Agent registry

Community agents with declared tenant access.

Browse the OpenAdminOS registry model for Microsoft 365 admin agents, including declared Graph scopes, read/write mode, model requirements, and review gates.

Investigation agents

Read-only agents collect evidence from Microsoft Graph and produce an admin-readable report. They can run without a write confirmation because they do not change the tenant.

Sign-in failure explainer, risky sign-in triage, tenant health report

Posture agents

Posture agents rank configuration gaps and stale assets by tenant context. They are built for repeatable checks rather than one-off chat prompts.

Secure Score prioritizer, compliance overview, OS update posture

Write-plan agents

Write agents prepare a bounded change plan first. The desktop app always shows the diff before any Graph write runs, and destructive changes require typed confirmation.

Stale guest cleanup, offboarding agent

Manifest contract

The registry is inspectable before install.

Every public agent ships with a manifest that declares its Microsoft Graph scopes, read/write classification, model requirements, settings, and connector egress. The desktop app shows that contract before installation and again before a run needs new consent.

Enterprises can point OpenAdminOS at their own curated registry instead of using the public catalog. The runtime stays the same; the trusted source of agent packages changes.

See how registry trust is enforced