Microsoft Agent 365 Explained: The Control Plane for Enterprise AI Agents
Think back to the early days of cloud adoption. Every team was creating virtual machines, storage accounts, and databases in ways that worked for them individually. But for the person responsible for governance, security, and cost control, it was chaos. This problem became known as shadow IT.
Now, the same pattern is emerging again, but this time with AI agents. Teams are deploying AI assistants, bots, and autonomous agents to automate work and improve productivity. Unlike cloud resources, agents can be created much faster and often without centralized oversight.
This has led to a new challenge called AI agent sprawl.
IDC predicts there will be 1.3 billion AI agents by 2028. That's not a slow rollout - that's an avalanche.
Without proper governance, organizations face serious risks:
No visibility into what agents exist
Uncontrolled access to enterprise data
Agents acting without proper authorization
Difficulty enforcing security and compliance
Microsoft’s answer to this challenge is Microsoft Agent 365 and frankly, it is one of the most architecturally sensible things they have announced in this space.
Important - Preview Programme Notice
Microsoft Agent 365 is currently only accessible through the Frontier preview programme - Microsoft's early access track for its latest AI innovations. You will need to be enrolled in Frontier before any of the features described in this post become visible in your tenant.
Frontier previews are subject to the existing preview terms of your customer agreements. Because these features are still in active development, their availability and specific capabilities may change - sometimes significantly - over time. Treat everything here as directionally accurate, but always validate against the latest Microsoft documentation before building plans around it.
What Is Microsoft Agent 365?
At its core, Microsoft Agent 365 is the control plane for AI agents. A control plane is the layer where you manage, monitor, and govern resources. It gives you visibility and control over how those resources operate.
In this case, the resources are AI agents.
The best way to understand this is by comparing it with Microsoft Entra ID. Entra ID helps you manage human identities by controlling:
Who can sign in
What resources they can access
What happens when they join or leave the organization
Microsoft Agent 365 applies the same concept to AI agents. It allows organizations to manage agents as digital identities, with defined permissions, access controls, and governance policies.
Importantly, Agent 365 builds on the existing Microsoft security and governance foundation. It integrates with services such as:
Microsoft Entra for identity and access control
Microsoft Purview for compliance and data governance
Microsoft Defender for security and threat protection
Microsoft 365 Admin Center for centralized administration
This means organizations do not need a completely new governance model. Instead, they can extend their existing identity, security, and compliance frameworks to include AI agents.
From an architecture perspective, this makes AI agents first-class entities that can be governed just like users, applications, and services.
Microsoft Agent 365 is platform-agnostic. It does not matter where the agent was built.
An agent could be created using:
Copilot Studio
Microsoft Foundry
A third-party platform such as Salesforce or ServiceNow
An open-source framework like LangChain
As long as the agent is registered and assigned a Microsoft Entra Agent ID, it can be governed through the Agent 365 control plane.
Building Your Own Agent? Here's What You Need to Know
If you are building agents using Copilot Studio, Microsoft Foundry, or custom frameworks, the key requirement for Agent 365 compatibility is simple: your agent must have a Microsoft Entra Agent ID and be registered in the Agent 365 Registry.
This is what allows Agent 365 to apply identity, governance, security, and monitoring policies.
The exact steps depend on how the agent is built.
Copilot Studio and Microsoft Foundry - The Simplest Path
Agents built using Copilot Studio and Microsoft Foundry have native integration pathways that enable onboarding into the Agent 365 governance model.
When an agent is created using Copilot Studio or Microsoft Foundry:
The agent is automatically assigned an Entra Agent ID
It appears in the Agent 365 Registry
Governance policies can be applied through the Microsoft 365 Admin Center
To ensure proper governance:
Provide clear descriptions and ownership metadata
Assign appropriate access permissions
Apply Conditional Access and compliance policies
This is the easiest and most seamless path to Agent 365 integration.
Custom and Open-Source Agents - Full Control, With More Integration Work
Custom agents built using frameworks such as LangChain, Semantic Kernel, or Azure OpenAI can also be governed by Agent 365.
The integration workflow follows a standard identity-first model:
Create a Microsoft Entra Agent ID
Configure the agent to authenticate using that identity
Register the agent in the Agent 365 Registry
Apply governance policies using Entra, Purview, and Defender
Monitor the agent through Agent 365 dashboards
Once integrated, the agent receives the same governance, security, and compliance protections as Microsoft-built agents.
