toolsSource-backedReview first Safety ✓ Privacy ✓

Microsoft Agent Framework

Microsoft framework for building, orchestrating, and deploying production AI agents and multi-agent workflows across Python and .NET, with workflows, middleware, OpenTelemetry, Foundry hosting, A2A, MCP, and Semantic Kernel migration support.

by Microsoft·added 2026-06-18·

CLI

HarnessCLI

Review first — review before installing

Open the source and read safety notes before installing.

Safety notes

Microsoft Agent Framework can orchestrate agents, tools, workflows, middleware, hosting, A2A, MCP, and third-party providers; review each external system before granting access.
Production agents need explicit approval gates, retries, cancellation, idempotency, rollback behavior, tool authorization, and human-in-the-loop boundaries.
DefaultAzureCredential is convenient for development but can probe multiple credential sources; choose explicit production credentials and managed identity patterns where appropriate.
Foundry-hosted agents, cloud workflows, Durable Task, Azure Functions, and A2A/MCP endpoints need authentication, least privilege, network controls, logging policy, and abuse protection.
Migration from Semantic Kernel or AutoGen should include behavior parity tests, trace comparison, provider compatibility review, and safety regression checks.

Privacy notes

Prompts, instructions, tool arguments, tool outputs, workflow state, middleware data, traces, provider responses, logs, credentials, and hosted-agent metadata may contain sensitive user or business data.
Do not expose Azure credentials, Foundry project endpoints, model deployment names, API keys, private file paths, customer records, internal documents, or raw exceptions through examples, traces, logs, or support issues.
When using third-party providers, A2A agents, MCP servers, observability systems, or cloud hosting, review where data is sent, stored, retained, and governed.
If workflows are durable or restartable, define retention and access controls for checkpoints, state stores, trace spans, and replayable execution history.

Prerequisites

Python 3.10 or newer for the Python SDK, or a supported .NET runtime for the `Microsoft.Agents.AI` package.
A selected model/provider route, such as Microsoft Foundry, Azure OpenAI, OpenAI, GitHub Copilot SDK, or another supported provider.
Azure identity, Foundry project, endpoint, model deployment, or API-key configuration appropriate for the chosen provider and runtime.
A deployment plan for workflows, hosting, A2A, MCP, Durable Task, Azure Functions, local development, or cloud execution.
Migration review if moving from Semantic Kernel or AutoGen into Microsoft Agent Framework.

Schema details

Install type: cli
Troubleshooting: No

Source repository stats

Scope: Source repo

Collection metadata

Estimated setup: 30 minutes
Difficulty: intermediate

Tool listing metadata

Website: https://learn.microsoft.com/en-us/agent-framework/
Pricing: free
Disclosure: editorial
Application category: DeveloperApplication
Operating system: Cross-platform

Full copyable content

pip install agent-framework

About this resource

Overview

Microsoft Agent Framework is Microsoft's open framework for building, orchestrating, and deploying production AI agents and multi-agent workflows in Python and .NET. It provides agent APIs, workflow orchestration, middleware, OpenTelemetry observability, Foundry-hosted agent patterns, declarative agents, Durable Task and Azure Functions hosting samples, A2A support, MCP integration, and migration guidance from Semantic Kernel and AutoGen.

Use it when a team wants a Microsoft-backed agent framework for production systems rather than a prototype-only assistant. It is especially relevant for Azure, Microsoft Foundry, .NET, Python, Semantic Kernel migration, enterprise observability, and multi-agent workflow searches.

Install

For Python:

pip install agent-framework

For .NET:

dotnet add package Microsoft.Agents.AI

Foundry, Azure identity, Durable Task, Azure Functions, and provider-specific features may require additional packages and cloud configuration.

