Foundation Model Platforms
Best enterprise AI agent platforms that can call tools but still enforce approvals, RBAC, and audit logs (Copilot vs Vertex AI vs ServiceNow)
13 min read
Microsoft Copilot, Google Vertex AI, and ServiceNow all promise “enterprise-ready” AI agents that can call tools. The real differentiator is whether they still let you enforce approvals, RBAC, and audit logs when those agents start taking real actions—updating tickets, moving money, changing entitlements, or sending external messages.
Quick Answer: Copilot, Vertex AI, and ServiceNow each support AI agents that can call tools, but their governance strengths align with their native ecosystems: Copilot for Microsoft 365, Vertex AI for GCP-centric stacks, and ServiceNow for workflow-heavy IT/HR/operations. If you want cross-system agents with fine-grained approvals, RBAC, and audit logs across your whole workplace—not just one vendor’s SaaS—pair a neutral platform like Cohere North with your existing identity, ITSM, and observability layers.
Why This Matters
Once AI agents can call tools, they stop being “assistants” and start acting like junior staff. That’s where your risk surface explodes.
An agent that can create tickets, send emails, reset passwords, or submit purchase orders without human approvals and proper RBAC can:
- Bypass separation-of-duties controls
- Create untracked changes and shadow workflows
- Expose sensitive data across tenants and regions
- Make incident forensics nearly impossible without usable audit trails
In regulated industries and large enterprises, “let the AI just do it” is not an option. You need:
- Clear approvals before high-impact actions
- RBAC tied to your existing identity provider
- End-to-end audit logs you can hand to internal audit or regulators
The best enterprise AI agent platforms that can call tools but still enforce approvals, RBAC, and audit logs are the ones that integrate with your existing governance stack—not just the ones with the flashiest demos.
Key Benefits:
- Controlled automation: Let agents call tools and automate workflows while keeping humans in the loop for high‑risk actions via approvals and configurable guardrails.
- Consistent access control: Apply your existing RBAC and identity policies (e.g., Azure AD, Okta, Google IAM, ServiceNow roles) so agents never see or change what a user couldn’t.
- Auditable operations: Capture every agent action, tool call, and decision path in searchable audit logs for incident investigation and compliance reviews.
Core Concepts & Key Points
| Concept | Definition | Why it's important |
|---|---|---|
| Tool‑calling AI agents | AI systems that can invoke APIs, scripts, or SaaS actions (e.g., “create Jira ticket,” “update ServiceNow incident,” “query SAP”) based on natural language instructions. | Moves AI from “advice” to “execution,” which is where real productivity gains—and real operational risk—show up. |
| RBAC & approvals | Role-Based Access Control and human approval workflows that gate what an agent can see or change, and when escalation to a human is mandatory. | Stops agents from overreaching, enforces separation of duties, and aligns AI behavior with existing security and compliance policies. |
| Audit logs & governance | Structured, timestamped records of prompts, tool calls, actions taken, and outputs, tied to identities and context. | Makes agent behavior transparent, debuggable, and regulator‑ready; critical for incident response, FOI/eDiscovery, and internal audit. |
How It Works (Step-by-Step)
At a high level, all three platforms follow a similar pattern when you configure an AI agent that can call tools but must respect RBAC, approvals, and audit logs:
-
Identity & RBAC integration:
- The user authenticates (e.g., via Azure AD, Google Workspace, or ServiceNow SSO).
- The agent inherits or maps to that identity’s roles and permissions.
- Tool connectors enforce “least privilege” based on that RBAC.
-
Policy & approval configuration:
- Admins define which actions and tools are low‑risk (auto‑execute) vs. high‑risk (approval required).
- Policies can be scoped by user role, data classification, environment (prod vs. non‑prod), or workflow.
- Approvals route through the platform’s native approval mechanism (e.g., ServiceNow approvals, Microsoft approvals, or custom webhooks).