Entra Agent ID acts like a managed identity. It has no permissions by default and must be explicitly granted access to enterprise resources.
Third-Party Agents - Supported, But Still Evolving
Microsoft’s vision for Agent 365 is an open platform that can govern agents from any source, including Salesforce, ServiceNow, Workday, and custom-built systems.
The integration model is straightforward in principle:
Assign the agent a Microsoft Entra Agent ID
Register the agent in the Agent 365 Registry
Authenticate access through Entra
Apply governance policies and monitoring
However, this ecosystem is still maturing.
Today:
Native integration is strongest for Microsoft-built agents
ISV partners are actively building Agent 365 connectors
Integration patterns for external platforms are still evolving
For organisations running third-party agents today, the recommended approach is:
Engage ISV vendors about Agent 365 integration roadmaps
Use Entra Conditional Access to govern resource access
Implement logging and monitoring at integration points
Use API gateways to maintain visibility and control
Over time, Agent 365 is expected to become the unified governance layer for all enterprise agents, regardless of platform.
How Entra Agent ID and Agent 365 Work Together
Microsoft Entra Agent ID provides the identity layer, while Agent 365 provides the governance layer.
Together, they enable a complete lifecycle:
Entra authenticates the agent
Agent 365 registers the agent
Purview governs data access
Defender monitors security posture
Admin Center provides visibility and control
This creates a unified governance model across all agents.
From an architectural perspective, Entra Agent ID is the foundation that makes Agent 365 governance possible.
The "Digital Employee" Analogy - And Why It Actually Matters
Microsoft’s framing of agents as digital employees might sound like marketing language, but architecturally, it is accurate.
When a human employee joins an organisation, they go through a defined lifecycle. They are assigned an identity, granted access to specific systems, monitored for security and compliance, and eventually deprovisioned when they leave.
Microsoft Agent 365 applies this same lifecycle model to AI agents.
This lifecycle model brings immediate architectural advantages.
First, it allows organisations to extend their existing governance framework to agents. The same identity, access control, compliance, and security processes used for human users can now be applied to AI agents.
Second, it improves accountability and traceability.
Instead of a generic system log entry such as:
"Application accessed SharePoint"
You get a clear, identity-based record:
"HR Benefits Agent accessed employee records to respond to a user request"
This provides full visibility into:
Which agent performed the action
What data was accessed
When the action occurred
Under which identity and policies
This identity-centric model is what makes large-scale agent governance possible. Agents are no longer anonymous automation scripts. They are governed digital identities operating within the enterprise security and compliance framework.
From an architecture perspective, this is the critical shift that allows organisations to safely adopt AI agents at scale.
Shadow Agents: The Problem You Probably Already Have
Shadow IT did not disappear. It evolved.
With tens of millions of monthly active Power Platform users, agents are already being built across organisations. In many cases, these agents are created by well-intentioned business users trying to automate repetitive work. They solve real problems, but they often do so without going through formal IT onboarding or governance.
The result is shadow agents - agents operating in your environment without centralized visibility, identity governance, or security oversight.
These agents may:
Access enterprise data
Interact with business systems
Execute workflows and automation
Operate without proper identity or policy enforcement
From an architecture perspective, this creates the same risks that shadow IT created in the early cloud era, but at a much faster scale.
Microsoft Agent 365 addresses this through built-in discovery and quarantine capabilities. Agent 365 provides discovery and governance capabilities that allow administrators to identify and quarantine unmanaged agents. This prevents the agent from running until it has been reviewed and approved.
Quarantine does not delete the agent. Instead, it places the agent in a controlled state where it cannot access enterprise systems or data.
While quarantined, the agent remains visible in the Agent 365 Registry. This allows administrators to investigate:
The agent’s identity and ownership
Its access patterns and permissions
The systems and data it attempted to access
Its overall security and compliance posture
This follows the same architectural principle used for unmanaged devices. When an unknown device connects to the network, it is isolated first, then reviewed before being trusted.
The Five Pillars of Agent 365
So far, we’ve looked at Agent 365 from a conceptual and user perspective. Now let’s shift to the IT administrator’s point of view, because this is where governance actually happens.
As agents start multiplying across the organization, administrators need a central place to manage them. This is provided through the Microsoft 365 Admin Center, where Agent 365 integrates directly into the existing admin experience.
