Microsoft has made Agent 365 generally available. It is a dedicated control plane for managing, governing, and securing AI agents across the enterprise. For IT and security leaders working to establish AI agent governance at scale, this is the governance framework enterprise IT has needed.
Most organisations can answer that question for individual agents they have deliberately deployed. Far fewer can answer it for the full picture; the agents built by different teams on different platforms, the third-party agents installed without central approval, and the local agents running on employee devices that IT has no visibility of at all. Gartner estimated that by the end of 2025, more than 40% of enterprise AI agents would be deployed outside central IT governance. In practice, that means a growing category of systems acting on behalf of users, accessing sensitive data, and interacting with external services with no consistent oversight model in place.
Agent 365, now generally available inside the Microsoft 365 admin centre, is Microsoft’s direct response to that problem. It is built around three interlocking capabilities: observability across the full agent estate, centralised governance controls, and enterprise-grade security that extends Microsoft’s existing security fabric to cover agents as a new and distinct category of identity.
This article explains what each of those capabilities delivers, which features represent the highest immediate value for enterprise organisations, and what the general availability of Agent 365 means for IT and security leaders managing the shift to agentic AI at scale.
Observe: Full Visibility Across Your Enterprise AI Agent Estate
Most organisations currently have agents running across multiple platforms with no central visibility. Agent 365 addresses this through four observability tools built for IT administrators.
The Agent Overview Dashboard and Real-Time Risk Signals
The overview dashboard is the starting point inside the Microsoft 365 admin centre. It surfaces total registered agents, active users, growth trends, connected platforms, runtime hours, and emerging risk signals in a single view. Recommended actions guide administrators to what needs attention first — pending agent requests, unclaimed agents without assigned owners, or active exceptions requiring review.
The Agent Registry: A Complete Record of Every AI Agent
The Agent Registry functions as the system of record for every agent in the organisation. Each entry, whether Microsoft-built, custom-built, or sourced from an ecosystem partner, is enriched with metadata covering its name, publisher, platform, ownership, deployment status, Graph permissions, data access, security details, certifications, and usage activity. This closes the blind spots that currently exist in most enterprise agent estates.
Agent Map View and Cross-Cloud Registry Sync
The Map view provides a visual graph of the agent ecosystem, clustering agents by platform and surfacing their interdependencies. As the view is zoomed in, individual agents and their connections to other agents become visible, which is particularly valuable as agentic workflows grow in complexity and the relationships between agents become harder to track manually.
Registry Sync, currently in preview, extends the registry to external platforms. The initial release covers AWS and Google Cloud, allowing administrators to consent to sync agents from these platforms into the Agent 365 registry and, where supported, take governance actions including agent deletion directly from the registry without switching context. This positions Agent 365 as a unified management layer for enterprise AI governance, regardless of where agents are built.
Shadow AI Detection and Endpoint Agent Blocking
Shadow AI detection and blocking, also in preview, addresses one of the most underappreciated risks in enterprise AI adoption. Local agents installed on employee devices outside IT visibility can read files, execute code, and act on a user’s behalf entirely outside managed cloud services. Agent 365, powered by Microsoft Defender and Intune, surfaces these local agents and provides endpoint controls to limit unsanctioned execution, with detection covering GitHub Copilot CLI, Claude Code, and a growing list of platforms beyond the initial OpenClaw scope.
Govern: Centralised Control That Scales
Governance frameworks that create bottlenecks tend to get worked around. Agent 365’s governance tooling is designed to be fast, centralised, and scalable as agent adoption grows across the organisation.
Agent Lifecycle Management and Distribution Controls
Lifecycle actions including install, publish, block, unblock, delete, and reassign ownership are all available directly from the registry without switching context. Distribution and availability controls allow administrators to define precisely which users and groups can access each agent, enabling phased rollouts and preventing overexposure.
Agent Approval Workflows and Publication Controls
The approval and publication flow provides a review step before any agent reaches users. Administrators can assess an agent’s capabilities, data access, Graph permissions, and security posture before publishing or rejecting it, preventing agent sprawl and ensuring every agent is onboarded with the right controls in place across Copilot Studio, Microsoft Foundry, and expanding platforms.
Automated Governance Rules and Policy Templates
Agent management rules address the scalability problem directly. As an agent estate grows, manual oversight cannot keep pace. Automated rules handle routine governance tasks — auto-expiring inactive agents, auto-reassigning ownerless ones, and auto-deploying Microsoft-built agents where appropriate, all triggered automatically when defined conditions are met.
Policy templates are one of the two features with the highest immediate return on investment for mid-to-large enterprises. Rather than building individual policies for each agent, templates group existing controls from Microsoft Entra, Purview, Defender, and SharePoint into reusable packages. Apply a template during onboarding and consistent governance follows automatically. For organisations managing hundreds of agents, it is what makes the difference between a governance model that holds and one that collapses under its own weight.
Tools Management for MCP Servers and APIs
Tools management is the other high-value feature for most enterprises. Agents accomplish work through tools — MCP servers, APIs, and connectors that enable real-world actions. Unmanaged tools introduce genuine risk. The tools management pane gives AI administrators a central point to allow or block which tools agents can use across the tenant, enforcing consistent, centrally approved boundaries without configuring each agent individually.