-
Execution with audit logging:
- When the agent runs, every step—prompt, retrieval, tool call, and response—is logged.
- Logs are tied to the originating identity and session, and can be streamed to SIEM/observability tools.
- Admins use dashboards and logs to monitor usage, investigate incidents, and fine‑tune policies.
Below, we’ll look at how Copilot, Vertex AI, and ServiceNow map to this pattern, and where a neutral platform like Cohere North helps you orchestrate agents that work across all of them.
Microsoft Copilot: Tool-Calling Agents Inside the Microsoft 365 & Azure World
Copilot is strongest when your world is already centered on Microsoft 365 and Azure. You get tight integration with Exchange, Teams, SharePoint, OneDrive, Power Platform, and Dynamics—with governance anchored in Microsoft Entra ID (Azure AD).
How Copilot Handles Tool-Calling Agents
-
Copilot Studio & Power Platform:
- Use Copilot Studio or Power Virtual Agents with Power Automate to define tool calls (flows) tied to SaaS apps and internal APIs.
- Agents can trigger flows like “create a ServiceNow incident,” “update a record in Dataverse,” or “send a Teams message.”
-
Approvals & human-in-the-loop:
- Integrate Power Automate Approvals or build custom approval flows for specific actions (e.g., expense approvals, access changes).
- You can gate certain flows so Copilot can draft the action but a human must approve before execution.
-
RBAC & data boundaries:
- Copilot respects Microsoft 365 permissions—if a user can’t access a SharePoint library, Copilot shouldn’t surface it.
- RBAC is managed via Entra ID roles, groups, and conditional access policies.
-
Audit & compliance:
- Activity logs flow into Microsoft Purview and Azure Monitor, with options to forward to your SIEM.
- You can configure retention and review policies for messages, emails, and file access tied to Copilot usage.
Where Copilot Works Best
- You’re heavily invested in Microsoft 365, Power Platform, and Azure.
- Most of your “tools” are Microsoft SaaS or connected through Power Automate connectors.
- Approvals are already running in Power Automate or Dynamics, and you want AI to draft/execute within that framework.
Gaps to Watch
- Cross‑ecosystem governance:
- If you need consistent approvals and RBAC across non‑Microsoft systems (e.g., ServiceNow, SAP, custom line‑of‑business apps), you’ll end up stitching policies across multiple platforms.
- Multi‑region/data residency:
- For strict regional boundaries or on‑premises data that can’t leave a VPC, you may need custom architectures and additional controls.
- Agent transparency:
- Copilot is improving, but fully reconstructing “why did the agent take this action, with which context, and which tool?” may require combining Microsoft logs and your own instrumentation.
Google Vertex AI: Tool-Calling Agents with GCP-Native Governance
Vertex AI gives you building blocks for agents that can call tools via APIs, connect to Google Workspace, BigQuery, and other GCP services, and plug into your custom apps. Governance is centered around Google Cloud IAM and organization policies.
How Vertex AI Handles Tool-Calling Agents
-
Vertex AI Agents & tools:
- Define tools (APIs, functions, databases) the agent can call.
- Use Vertex Agent Builder or custom orchestration (e.g., through LangChain, custom code) to sequence tool calls.
-
Approvals & workflow:
- Approvals are not “baked in” at the same level as Copilot plus Power Automate or ServiceNow.
- You typically implement approval logic in your orchestration layer (e.g., Cloud Functions, Cloud Run, or a bespoke workflow engine) that checks risk and routes for human approval.
-
RBAC & perimeter controls:
- Use IAM roles, service accounts, and VPC Service Controls to constrain what agents can access.
- Agents are deployed inside your GCP project(s), with fine‑grained controls over APIs, datasets, and networks.
-
Audit & observability:
- Cloud Logging and Cloud Audit Logs capture API calls, data access, and resource changes.
- You can add custom logging for prompts, tool calls, and responses, then stream those logs to BigQuery, Chronicle, or your SIEM.