From here, administrators can discover agents, control their access, monitor their behavior, and enforce security policies.
The five pillars of Agent 365 map directly to these administrative capabilities:
Registry - Discover and maintain an inventory of all agents
Access Control - Assign identities and control what agents can access
Visualization - Understand how agents interact with users, data, and other agents
Interoperability - Enable agents to work across enterprise systems and platforms
Security - Protect the organization using existing Microsoft security and compliance controls
These pillars ensure that agents are not operating outside IT governance. Instead, they become fully managed entities within the enterprise identity, security, and compliance framework.
1. The Registry - Full Agent Inventory
The Agent Registry provides a centralized inventory of all agents in the environment, regardless of how they were built. Administrators can see each agent’s identity, permissions, data access, and applied security policies.
This includes:
Agents with Microsoft Entra Agent IDs
Agents registered manually
Shadow agents discovered automatically
Unapproved agents can be quarantined, blocking access to enterprise systems until reviewed.
This gives IT real-time visibility and governance, replacing the manual spreadsheets many organisations rely on today.
2. Access Control - Guardrails Before and During
Agent 365 enforces access control both before deployment and during runtime.
Before activation, agents must be approved in the Microsoft 365 Admin Center. Administrators review requested permissions, data access, and capabilities, then assign policies using Microsoft Entra, Purview, and Microsoft 365 controls. This ensures least-privilege access from the start.
During runtime, Agent 365 continuously monitors agent behavior. If suspicious activity is detected, Conditional Access can block the agent immediately. Administrators can also disable the agent, instantly revoking its access.
This ensures agents operate within defined security boundaries throughout their lifecycle.
3. Visualization - From Monitoring to Actionable Insight
As agent usage grows, administrators need visibility into how agents interact with systems, data, and each other.
The Agent Map provides a real-time visual view of:
All agents in the environment
Their connections to enterprise systems
Interactions between agents and users
Image Courtesy: Microsoft
Administrators can quickly identify abnormal behavior and investigate issues without digging through logs.
Agent 365 also provides dashboards with performance, security, and usage insights. Activity is fully logged and integrated with Microsoft Purview, ensuring auditability, compliance, and governance.
This gives organizations the visibility needed to safely operate agents at scale.
4. Interoperability - Freedom of Choice, With Context
Agents are only useful if they can access enterprise tools and data. Microsoft Agent 365 connects agents to systems like Microsoft 365, SharePoint, Dynamics 365, and other business applications, allowing them to operate within real workflows.
Work IQ provides organizational context, enabling agents to understand relationships, documents, and business processes. This allows agents to make decisions based on your organisation’s actual environment, not generic data.
Agent 365 is platform-agnostic. Agents built using Copilot Studio, Microsoft Foundry, Azure AI services, or open-source frameworks can all be registered and governed once assigned a Microsoft Entra Agent ID.
This gives organisations:
A single governance model for all agents
Consistent identity, security, and compliance enforcement
Full visibility across internal and third-party agents
From an architecture perspective, Agent 365 provides interoperability without sacrificing governance or control.
5. Security - The Full Stack, Not a Checkbox
Security in Microsoft Agent 365 is built on the same enterprise security stack that protects users and applications.
Microsoft Defender provides security monitoring and threat detection capabilities for agents, including protections against prompt injection and abnormal behavior.
Microsoft Purview enforces data protection and compliance policies. Agents automatically respect sensitivity labels, data access restrictions, and audit requirements.
Microsoft Entra provides identity and access control, ensuring least privilege access and enforcing Conditional Access policies in real time.
Administrators manage all of this using familiar tools like Entra, Purview, and Defender. Agent 365 extends the existing security model to agents, without requiring new management systems.
The Honest Architectural Take
From an architecture standpoint, Microsoft Agent 365 is built on the right foundation. Instead of introducing a new management silo, it extends existing enterprise platforms:
Microsoft Entra for identity and access control
Microsoft Purview for compliance and data governance
Microsoft Defender for threat protection
This allows agents to be governed using the same controls already in place for users and applications.
Agent 365 treats agents as digital employees, giving them their own identity and workspace. This enables agents to participate directly in business workflows, while ensuring full accountability and governance.
Support for third-party agents is equally important. Agents built on platforms like ServiceNow, SAP, or Workday can be registered and governed once assigned a Microsoft Entra Agent ID. This creates a vendor-neutral control plane, avoiding lock-in and enabling centralized governance.
