Don't Build an AI Center of Excellence Until You Read This (2026)
Critical practitioner read of Microsoft's AI CoE framework: the seven assumptions the playbook makes about Executive Sponsors, role authority, and CoE evolution that fail in most real enterprises.
Microsoft’s 2026 Agentic Transformation Patterns Playbook devotes its longest chapter to the AI Center of Excellence. The framework is sound on paper. It names six core CoE roles, four edge roles, three structural options (Centralized, Hybrid, Federated), and a 7-stage agent lifecycle (Intake to Retire), and it matches each structure to an adoption pattern. Most of the chapter is correct. The problem is the seven assumptions underneath the framework, none of which the document names, and all of which most enterprises will violate on day one.
This is the contrarian companion to the practitioner decode of the playbook itself. If you are about to set up an AI CoE in the next 90 days, this is the read that goes before the kickoff slide deck.
What the Playbook Gets Right
To be clear: Microsoft’s CoE framework is the strongest enterprise-AI operating-model document in the market today. Three things in the chapter genuinely advance the conversation:
The matching of CoE structure to adoption pattern is correct and underdiscussed. The playbook matches each structure to a pattern: Centralized for Employee Enablement and External Engagement, Federated for Core Business Process and AI-First Capabilities once teams are mature. My read is that this implies an evolution path: as your dominant pattern matures from enablement to core-process transformation, structure should shift from Centralized toward Federated.
The decision-rights split between Centralize (HOW scale works: platform, security, architecture, release gates, risk classification) and Delegate (WHO builds: domain prioritization, agent design within standards, knowledge curation, day-to-day ops) is the single most actionable artefact in the chapter. Most CoEs centralize the wrong things and delegate the wrong things. The split corrects that.
The 7-stage agent lifecycle (Intake → Triage → Build → Deploy → Monitor → Improve → Retire) is the Scale function of the CoE framework (pages 35-48), mature change-management discipline applied to agents. In my experience it maps cleanly onto a standard RACI, though the playbook itself stops at the lifecycle stages and does not publish a RACI table. It plugs into existing enterprise governance cleanly.
The architecture is right. The problem is what the framework assumes about the enterprise that adopts it.
Assumption 1: The Executive Sponsor Has Both Budget AND Political Capital
The framework names Executive Sponsor as the first core CoE role. The role is described as setting strategic direction and securing funding. The unstated assumption is that this person has both the budget authority to fund the CoE through its foundation period (in my experience 18-24 months) and the political authority to defund stalled initiatives, settle cross-business-unit disputes, and enforce architecture decisions that some teams will resist.
In our experience, you have one or the other. Rarely both.
The CTO has the technical authority but often not the cross-functional political capital to require Marketing to use the standard agent pattern instead of its own. The Chief Digital Officer has the political capital but often not the technical literacy to read an eval report and call a pilot stalled. The Chief AI Officer (where the role exists) is often a senior IC promoted into a leadership role without the budget authority of a CFO-adjacent peer.
What to do: name the Executive Sponsor explicitly. Audit the role against the two-dimensional test (budget authority + political authority). If only one dimension is present, name a co-sponsor for the other. A single under-powered Executive Sponsor is worse than two co-sponsors with complementary authority because the framework relies on this person to break ties.
Assumption 2: The CoE Lead Can Hire Across Functions
The CoE Lead (also called AI Program Manager in the playbook) is described as the operating owner. The role description is straightforward: run the cadence, coordinate across CoE functions, report to the Executive Sponsor.
The unstated assumption is that this person has hiring authority across the six core CoE roles and the four edge roles. In most enterprises the Platform & Operations role reports into IT; Security/Risk/Compliance reports into a separate compliance function; Adoption Leads report into HR or the relevant business unit. The CoE Lead has dotted-line influence over most of them and direct hiring authority over none.
The framework treats the CoE as if it is a single team. In practice it is a matrix of people whose direct reports point elsewhere.
What to do: before you stand up the CoE, get explicit dotted-line agreements signed by the function heads (CISO, CHRO, business-unit GMs) that name the people who will spend a defined percentage of their time on CoE work. Without that explicit allocation, the CoE Lead is a coordinator without authority.
Assumption 3: Agent Product Owners Have Cross-Team Authority
The Agent Product Owner is the role most enterprises have not yet made. The playbook formalises it: someone who owns the agent’s lifecycle, prioritisation, success metrics, and continuous improvement. Think Product Manager for one or several specific agents.
