Microsoft is pushing AI from experimentation to everyday infrastructure with the general availability of Microsoft Agent 365, a new control plane designed to govern the growing sprawl of AI agents across devices, clouds, and SaaS platforms. The release targets security, IT, and compliance teams that have watched “shadow AI” agents quietly multiply across their environment without consistent visibility, guardrails, or governance.
What Microsoft Agent 365 Is
Microsoft Agent 365 is an enterprise control plane for AI agents that lets organizations observe, govern, and secure agents—whether they’re built with Microsoft tools or come from third‑party vendors. It centralizes inventory, access policies, and monitoring so that agents are treated like first‑class citizens alongside users, apps, and devices in the Microsoft 365 stack.
In a new Microsoft 365 blog post, the company positions the service as the answer to fast‑proliferating AI assistants that can invoke tools, access sensitive data, and interact with other agents in ways that expand the attack surface in seconds. The core idea is simple: you can’t govern what you can’t see, and Agent 365 is meant to be the single pane of glass for understanding where agents run, what they can reach, and how they behave.
General Availability and Licensing
Agent 365 is now generally available for commercial customers worldwide, signaling that Microsoft considers it ready for production use in large enterprises. It’s offered as part of the new Microsoft 365 E7 suite or as a standalone product priced at USD 15 per user per month, targeting the people who manage, sponsor, or heavily rely on AI agents in their day‑to‑day work.
Each license is intended to ensure that the agent activity tied to a given individual—whether they’re building, administering, or using agents—is consistently governed under the same policies and controls. For existing customers in the Agent 365 Frontier preview program, Microsoft is carrying forward a path for continued early access to new capabilities even as the platform reaches general availability.
Important Capabilities at GA
At GA, Agent 365 focuses on end‑to‑end observability, governance, and security for three broad types of agents: those acting on behalf of users with delegated access, those operating behind the scenes with their own credentials, and those participating in team workflows. Delegated agents might triage email or summarize documents for a user, while “own access” agents can autonomously handle tasks like ticket triage or operations workflows.
Microsoft notes that agents working on behalf of users and those operating behind the scenes are already generally available in Agent 365, while agents participating in team workflows are entering public preview. This gives organizations a path to start governing existing, user‑facing assistants today while preparing for more complex, collaborative agent scenarios to mature over time.
Tackling Shadow AI on Devices
One of the most aggressive moves in this release is deeper discovery and control of local, device‑level AI agents that users install themselves. Using integrated capabilities in Microsoft Defender and Microsoft Intune, organizations will be able to discover agents like OpenClaw and Claude Code running on Windows devices and bring them under consistent policy.
The new “Shadow AI” experience in the Microsoft 365 and Intune admin centers lets IT teams see where these local agents are running and apply Intune policies to block common execution paths, starting with OpenClaw and expanding soon to other popular tools such as GitHub Copilot CLI and Claude Code. Through the Agent 365 registry, this local agent inventory is surfaced across Defender and Intune so security and endpoint teams share the same view and can take action.
Rich Context and Runtime Protection
Beginning in June 2026, Microsoft Defender will add asset context mapping for each discovered agent, correlating devices, configured MCP servers, identities, and the cloud resources those identities can reach. This relationship‑style view is designed to help security teams quickly gauge blast radius, from sensitive file exposure to critical workload access, when an agent is misconfigured or compromised.
Beyond visibility, Microsoft is promising policy‑based guardrails and runtime enforcement: if a managed coding agent exhibits malicious behavior—such as trying to exfiltrate sensitive data—Defender will be able to block the agent in real time and raise detailed alerts for incident response. These context mapping, policy controls, and runtime blocking capabilities are planned to roll out in public preview through Intune and Defender integrations with Agent 365 in June 2026.
Multicloud Agent Visibility
Agent sprawl isn’t limited to Windows devices or Microsoft’s own cloud, so Microsoft is extending Agent 365 into multicloud AI‑builder platforms. Developers are rapidly creating agents using Microsoft Foundry, AWS Bedrock, and the Google Gemini Enterprise Agent Platform, which can leave security teams guessing about what’s running where.
