If your organisation has started deploying AI agents in the past twelve months — and most have — there is a reasonable chance some of them are running completely outside your IT team’s visibility. A sales rep installed an AI assistant on their laptop. A developer is using a local coding agent. A customer service manager set up an automation in a third-party platform. Nobody registered them. Nobody audited them. They are just… running.

Microsoft calls this shadow AI, and on May 1, it made Agent 365 generally available to address exactly that problem.

What Microsoft Agent 365 Actually Does

Agent 365 is a unified control plane for AI agent governance. Rather than another point solution, it extends Microsoft’s existing security infrastructure — Defender, Intune, Entra — to cover AI agents the same way they already cover devices and users.

The core capabilities fall into three buckets:

Discovery. Agent 365 can find unmanaged agents running across your environment. That includes cloud agents on AWS Bedrock and Google Cloud, agents from Microsoft partner platforms like Zendesk, n8n, and Kore.ai, and local agents installed directly on Windows endpoints — tools like GitHub Copilot CLI, Claude Code, or OpenClaw that run on a user’s machine and can read files, execute code, and act on their behalf without ever touching a managed cloud service.

Governance. Once agents are inventoried, administrators can set policy-based controls around what each agent is permitted to do. Agent 365 also introduces Windows 365 for Agents — managed, sandboxed environments where agents can operate with appropriate isolation from sensitive systems.

Real-time security. Microsoft Defender can now block agents at runtime if they exhibit behaviour patterns that match known threats, and Entra’s network controls extend to inspecting agent traffic before it leaves the environment.

Pricing sits at $15 per user per month as a standalone product, or it is included in the new Microsoft 365 E7 licence tier.

The Problem Is Real and Growing Fast

The reason this matters is not theoretical. AI agents operate differently from traditional software. A SaaS tool sits in one place and does one job. An AI agent can be granted delegated user credentials, move across multiple systems, take actions autonomously, and generate outputs that look indistinguishable from human decisions.

When an agent is unmanaged, none of the usual guardrails apply. It may have access to more data than intended. It may send outputs to external services. It may make decisions — in customer communications, code commits, financial calculations — that no one has signed off on.

Yuji Shono, Head of Global AI Office at NTT DATA Group, put it plainly: “With Agent 365, we can scale and govern AI agents with confidence while maintaining enterprise-grade security.”

That is the proposition. Most businesses want both things simultaneously — the productivity gains from agents and the security posture their compliance teams require. Until now, they have largely had to choose.

What This Means for Business

The general availability of Agent 365 signals something important for business leaders: the “experiment freely and clean it up later” era of enterprise AI is ending. Governance is becoming a product category, not an afterthought.

A few practical implications:

Your IT team will start asking for an agent inventory. If you cannot answer the question “what AI agents are running in our organisation and what can they access?”, that conversation is coming. Getting ahead of it now, before a compliance audit or a data incident, is worth the hour it takes.

Unmanaged agents are becoming a liability, not just a risk. As more vendors release agent governance tooling and regulators begin examining AI usage, businesses that let shadow AI accumulate are creating future problems. The cost of retroactively auditing and reclassifying agents is significantly higher than governing them from the start.

The agent layer is becoming infrastructure. Microsoft’s move to extend Defender and Intune to cover agents is the same pattern it used with mobile devices in 2012. The implication is that agent management will eventually be as routine and mandatory as endpoint management.

Governance and capability are not opposites. A common fear is that putting guardrails on AI agents will slow them down or remove their value. Agent 365 is built on the premise that governance enables scale — you cannot safely deploy agents at volume without visibility, and you cannot get ROI from agents you are too nervous to actually run.

Where Enterprise DNA Fits In

At Enterprise DNA, we work with businesses at exactly this junction. The question is rarely “should we use AI agents?” anymore. The question is “how do we deploy them responsibly, integrate them properly, and make sure they actually work the way we intend?”

That is what Omni Ops is designed to answer. Rather than leaving you to wire together agents and hope they behave, we build and manage AI agent workforces with governance built in from the start — proper data access controls, audit trails, and integration with your existing security stack.

If you are navigating the transition from AI pilots to production agents, and you want to do it without creating the shadow AI problem Microsoft is now charging $15 a seat to clean up, book a discovery call and we can walk through what responsible deployment looks like for your organisation.

The shadow AI conversation is not going away. Better to get in front of it.