Microsoft published a seven-lesson open-source course on July 14 called Building AI Agents from Zero to Production, and the title is the most revealing part. The course positions itself around the production stage — how to deploy agents reliably inside organizations — rather than just whether agents can work at all. The distinction matters because it codifies what the industry has spent the past six months learning the hard way: the gap between an agent that answers a question in a notebook and a governed, observable, multi-agent system an organization can depend on is where the actual engineering lives.
The course is one data point. The pattern is broader. Within the same week, Fujitsu began trials of a platform that auto-generates multi-agent systems from business manuals, Oracle opened its Agent Studio to pro-code developer tooling, three independent teams shipped composable agent evaluation frameworks, and an Info-Tech Research Group fellow argued in Forbes that governance itself must become agentic to keep pace with agent deployments. Collectively, these releases sketch the outline of an emerging production stack that did not exist in any coherent form at the start of 2026.
What the Microsoft Course Actually Teaches
The course, authored by Lee Stott and built on the Microsoft Agent Framework (MAF) plus Azure Foundry, is organized as a lifecycle rather than a feature tour. Each of its seven lessons addresses a specific production question, and each assumes the previous problem is solved.
Lesson 1 covers agent design: decomposing a system into specialist agents coordinated by a triage agent via handoff orchestration, rather than building one monolithic assistant. The course uses a developer onboarding scenario, deliberately mundane, as its running example. Lesson 2 turns designs into standalone services, each running on its own port, authenticated to Foundry via Azure CLI credentials with no API keys in code.
Lesson 3 introduces evaluation, and this is where the course diverges from the standard demo-to-blog-post pipeline. Agents are non-deterministic, so traditional assertions break. Microsoft’s approach layers three complementary methods: always-on OpenTelemetry tracing to Application Insights, smoke tests that run on every deployment, and model-based evaluations where a stronger “judge” model scores a cheaper production model on relevance, groundedness, tool-call accuracy, and tool-output utilization. The evaluators run against persisted responses, not freshly regenerated ones, meaning the evaluation is reproducible.
Lesson 4 deploys agents as Foundry Hosted Agents behind a React frontend and a FastAPI backend, with post-deployment smoke tests gating the CI pipeline. Lesson 5 separates compute from data through what Microsoft calls Capability Hosts, redirecting conversation history to Cosmos DB, file uploads to Azure Storage, and vector embeddings to Azure AI Search, all within a customer’s own tenant and network boundary. This is the data sovereignty layer that regulated industries require.
Lesson 6 introduces centralized tool governance through the Foundry Toolbox, a versioned, MCP-compatible endpoint where credentials live in Foundry connections rather than agent code. Blue-green versioning lets teams test new tool configurations on version-specific endpoints before promoting them. Lesson 7 covers multi-agent interoperability through the Agent-to-Agent (A2A) protocol, wrapping existing MAF agents in an A2A executor with no changes to agent code.
A2A Moves From Specification to Curriculum
The A2A protocol deserves separate attention because its inclusion in Microsoft’s curriculum signals a maturity shift. Google announced A2A in April 2025 with backing from more than 50 technology partners, including Atlassian, Salesforce, SAP, ServiceNow, and consulting firms like Accenture and McKinsey. The protocol gives each agent a discoverable Agent Card at /.well-known/agent-card.json and a task lifecycle (submitted, working, completed, failed), enabling agents from different teams, organizations, or frameworks to interoperate over an open standard.
For over a year after launch, A2A existed primarily as a specification and a collection of reference implementations. Its appearance in a structured educational course, alongside MCP as the complementary tool-access layer, marks the transition from “protocol exists” to “protocol is taught as standard practice.” Microsoft’s course makes A2A consumption look identical to calling a local agent: the A2AAgent class accepts a URL, an optional auth interceptor for bearer tokens, and can participate inside the same HandoffBuilder workflow as in-process agents.
The practical implication for enterprise teams is that cross-department agent interoperability no longer requires custom integration work. A procurement agent built by the finance team can call a compliance agent built by legal using the same protocol that an external vendor’s agent would use. The security model is carried in the Agent Card’s security_schemes field, and authentication interceptors handle token exchange.
The Production Stack Takes Shape
Microsoft’s course is the most comprehensive single artifact, but the production stack it describes is being built simultaneously by multiple vendors who are not coordinating with each other.
On July 13, Fujitsu announced a trial starting July 15 of Kozuchi Multi AI Agent Framework (MAAF), a platform that ingests business manuals and meeting recordings to automatically generate multi-agent systems, then improves them through execution feedback and human review. Fujitsu’s approach tackles the bottleneck Microsoft’s Lesson 1 addresses manually: defining what each agent should do and how they hand off. MAAF automates that design step for enterprise workflows where procedures combine exceptions, judgment criteria, and system operations that are difficult to capture in a single build.