There are still open questions around pricing, ecosystem maturity, and multi-agent governance. However, the architectural direction is clear.
Agent 365 brings identity, security, and governance to AI agents - a necessary foundation for enterprise-scale adoption.
Open Questions and What Architects Should Watch
Microsoft Agent 365 has a strong architectural foundation, but several important operational and ecosystem details are still evolving as the platform moves toward general availability.
If you are planning adoption, these are the key areas to monitor closely.
Licensing and Pricing Model
Agent 365 is currently available through the Frontier preview and is closely integrated with Microsoft 365 Copilot environments. Microsoft has not announced a standalone SKU or public pricing.
Key questions that remain:
Will Agent 365 be included in Microsoft 365 E5 or bundled with Copilot licenses?
Will pricing be per-user, per-agent, or per-tenant?
Will there be different tiers for basic governance vs. advanced security features?
What is the expected timeline for general availability?
These answers will directly impact adoption strategy and cost planning.
Third-Party Agent Integration
Microsoft’s vision is for Agent 365 to govern agents from any platform, including ServiceNow, Salesforce, Workday, and custom-built systems. However, the partner ecosystem is still maturing.
Open questions include:
Which ISV platforms will support native Agent 365 integration first?
How will agents running outside Microsoft cloud environments be monitored?
Will Microsoft introduce certification or trust standards for third-party agents?
What integration standards and SDKs will be available?
This will determine how effectively organisations can govern their entire agent ecosystem.
Frontier Preview to General Availability Transition
Agent 365 is currently available through the Frontier preview program. Some capabilities may change before general availability.
Key questions include:
Which features will remain preview-only vs. become GA features?
Will agents registered during preview require reconfiguration?
Will there be breaking changes to APIs or identity models?
What is the expected GA timeline?
This is critical for organisations planning production deployments.
Performance and Scale Considerations
Agent 365 introduces identity validation, security checks, and telemetry logging. These controls are essential, but they also introduce operational overhead.
Architectural questions to monitor:
What is the latency impact of policy enforcement and monitoring?
How does Agent 365 scale with large agent fleets?
Are there tuning options to balance performance and security?
What are the telemetry and storage cost implications?
These factors affect scalability and runtime performance.
Developer Tooling and Integration Support
Copilot Studio and Microsoft Foundry provide native integration, but developer tooling for custom and open-source agents is still evolving.
Important questions include:
When will full SDKs and documentation be available?
Will Microsoft provide SDKs for Python, JavaScript, and C#?
Will developer sandboxes and test environments be available?
What is the long-term API stability model?
Developer experience maturity will influence enterprise adoption speed.
Data Residency and Sovereignty
Agent 365 builds on Microsoft Entra and Purview, which already support regional data residency and compliance boundaries. However, detailed implementation specifics are still emerging.
Key questions include:
Where is Agent 365 registry and telemetry data stored?
Can agents be restricted to specific Azure regions?
How does Agent 365 align with EU Data Boundary commitments?
Will Agent 365 be available in sovereign and government cloud environments?
This is especially important for regulated industries and public sector organisations.
Architectural Bottom Line
Agent 365’s identity-first governance model is clear and well-designed. The remaining questions are primarily operational, ecosystem, and commercial - not architectural.
As Microsoft expands the ecosystem and moves toward general availability, Agent 365 is positioned to become the standard control plane for enterprise AI agents.
Final Thoughts
AI agents are quickly becoming part of the enterprise fabric. They access data, execute workflows, and make decisions at scale. The real question is not whether they need governance, but whether that governance is implemented proactively or after problems emerge.
Microsoft Agent 365 gives IT and security teams the same visibility and control over agents that they already have over human users. By building on Microsoft Entra, Defender, and Purview, it extends existing identity, security, and compliance frameworks rather than introducing a new governance model.
Importantly, this governance applies across all agent types - Microsoft-built agents, third-party agents, Azure-based custom agents, and open-source frameworks. This creates a unified control plane, rather than a fragmented or vendor-locked solution.
Organisations that succeed with AI agents will treat them like any other enterprise identity: governed, monitored, and secured from day one. Agent 365 provides the foundation to do exactly that.
If you found this useful, tap Subscribe at the bottom of the page to get future updates straight to your inbox.