Microsoft Agent 365 is Microsoft’s control-plane approach for AI agent governance. For business, IT, and security leaders, the practical question is not only how to use agents, but how to see, manage, and secure them before agent sprawl becomes a risk.
Why Agent Sprawl Is Becoming a Business Risk
Agents are already in the environment
Organizations today face a growing challenge: AI agents are proliferating faster than IT and security teams can track them. According to Microsoft’s internal visibility, the company observed more than 500,000 agents operating within its own environment, with agents generating more than 65,000 responses per day over a 28-day period. This scale reflects a broader market trend—Microsoft cites an IDC projection that 1.3 billion agents may exist by 2028.
Agent sprawl extends beyond Microsoft-built tools. Teams across organizations are deploying agents from multiple vendors, building custom agents through low-code platforms, and running agents both in cloud environments and on local devices. The result is fragmented visibility and inconsistent security posture across the workforce.
Why visibility matters before scale
Without visibility into which agents exist, where they operate, what permissions they hold, and what data they access, organizations cannot effectively govern them. Shadow AI—agents running without IT knowledge or approval—compounds the risk. As adoption accelerates, the cost of discovering and remediating security gaps, compliance violations, and unauthorized data access can grow quickly.
Business leaders and IT teams need a control plane before agent expansion becomes unmanageable. That is where Agent 365 enters the picture.
What Microsoft Agent 365 Does
Microsoft announced Agent 365 as generally available on May 1, 2026, positioning it as a control plane to observe, govern, and secure agents and interactions across Microsoft AI agents and ecosystem partner agents. The tool integrates into existing Microsoft administrative and security infrastructure rather than standing alone.
Observe agents
Microsoft describes Agent 365 as providing discovery and inventory capabilities for agents running in both cloud and local environments. IT teams can use Microsoft Defender and Microsoft Intune capabilities to identify agents—including those deployed without formal IT approval—and gain visibility into their operation and interactions.
This observability extends across Microsoft-built agents and third-party agents integrated into the Microsoft 365 environment, giving organizations a consolidated view of agent activity.
Govern access and identity
A core function of Agent 365 is managing how agents access resources and which identities they use to do so. Agents can operate under delegated access—permissions granted by a user for a specific task or time period—or with their own credentials. These two models carry different security and compliance implications.
Microsoft positions Agent 365 as a way for IT and security teams to define and enforce policies around these access patterns, ensuring that agents operate within intended boundaries and that credential usage aligns with organizational standards.
Secure interactions and shadow AI
Agent 365 is designed to address shadow AI by bringing unauthorized or unknown agents into view and under governance. It works with Microsoft’s security and compliance tools—including Microsoft Defender, Microsoft Entra, Microsoft Purview, and the Microsoft 365 admin center—to enforce consistent security controls.
This integration means Agent 365 leverages existing security policies, audit logs, data loss prevention rules, and compliance frameworks rather than requiring separate parallel systems.
How Leaders Should Use It
Start with inventory
The first practical step is using Agent 365’s discovery capabilities to create a baseline inventory of agents currently operating in the environment. This includes Microsoft-built agents (such as those in Copilot, Word, Excel, and other Microsoft 365 applications), custom agents built on Microsoft platforms, and third-party agents integrated into workflows.
Without a baseline inventory, subsequent governance decisions will be incomplete.
Separate delegated access from own credentials
Once inventory is in place, define clear policies for how agents authenticate and access resources. Delegated access—where a user grants temporary permission for a specific agent task—reduces the risk of credential sprawl and long-lived permissions. Own credentials, where an agent maintains persistent identity and access rights, requires tighter controls and audit trails.
Agent 365 helps teams enforce these distinctions through Entra and Intune policies, ensuring the right model is used for the right use case.
Tie controls to Defender, Intune, Entra, and Purview
Agent 365 is not a standalone tool. Its power comes from integration with existing Microsoft security and compliance infrastructure:
- Microsoft Defender: Can support detection and response workflows around suspicious agent behavior and unauthorized interactions, depending on deployment and configuration.
- Microsoft Intune: Can support device-level management and restrictions for relevant agent scenarios, depending on deployment and configuration.
- Microsoft Entra: Supports identity, authentication, and access policies that can apply to agents and delegated operations.
- Microsoft Purview: Supports data governance, retention, and compliance policies for information handled through Microsoft environments.
Leaders should audit existing policies in these tools and extend them deliberately to cover agent use cases. This approach leverages existing investment and expertise rather than requiring new skill sets.
Details to Confirm Before Deployment
Licensing and regional details
Current pricing, SKU bundling, regional availability, and packaging can vary and should be checked against current Microsoft licensing documentation before purchase decisions. Organizations should consult their Microsoft account teams or current product documentation for licensing details specific to their region and deployment model.
Coverage across non-Microsoft agents
Microsoft says Agent 365 supports Microsoft AI agents and ecosystem partner agents, but organizations should test coverage for their own non-Microsoft and custom agent environments. Organizations with significant heterogeneous agent environments should test Agent 365’s discovery and governance scope with their specific third-party agent deployments before making governance decisions.
Bottom Line
Governance before expansion
Agent adoption is accelerating. The combination of Microsoft 365 Copilot, Copilot Cowork, and custom agents built by teams creates genuine value—but only if IT and security teams can see, understand, and control what is running.
Agent 365 provides the visibility and control plane for that governance. Business leaders and IT teams that inventory their agent landscape, clarify delegated versus persistent access, and bind controls to existing Microsoft security tools will be better positioned to scale agent use safely and compliantly.
Organizations without this foundation risk shadow AI, compliance gaps, and security incidents as agent sprawl accelerates. The time to establish governance is before expansion, not after.
Related reading:
Microsoft 365 Copilot and Agent 365: May 2026 Business Guide
PwC and Anthropic Expand Claude Alliance
Sources
- Microsoft Security Blog: Agent 365 generally available
- Microsoft 365 Blog: Copilot, human agency, and organizational opportunity
- Official Microsoft Blog: First Frontier Suite built on Intelligence + Trust
- Official Microsoft Blog: Frontier Transformation with partners
Sources were checked on May 18, 2026. Pricing and regional purchasing details are intentionally excluded from this article.