Using AI-agents to automate operations – how to get started

In many organisations, there is a category of manual operational tasks that have never been automated.

Anders Kloster Nannerup
Senior Manager

+45 2543 7388

ank@immeo.dk

This is not because they are difficult to automate as such, but because they require one or more integrations and portals. Traditional integration projects has been too expensive and too fragile to be worth the effort.

These tasks are instead handled manually. They repeat. They consume time. They create dependency on key individuals. And they are rarely visible enough for anyone to prioritise solving them.

In other words: It has not been worth it to automate these yet - however the calculation of what is worth to automate and what is not is being changed by AI agents.

In this domain an agent becomes interesting when it can perform concrete actions in the organisation's systems. This could be creating a user, changing a permission, closing a case, initiating a synchronisation, updating the price on a product, or retrieving a status across platforms.

This is where Model Context Protocol (MCP) plays an important role. MCP makes it possible to expose the actions the agent is permitted to use, in a secure and controlled manner.

What is MCP?

MCP is an open standard that enables AI agents and chatbots to perform limited actions in an organisation's systems. Instead of building full integrations, you expose a set of clearly defined actions - find a user, update a permission, retrieve a status. The agent only has access to what has been explicitly permitted, and all actions can be logged and audited.

The hidden operational cost

A recurring pattern in operations and platform teams is the management of users and permissions.

When an employee changes role, project, or team, access rights need to be adjusted across systems such as Microsoft Entra groups, CMS, PIM, e-commerce platforms, support tools, and internal administration systems.

The task is rarely complex, but it requires a technical member of staff, and it repeats.

For instance: An onboarding process for a new employee involving access to three systems typically takes a technical employee 20-30 minutes. In an organisation with 50 onboardings per month, that amounts to 25-37 hours of technical time. Add to this errors from manual data entry, delays when key individuals are absent, and the fundamental risk of permissions being set incorrectly.

This is ongoing friction that rarely appears on a dashboard but is always there.

With MCP, this type of task can be handled by an agent. For example via Microsoft Teams, where a technical member of staff can interact with the agent.

The prompt could be:

The agents then with access to a limited set of well-defined actions: find user, update permission, remove access, log the change, performs these changes. The same process is now completed in under two minutes. The agent performs only the actions it has been explicitly authorised to perform, and nothing else - and reports back once completed.

Another example: Add a 5 discount to all products in a certain ETIM-class, or close all support tickes with no activity for 2 months.

MCP-low

What separates solutions that work in production

Many MCP solutions work in a prototype and fail in production. Three principles distinguish the solutions that hold.

Actions should correspond to what an experienced employee would do. Actions that directly mirror technical API calls force the agent to navigate details and sequences that are irrelevant to the task. This increases the error rate and makes the solution costly to maintain. Actions should represent clear business decisions with validation built in.

✅ +addAccessToSystem - maps directly to a decision a human would make, making it easy for the agent to know when and why to invoke it.

✅ +onboardNewEmployee - represents a complete, recognisable business task with a clear start and end.

❌ -UpdateUser - too vague to be useful; the agent cannot reliably determine when this is the right action or what it is expected to do.

A small number of clearly distinct actions produces more predictable behavior.

Overlapping actions are the classic source of instability.

If it is not obvious which action applies in each situation, the agent behaves unpredictably and becomes harder to manage.

A limited, unambiguous set of actions is easier to test and maintain. 

+revokeAccess - one action, one purpose; the agent will always know when this applies.

✅ +transferPermissionsFromUser - the intent is explicit and there is no other action it could be confused with.

-removeAccess / revokeAccess - two actions with identical intent force the agent to choose arbitrarily; over time this produces inconsistent behavior that is hard to debug.

-updateUser (permissions: []) - using a generic update action to express a removal hides the intent; the agent may invoke it incorrectly, and it is nearly impossible to audit meaningfully.

Agents work better with precise information than with large volumes.

An agent presented with too much or incorrect context will, over time, produce worse results. This goes for both a single object - avoid unnecessary fields - and lists. A good analogy is a person. A person would also struggle to manually go through hundreds of items in a list (without tools like Excel).

Targeted lookups work far better than broad queries. If additional detail is sometimes necessary, it is better to expose a separate action for that purpose than to include it by default.

✅ +getUserById - returns exactly what is needed for the task; no noise, no ambiguity.

+getActivePermissionsForUser - scoped to a specific purpose, returns a clean and actionable result.

-getAllUsers - forces the agent to reason through a list to find what it needs; error-prone and slow.

-getFullUserProfile — dumps every available attribute into context when only one or two fields are relevant; degrades the quality of the agent's reasoning over time.

Governance places the same demands on agents as on human users

Governance places the same demands on agents as on human users: clear access management, consistent logging and audit trails, and reliable stop mechanisms.

Without these mechanisms, the consequence is rarely a dramatic failure - but a gradual erosion of traceability and control that makes the solution too unreliable for production. 

When MCP is not the answer.

MCP is not universal. It solves a specific problem: Well-defined actions performed by AI - and it requires that the tasks are well-defined.

MCP is typically the wrong choice when:

Where to start

MCP creates value most quickly on tasks that involve manual steps across two or more systems, are carried out by technical staff even though they do not require technical judgement and occur with high frequency and low business risk.

User administration, permission adjustments, and status lookups are good examples. Add a 5 discount to all products in a certain ETIM-class, or close all support tickes with no activity for 2 months are also examples.

A typical path forward begins with mapping the tasks the organisation stopped automating and assessing whether the calculation has changed. A well-defined scope area with high frequency and low risk is then identified. The action set is defined, the necessary governance is established, and the solution is put into production.

This is precisely what we can help you with - from the initial assessment of which processes make sense to automate (Advisory), to the design and implementation of the MCP setup (Build), to ongoing operations and further development (Run).

Not as an isolated technical deliverable but as part of a broader effort to reduce the friction that slows down day-to-day operations.

breaker