AI agents are proliferating fast across Microsoft 365 — Copilot Studio agents, third-party agents, agents built by your own developers, and agents your users have quietly set up themselves. Until recently, IT admins had no single place to see all of them, govern who can use which, or understand what they are doing at runtime. Microsoft Agent 365, generally available since May 1, 2026, changes that. It is a purpose-built control plane for observing, governing, and securing every agent in your organisation — including ones you did not build and may not know about.
What Is Microsoft Agent 365
Agent 365 is the IT and security control plane for AI agents in Microsoft 365. It is built on three core pillars:
Observe
See every agent across your environment — Microsoft, third-party, and developer-built — with real-time usage metrics, active users, growth trends, and risk signals.
Govern
Control where each agent is available — no users, all users, or specific groups. Manage agent lifecycle, ownership, and deployment across the organisation.
Secure
Enforce Conditional Access policies for agent access, backed by Entra Agent IDs. Block agents based on real-time risk signals including DLP violations.
Agent 365 is accessed from the Microsoft 365 admin center. The overview dashboard gives you a real-time view of your entire agent fleet: total registered agents, active users, growth trends, connected external platforms, total runtime in hours, and emerging risk signals — all in one place.
The Agent Registry and Entra Agent IDs
At the core of Agent 365 is the Agent Registry, backed by Microsoft Entra Agent IDs. Every agent gets a unique identity — just like users and devices have identities in Entra ID. This identity is the foundation for every governance and security action Agent 365 can take.
When a user invokes an agent, the control plane evaluates the agent's identity against your Conditional Access policies: Is this agent registered? Does the invoking user satisfy the authentication requirements? Have there been any recent DLP violations or risk signals that should block this execution? If any check fails, the agent is blocked before it runs.
Governing Third-Party and External Agents
One of the most important capabilities in Agent 365 is Registry Sync — the ability to connect external agent platforms to your Agent 365 registry. This brings third-party agents and their metadata into your centralised inventory, so they are governed under the same framework as your Microsoft agents.
As of May 20, 2026, the following external platforms are supported:
Amazon Web Services (AWS)
Google Cloud
Salesforce Agentforce
Databricks Genie
Where supported by the partner platform, admins can take agent-level governance actions directly from the Agent 365 registry — including deleting agents — without needing to switch between admin portals.
Shadow AI: Finding Agents You Did Not Approve
Shadow AI is one of the most pressing governance challenges right now — users installing and running agents that IT has never reviewed, that access company data, and that operate outside any policy framework. Agent 365 addresses this with a dedicated Shadow AI page, powered by Microsoft Defender and Microsoft Intune.
The Shadow AI page gives admins a centralised view of local agent activity on Windows devices. It identifies agents running on endpoints that are not in the registry, and provides controls to limit unsanctioned execution paths. Initial support covers OpenClaw, with more agent types planned.
Why this matters right now
Users are not waiting for IT to deploy approved agents — they are installing local AI tools independently, pointing them at company files, and running them across unmonitored sessions. The Shadow AI page is the first Microsoft-native tool that gives IT visibility into this and the ability to act on it at the endpoint level.
Deployment Controls for Approved Agents
For agents you have approved and want to roll out, Agent 365 gives you precise deployment controls. When you install an agent into your tenant, you choose exactly where it is available:
- No users — installed but not yet deployed, ready for staged rollout
- Specific users and groups — pilot or department-scoped deployment aligned to readiness and business need
- All users — organisation-wide availability once the agent has been validated
AMA Recap: Top Questions IT Admins Asked
The May 12, 2026 AMA drew hundreds of live questions from IT professionals. The Microsoft team answered questions across four main themes:
How Agent 365 licences work, what is included in existing M365 plans, and what requires additional licencing for enterprise-scale agent management.
How Entra Agent IDs work, how they differ from service principals, and how agents authenticate against M365 data sources.
How to define risk thresholds for agent access, how DLP violations feed into Conditional Access decisions, and what happens when an agent is blocked at runtime.
How Registry Sync works with non-Microsoft platforms, what metadata comes across, and what governance actions are available for external agents vs native agents.
The full AMA replay is available on YouTube. The Administering and Governing Agents whitepaper (Version 3.2), which has been downloaded over 65,000 times, has also been updated with new guidance on security, observability, zone-based governance, and agent sharing controls.
Official Microsoft References
- YouTube — Live AMA: Microsoft Agent 365 (Official Microsoft video, May 12, 2026)
- Microsoft Tech Community — You Asked, We Answered: Inside the Agent 365 AMA
- Microsoft Tech Community — What's New in Agent 365: May 2026
- Microsoft Tech Community — Securing AI Agents End-to-End: Connecting Purview DSPM, Agent 365, and the AI Security Dashboard
- Microsoft Tech Community — Administering and Governing Agents Whitepaper v3.2
- Microsoft Tech Community — Agent 365 Blog Hub