The city of Burlington, Ontario, has slashed building permit processing times from an average of 15 weeks to just 5 to 7 weeks, using a mix of Microsoft’s AI tools, low-code portals, and workflow automation. The 70% reduction—achieved without a fully autonomous system—is one of the first real-world benchmarks for what agentic AI can deliver in local government, according to Philippe Rogge, Microsoft’s corporate vice president for worldwide public sector, in an interview with Technology Record published this week.

What Burlington Did — and the Tech Behind It

Burlington didn’t flip a single AI switch. The project combined a custom low-code citizen portal, process reengineering, and AI assistance layered onto Microsoft’s platform. The city used components from the Power Platform, likely including Power Apps and Power Automate, along with AI Builder and possibly Copilot Studio to automate document reasoning, classification, and approval routing. The system was designed to handle permit intake, validate submissions against municipal codes, and coordinate multi-department sign-offs, with human reviewers still in the loop for exceptions and final decisions.

Rogge pointed to the city’s work as a model for the “agentic” progression Microsoft is pitching to government agencies: start with search and summarization via tools like Microsoft 365 Copilot, then connect AI models to structured business processes so they can execute discrete tasks automatically. A chatbot that answers a policy question is one thing; an agent that triggers approvals, orders parts, schedules inspections, or updates a citizen’s case file is another. That latter category is where Burlington landed.

The 70% reduction translates to concrete citizen impact: a process that once took nearly four months now wraps up in less than two. That’s not just a vendor slide—it’s a measurable change in how public services are delivered. Rogge noted similar pilot programs in the Tokyo metropolitan government and other jurisdictions, but Burlington’s numbers are the most specific he shared.

Why This Matters for Public Sector IT Teams

For Windows and Microsoft 365 administrators inside schools, city halls, and regional agencies, the Burlington example is a useful gut check. It demonstrates that the path to AI value in government runs through narrow, well-documented, rules-based workflows—not sweeping autonomous decision-making.

For IT decision-makers, the message is clean: agentic AI is not a science experiment. If your organization handles high-volume, low-complexity transactions like permit intake, case inquiries, or internal knowledge retrieval, the tools are ready. But the prerequisites are steep. Before connecting any agent to production systems, you need:

  • Strong identity hygiene: every AI action must be tied to a scoped identity, not a broad service account.
  • Conditional access and least-privilege permissions: agents should only touch the data and systems they absolutely need.
  • Device compliance and logging: every automated step must generate an audit trail that can be analyzed and reviewed.
  • Clear data boundaries: if your agency is subject to sovereign data rules, you’ll need Microsoft’s EU Data Boundary, sovereign cloud, or hybrid Azure configurations already in place.

For frontline staff and managers, the Burlington case suggests that AI can peel away repetitive, rule-checking tasks—freeing people for judgments that require context, empathy, or discretion. But it also demands that agencies document their policies with a precision many have never attempted. If the rules aren’t clear enough for an AI to interpret, the automation will fail or, worse, produce correct-looking wrong answers.

For citizens, the benefit is direct: fewer weeks waiting for a permit, faster response to service requests, and eventually more transparent, traceable decisions. When an AI agent routes a request and explains why, constituents gain a window into government processes that have long been opaque.

How We Got Here: Microsoft’s Renewed Public Sector Focus

Philippe Rogge’s return to Microsoft in July 2025—after a stint outside the company that had him “kicking himself” for missing the ChatGPT moment—signaled a sharpening of Microsoft’s government strategy. In the Technology Record interview, he framed today’s public sector inflection point around three converging forces: fiscal pressure from budget deficits, staffing shortages that make manual processing untenable, and an escalating cyber threat landscape that targets schools, hospitals, and local governments as soft spots.

Microsoft’s answer is a package deal. On one side, agentic AI tools—Copilot Studio, Power Platform, Azure AI Foundry—promise to decompose and recompose business processes at scale. On the other, a growing portfolio of sovereign cloud controls and cybersecurity capabilities aims to give governments the governance they need to trust those automations. Rogge stressed that cybersecurity and sovereignty are not separate concerns: a ransomware attack that exfiltrates citizen data is, in his words, “the most worrying way of losing the sovereignty of your systems.”

The company processes over 100 trillion security signals daily and supports Ukraine’s cyber defense, feeding threat intelligence into patches and patterns that benefit all customers. That muscle, Rogge argued, puts Microsoft in a uniquely strong position to help governments balance innovation and risk. The pitch: don’t lock everything away in a private cloud; use the public cloud with sovereign controls and let Microsoft’s security infrastructure provide layered protection.

Burlington’s permit project fits this narrative. It’s a bounded win—narrow enough to trust, measurable enough to justify, and built on a platform already familiar to many IT shops. The city didn’t have to rip and replace; it extended its Microsoft 365 and Power Platform investments. That lowering of the barrier to entry is what Rogge hopes will create a “snowball” effect as more agencies share best practices.

Getting Started: A Practical Playbook for Public Sector AI

If you’re evaluating agentic AI for your own agency, the concrete steps emerge from Burlington and Rogge’s guidance:

  1. Pick a bounded use case. Look for a process that is high-volume, rules-based, and well-documented. Permit intake, case status inquiries, internal knowledge retrieval, and routine service requests are safer starting points than benefits determination, law enforcement, or public health decisions.
  2. Start with search and summarization. Deploy Microsoft 365 Copilot against your own documents. Let staff get comfortable with AI-assisted reasoning before you automate actions.
  3. Introduce agents incrementally. Use Copilot Studio to build agents that handle one discrete task—say, checking a permit application for completeness—with a mandatory human approval step for any consequential action.
  4. Measure errors, not just speed. Track where agents get things wrong and why. A process that’s faster but requires constant manual correction isn’t a win.
  5. Secure the plumbing first. Verify that your identity, data-classification, conditional access, and audit controls work end-to-end before an agent touches production data. If you need sovereign cloud options, configure them early—don’t retrofit.
  6. Involve the people who do the work. Frontline staff know the edge cases. Their input on exception handling and decision thresholds will make or break the agent’s reliability.

For agencies already deep into Microsoft’s ecosystem, the tools are largely in place. For those still mapping their journey, the Burlington template shows that you don’t need a fully autonomous system to deliver dramatic improvements. You need the right mix of platform, process, and prudence.

What to Watch Next

Rogge hinted that more public sector case studies will surface at the Smart City Expo World Congress in November 2026, with a focus on “cybersecure, hybrid sovereign architecture” and domain-specific agentic scenarios. Microsoft’s partner ecosystem is building point solutions on top of its platform—traffic management, bodycam analysis, city camera monitoring—that could soon move from pilot to production.

The bigger story to follow is how quickly the cybersecurity landscape shifts as AI becomes both a threat and a defender. Rogge predicted a pivot from human-initiated threats to “AI-initiated and AI-defended” conflicts. For public sector IT, that means the operational controls you build for today’s permit-processing agent might be the same defenses you rely on tomorrow when an adversary tries to manipulate a citizen-facing service. The time to start locking down those foundations isn’t when a frontline model demo impresses your elected officials—it’s now.