A decade ago, IT teams worried about shadow IT — employees using unauthorized cloud apps and services. Today the busiest desks are populated not only by people but by software that acts like people: AI agents that summarize email, file tickets, run reports and even take basic decisions. Those agents promise productivity gains, but they also shift risk. Untracked agents can touch sensitive data, call external services and create hidden costs. Left unchecked, a handful of pilots can become a sprawling, ungoverned fleet.
On Nov. 18, 2025, Microsoft unveiled Agent 365, a management and governance platform designed to give enterprises a single control plane for AI agents. The product registers and inventories agents, detects unauthorized “shadow” agents, enforces permissions through Microsoft Entra, and extends security and audit capabilities from Defender and Purview. Microsoft and industry forecasters say agent adoption is accelerating; one analyst estimate projects more than one billion agents could be active inside businesses by 2028. For IT leaders, Agent 365 promises visibility, control and a way to scale agent use safely. For employees, it aims to make automation predictable and auditable.
“Agent 365 gives IT the tools to govern agents the way they govern users,” said Jared Spataro, Microsoft’s corporate lead for Copilot and AI at Work. “That visibility is essential for scaling automation safely.”
Overview table: Agent 365 at a glance
| Item | Key detail |
|---|---|
| Launch date | Nov. 18, 2025 (announced at Microsoft Ignite) |
| Purpose | Unified registry, governance, security and telemetry for enterprise AI agents |
| Core integrations | Microsoft Entra (identity), Defender (security), Purview (compliance), Copilot/Agent Store |
| Agent scope | Microsoft-built and third-party agents across cloud and on-prem systems |
| Primary users | IT, security teams, compliance officers, application owners |
| Initial availability | Early-access / Frontier program; phased commercial rollout planned |
What Agent 365 does for enterprises
Agent 365 treats agents as first-class IT resources. Its main functions include:
- Discovery and registry: A central inventory lists approved agents and flags unregistered “shadow” agents discovered via telemetry.
- Identity and permissions: Agents receive identities managed by Microsoft Entra so administrators can grant or revoke rights like any user account.
- Policy enforcement: Admins apply policies about which data sources and systems an agent may access and which external calls are allowed.
- Security and audit: Defender monitors agent activity for threats; Purview retains audit trails and data-use logs for compliance.
- Telemetry and ROI metrics: Dashboards report agent usage, latency, error rates, user interactions and cost, helping leaders measure impact.
- Vendor support: The system supports agents built with Microsoft tools and many third-party frameworks, enabling mixed-vendor environments.
By combining identity, policy and telemetry, Agent 365 aims to reduce operational blind spots while letting organizations scale automation.
“Extending identity and audit controls to agents is a major step toward enterprise-grade agent fleets,” said Vasu Jakkal, Microsoft’s corporate vice president for security. “Security teams need telemetry and policy enforcement at the agent level, and this delivers it.”
Why enterprises asked for a control plane
Early AI deployments were often small and local: a team adds a summarizer, another builds a data-pull agent. As adoption spread, CIOs reported three consistent problems: unknown agents accessing critical data, duplicated efforts that waste computing and human time, and a lack of measurable outcomes to justify investment.
Industry analysts warn that agent count will grow rapidly as businesses embed automation into workflows. That scale requires governance: identity controls to avoid lateral data access, telemetry to measure ROI and security to stop prompt injection and data exfiltration. Agent 365 is Microsoft’s answer to those gaps — a tool to move from pilot to controlled production.
Key features
| Feature | Business benefit |
|---|---|
| Central registry | Eliminates blind spots; surfaces unauthorized agents for remediation. |
| Entra identity binding | Limits lateral access; revokes permissions centrally when needed. |
| Policy engine | Standardizes allowed behaviors across teams and environments. |
| Defender & Purview integration | Detects threats and preserves auditable logs for compliance. |
| Telemetry dashboards | Quantifies agent value and helps prioritize investment. |
| Third-party agent support | Reduces vendor lock-in and allows mixed ecosystems. |
How Agent 365 fits with Microsoft’s Agent Store and Copilot tools
Microsoft’s Agent Store, introduced earlier, functions as a marketplace for prebuilt agents. Copilot Studio helps teams design and orchestrate agent workflows. Agent 365 complements those offerings by providing the governance layer: the store supplies catalog items, Copilot Studio builds them, and Agent 365 inventories, secures and measures them in production. The three pieces together aim to shorten the path from concept to compliant automation at scale.
Real-world implications for IT, security and workers
For IT teams, Agent 365 reduces manual discovery and gives a single place to manage agent identities and policies. Security teams gain new telemetry to spot anomalous behavior and to apply existing detection signatures to agent actions. Compliance officers get the logs they need for audits.
For employees, the change can bring steadier automation. Approved agents that follow policy are less likely to break processes or expose data. But governance also means some agents will be disabled or reconfigured; teams used to quick scripting must adapt to review cycles and identity procedures.
Practical rollout details and licensing
Microsoft positioned Agent 365 as an enterprise feature available first through an early-access Frontier program for customers with appropriate Microsoft 365 and security licenses. The company plans phased rollouts, integrations with existing admin centers, and partner programs to help large customers on-board. Early adopters are expected to pilot Agent 365 at departmental scale before wider deployment.
Risks, limits and adoption challenges
- False positives and noise: Discovery algorithms may flag harmless scripts, creating work for IT.
- Integration depth: Third-party framework support varies; full governance may require vendor cooperation.
- Operational cost: Adding another control plane demands headcount and process changes.
- User friction: Developers and business teams may experience slower iteration as governance gates are applied.
Companies should align Agent 365 with change-management plans and offer developer-friendly workflows to keep innovation moving.
Comparison table: Manual governance vs. Agent 365
| Issue | Manual approach | Agent 365 approach |
|---|---|---|
| Discovery | Sporadic, tool-by-tool | Centralized registry and automated detection |
| Identity | Accounts tied to humans or service accounts | Agent identities managed by Entra |
| Policy enforcement | Ad hoc scripts and change control | Central policy engine and enforcement |
| Auditability | Fragmented logs | Unified audit trails via Purview |
| Measurement | Limited metrics | Agent telemetry and ROI dashboards |
Conclusion: Treating agents as first-class IT citizens
Agent 365 signals a shift in enterprise thinking: agencies, bots and agents must be governed like people. As companies move from experimentation to fleet management, the need for identity, policy, telemetry and security at agent scale becomes urgent. Microsoft’s offering stitches those capabilities together for customers committed to scaling automation. The product does not eliminate risk, but it changes the conversation: businesses can no longer treat agents as informal scripts. Governance, measurement and change management must be part of any serious automation strategy — and Agent 365 is Microsoft’s attempt to make that practical.
FAQs
What is Agent 365?
A Microsoft control plane that inventories, governs and secures AI agents across Microsoft and supported third-party frameworks.
Who should consider using it?
CIOs, CISOs, security teams and large application owners running multiple agents or planning to scale automation.
Does Agent 365 block all rogue agents automatically?
No. It increases visibility and enforces policies, but IT must act on findings and integrate the platform into operational processes.
Will it work with non-Microsoft agents?
Yes — Agent 365 supports third-party agents, though integration and feature parity may vary by vendor.
Does it add latency to agent workflows?
Policy enforcement can introduce checks; Microsoft designs for low friction but recommends pilots to assess performance impact.