Oracle, separately, opened its AI Agent Studio to pro-code development on July 14, letting the 80,000+ certified Fusion experts build agentic applications using VS Code, Claude Code, CLI tools, and Git-based workflows. The applications inherit Oracle Fusion’s existing security, auditability, and approval controls. This maps directly to Microsoft’s Lessons 4 through 6: deployment, data sovereignty, and tool governance, but implemented through Oracle’s enterprise governance framework rather than Azure Foundry.
The evaluation layer is converging independently. Within 24 hours on July 13, Prime Intellect shipped Verifiers v1, a composable framework that decomposes agentic reinforcement learning environments into swappable tasksets, harnesses, and runtimes. Skyfall AI released Morpheus for multi-turn agent training with tool calls. Stanford published trace-level analysis methods for agent reasoning chains. Three teams, working independently, arrived at structurally similar conclusions about how to evaluate agents: separate what the agent learns from how it solves tasks and where execution happens. Microsoft’s Lesson 3 describes the same decomposition applied to production evaluation rather than RL training.
Governance Becomes Agentic
The most structurally interesting development may be the governance layer. Bill Wong, AI Research Fellow at Info-Tech Research Group, published a Forbes Tech Council column on July 14 arguing that static governance built for generative chatbots cannot handle agents that reason, plan, and execute multistep tasks with minimal human intervention.
Wong’s proposed solution is a seven-stage framework where the governance layer itself operates as an agentic system, autonomously detecting regulatory changes, updating compliance policies, and deploying safeguards across agent fleets in real time. The argument’s logic is straightforward: if you have 200 agents per employee (a figure Forbes Tech Council projected in a separate column the same week), manual governance review becomes physically impossible. The governance system must scale at the same rate as the agents it governs.
Microsoft’s course addresses governance through static mechanisms: tool approval modes, toolbox-level RAI policies, content filters, and least-privilege role assignments. Wong’s argument is that these mechanisms work for a handful of agents but break down when agent count reaches organizational scale. The gap between Microsoft’s static governance tooling and Wong’s agentic governance vision is arguably the next production problem the industry will need to solve.
What the Pattern Reveals
Six months ago, the agent industry’s public output consisted primarily of benchmark results, demo videos, and funding announcements. The past week’s releases are qualitatively different. They are production tooling: deployment pipelines, evaluation frameworks, governance architectures, data sovereignty separation, tool credential management, and cross-framework interoperability protocols.
The convergence is not coordinated. Microsoft, Fujitsu, Oracle, Prime Intellect, Skyfall AI, Stanford, and Info-Tech Research Group are not working together. They are independently arriving at similar architectural conclusions because they are solving the same problems: agents that work in notebooks but fail in production, tool credential sprawl, evaluation gaps, governance bottlenecks, and interoperability walls between teams using different frameworks.
The Microsoft Foundry Agent Service documentation now lists support for five agent frameworks: Microsoft’s own Agent Framework, LangGraph, the OpenAI Agents SDK, the Anthropic Agent SDK, and the GitHub Copilot SDK. A managed platform that accepts agents from competing frameworks is a bet that the framework wars are over, or at least that the winner is the deployment layer, not the agent framework itself.
The Remaining Gaps
The production stack taking shape this week has three visible gaps.
First, cost observability. Microsoft’s course mentions cost hygiene exactly once, in a note about deleting Azure resource groups when done. There is no lesson on monitoring inference costs across a multi-agent system, setting per-agent token budgets, or alerting when a runaway agent loop burns through compute. At enterprise scale, a mis-configured orchestration loop can accumulate significant costs before anyone notices.
Second, cross-vendor governance. Microsoft’s Toolbox governs tools within Azure Foundry. Oracle’s Agent Studio governs tools within Fusion. Neither governs tools across both. An enterprise running agents on Azure that need to call Oracle Fusion APIs, or vice versa, faces a governance gap at the boundary. The A2A protocol handles interoperability at the communication layer but does not address policy enforcement across organizational boundaries.
Third, the evaluation frameworks are all pre-production. Microsoft’s evaluators score agent responses after the fact. Prime Intellect’s Verifiers train and evaluate in controlled environments. Neither addresses runtime evaluation, continuously scoring a production agent’s behavior against quality baselines and triggering alerts or automatic rollbacks when quality degrades. Runtime evaluation for non-deterministic systems is an unsolved problem, and the absence of any solution in this week’s releases suggests it remains unsolved.
The agent production gap is closing, but it is closing through accumulation rather than through any single breakthrough. The next phase will likely focus on the gaps that become visible only when the basic production stack is in place: cost governance, cross-vendor policy, and runtime quality monitoring. The infrastructure for building and shipping agents is maturing. The infrastructure for operating them at scale is next.