What Is Microsoft Agent 365?
Microsoft Agent 365 is a centralised AI agent governance and security platform that gives enterprise IT teams the ability to discover, monitor, and control every AI agent operating across their organisation. It functions as a control plane for agentic AI, providing visibility into what agents exist, what they access, and whether they are behaving within defined policy boundaries.
As of May 1, 2026, Microsoft Agent 365 is generally available for enterprise commercial customers. It is available as a standalone licence at USD 15 per user per month, or bundled within Microsoft 365 E7 at USD 99 per user per month alongside Microsoft 365 E5, the Entra Suite, and Microsoft 365 Copilot.
The platform's scope covers not just Microsoft's own Copilot agents, but extends to agents built on AWS Bedrock and Google Cloud via a registry sync capability, reflecting how multi-vendor agentic environments have already become standard in enterprise IT.
Why Has AI Agent Governance Become an Enterprise Priority?
Gartner's April 2026 research contains a number every IT director should take seriously. The average enterprise currently manages 37 deployed AI agents. Gartner projects this will reach 150,000 agents per Fortune 500 enterprise by 2028, a roughly 10,000-fold increase in three years. Most of those agents will be built by business teams using low-code and no-code tools, without central IT involvement.
The security consequences are already visible. A 2026 Gravitee survey found that 88% of organisations reported confirmed or suspected AI-related security incidents. Only 14.4% have full security approval for their existing AI deployments. Only 24.4% have complete visibility into how their agents are communicating with each other.
The identity problem is particularly acute. According to Strata Identity's 2026 research, only 23% of enterprises have a formal, enterprise-wide strategy for agent identity management. Teams are routinely provisioning AI agents with shared human credentials because no formalised alternative exists, creating a class of privileged access that security teams have no line of sight into.
These are not theoretical risks. They are governance gaps that regulators, auditors, and insurers are beginning to scrutinise directly.
What Does Microsoft Agent 365 Actually Do?
Agent 365 delivers four core capability categories across the agentic environment.
Discovery and inventory. The platform automatically discovers all AI agents operating across Microsoft 365, Windows, AWS Bedrock, and Google Cloud environments. IT teams can identify shadow agents, those built and deployed without IT's knowledge, and bring them under managed governance or block them entirely.
Lifecycle governance. Admins can start, stop, and delete agents through a centralised registry. This eliminates silent proliferation of dormant or abandoned agents that continue to hold active credentials and data access long after their original use case has been retired.
Data and access protection. Agent 365 enforces least-privilege access by controlling which users, data sources, and tools each agent can interact with. It identifies data exposure risks, prevents oversharing, and logs all agent interactions for compliance and audit purposes. Microsoft Purview eDiscovery allows organisations to place agent interactions under legal hold, delivering an end-to-end discovery experience for agent activity using familiar compliance workflows.
Runtime security. Context mapping, policy-based controls, and runtime blocking capabilities are entering Intune and Defender public preview in June 2026. Defender will be able to block a coding agent mid-execution when it detects behaviour patterns consistent with data exfiltration or policy violation, and generate incident alerts with full context for the security team.
How Does Agent 365 Fit Into Microsoft 365 E7?
Microsoft 365 E7 is the highest enterprise licence tier Microsoft has introduced to date, announced on March 9, 2026, and generally available from May 1, 2026. At USD 99 per user per month, E7 bundles Microsoft 365 E5, the Microsoft Entra Suite, Microsoft 365 Copilot, and Agent 365 into a single plan.
For organisations already running Microsoft 365 E5, the incremental cost to move to E7 is approximately USD 20 per user per month. Whether this is justified depends on the organisation's current scale of agentic AI deployment. For enterprises running fewer than 20 agents with no immediate expansion plans, the standalone Agent 365 licence at USD 15 per user per month may be the more practical entry point.
The E7 bundle becomes compelling when Entra Suite's identity governance capabilities are factored in alongside Agent 365's access controls. The combination directly addresses the agent identity gap that Strata's research identified as the most critical unsolved problem in enterprise AI security. The two tools working together can close the credential provisioning loop that currently leaves most enterprises exposed.
How Does Agent 365 Differ From Traditional IT Security Tools?
Traditional IT security tools were designed for human users and static applications. They track logins, monitor network traffic, and enforce role-based access controls built around known identity types. AI agents are categorically different: they are autonomous, continuously running, make decisions at machine speed, and chain actions across multiple services without direct human oversight at each step.