Agent Capabilities

Area	Microsoft Agent Framework Coverage
Languages	Python and C#/.NET implementations with consistent framework concepts
Agents	Provider-backed agents, declarative agents, tools, middleware, and hosting patterns
Workflows	Sequential, concurrent, handoff, group collaboration, streaming, checkpointing, human-in-the-loop, and time-travel patterns
Hosting	Foundry-hosted agents, local development, cloud deployment, Durable Task, Azure Functions, and A2A samples
Observability	Built-in OpenTelemetry integration for distributed tracing, monitoring, and debugging
Interop	MCP, A2A, Microsoft Foundry, Azure OpenAI, OpenAI, GitHub Copilot SDK, and provider flexibility
Migration	Microsoft Learn migration guides from Semantic Kernel and AutoGen

Use Cases

Build Python or .NET agents that need production hosting and observability.
Orchestrate multi-agent workflows with handoffs, group collaboration, and durable checkpointing.
Migrate Semantic Kernel or AutoGen projects to Microsoft Agent Framework.
Host agents through Microsoft Foundry, Azure Functions, Durable Task, or local development workflows.
Connect agents to MCP servers, A2A agents, Microsoft Foundry, Azure OpenAI, OpenAI, or GitHub Copilot SDK routes.
Add middleware for request processing, exception handling, telemetry, and policy enforcement.

Source Review

Verified on 2026-06-18:

The upstream repository describes Microsoft Agent Framework as an open multi-language framework for production AI agents and multi-agent workflows in Python and .NET.
Microsoft Learn documents the framework overview, first-agent quickstart, and Semantic Kernel migration path.
The repository README lists workflow orchestration, middleware, Foundry-hosted agents, OpenTelemetry observability, declarative agents, agent skills, A2A, MCP, Durable Task, Azure Functions, and local/cloud samples.
PyPI resolves the agent-framework package at version 1.9.0 with Python >=3.10.
NuGet resolves the Microsoft.Agents.AI package, with version 1.10.0 available through the package feed at verification time.

Safety and Privacy

Microsoft Agent Framework is a production agent framework, so its risk comes from the providers, tools, workflows, hosted infrastructure, MCP servers, A2A agents, credentials, and durable state connected to it. Treat each workflow edge and tool call like a production integration with authentication, authorization, rate limits, audit logs, and rollback behavior.

When agents run through Foundry, Azure, third-party providers, A2A, MCP, or observability systems, review which prompts, tool results, traces, workflow state, and errors leave the application boundary. Durable workflows and checkpointing can retain sensitive context beyond a single request.

Duplicate Check

Checked current content/tools/, content/agents/, content/mcp/, content/skills/, guides, open pull requests, and repository-wide content for microsoft/agent-framework, Microsoft Agent Framework, agent-framework, Microsoft.Agents.AI, Semantic Kernel migration, Microsoft Foundry agents, A2A, and Microsoft Agent Framework MCP. Existing content includes Microsoft Agent Skills, Semantic Kernel agent persona content, Microsoft AutoGen, and adjacent MCP references, but no dedicated Microsoft Agent Framework tools entry, exact source URL duplicate, target file, or open duplicate PR was found.

#microsoft #agents #agent-framework #python #dotnet #workflows #mcp

Source citations

Add this badge to your README

Show that Microsoft Agent Framework is listed on HeyClaude. Paste this Markdown into your README — it renders the badge and links back to this page.

[![Listed on HeyClaude](https://heyclau.de/badge/tools/microsoft-agent-framework.svg)](https://heyclau.de/entry/tools/microsoft-agent-framework)

How it compares

Microsoft Agent Framework side by side with 3 alternatives on trust, install, platform support, and disclosed safety notes — all from reviewed registry metadata.

