Microsoft Agent 365 Secures Enterprise AI Agents

Introduction

As enterprises move from AI experimentation to large-scale deployment of autonomous and semi-autonomous agents, governance is quickly becoming the biggest blocker. Microsoft’s new Agent 365 is designed to address that challenge by giving IT, security, and business teams a shared control plane for tracking, securing, and managing agentic AI across Microsoft and partner ecosystems.

What’s new

Unified control plane for AI agents

Microsoft Agent 365 provides centralized visibility into agents across the organization, including Microsoft-built agents, partner agents, and agents registered through APIs.

Key capabilities include:

• Agent Registry for a unified inventory of enterprise agents
• Usage and performance observability with reports, adoption metrics, and activity details
• Agent risk signals surfaced through Microsoft Defender, Entra, and Purview
• Security policy templates to help security teams define controls that IT can enforce during onboarding

Identity and access controls for agents

Microsoft is treating agents more like managed digital identities.

Notable Entra-based features include:

• Agent ID to assign each agent a unique identity in Microsoft Entra
• Conditional Access and Identity Protection for agents using risk, device compliance from Intune, and custom security attributes
• Identity Governance for agents to limit access and audit granted permissions

This is important because unmanaged agents can easily become over-privileged or operate outside standard organizational controls.

Compliance and data protection for agentic AI

Purview capabilities extend compliance controls to AI agents, helping reduce oversharing and leakage risks.

Highlights include:

• Information Protection so agents inherit Microsoft 365 sensitivity labels
• Inline DLP for Microsoft Copilot Studio prompts
• Insider Risk Management for risky agent interactions with sensitive data
• Data Lifecycle Management for retention and deletion of prompts and agent-generated data
• Audit, eDiscovery, and Communication Compliance for investigating and governing agent activity

Threat protection for emerging AI attacks

Defender adds protections specifically aimed at AI-centric threats such as:

• Prompt manipulation
• Model tampering
• Agent-driven attack chains
• Misconfigurations in Foundry and Copilot Studio agents

Some Defender and Purview capabilities remain in public preview as of the May 1 release.

Impact on IT administrators and security teams

For admins, the biggest change is operational: agents are becoming first-class enterprise entities that need the same lifecycle management as users, apps, and devices. Organizations deploying Copilot Studio, Foundry, or partner-built agents will now have a clearer path to enforce identity, compliance, and monitoring controls without building separate governance processes.

Action items

• Review where AI agents already exist in your environment and who owns them
• Assess whether your Entra, Defender, and Purview policies are ready to extend to agents
• Plan for Agent 365 GA on May 1, 2026
• Evaluate licensing impact: Agent 365 is priced at $15 per user/month
• Track preview features if you need advanced risk and investigation scenarios at launch

Microsoft’s message is clear: if AI agents are going to scale safely, they need the same trust, visibility, and control framework as every other enterprise identity.