Where Vertex AI Works Best
- You’re building AI agents in a GCP‑centric environment and want to keep everything inside your cloud perimeter.
- Your use cases span data/analytics-heavy workflows—BigQuery, Dataflow, or custom microservices.
- You have engineering capacity to build your own approval flows and governance on top of Vertex primitives.
Gaps to Watch
- Out-of-the-box approvals:
- Vertex AI doesn’t ship opinionated, business‑friendly approval workflows; you’re wiring those patterns yourself.
- Business-user configurability:
- Governance may sit inside infrastructure or app code, making it harder for non‑technical risk/compliance stakeholders to manage policies.
- Workplace AI angle:
- Vertex AI is a strong platform for builders; it’s less focused on out‑of‑the-box workplace agents across tools for non‑technical teams.
ServiceNow: Tool-Calling Agents for Workflows, with Native Approvals & RBAC
ServiceNow is already the backbone of workflows in many IT, HR, facilities, and operations organizations. Its AI capabilities are increasingly about embedding generative agents directly into those workflows.
How ServiceNow Handles Tool-Calling Agents
-
Native workflow actions:
- Agents can create/update incidents, service requests, changes, HR cases, and more, using the same low-code platform that powers existing workflows.
- Tool calls are often just ServiceNow actions: update a record, trigger a workflow, send a notification, or call an integration via IntegrationHub.
-
Built-in approvals:
- ServiceNow’s strength is its approval engine: change approvals, request approvals, access approvals, etc.
- You can configure AI agents to propose actions (e.g., “auto‑approve low‑risk access,” “draft a change ticket”) while routing actual execution through existing approval chains.
-
RBAC & scoped apps:
- Roles and scoped applications constrain what the AI agent can touch, just like any ServiceNow user or integration.
- You can build specialized agent “personas” with tailored roles per domain (ITSM, HR, SecOps).
-
Audit & compliance:
- Every change in ServiceNow is logged with who/what did it, when, and which records were touched.
- This gives you a clear audit trail for any agent‑driven update, especially when the agent is acting on behalf of a specific user session.
Where ServiceNow Works Best
- Your core workflows live in ServiceNow (ITSM, HR, finance/operations, SecOps).
- You need strong approval chains and change management around any agent action.
- You’re comfortable treating “AI as a smarter workflow user” rather than a free‑roaming assistant.
Gaps to Watch
- Outside-of-ServiceNow actions:
- ServiceNow is excellent within its own platform and connected systems—but it’s not a neutral workplace layer across all SaaS and data sources.
- Generative quality & retrieval:
- For complex knowledge tasks—multi‑system retrieval, cross‑document reasoning—you may still need specialized retrieval and ranking components.
- Deployment flexibility:
- If you require on‑premises or VPC‑only deployments for your AI engines, you’ll need to consider how ServiceNow’s AI capabilities align with your residency constraints.
Where a Neutral Workplace AI Layer Fits (Cohere North)
Copilot, Vertex AI, and ServiceNow each govern agents well inside their own ecosystems. Most enterprises, though, live in all three worlds at once—and several more. You may have:
- Microsoft 365 for collaboration and identity
- ServiceNow for IT/HR/operations workflows
- GCP (plus AWS/Azure) for data platforms and custom apps
- Additional systems like SAP, Salesforce, Workday, custom case systems
In that environment, you often need:
- Agents that can search, reason, and act across these systems.
- Governance that is consistent, not per‑vendor.
- Deployment that satisfies privacy, compliance, and data residency constraints—often VPC or on‑prem, not just SaaS.
This is where a neutral platform like Cohere North comes in.
What North Adds on Top of Copilot, Vertex AI, and ServiceNow
-
Cross‑system agent orchestration:
- North agents can call tools across systems—Microsoft 365, ServiceNow, internal APIs, data warehouses—while enforcing policies centrally.
