# IQStudio

**IQStudio by UNITONE** is an agent lifecycle management portal for Microsoft 365 and Azure. It discovers, governs, and manages AI agents across your tenant from a single console.

IQStudio deploys into your own Azure subscription. Your data stays in your tenant — UNITONE has zero access to your environment.

## What it does

* **Discovers** agents across Copilot Studio, Entra Agent ID, Agent Registry, Copilot Catalog, Teams, Microsoft Foundry, and Windows 365 Cloud PCs
* **Assigns identities** via Entra Agent ID blueprints and sponsors
* **Enforces governance** with Conditional Access policies, risk scoring, and compliance templates
* **Automates governance** with the Autopilot rules engine -- monitors agents on a recurring cycle and generates recommendations or executes actions automatically
* **Enforces runtime policies** with YAML-based enforcement policies, execution rings, and prompt injection detection via the Microsoft Agent Governance Toolkit
* **Provides AI assistance** through Autopilot AI Chat -- a conversational governance assistant powered by Azure OpenAI
* **Tracks analytics** including dashboard metrics, security scores, and governance trends
* **Controls updates** with admin-triggered version upgrades via Azure Automation

## Getting started

1. [Check prerequisites](https://docs.unitone.ai/iqstudio/deployment/prerequisites)
2. Deploy via [Azure Marketplace](https://docs.unitone.ai/iqstudio/deployment/azure-marketplace) or [ARM template](https://docs.unitone.ai/iqstudio/deployment/direct-deploy)
3. [Run the setup script](https://docs.unitone.ai/iqstudio/deployment/setup-script) to connect to your Microsoft 365 tenant
4. Sign in to the portal. The first authenticated user is auto-promoted to Admin.

## Architecture

IQStudio follows the customer-deployed SaaS model. The full stack (API, web portal, database, monitoring) runs in your Azure subscription. UNITONE receives only a license heartbeat containing your tenant ID, version, agent count, and timestamp.

| Component              | Technology                                                   |
| ---------------------- | ------------------------------------------------------------ |
| API                    | ASP.NET Core 10 on Azure App Service (Linux B2)              |
| Web portal             | React 19 + Fluent UI v9                                      |
| Database               | Azure Cosmos DB Serverless                                   |
| Secrets                | Azure Key Vault                                              |
| Monitoring             | Application Insights + Log Analytics                         |
| Updates                | Azure Automation Account                                     |
| Auth (Azure resources) | System-assigned Managed Identity                             |
| Auth (Graph API)       | Per-customer app registration + Workload Identity Federation |