Field	Microsoft Agent Framework Microsoft framework for building, orchestrating, and deploying production AI agents and multi-agent workflows across Python and .NET, with workflows, middleware, OpenTelemetry, Foundry hosting, A2A, MCP, and Semantic Kernel migration support. Open dossier	OpenAI Agents Python SDK Official Python framework for building multi-agent workflows with agents, tools, handoffs, guardrails, sessions, tracing, realtime voice agents, MCP tools, hosted tools, human-in-the-loop flows, and sandbox agents. Open dossier	AG2 Agent Framework Open-source Python AgentOS and multi-agent framework, evolved from AutoGen, for building conversable agents, group chats, swarms, human-in-the-loop workflows, tool use, RAG, code execution, and provider-backed agent systems. Open dossier	mcp-agent Apache-2.0 Python framework for building MCP-native agents with composable workflow patterns, full MCP server lifecycle management, durable Temporal execution, agent-as-MCP-server support, and provider plugins for major LLMs. Open dossier
Trust
Install risk	Review first	Review first	Review first	Review first
Notes	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓	Safety ✓ Privacy ✓
Category	tools	tools	tools	tools
Source	source-backed	source-backed	source-backed	source-backed
Author	Microsoft	OpenAI	AG2	LastMile AI
Added	2026-06-18	2026-06-18	2026-06-18	2026-06-18
Platforms	CLI	CLI	CLI	CLI
Source repo	—	—	—	—
Safety notes	✓Microsoft Agent Framework can orchestrate agents, tools, workflows, middleware, hosting, A2A, MCP, and third-party providers; review each external system before granting access. Production agents need explicit approval gates, retries, cancellation, idempotency, rollback behavior, tool authorization, and human-in-the-loop boundaries. DefaultAzureCredential is convenient for development but can probe multiple credential sources; choose explicit production credentials and managed identity patterns where appropriate. Foundry-hosted agents, cloud workflows, Durable Task, Azure Functions, and A2A/MCP endpoints need authentication, least privilege, network controls, logging policy, and abuse protection. Migration from Semantic Kernel or AutoGen should include behavior parity tests, trace comparison, provider compatibility review, and safety regression checks.	✓Agents can call function tools, hosted tools, MCP tools, realtime tools, and sandbox agents; treat every tool as an API endpoint with explicit authorization, input validation, rate limits, and side-effect controls. Sandbox agents can inspect files, run commands, apply patches, and carry workspace state across longer tasks; restrict workspace scope and require human approval before destructive or high-impact actions. Guardrails are useful runtime checks, but they do not replace permission checks, least-privilege credentials, audit logs, or human review for risky operations. Handoffs and agents-as-tools can delegate work across agents; document which agent owns each tool, decision, retry, rollback, and escalation path. Realtime voice agents and human-in-the-loop flows need clear consent, interruption, recording, and operator takeover behavior.	✓AG2 agents can converse, call tools, execute code, use retrieval systems, run browser workflows, and coordinate group chats; require explicit permissions and approval gates for high-impact actions. The upstream install docs and examples commonly involve provider credentials; keep API keys, config files, notebooks, and `.env` files out of commits and support tickets. Code execution, Docker, Jupyter, browser-use, and RAG extras can touch local files, network services, notebooks, databases, and external websites; scope them tightly before granting agent access. Multi-agent conversations can continue through nested chats, swarms, group chats, and custom reply handlers; define termination, escalation, retry, and human takeover behavior. Track the release roadmap before upgrading because deprecations and the v1.0 transition can change which APIs should be used for new work.	✓mcp-agent manages MCP server lifecycles and can connect agents to filesystem, fetch, browser, SaaS, database, infrastructure, or custom MCP tools depending on configuration. Workflow patterns can chain, route, parallelize, evaluate, optimize, pause, resume, and recover agent actions; use explicit approval gates for high-impact tools. Agent-as-MCP-server deployment can expose an agent to other MCP clients, so review tool descriptions, permissions, authentication, rate limits, and operator visibility before sharing it. Durable workflows can continue after process restarts when backed by Temporal; make cancellation, rollback, retry, and idempotency behavior explicit. Do not let example filesystem, fetch, or remote MCP servers become production defaults without narrowing directories, URLs, accounts, and tool scopes.