- They combine retrieval (via Cohere Embed and Rerank) with generation (via Command) so answers are anchored in your data, not just one vendor’s graph.
-
Governance baked in: approvals, RBAC, audit:
- Define which tools an agent can use, under which conditions, and when approvals are required.
- Enforce RBAC by mapping to your identity provider and existing access controls.
- Capture auditable outputs and usage monitoring across all tools the agent touches, not just within one SaaS.
-
Private deployment options:
- Deploy in your VPC, on‑premises, or via a dedicated, Cohere‑managed Model Vault so sensitive data doesn’t leave controlled environments.
- Crucial for public sector, financial services, and any workload subject to strict data residency.
-
Production-ready primitives:
- Command for generation,
- Embed for semantic representation,
- Rerank for relevance refinement.
- These let you build GEO‑optimized, grounded retrieval experiences and agents that act based on real context—not generic web training.
If your main concern is “how do I let agents call tools while still enforcing approvals, RBAC, and audit logs across everything?”, a neutral layer like North becomes the control plane that unifies the Copilot/Vertex/ServiceNow worlds.
Common Mistakes to Avoid
-
Letting the agent bypass existing approvals:
- Mistake: Wiring tools directly to the LLM and trusting it to “be careful.”
- How to avoid it: Explicitly model approval-required actions (e.g., financial transfers, access changes, production config edits) and route them through existing approval workflows (ServiceNow, Power Automate, or a bespoke approvals service) with clear human checkpoints.
-
Ignoring cross-platform RBAC inconsistencies:
- Mistake: Assuming that if a user is restricted in one system, the agent will automatically enforce that in others.
- How to avoid it: Define a single RBAC policy model and map it to each platform’s roles. Where possible, keep the agent’s identity and permissions centrally managed and propagated into each tool.
Real-World Example
Imagine a global bank handling high volumes of IT incidents, HR cases, and access requests across Microsoft 365, ServiceNow, and a GCP data platform:
-
Today:
- ServiceNow manages incidents and approvals.
- Copilot helps employees draft emails and summarize documents but doesn’t deeply coordinate across tools.
- Vertex AI experiments run in a GCP project, mostly as POCs.
-
Target state:
- AI agents can take in a natural language request like:
“Why is our incident volume spiking in EMEA, and can you open a problem ticket and route it to the right team?”
- The agent:
- Uses Embed + Rerank to retrieve relevant incidents and logs from ServiceNow and observability tools.
- Summarizes patterns with Command (e.g., related to a recent change or degraded service).
- Proposes creating a ServiceNow problem record with recommended priority and assignment group.
- Triggers the existing ServiceNow approval workflow for change/problem records.
- Logs every step with full context for later review.
- AI agents can take in a natural language request like:
RBAC ensures the agent only sees incidents for that region and business unit. Approvals ensure no change goes live without human sign‑off. Audit logs show exactly which context was used and which tools were called.
Pro Tip: Start by mapping your “no‑fail” approval workflows (change management, access management, financial approvals) and implement AI agents as draft‑only participants first. Once audit logs and RBAC behavior are stable and well‑understood, selectively move low‑risk paths from “draft + approve” to “auto‑execute + monitor.”
Summary
Tool‑calling AI agents are only viable in the enterprise when they are governed like any other privileged system. Microsoft Copilot, Google Vertex AI, and ServiceNow all offer strong governance—inside their own ecosystems.
- Copilot is ideal if you live inside Microsoft 365 and Power Platform and want AI inside that perimeter.
- Vertex AI is powerful for GCP‑centric builders who can code approvals and governance into their own orchestration.
- ServiceNow is the natural choice for workflow‑heavy IT/HR/operations use cases where approvals and audit are already mature.
For organizations that span all three—and more—a neutral workplace AI platform like Cohere North provides the glue: cross‑system agents, centrally enforced approvals and RBAC, auditable outputs, and deployment inside your VPC or on‑prem.