The unstated assumption is that this person has the authority to enforce schema decisions across teams that have never shared a contract, to require domain experts to maintain golden evaluation datasets, and to defund agent improvements that produce no measurable user value.
This authority does not exist by default. It comes from being granted explicitly by the Executive Sponsor and renewed by the operating cadence. Most enterprises will appoint the first Agent Product Owner from the team that owns the most visible agent, often without giving them explicit cross-team authority. The result is a Product Owner who can iterate the agent within their team but cannot enforce reuse, standards, or eval discipline outside their team.
What to do: in the formal role definition, name the authorities that the Agent Product Owner has. Specifically: authority to require schema input from named upstream teams, authority to set the agent’s eval pass threshold, authority to mark a quarterly release as “do not promote” based on evaluation results. Without explicit authority, the role is a coordinator with extra reporting overhead.
Assumption 4: Domain Teams Will Surrender Some Autonomy
The CoE structure assumes that domain teams will accept centralised standards, reference architectures, release gates, and reuse mandates. In Federated mode the assumption is softer (CoE provides standards; business units own delivery within them). In Centralized mode the assumption is hard (CoE owns delivery; business units consume).
Most domain teams will resist the surrender of autonomy. Domain teams that built their first agent independently and shipped it to production are not eager to hand the next agent to a central team. Domain teams that have informal Copilot Studio adoption inside their business unit may already have working patterns they do not want overridden.
The framework treats this as a change-management problem. It is also a power-and-trust problem that change-management cannot solve alone.
What to do: name the things the CoE owns and the things domain teams own, and make the boundary explicit and small. The Centralize-versus-Delegate split in the playbook is the right starting point. Adapt it to your specific power dynamics. In a low-trust enterprise (recent IT failure, organisational restructure, leadership turnover) the CoE has to win earnest credibility one delivered agent at a time before it can require domain teams to consume its standards.
Assumption 5: Security and Risk Are Integrated From Day One
The framework names Security/Risk/Compliance as one of the six core CoE roles. The intent is clear: these functions are inside the CoE, not external reviewers.
The unstated assumption is that the enterprise has already integrated Security/Risk/Compliance into its existing software-delivery operating model with enough maturity that the AI-specific extensions (responsible AI assessment, content safety review, data-residency mapping, agent-identity governance) can layer on top.
Most enterprises have not done this for traditional software. Security review is a gate at the end of the project, not a partner during design. Risk classifications are documented but rarely enforced in deployment automation. Compliance review is reactive to incidents, not proactive in design.
If your existing software-delivery model treats Security and Risk as terminal gates, the AI CoE will repeat that pattern. AI work moves faster and breaks more visibly, which amplifies the cost.
What to do: before standing up the AI CoE, audit how Security and Risk integrate with your existing software delivery. If they integrate well, extend the same model to AI. If they integrate badly, fix the underlying model first. The AI CoE will not fix the underlying gap; it will make it more visible.
Assumption 6: The Power Platform CoE Foundation Already Exists
The framework treats the Power Platform CoE pattern as a prerequisite that most enterprises already have. The published Power Platform CoE Starter Kit is mature, well-documented, and widely adopted. If your enterprise runs Power Platform at scale and has the CoE pattern in place, extending it to AI agents is an additive read.
If you do not have a Power Platform CoE, you have a larger problem than the playbook describes. The AI CoE depends on:
- Tenant-level governance posture (managed environments, DLP policies, capacity allocation)
- Repo-and-pipeline discipline (source-controlled solutions, automated release gates)
- Inventory and observability tooling (per-environment audit, application/solution registry)
- An adoption-and-enablement motion (training, champions, community)
These are exactly what a mature Power Platform CoE produces. Without them, the AI CoE has to build all of them in parallel with the AI-specific work (eval-dataset curation, risk-tier classification, agent-version lifecycle). The 90-day timeline in the playbook becomes a 12-month timeline. Treat the playbook as Phase 2 of the work; Phase 1 is the Power Platform CoE foundation.
One thing the playbook understates: most enterprises already run non-Microsoft agents (OpenAI Assistants, LangChain services, third-party SaaS copilots). The CoE has to govern those too, or it governs only the half of the estate it can see, which collapses back into the Shadow AI problem.
