Logging and Monitoring

Administrators should monitor:

  • Successful executions
  • Failed executions
  • Flow duration
  • Connector errors
  • API failures
  • User abandonment
  • Retry frequency

These metrics help improve reliability over time.


Security Considerations

Topics should only invoke flows users are authorized to execute.

Consider:

  • Microsoft Entra ID authentication
  • User permissions
  • Least privilege
  • Secure connectors
  • Data protection
  • Sensitive information masking

Never expose secrets or internal system information to users.


Best Practices

  • Keep conversational logic inside topics.
  • Keep business logic inside agent flows.
  • Validate inputs before invoking flows.
  • Use meaningful input and output parameters.
  • Handle failures gracefully.
  • Reuse flows whenever possible.
  • Log important events.
  • Protect sensitive information.
  • Use clear confirmation messages.
  • Test both successful and failure scenarios.

Common Mistakes

Avoid these common design errors:

  • Calling flows before collecting all required inputs
  • Ignoring returned output values
  • Exposing technical error messages
  • Duplicating identical business logic in multiple topics
  • Failing to validate user input
  • Hardcoding values instead of using variables
  • Not planning for connector failures
  • Building overly large topics instead of modular conversations

Exam Tips

For the AB-620 exam, remember the following:

  • Topics manage conversations, while agent flows perform business operations.
  • Topics should collect and validate data before invoking a flow.
  • Use variables to pass information between topics and flows.
  • Agent flows should return structured outputs that topics can evaluate.
  • Reuse agent flows whenever possible to reduce duplication.
  • Handle errors gracefully and provide meaningful user feedback.
  • Design topics to support enterprise integrations while maintaining a conversational experience.
  • Separate conversation design from business process implementation.
  • Secure flows with appropriate authentication and authorization.
  • Test both successful and unsuccessful execution paths.

Practice Exam Questions

Question 1

A Copilot Studio topic collects a user’s employee ID before invoking an agent flow. What is the primary purpose of collecting this information first?

A. To reduce the number of topics in the agent

B. To allow the flow to receive the required input parameter

C. To prevent authentication from occurring

D. To automatically create a Dataverse table

Answer: B

Explanation: Agent flows often require input parameters. The topic gathers the necessary information before invoking the flow.


Question 2

Which responsibility belongs primarily to a topic rather than an agent flow?

A. Updating a SQL database

B. Calling a REST API

C. Managing the conversation with the user

D. Executing a Power Automate workflow

Answer: C

Explanation: Topics handle conversational interactions, while agent flows perform business operations and integrations.


Question 3

Why is separating conversation logic from business logic considered a best practice?

A. It prevents users from accessing connectors.

B. It removes the need for authentication.

C. It allows topics to execute without variables.

D. It improves maintainability and enables workflow reuse.

Answer: D

Explanation: Separating responsibilities makes solutions easier to maintain, test, and reuse across multiple topics.


Question 4

An agent flow returns a value indicating that a customer record could not be found. What should the topic do next?

A. Ignore the response and continue.

B. Delete the conversation history.

C. Ask the user for a different customer identifier.

D. Disable the flow.

Answer: C

Explanation: The topic should respond appropriately to business outcomes by allowing the user to correct the information.


Question 5

Which of the following is the BEST example of an output parameter returned by an agent flow?

A. Ticket number generated after creating a support case

B. User’s spoken question

C. Conversation trigger phrase

D. Greeting message

Answer: A

Explanation: Output parameters communicate the results of a completed workflow back to the topic.


Question 6

Before invoking an agent flow, a topic should first:

A. Restart the conversation.

B. Validate required user inputs.

C. Disable error handling.

D. Create a new environment.

Answer: B

Explanation: Input validation prevents unnecessary failures and improves the user experience.


Question 7

Multiple topics need to retrieve customer information using identical business logic. What is the recommended design?

A. Copy the workflow into every topic.

B. Create separate connectors for each topic.

C. Build one reusable agent flow that all topics invoke.

D. Eliminate topics and use only flows.

Answer: C

Explanation: Reusable agent flows reduce maintenance and ensure consistent business logic across conversations.


Question 8

Which scenario is most appropriate for invoking an agent flow?

A. Displaying a welcome message

B. Asking for the user’s preferred language

C. Detecting user intent

D. Creating a purchase order in an ERP system

Answer: D

Explanation: Business operations involving enterprise systems are ideal candidates for agent flows.


Question 9

Why should a topic evaluate the outputs returned by an agent flow?

A. To determine how the conversation should continue

B. To reduce connector licensing costs

C. To automatically create new topics

D. To bypass authentication

Answer: A

Explanation: Output parameters allow the topic to make decisions based on the success, failure, or results of the workflow.


Question 10

An enterprise workflow may take several minutes to complete. What is the best user experience?

A. Close the conversation immediately.

B. Repeatedly invoke the flow until it finishes.

C. Inform the user that processing is underway and provide follow-up or asynchronous notification if appropriate.

D. Return a technical timeout message.

Answer: C

Explanation: Long-running operations should provide feedback to the user and, where appropriate, continue asynchronously rather than blocking the conversation or exposing technical errors.


Go to the AB-620 Exam Prep Hub main page