What Is Microsoft Agent 365? The Control Plane for Enterprise AI Agents Explained

AI agents are showing up faster than IT teams can track them. Some live inside Microsoft 365 Copilot. Some run from a browser extension a salesperson installed last week. Some are autonomous services connecting to a CRM that no one has fully audited. Each one can read data, take action, and operate on its own.

Microsoft Agent 365 is the answer Microsoft built for that problem. Announced at Ignite 2025 and generally available since May 1, 2026, the product gives IT and security teams one place to see every agent, decide what each one is allowed to do, and hold the whole fleet to enterprise standards. The piece below covers what Agent 365 is, what it does, what it costs, and how to prepare.

What is Microsoft Agent 365?

Microsoft Agent 365 is a control plane for enterprise AI agents. The product gives IT and security leaders one admin surface to observe, govern, and secure every AI agent across the organization, whether the agent was built in Microsoft Copilot Studio, Microsoft Foundry, AWS Bedrock, Google Cloud, or by a third party.
In plainer terms, Agent 365 is to AI agents what Microsoft Intune is to managed devices. The product does not write agents and does not run them. The job is to track them, hold them accountable, and apply the same identity, access, and data protection enforced for human users. Customers building toward agentic AI for business usually hit the governance gap first, which is exactly the gap Agent 365 closes.

What does "control plane" actually mean?

A control plane is a layer that watches and governs other systems without doing their work. Microsoft separates the doing of work from the governing of it. Copilots, custom agents, and partner agents handle execution. Agent 365 sits above them, applying policy, watching behavior, and enforcing limits.

What follows from that design choice:

• The product does not replace Microsoft Entra, Microsoft Purview, Microsoft Intune, or Microsoft Defender. Agent 365 ties them together so that an agent looks like a managed identity to all four.
• Agent 365 is platform agnostic. An agent built outside the Microsoft stack can still be observed, governed, and secured through it.
• The same security tools your team runs for users now stretch to cover agents, with no parallel toolset.

The agent sprawl problem: Microsoft Agent 365 was built to solve

Agents multiply faster than enterprises can govern them. Gartner predicts that by 2028, an average global Fortune 500 enterprise will have over 150,000 agents in use, up from less than 15 in 2025. Mid-market organizations see the same shape on a smaller scale.

Most of those agents are deployed without central oversight. A finance team builds an agent in Copilot Studio, an engineer installs OpenClaw on a laptop, a vendor connects an agent to a CRM through OAuth, and none register with IT. Without a control plane, security teams cannot answer the basics: which agents exist, who owns them, what data they touch, and whether they are still needed. The closest parallel is shadow IT in 2010, except agents read documents, run code, and trigger workflows, so the blast radius is much wider.

How Microsoft Agent 365 works in three jobs

Microsoft frames the product around three responsibilities: observe, govern, and secure. Each one maps a familiar IT discipline onto agents and stitches existing Microsoft security tools together to deliver it.

Observe

Agent 365 surfaces every agent in a single registry, including Microsoft-built agents, partner agents, and shadow agents found on Windows endpoints through Microsoft Defender and Microsoft Intune. Multicloud sync with AWS Bedrock and Google Cloud is in public preview, so admins can inventory cross-cloud fleets from one place. The agent map shows how agents connect to users, data, and other agents, while ROI dashboards correlate activity with outcomes.

Govern

Once agents are visible, IT applies policy: who can create them, who can use them, what each one can access, and when they should be retired. Agent 365 issues every agent a Microsoft Entra Agent ID. Lifecycle controls cover onboarding through deletion, owners and sponsors are assigned, and reusable policy templates push compliance settings to new agents on day one. Agents acting on behalf of users carry both their own identity and the user's, so audit trails attribute actions correctly.

Secure

Microsoft Defender, Microsoft Entra, and Microsoft Purview extend existing capabilities to agents. Microsoft Entra applies conditional access and least-privilege rules. Microsoft Defender watches for prompt injection, tool misuse, and suspicious behavior, and can quarantine compromised agents in real time. Microsoft Purview applies sensitivity labels, DLP, retention, and eDiscovery to anything an agent reads or writes. Anyone tightening their enterprise security guardrails for AI will find familiar territory.

