⚙ Enterprise AI Architecture · Internal Operations

AI-Powered Internal
Request Automation

Designed a 10-step end-to-end pipeline to automate internal employee request handling — classifying, routing, resolving, and escalating 800–1,000 daily requests while maintaining full audit traceability and human oversight.

1,000+
Requests / day
10
Pipeline Steps
3
Routing Paths
≥80%
Auto-Resolve Target
1,800
Hours Saved / Year
The Problem

Manual Handling at Scale Doesn't Work

With hundreds of employee requests arriving daily through email, Teams, and the intranet, support teams were spending most of their time triaging and categorizing — not solving. The result: slow responses, inconsistent answers, and no audit trail.

⏱ Slow & Inconsistent

Every request was read, categorized, and responded to manually. Similar questions got different answers depending on who picked up the ticket. Average resolution time was measured in hours, not minutes.

📂 No Centralized Knowledge

Internal policies lived in SharePoint, email threads, and individual inboxes. Support staff searched for the right policy document for every request — the same search, repeated hundreds of times a day.

🔍 No Audit Visibility

In a regulated environment, every access request and policy decision must be traceable. Manual handling meant no consistent log of who asked, who approved, what information was used, or when.

📈 Impossible to Scale

Request volume was growing. Hiring more support staff was not a sustainable solution. The operation needed a system that could handle 3× the volume without 3× the headcount.

The Solution

A 10-Step Pipeline — Rules First, AI Second

The most important architectural decision was made before writing a single line of automation: deterministic rules run before the LLM. The majority of requests are actually simple and predictable — they should never touch an AI layer.

Fast Path First
Power Automate rules resolve ~60% of requests in milliseconds — no LLM cost, no latency, no hallucination risk
🤖
AI for the Ambiguous
Copilot Studio + Azure OpenAI handle intent classification, semantic understanding, and RAG knowledge retrieval only when rules fail
👤
Human Always in the Loop
Low-confidence and high-risk requests always escalate to a human. No sensitive action is ever taken autonomously
Pipeline Overview
Phase 1 — Intake & Security
Capture & Authenticate
  • Teams, Email, Intranet, Service Desk, Mobile, Forms
  • All channels write to a single Dataverse table
  • Unique tracking ID assigned at receipt
  • Entra ID verifies identity before anything moves
  • RBAC & DLP applied at the data layer
Phase 2 — Processing & Routing
Classify & Decide
  • Fast Path: regex, keywords, business rules (Power Automate)
  • LLM Layer: intent, entities, priority, risk (Copilot Studio)
  • Decision Engine: weighted confidence + risk score
  • Routes to Auto-Resolve, RAG, or Human Review
Phase 3 — Resolution & Governance
Act & Audit
  • Execute action or deliver knowledge-grounded answer
  • Human approves sensitive actions before execution
  • Response via Teams, Email, or ticket update
  • Full audit log: who asked, what retrieved, who approved
  • Feedback loop improves accuracy over time
The Fast Path — Why It Matters
Password resets, VPN access requests, equipment orders, and leave balance questions are predictable. A Power Automate flow with regex matching, keyword lookups, and a business rules engine resolves these in under a second at zero LLM cost. The LLM only activates when rules return no confident match. This is how you scale to 1,000+ requests/day without a runaway AI bill.
After Classification — Three Resolution Paths
≥ 80% Confidence
Auto-Resolve Path
Triggered for: access requests, known IT issues, catalog items
  • Business rules identify request type
  • Approval sent via Teams Adaptive Card
  • Manager or SME approves with one click
  • System action executes only after approval
  • Employee notified with resolution details
50–80% Confidence
Knowledge Path (RAG)
Triggered for: policy questions, leave rules, reimbursement
  • SharePoint documents chunked & embedded
  • Semantic vector search retrieves relevant docs
  • Only docs the user has permission to see
  • LLM generates a grounded, citable answer
  • Human reviews before delivery (50–80% band)
< 50% or High Risk
Human Review Queue
Triggered for: low confidence, sensitive categories, compliance
  • Routed to specialist review queue (Power Apps)
  • Full context visible: request, history, priority
  • AI suggestion shown alongside for efficiency
  • Specialist accepts, edits, or overrides
  • Response sent after specialist approval

Explore the Full 10-Step Architecture

Interactive pipeline diagram — click each step to see implementation details, tech choices, and data flow

View Architecture →
Engineering Decisions

The "Why" Behind Every Choice

Good architecture is mostly made of decisions you didn't make. Here's what we chose and why — including what we ruled out.