Assumption 7: There Is Budget to Staff Before You Have ROI Receipts
The playbook names six core roles plus four edge roles but does not size headcount. From our experience, that translates to a rough, order-of-magnitude 4-8 FTEs for a mid-sized enterprise running light Pattern 3 work, scaling higher for larger orgs running Patterns 3-5. Treat that as a starter you should calibrate, not a published figure. Either way, it is a substantial investment.
The unstated assumption is that the organisation has budget authority to fund this staffing through the foundation period (18-24 months in my experience) before the AI program produces measurable ROI. In our experience the first 6-12 months of an AI CoE are foundation work: standing up environments, defining tier classifications, building eval datasets, setting up release pipelines, running training. ROI from production agents typically follows after.
Most enterprise budget cycles do not work this way. In our experience the CFO who approves 4-8 FTE positions will expect a return-on-investment narrative within roughly 12 months. If the CoE cannot produce measurable agent-delivered outcomes within that window, the budget gets cut at the next cycle, often before the foundation work is complete.
What to do: budget the CoE in two phases. Phase 1 (months 1-6) is foundation work, justified by capability building and risk reduction, not ROI. Phase 2 (months 6-12) is delivery work, justified by measurable outcomes from the first 2-3 production agents. Tie Phase 2 budget continuation to Phase 1 deliverables explicitly. The CFO will accept this structure if it is named upfront; the CFO will not accept it if it is presented as “trust us, ROI comes eventually.”
The Seven Assumptions at a Glance
Here is the whole spine in one place: each assumption, what the playbook quietly assumes, what most enterprises actually have, and the fix.
| Assumption | What the playbook assumes | What most enterprises have | Fix |
|---|---|---|---|
| 1. Executive Sponsor | One sponsor with both budget and political authority | One dimension or the other, rarely both | Name a co-sponsor so budget and political authority are both covered |
| 2. CoE Lead | Hiring authority across all ten roles | Dotted-line influence, direct authority over none | Get signed time-allocation agreements from function heads before launch |
| 3. Agent Product Owner | Cross-team authority over schema, evals, defunding | Authority only inside their own team | Name the specific cross-team authorities in the role definition |
| 4. Domain teams | Will surrender autonomy to central standards | Will resist; many already shipped their own agents | Make the owned/delegated boundary explicit and small; earn credibility one agent at a time |
| 5. Security and Risk | Integrated into delivery from day one | Terminal gates at the end of projects | Fix the underlying delivery model first; the CoE will not fix it |
| 6. Power Platform CoE | Already exists as a prerequisite | Often absent or immature | Treat the playbook as Phase 2; build the Power Platform CoE foundation first |
| 7. Budget before ROI | Funding for the foundation period before receipts | CFO expects ROI within 12 months | Split the budget into a foundation phase and a delivery phase, named upfront |
When the CoE Pattern Works and When It Fails
The framework works when the seven assumptions hold or when the gaps are explicitly named and addressed. It fails when the gaps are unnamed and the CoE is set up against assumed authority that does not exist.
The enterprise-size bands and timelines below are rough field heuristics from our own engagements, not figures published in the playbook. Calibrate them to your org.
| Enterprise type | Will the CoE pattern work as-described? | Required adaptation |
|---|---|---|
| Mature Power Platform CoE, integrated Security/Risk in software delivery, named AI Executive Sponsor with both budget and political authority | Yes. Adopt the framework as-described. Adoption typically takes ~3 months. | None substantial. Audit role authorities and integrate. |
| Mature Power Platform CoE but Security/Risk operates as terminal gate | Partially. The pattern will work for the agent lifecycle but Security/Risk integration will lag. | Stand up the AI CoE first with explicit security-integration milestones. Treat security maturity as a parallel workstream, not a CoE deliverable. |
| No Power Platform CoE, mid-sized enterprise (5K-15K employees) | Not in 90 days. The framework's prerequisite stack does not exist. | Treat the playbook as Phase 2. Spend Phase 1 (3-6 months) on Power Platform CoE foundation. Then layer AI CoE on top. |
| Large enterprise with strong central IT but historically autonomous business units | Centralized CoE will fail; Federated is too early. Start Hybrid. | Negotiate explicit Centralize/Delegate boundaries with business-unit GMs before standing up CoE. Without the negotiation, the CoE will be ignored. |
| Enterprise with no formal AI governance, no executive sponsor named | No. The structure has nowhere to land. | Do not stand up the CoE. Spend 90 days getting executive sponsorship explicit. Then revisit. |
The Three Anti-Patterns We See Repeatedly
The Empty CoE. The CoE is stood up with named roles but no actual staffing allocation. People are “10% on CoE” in a way that means zero hours per week in practice. The cadence is on the calendar but unattended. Decisions are made in the cadence and not enforced outside it. Quarterly review meetings produce slide decks but no behaviour change. The CoE exists on the org chart and nowhere else.