Identity Governance and Compliance via Microsoft Entra and Purview
Identity governance via Microsoft Entra brings high-impact agents into the same access management model used for people. Access packages define and scope agent permissions, while sponsor lifecycle workflows assign a responsible human to oversee each agent identity over time, maintaining accountability as agent estates grow.
Three Microsoft Purview capabilities extend proven compliance controls to agent interactions. Data Lifecycle Management allows retention and deletion policies to be set for agent conversations, scoped by user, agent, or group. Communication Compliance applies policies to detect unethical or non-compliant agent behaviour at scale. eDiscovery places agent interactions under legal hold and makes agent outputs and accessed documents searchable within familiar Purview workflows.
Secure: Enterprise-Grade Protection for a New Attack Surface
Agents represent a new type of security risk that existing enterprise frameworks were not built to handle. Agent 365 extends Microsoft’s existing security fabric, grounded in Zero Trust principles, to cover this terrain across four areas.
Zero Trust Security and Conditional Access for AI Agents
Native signals from Microsoft Defender, Entra, and Purview surface agent-level risk directly in the Microsoft 365 admin centre. Administrators can block risky agents or escalate to security teams without leaving the registry, making agent security a shared responsibility between IT and security functions rather than a separate workflow.
Conditional Access and Identity Protection for agents extends Zero Trust principles to the agent layer. Conditional Access is generally available for delegated access agents acting on behalf of a user, and in public preview for autonomous agents with their own identity, applying the same dynamic, granular access policies that govern human users.
Network Security and Threat Detection for Agent Traffic
Secure Access Service Edge for agents applies network-level security controls to agent traffic for Copilot Studio agents and local endpoint agents using the Global Secure Access client. This includes prompt injection protection, threat intelligence filtering, and web and URL filtering — controls that address the specific attack vectors that agents introduce rather than relying on controls designed for human internet traffic.
Threat detection and hunting, currently in preview, enables Microsoft Defender to detect, block, and investigate agent threats at runtime. When an agent exhibits suspicious behaviour, such as abusing permissions to an email MCP server, Defender can block the action and trigger an incident alert. Security teams can also use Advanced Hunting to proactively identify vulnerabilities, including agents using maker credentials that could enable privilege escalation.
AI Agent Security Posture Management and Data Protection
Two further preview capabilities complete the security picture. Agent security posture management assesses Foundry and Copilot Studio agents for excessive permissions, misconfigurations, and attack paths, surfacing prioritised recommendations. DSPM AI Observability provides unified visibility into how all agents — Microsoft and non-Microsoft — access sensitive data, with continuous risk posture assessment.
Insider Risk Management and Data Loss Prevention extend to agent interactions, treating agents as first-class identities in Microsoft Purview’s Insider Risk Management. DLP policies prevent agents from emailing confidential files externally and protect the grounding data agents reason over, so sensitive content does not inform AI decisions inappropriately.
What the General Availability of Agent 365 Means for Your Organisation
The general availability of Agent 365 changes the enterprise AI governance picture in a specific and practical way. The challenge until now has been a structural mismatch: organisations have been deploying enterprise AI agents at speed while AI agent governance frameworks lagged behind. Agent 365 closes that gap by making responsible adoption easier than ungoverned adoption, rather than slower.
Cross-Cloud AI Agent Governance: AWS, Google Cloud, and Beyond
The cross-cloud registry sync covering AWS and Google Cloud signals that Microsoft is positioning Agent 365 as the management plane for enterprise AI agents regardless of where they are built. For organisations running agents across multiple cloud environments, this is a significant step toward a unified governance model.
Shadow AI on Managed Devices: Detection and Control
The shadow AI detection capability addresses a risk that many organisations have not yet formally assessed. Local agents on managed devices are already active in most large organisations — the question is whether IT has visibility of them. Agent 365 now provides that visibility along with the endpoint controls to act on what it surfaces, making shadow AI detection a practical reality rather than an aspiration.
Governing AI Agents with Existing Microsoft Security Infrastructure
The integration across Entra, Defender, Purview, and Intune means Agent 365 orchestrates controls most enterprise organisations already own rather than requiring new tooling investment. The governance framework is built on the existing security stack, not alongside it.
AI Agent Compliance for Regulated Industries
The compliance tooling — eDiscovery, DLP, Communication Compliance — will be particularly important for regulated industries where agent interactions could constitute a record subject to retention, discovery, or conduct obligations. For financial services, healthcare, legal, and public sector organisations, this is not optional governance. It is a compliance requirement.
Building Your Agent 365 Governance Framework with Flyte
Flyte works with enterprise organisations from initial readiness assessments through to full deployment and governance frameworks that let agentic AI scale without the oversight gaps that tend to surface later as problems.
If your organisation is already deploying AI agents and has not yet established a formal governance model, the gap between your current position and what Agent 365 enables is worth understanding before it becomes a problem.
If you want to understand where your agent governance stands today and what a structured path to Agent 365 looks like for your organisation, talk to a Flyte consultant today.