Existing SIEM, DLP, and PAM tools can observe agent behaviour to some degree, but they were not designed to understand agent context. They cannot distinguish between an agent reasoning normally through a complex task and an agent deviating from its intended scope. Agent 365 introduces context mapping, which tracks not just what an agent did but the chain of decisions and tool interactions that produced the outcome.
The key distinction is that Agent 365 treats agents as first-class IT entities with their own identity, permission model, and lifecycle, rather than forcing autonomous AI behaviour into frameworks built for human-operated systems. That architecture difference matters significantly when regulators or auditors begin asking for agent activity logs.
What Are the Three Biggest Risks Agent 365 Is Designed to Prevent?
Based on the capabilities Microsoft has prioritised in the GA release, three risk categories stand out as the primary design targets.
Shadow agent accumulation. Business teams building agents with Copilot Studio, Power Automate, or third-party low-code tools can deploy fully functional agents without any IT involvement. These agents may hold broad data access, run indefinitely, and never be audited. Agent 365's discovery capability makes shadow agents visible and puts them under governance control.
Credential and data oversharing. When agents are provisioned with shared human credentials or over-privileged access tokens, any compromise creates a direct pathway to sensitive data at scale. Agent 365's least-privilege enforcement and data access monitoring directly address this pattern, which Strata's 2026 research identified as the most common security failure mode in agentic deployments.
Undetected policy violations at runtime. An agent behaving anomalously may do so for minutes or hours before a human reviewer notices. Attempting to access data outside its defined scope, making unusual tool calls, or producing outputs inconsistent with its expected behaviour are all signals that current security tooling cannot reliably detect at the speed agents operate. Runtime blocking via Defender, entering preview in June 2026, is designed to interrupt this class of incident before it becomes a breach.
How Should Hong Kong Enterprise IT Leaders Evaluate Agent 365?
Five questions frame the right evaluation approach for a Hong Kong organisation considering Agent 365.
How many agents do you currently have deployed, and who built them? Organisations that have not conducted an agent inventory are almost certainly underestimating their exposure. The Gravitee 2026 data suggests most enterprises have at least two to three times as many agents running as their IT teams believe.
Are you primarily a Microsoft shop? Agent 365's deepest value accrues within the Microsoft 365 ecosystem. The registry sync with AWS Bedrock and Google Cloud adds multi-cloud coverage, but organisations with a primarily non-Microsoft footprint may find vendor-neutral AI TRiSM tools more comprehensive for their environment.
Are you already on Microsoft 365 E5? If yes, the E7 upgrade path deserves evaluation as a bundle. If not, the standalone Agent 365 licence at USD 15 per user is the lower-commitment entry point for establishing governance infrastructure.
What is your PDPO and regulatory exposure? Organisations in financial services, healthcare, and professional services in Hong Kong are operating under evolving HKMA, SFC, and Digital Policy Office guidance on AI governance. Agent 365's audit trails, legal hold via Purview, and data access logging directly support the documentation requirements these frameworks impose.
What is your agentic AI roadmap for the next 18 months? Agent 365 delivers the most value as a proactive investment before agent sprawl becomes entrenched. Retrofitting governance onto an unmanaged agent estate, with dormant agents holding active credentials across dozens of applications, is substantially more expensive and disruptive than building governance infrastructure alongside the first wave of deployment.
What Comes Next for Agent 365?
Microsoft has confirmed several capabilities entering public preview in June 2026. Context mapping for runtime monitoring, policy-based controls integrated with Intune, and Defender's runtime blocking for coding agents are all scheduled for the June preview window. These capabilities move Agent 365 from a discovery and inventory tool toward a real-time enforcement platform.
The AWS Bedrock and Google Cloud registry sync is already in public preview for multi-cloud agent discovery. Microsoft has signalled intent to expand lifecycle governance capabilities, including start, stop, and delete operations across third-party agent platforms, as those integrations mature through 2026.
For enterprise IT leaders evaluating the Microsoft ecosystem's agentic AI roadmap, Agent 365 represents Microsoft's bet that governance infrastructure will become as fundamental to enterprise AI deployment as identity and endpoint management tools have been to cloud adoption. The GA release on May 1, 2026, at seven days old, makes this one of the freshest significant enterprise AI governance tools available today.
Ready to Build Your AI Agent Governance Strategy?
Understanding the tools is one thing — deploying governance correctly across your organisation is another. UD has partnered with Hong Kong enterprises for 28 years, making complex technology decisions clear and actionable. Whether you are evaluating Microsoft Agent 365, assessing your current AI agent exposure, or building your agentic AI roadmap, we'll walk you through every step — from AI readiness assessment to deployment and ongoing governance.
