What is Microsoft Agent 365 and when did it launch?
Microsoft Agent 365 is a centralized control plane for governing autonomous AI agents in your tenant. It went generally available on May 1, 2026. The platform addresses "agent sprawl" β the rapid proliferation of AI agents from Microsoft Copilot Studio, third-party platforms (Salesforce Agentforce, ServiceNow Now Assist, Workday Illuminate), and open-source frameworks (LangChain, AutoGen, CrewAI) β by providing a unified surface for inventory, identity, runtime protection, data governance, and observability across all of them.
How much does Microsoft Agent 365 cost?
Microsoft Agent 365 is priced at $15 per user per month standalone (annual commit), layered onto an eligible M365 plan. It is also bundled into the new Microsoft 365 E7 Frontier Suite at $99 per user per month, which combines E5 + Microsoft 365 Copilot + Microsoft Entra Suite + Agent 365. Γ la carte that bundle costs $117/user/mo, so E7 saves about $18/user/mo. For organizations that already have E5 + Copilot + Entra Suite, E7 is the immediate win at next renewal.
What is "agent sprawl" and why does it matter?
Agent sprawl is the rapid accumulation of AI agents from multiple vendors and frameworks β Microsoft Copilot Studio, Salesforce Agentforce, ServiceNow Now Assist, Workday Illuminate, custom builds, and open-source. Each vendor ships its own agent platform with its own admin console, identity model, audit trail, and security posture. Without a unified control plane, IT and SecOps cannot see what agents exist, what data they access, what they cost, or whether they have been compromised. Agent 365 solves this by giving you one place to govern agents from any source.
How does the Agent Registry detect "shadow agents"?
The Agent Registry runs continuous discovery scans against your tenant β Microsoft Graph activity, Entra ID sign-in logs, Defender for Cloud Apps signals, and connector telemetry. Agents that connect to tenant resources show up in the registry within minutes of registration, even if they were never registered through an official IT process. Each entry includes the agent owner, the data scope, the last-active timestamp, and the registration path (sanctioned IT-approved vs. shadow). Unsanctioned agents can be quarantined with one click β pausing all execution pending review.
How does Microsoft Defender protect agents at runtime?
Defender monitors agents the way it monitors users and endpoints β continuous behavioral analysis with baseline-deviation detection. Specific agent threats Defender detects include: excessive data retrieval (an agent suddenly pulling 10x its baseline document volume), unusual tool-use patterns (an agent calling APIs it has never called before), prompt-injection attempts (model-aware detection of crafted input designed to override agent behavior), credential theft attempts, and lateral movement across the agent's authorized resources. Response actions include dynamic restriction (revoke specific tool permissions), pause (halt all execution), and full isolation (cut off network access). Incidents flow into Defender XDR alongside endpoint, identity, and email signals.
How does Microsoft Purview govern agent data access?
Purview policies apply to agents the same way they apply to human users. Sensitivity labels propagate from source documents into agent outputs β a Confidential-labeled file used as agent grounding produces a Confidential-labeled response. DLP policies inspect both agent prompts (input) and agent responses (output) for sensitive content; agents attempting to retrieve credit-card numbers get blocked exactly as a user would. Records management labels extend to agent-generated artifacts, and Insider Risk Management correlates agent activity with the user the agent acts on behalf of β surfacing patterns where an agent is being used to do things the user could not do directly. The Purview AI Hub is the unified governance surface for all AI activity.
Does Agent 365 work with Salesforce Agentforce, ServiceNow Now Assist, and Workday Illuminate?
Yes. Agent 365 is explicitly designed as a multi-vendor control plane. Microsoft Copilot Studio agents, Salesforce Agentforce agents, ServiceNow Now Assist agents, Workday Illuminate agents, and custom-built agents (including open-source frameworks like LangChain, AutoGen, and CrewAI) all appear in the unified Agent Registry. Identity, audit logging, DLP, and observability surfaces work consistently regardless of where the agent was built. This is the "single source of truth" promise: one place to govern every agent in your tenant.
Should we buy Agent 365 standalone or wait for the M365 E7 bundle?
It depends on your current state. If you already have M365 E5 + Microsoft 365 Copilot + Microsoft Entra Suite, switching to E7 at next renewal saves $18/user/mo and adds Agent 365 with no incremental work. If you have E5 today but no Copilot, the right sequence is: deploy E5 first, run a 3-6 month Copilot pilot, then transition to E7 when Copilot adoption justifies it. If you only need Agent 365 and not Copilot β for example, you have a multi-vendor agent estate from Salesforce + ServiceNow that needs governance but you have not deployed Microsoft Copilot β buying Agent 365 standalone at $15/user/mo on top of your existing M365 plan is the right move.
How does Agent 365 differ from Microsoft Copilot Studio governance?
Copilot Studio includes its own native governance for agents BUILT in Copilot Studio β environment policies, DLP policies for connectors, maker permissions, and Power Platform admin center oversight. Agent 365 sits ABOVE Copilot Studio and extends governance to agents from EVERY source β Studio agents, Salesforce Agentforce, ServiceNow Now Assist, Workday Illuminate, custom-built ones, open-source frameworks. The two layers are complementary: Copilot Studio governs how you BUILD agents within Microsoft's platform; Agent 365 governs the AGENT POPULATION across all platforms in your tenant. Most enterprise deployments need both.
What does an Agent 365 deployment look like for a Canadian mid-market business?
A typical Agent 365 deployment is a 4-6 week engagement. Week 1: Agent Registry rollout β discover the existing agent estate, classify by risk tier, identify shadow agents. Weeks 2-3: Identity model β assign Entra identities to discovered agents, apply Conditional Access policies, enforce least-privilege scope. Weeks 3-4: Defender + Purview integration β wire runtime monitoring, DLP for the agent boundary, Insider Risk Management correlation. Weeks 5-6: Observability rollout β dashboard configuration, role-based reporting, cost telemetry, integration with the Copilot Dashboard for the human-AI productivity surface. We map the entire deployment to PIPEDA and Quebec Law 25 obligations as part of the engagement for Canadian clients.