Privacy notes	✓Prompts, instructions, tool arguments, tool outputs, workflow state, middleware data, traces, provider responses, logs, credentials, and hosted-agent metadata may contain sensitive user or business data. Do not expose Azure credentials, Foundry project endpoints, model deployment names, API keys, private file paths, customer records, internal documents, or raw exceptions through examples, traces, logs, or support issues. When using third-party providers, A2A agents, MCP servers, observability systems, or cloud hosting, review where data is sent, stored, retained, and governed. If workflows are durable or restartable, define retention and access controls for checkpoints, state stores, trace spans, and replayable execution history.	✓Prompts, instructions, tool arguments, tool outputs, session history, traces, realtime audio events, sandbox files, logs, provider responses, and errors may contain user or workspace data. Do not expose secrets, tokens, private file paths, customer records, credentials, internal identifiers, or raw exceptions through traces, logs, prompts, tool schemas, or examples. When using MCP servers, hosted tools, Redis sessions, SQL-backed sessions, or observability systems, review each service's retention, access control, and third-party data handling separately. If sandbox agents operate on repositories or user files, define which files can be mounted, modified, committed, uploaded, logged, or returned to the model.	✓Prompts, messages, tool arguments, tool outputs, code snippets, notebook state, retrieved documents, vector-store contents, provider responses, traces, and execution logs may contain sensitive user or workspace data. Do not expose secrets, API keys, private file paths, customer records, internal documents, database rows, or raw exceptions through agent messages, logs, notebooks, screenshots, or public examples. Provider extras and retrieval integrations can route data through OpenAI, Anthropic, Google, AWS, local model servers, databases, vector stores, browser automation, or other third-party services. If AG2 is used for code execution or browser automation, define which files, domains, credentials, downloads, screenshots, and logs can be read or retained.	✓Prompts, instructions, tool arguments, MCP server outputs, workflow state, logs, traces, secrets YAML paths, provider responses, and durable execution history may be visible to model providers, MCP servers, observability systems, or Temporal. Keep provider keys, MCP credentials, filesystem paths, customer data, prompt logs, and traces out of committed configs, screenshots, public issues, and shared examples. If an agent uses external MCP servers, review each server's data retention, authentication, logging, and third-party data handling separately. Durable workflow state and logs can retain user requests, tool results, and intermediate reasoning context longer than a one-shot script.
Prerequisites	Python 3.10 or newer for the Python SDK, or a supported .NET runtime for the `Microsoft.Agents.AI` package. A selected model/provider route, such as Microsoft Foundry, Azure OpenAI, OpenAI, GitHub Copilot SDK, or another supported provider. Azure identity, Foundry project, endpoint, model deployment, or API-key configuration appropriate for the chosen provider and runtime. A deployment plan for workflows, hosting, A2A, MCP, Durable Task, Azure Functions, local development, or cloud execution.	Python 3.10 or newer and a project environment managed with uv, pip, or another Python package manager. OpenAI API credentials or another configured model provider supported through the SDK's provider-agnostic routes. A reviewed tool boundary for function tools, hosted tools, MCP tools, handoffs, sandbox agents, and any external systems the agent can call. A tracing, logging, and retention policy for prompts, tool calls, sessions, provider responses, and run metadata.	Python 3.10 or newer and a Python environment managed with pip, uv, or another package manager. Model provider credentials for the selected provider extra, such as OpenAI, Anthropic, Gemini, Bedrock, Mistral, Ollama, Groq, xAI, or another supported route. A secrets strategy for provider keys, AG2 config files, `.env` files, notebooks, and example `OAI_CONFIG_LIST`-style credentials. A reviewed execution boundary for code execution, Docker, Jupyter, browser-use, RAG, retrieval, database, and external tool extras.	Python 3.10 or newer and a project environment managed with uv, pip, or another Python package manager. Model provider credentials for the selected provider, such as OpenAI, Anthropic, Google, Azure, Bedrock, or another supported route. Reviewed MCP server configurations for the external tools, resources, and prompts the agent will use. A secrets strategy for `mcp_agent.secrets.yaml`, environment variables, provider keys, and remote MCP credentials.
Install	`pip install agent-framework`	`uv add openai-agents`	`pip install 'ag2[openai]'`	`uv add mcp-agent`
Config	—	—	—	—
Citations	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationlearn.microsoft.com	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationopenai.github.io	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationdocs.ag2.ai	Source repositorygithub.com 2026-06-18T12:49:35+00:00 Documentationdocs.mcp-agent.com
Claim	Unclaimed	Unclaimed	Unclaimed	Unclaimed

Featured in

Best list: Tools for Claude-native teams

Signals

Loading live community signals…