Why rules before AI?
Fast Path (Power Automate) runs first
Most requests aren't ambiguous — "reset my password" is not a natural language understanding problem. Running an LLM on every request adds latency, cost, and hallucination risk for no benefit. Deterministic rules handle what's predictable; AI handles what isn't. This separation also means the Fast Path can be audited and explained without touching a language model.
RAG over fine-tuning?
Knowledge retrieval, not model training
Internal policies change — leave rules update, compliance requirements shift, IT catalogs evolve. Fine-tuning bakes knowledge into the model weights: every policy change requires retraining and redeployment. With RAG, update the SharePoint document and the system immediately answers with the new version. RAG also provides citable sources for every answer — critical for SOX audit trails where the reviewer needs to verify what information was used.
Why Microsoft native stack?
Copilot Studio, Power Automate, Dataverse, Entra ID
A custom Python/FastAPI stack could do everything this architecture does — but it would also need to build authentication, RBAC enforcement, DLP policy, audit logging, and enterprise integration from scratch. The Microsoft stack delivers all of these as built-in features. In a regulated environment, building your own security and governance layer is the highest-risk choice. Entra ID handles identity; Dataverse handles audit; Power Platform handles governance. Ship a working, compliant system faster.
Why does risk override confidence?
Decision Engine — Risk Factor (10% weight)
The Decision Engine uses a weighted confidence score (intent 40%, retrieval 30%, historical accuracy 20%, risk 10%). But regardless of the final score, sensitive categories — financial data access, credential changes, compliance requests — always route to human review. In a regulated environment, a confident-but-wrong action is the most expensive failure mode. The 10% risk weighting is a floor, not a ceiling.
Why Dataverse as the central store?
Not a custom database or ticketing system
Dataverse provides row-level security, a Power Platform-native API, built-in audit log columns, and native integration with Power Automate and Power Apps — without custom code. The audit trail begins at the moment of request receipt, before any processing. An auditor can query Dataverse and answer any compliance question: who submitted, what was retrieved, who approved, when each step happened. This is not possible when the audit trail is an afterthought.
Technology

Built on the Microsoft Intelligent Cloud

Every component was chosen for enterprise-grade governance, not just capability. Each tool earns its place by eliminating a category of risk.

🤖
Copilot Studio
LLM orchestration, intent classification, entity extraction, RAG integration
Power Automate
Fast Path rules engine, approval workflows, system action execution
🗄
Dataverse
Central request store, audit log, row-level security, native PP integration
🧠
Azure OpenAI
LLM backbone for reasoning, answer generation, confidence scoring
🔒
Entra ID
Authentication, RBAC enforcement, permission-aware RAG, identity audit
📄
SharePoint Online
Knowledge base for RAG — policies, SOPs, FAQs, training materials
📱
Power Apps
Human review queue interface for support specialists
💬
Microsoft Teams
Primary request channel, approval delivery, Adaptive Card notifications
Projected Impact

What This System Delivers

Based on 800–1,000 daily requests and an assumed 60% Fast Path resolution rate

~600
Requests auto-resolved daily without human touch
1,800+
Staff hours saved per year on triage and categorization
<2s
Fast Path resolution time (vs. hours manually)
100%
Requests logged with full audit trail from first contact
0
Sensitive actions taken without explicit human approval

* Numbers are design-phase projections based on stated volume and architecture assumptions. Actual results depend on implementation tuning.