What Microsoft Agent 365 is NOT

Worth clarifying, because the product is often confused with adjacent ones.

• Not a builder. Microsoft Copilot Studio and Microsoft Foundry build agents. Agent 365 governs them.
• Not a replacement for Microsoft Entra, Defender, Purview, or Intune. Agent 365 extends those tools to agents.
• Not the same as Microsoft 365 Copilot. Copilot is the AI assistant users interact with. Agent 365 is the management layer behind every agent.

Microsoft Agent 365 pricing and licensing

Microsoft Agent 365 is licensed per user, not per agent. A single licensed user can manage or sponsor a large fleet, with no fixed cap on the agent count.

• Standalone: $15 per user per month.
• Bundled inside Microsoft 365 E7, the new Frontier Suite, at $99 per user per month, which also includes Microsoft 365 E5, Microsoft 365 Copilot, and the Microsoft Entra Suite.
• No mandatory prerequisites, but Microsoft recommends Microsoft Entra P1 or P2 and Microsoft Purview Data Loss Prevention to get full value.

For organizations already running Microsoft 365 E5 with Copilot, the gap to E7 is roughly $39 per user per month and adds Agent 365 plus the full Microsoft Entra Suite. Whether the math works depends on your agent roadmap.

How to get ready for Microsoft Agent 365

The license is the easy part. Operationalizing the control plane takes work. A practical readiness sequence:

1. Inventory every agent currently running, including the ones discovered through Microsoft Defender and Microsoft Intune.
2. Assign a sponsor or owner to every agent. Unowned agents are the ones that drift.
3. Define reusable security and compliance policy templates so new agents start governed on day one.
4. Confirm sensitivity labels and DLP rules cover the data that the data agents will read and produce.
5. Run one cross-functional governance forum, not three. IT, security, legal, and the business need shared visibility.

Many organizations couple Agent 365 readiness with Microsoft 365 Copilot readiness and a wider modern work transformation, because the same data, identity, and adoption work powers all three. Mature data and an AI strategy are the foundation; the control plane keeps it defensible at scale.

Where to start with confidence

The agent that your team will be governing in 2027 is being created right now. Catching up costs more than starting clean. A short, focused readiness conversation, run before the first wave of E7 rollouts, is the cheapest way to enter the agent era already governed. Scope one workflow you can pilot, and turn the abstract control plane into something your IT team is running by quarter end. Valorem Reply works with Microsoft customers to do exactly that.

Frequently asked questions

Is Microsoft Agent 365 the same as Microsoft 365 Copilot?

No. Microsoft 365 Copilot is the AI assistant employees use day to day. Microsoft Agent 365 is the control plane that observes, governs, and secures every agent in the tenant, including Copilot agents.

Do you need Microsoft 365 E7 to use Agent 365?

No. Agent 365 is available standalone at $15 per user per month. Microsoft 365 E7 bundles the product with Microsoft 365 E5, Microsoft 365 Copilot, and the Microsoft Entra Suite for $99 per user.

Does Agent 365 only manage agents built on Microsoft platforms?

No. Agent 365 is platform agnostic. The control plane covers agents from Microsoft Copilot Studio, Microsoft Foundry, AWS Bedrock, Google Cloud, partner platforms, and software development companies, with multicloud registry sync in public preview.

How does Microsoft Agent 365 handle shadow AI?

Shadow agent discovery uses Microsoft Defender and Microsoft Intune to find local AI agents on Windows endpoints, plus unsanctioned cloud agents reaching enterprise data. Admins can quarantine or block them through the registry.

Who is Microsoft Agent 365 designed for?

The product is designed for IT admins, security teams, and compliance leaders responsible for enterprise AI governance. End users do not interact with the control plane directly. The experience surfaces inside the Microsoft 365 admin center.

What happens to existing security tools after Agent 365 rolls out?

Existing Microsoft Entra, Microsoft Purview, Microsoft Defender, and Microsoft Intune deployments stay in place. Agent 365 extends them to cover AI agents and threads their telemetry into one admin experience.