Enterprise DNA

Omni by Enterprise DNA

Enterprise DNA Resources

Latest AI and industry news. Practical AI operating-system thinking for owners, operators, and teams doing real work.

220k+

Data professionals

Omni

AI agents and apps

Audit

Map the manual work

News Trending Product

Microsoft Agent 365 GA: Enterprise AI Agent Governance

Microsoft Agent 365 hit general availability May 1. It's a $15/user/month control plane for discovering, governing, and securing every AI agent in your stack.

Enterprise DNA | | via Microsoft Security Blog
Microsoft Agent 365 GA: Enterprise AI Agent Governance

If you’ve been deploying AI agents across your business, you’ve probably noticed the same thing most companies are running into right now: nobody knows exactly how many agents are running, what data they can access, or who approved them. Microsoft’s answer to that problem, Agent 365, just became generally available.

The product launched May 1, 2026 at $15 per user per month as a standalone offering — or bundled into the new Microsoft 365 E7 licence tier. It sits above your existing Microsoft 365 stack as a management layer for your entire agent fleet, whether those agents were built in Copilot Studio, purchased from a vendor like Zendesk or Kore.ai, or running locally on a developer’s machine.

The Problem It’s Solving

The timing is not accidental. A recent OutSystems study found that 94% of enterprises report concern about AI agent sprawl — the runaway proliferation of autonomous agents creating security gaps and technical debt. According to research published in early 2026, the average enterprise now manages 37 deployed agents, with more than half of those running without any security oversight or logging.

This is not a theoretical problem. The scenario looks like this: a marketing team builds a campaign automation agent using a no-code tool, a developer runs Claude Code or a local MCP server to handle internal queries, a sales team subscribes to an AI SDR that has read access to CRM data. Nobody has a complete inventory. Nobody knows what credentials these agents hold, what they can access, or what they’re logging.

Agent 365 is Microsoft’s attempt to give IT and security teams a single pane of glass over this sprawl before it becomes a serious compliance or breach incident.

What It Actually Does

The product is built around three core capabilities: observe, govern, and secure.

On the observation side, Agent 365 surfaces a real-time dashboard showing every registered agent across your environment, which users they’re active for, how many hours they’ve run, what platforms they connect to, and any emerging risk signals. It covers both delegated-access agents (those acting on behalf of a human user) and agents running with their own credentials.

Governance controls let you set policies on what agents can access, block unmanaged local agents running on Windows endpoints via Defender and Intune, and require conditional access enforcement before any agent can act on a user’s behalf. Local agent management — covering tools running directly on employee machines — reached general availability with this release.

On the security side, the platform extends Microsoft Entra’s identity protection to agent identities, meaning your agents get the same conditional access and anomaly detection treatment as your human employees. Multi-platform discovery, covering AWS Bedrock and Google Cloud agents, is currently in public preview.

New integrations are landing quickly too. Windows 365 for Agents — purpose-built cloud PCs for secure agent workloads — is in preview, designed for scenarios where you want agents running in isolated, auditable compute environments rather than on shared employee hardware.

What This Means for Business

If you run Microsoft 365 already, this is the most practical first step toward agent governance you can take. The $15/user price point is low enough that most IT security budgets can absorb it without a procurement battle.

The more important signal is what this launch represents: AI agent management is now a product category, not just a best practice in a whitepaper. Within 12 months, “do you have an agent inventory?” will be a standard question in vendor security reviews, enterprise insurance assessments, and compliance audits. Getting ahead of that now — knowing what agents are running, what they can touch, and who is accountable for them — is the kind of operational foundation that prevents a governance crisis later.

For businesses currently evaluating or deploying AI agents: the question is no longer whether you need an agent management strategy. The question is whether you’ll build it proactively or be forced into it after something goes wrong. Before you reach that point, understanding which parts of your business AI can actually handle and what governance looks like in practice is the right starting point.

The practical next step is the free Working With Claude field guide. Thirty-two pages covering the ecosystem, Claude Code, and how to govern a rollout properly. Get your copy.

Working With Claude field guide cover

Free Resource

Going deeper with Claude?

Get the free 32-page implementation guide for ANZ teams.

No spam. Unsubscribe any time.