To close that gap, the Agent 365 registry can now sync with Amazon Bedrock and Google Cloud connections in public preview, automatically discovering and inventorying agents running on those platforms. Microsoft says basic lifecycle governance—such as starting, stopping, and deleting agents across these environments—will follow, giving IT teams a single control plane across multicloud estates.
Ecosystem of SaaS and Partner Agents
A major pillar of Agent 365 is its support for a wide ecosystem of SaaS‑delivered agents. Agent 365 already works with prebuilt experiences in Microsoft 365 Copilot and Microsoft Teams, custom agents built through Microsoft Copilot Studio or Azure AI Foundry, and agents created by software development companies integrated into the platform.
Microsoft is announcing a set of “ecosystem partner agents” that ship fully configured to be governed by Agent 365, including solutions from vendors like Genspark, Zensai, Egnyte, and Zendesk, as well as agent factories such as Kasisto, Kore, and n8n. Enterprises can onboard these partner‑built agents without custom integration work, observing and securing them directly in the Agent 365 control plane.
Windows 365 for Agents
To complement governance, Microsoft is also introducing Windows 365 for Agents, a new type of Cloud PC environment purpose‑built for agent workloads and managed via Intune. The service is now in public preview in the United States, offering a policy‑controlled environment where agents can run with the same identity, security, and management stack already used for human workers.
Admins can now observe and secure agents running on Windows 365 for Agents within the Microsoft 365 admin center via Agent 365, seeing which agents are tied to cloud‑powered compute and how they are being used. Taken together, Agent 365 and Windows 365 for Agents aim to move organizations from simply seeing their agents to confidently running them in production at scale.
Network‑Level Protection for AI Agents
Recognizing that agents can move much faster—and potentially more dangerously—than human users, Microsoft is expanding network‑layer controls as part of general availability. Agent 365 now extends Microsoft Entra network controls to Microsoft Copilot Studio agents and agents running on user endpoints, including local tools like OpenClaw.
These controls help security teams identify unsanctioned AI usage, restrict agent traffic to approved web destinations, filter risky file transfers, and block malicious prompt‑based attacks before they result in harmful actions. By applying consistent network policies to both human and agent traffic, organizations can close gaps where autonomous tools might otherwise bypass existing defenses.
Partner Services and Adoption Playbook
To help enterprises adopt Agent 365 at scale, Microsoft is leaning heavily on its global partner ecosystem. Featured Agent 365 launch partners—such as Accenture, Bechtle, Capgemini, Insight, KPMG, Protiviti, and Slalom—have worked with Microsoft engineering teams to design services for planning, deploying, and operating the agent control plane.
These services typically span workshops and assessments, governance and enablement, managed services, advisory and readiness, and security and integration, all aimed at answering core questions like what agents exist, who owns them, and how to enforce least‑privilege access without slowing delivery. For organizations just starting their agent journey, Microsoft is also providing an adoption hub, technical documentation, AI Skills Navigator content, and a live “Ask Microsoft Anything” session with product experts.
Why Agent 365 Matters
Customer voices quoted in the announcement frame Agent 365 as the missing layer between today’s agent experiments and trusted, large‑scale deployments. Enterprises can already build AI agents with relative ease, but scaling them safely—without losing track of who can do what, where, and with which data—is where most initiatives stall.
By turning agents into governed, observable assets alongside users and apps, Microsoft is betting that Agent 365 will become foundational infrastructure for the AI era, much like identity and endpoint management were for cloud adoption. For Microsoft 365 customers, the message is clear: AI agents are already in your environment; now there’s a control plane to keep them in check.
Recent Posts You Might Like
- Microsoft 365 May 2026 Mega Update: New E7 Suite, Retirements, Fresh Copilot Upgrades, and a New Release Model
- Microsoft Defender XDR May 2026: Predictive Shielding, AI Agent Hunting, and Sentinel Automation Deadlines
- Windows 11 Insider builds for May 1 add extended ISO support, modern Run dialog, and quieter Widgets
Discover more from Microsoft News Now
Subscribe to get the latest posts sent to your email.