The Permission Bottleneck. The CoE accumulates approval authority faster than it can process the queue. Every new agent has to go through the CoE for review. The CoE has 3 reviewers and 200 agent proposals. Backlogs grow. Business units route around the CoE by deploying agents through other channels (personal Copilot subscriptions, third-party tools, “experiments” that are actually production workloads). The CoE produces governance theatre while the actual agents proliferate ungoverned.
The Tooling Substitute. The CoE buys tooling (governance platforms, agent registries, eval-dataset management tools) as a substitute for the harder operating-model work. The tools sit unused or underused. The expected operating-model outcomes do not materialise. The CoE blames the tools rather than naming the underlying assumption gap.
All three anti-patterns trace to the same root cause: setting up the structure without first verifying the seven assumptions hold.
The Honest 90-Day Adaptation
If you have to stand up an AI CoE in the next 90 days, treat the playbook’s 90-day play as a target shape, not a literal sequence. Sequence the work like this:
Days 0-30: Verify the assumptions. Run the seven-assumption test against your organisation. Name the Executive Sponsor and audit their two-dimensional authority. Get dotted-line agreements from function heads. Audit Security/Risk integration in existing software delivery. Verify or build the Power Platform CoE foundation. Get explicit Phase 1 + Phase 2 budget structure approved.
Days 30-60: Stand up the bare-minimum CoE. Three roles, not ten: the CoE Lead, one Agent Product Owner, one Security/Risk integrator. Run weekly cadence. Take in two pilot agents. Do not extend the CoE structure until the bare minimum is producing reliable signal.
Days 60-90: Extend or stop. If the bare-minimum CoE is working (the two pilot agents are progressing through the lifecycle with named owners and trackable evals), extend the structure. Add the Platform & Operations role. Add an Adoption Lead. Plan the move from Centralized to Hybrid in the next 90-day cycle. If the bare-minimum is not working, stop and diagnose the assumption gap before adding structure. More structure on top of a broken foundation produces more visible failure, not better outcomes.
Read Next
- The Six Agentic Adoption Patterns: A Practitioner Decode of Microsoft’s New Playbook (2026). The full decode of the playbook this article critiques. Read in parallel: this piece names the CoE assumption gaps; that piece walks the full framework.
- Power Platform Governance: Repo Standards, Reviews, Inventory. The Power Platform CoE pattern the AI CoE depends on. If you do not have this foundation, this is Phase 0.
- AgentOps on Microsoft Foundry: A Practitioner Decode of the New CI/CD Reference Architecture (2026). The technical delivery pipeline that the CoE operating model wraps.
- Shadow AI Governance for Microsoft Enterprises: Discovery to Control. The Tier 0 problem (agents outside the CoE governance perimeter) that the playbook does not name.
- Source: Microsoft Agentic Transformation Patterns Playbook (PDF, 52 pages). The framework this article critiques.
Stay in the loop
Get new posts delivered to your inbox. No spam, unsubscribe anytime.
Related articles
Risk-Tiered Agent Governance: Microsoft's Tier 1/2/3 Model Annotated for Real Deployments (2026)
Microsoft's 2026 playbook gives you a 3-tier risk model for AI agents. This is the practitioner annotation: concrete controls, tooling, cadence, and the Tier 0 the playbook does not name.
The Scale-Breaker Microsoft Doesn't Name: Why Your AI Program Stalls Where the Playbook Doesn't Look (2026)
Microsoft's 2026 Agentic Patterns Playbook names five capability drivers. The scale-breaker most enterprises actually hit is the sixth one the framework doesn't measure.
From Assist to Execute: The Reference Architecture Implications Microsoft's Playbook Doesn't Draw (2026)
The Assist-to-Execute shift in Microsoft's Agentic Patterns Playbook is the right conceptual move. This is the reference architecture implications the playbook stops short of drawing.