What Is Microsoft Agent 365? The Control Plane for Governing AI Agents
AI agents are multiplying inside enterprises faster than IT teams can track them. Every department is spinning up its own automations. Copilot Studio agents, SharePoint agents, third-party tools like Claude Code and GitHub Copilot CLI running on developer laptops. Most organizations have no centralized view of what is running, what data it can access, or who approved it. Agent 365 is Microsoft's answer to that visibility gap: a governance control plane that inventories, monitors, and secures every AI agent in your environment, including the ones nobody told IT about.
What Is Agent 365?
Agent 365 is Microsoft's centralized control plane for observing, governing, and securing AI agents across the enterprise. It reached general availability on May 1, 2026, launching alongside the Microsoft 365 E7 Frontier Suite. It costs $15 per user per month as a standalone product, or it comes bundled in the E7 license at $99 per user per month.
The critical distinction: Agent 365 is a governance layer, not a build tool. It does not create agents. It does not provide compute for running agents. Building agents still requires Copilot Studio or Azure AI Foundry, which are separate products with their own consumption costs. Agent 365 sits above all of those tools and gives IT and security teams a unified dashboard to inventory, govern, secure, and monitor every agent in the organization, regardless of where it was built or who deployed it.
Think of it this way: Copilot Studio is the factory floor where agents get assembled. Azure AI Foundry is the heavy-machinery shop for custom models. Agent 365 is the control tower that watches every agent leaving those factories and tracks what they do once they are out in the wild.
What Agent 365 Actually Does
Agent 365 provides three core capabilities: a Unified Agent Registry, Shadow AI Discovery, and deep integration with Microsoft's existing security stack. All of this is managed through the admin tools IT teams already know: the Microsoft 365 admin center, Defender portal, Entra portal, and Intune portal.
Unified Agent Registry
The registry is a complete inventory of every AI agent in your environment. That includes Microsoft-built agents (Copilot features, Security Copilot), partner agents from the Copilot Studio marketplace, custom agents your teams built in Copilot Studio or Azure AI Foundry, and shadow agents that nobody in IT explicitly approved. Each agent gets a profile showing what data it can access, which APIs it calls, who deployed it, and its current status.
Shadow AI Discovery
This is the capability that will get the most attention from security teams. Shadow AI Discovery detects unmanaged AI agents running on enterprise endpoints. At launch, detection starts with OpenClaw agents running on Windows devices, using telemetry from Microsoft Defender and Intune. Microsoft has confirmed plans to expand coverage to GitHub Copilot CLI, Claude Code, and other third-party agents over time. The detection works through endpoint telemetry, not network inspection, so it catches agents running locally on developer machines even if they do not route through corporate proxies.
Security Integration Stack
Agent 365 plugs into four Microsoft security products, extending their existing capabilities to cover AI agents:
How AI Agents Get Built in Microsoft 365
Agent 365 governs agents. It does not build them. If you want to create an AI agent in the Microsoft ecosystem, you have two primary tools, and they serve different audiences:
| Capability | Agent Builder | Copilot Studio |
|---|---|---|
| Target user | Business users, quick tasks | IT pros, developers, complex workflows |
| Where it lives | In-context inside M365 Copilot, Teams, SharePoint | Standalone SaaS platform |
| Complexity | Simple, lightweight agents | Multi-agent systems, branching logic |
| Connectors | Limited to M365 data | 1,000+ Power Platform connectors |
| External publishing | No | Yes (websites, WhatsApp, Teams channels) |
| Export path | Can export to Copilot Studio for more capabilities | Full development environment |
| Pricing | Included with M365 Copilot license | $200/mo for 25K Copilot Credits, or pay-as-you-go |
Agent Builder is the lightweight path. A marketing manager can open SharePoint, point Agent Builder at a document library, and have a working Q&A agent in minutes. It is designed for quick, simple agents that answer questions about specific content. When you need more, you export to Copilot Studio.
Copilot Studio is the full development platform. It supports multi-agent orchestration, external channel publishing, over 1,000 Power Platform connectors, and integration with Azure AI Foundry for custom models. If you are building agents that interact with customers on your website or automate complex multi-step business processes, this is where the work happens.
SharePoint Agents deserve a separate mention. Any SharePoint site, library, or folder can have an instant agent created from its content. These agents can be added to Teams chats for collaborative Q&A. For unlicensed users interacting with a SharePoint agent, Microsoft bills $0.12 per question directly to the Azure invoice.
The governance gap Agent 365 fills: Agent Builder makes it trivially easy for any licensed user to spin up an agent. Without Agent 365, IT has no visibility into how many agents exist, what data they access, or whether they comply with organizational policies. The easier Microsoft makes agent creation, the more critical the governance layer becomes.
Agentic AI Compliance Assessment
Compliance checklist for autonomous agent deployments
Download Free →How Copilot Orchestrates Agents
When a user prompts Microsoft 365 Copilot, the request does not go directly to a single model. The Copilot Orchestrator interprets the query, searches available agents and tools, and dynamically selects the right agent skill to handle the task. This is a multi-step reasoning loop:
- User prompt enters the orchestrator. The system parses intent and context from the conversation and the user's Microsoft Graph data.
- Agent/tool search. The orchestrator checks the registry of available agents, skills, and connectors. If a specialized agent exists for the task (a finance reporting agent, a SharePoint Q&A agent), it routes accordingly.
- Execution. The selected agent runs its task, potentially calling external APIs, querying Microsoft Graph, or invoking other agents in a chain.
- Response assembly. Results come back through the orchestrator, which formats them for the user and applies responsible AI checks before delivery.
Copilot Cowork takes this further. Available exclusively through the E7 Frontier program, Cowork is a cloud-based execution agent that handles long-running multi-step tasks in the background: sending emails, scheduling meetings, creating documents, posting in Teams. The user approves each action before it executes, maintaining a human-in-the-loop pattern. Unlike standard Copilot interactions that complete in seconds, Cowork runs for hours on complex projects.
Agent 365's role here is governance, not orchestration. The orchestrator decides which agent to invoke. Agent 365 ensures every agent the orchestrator can reach is inventoried, authorized, and compliant with your organization's policies. See the Agentic AI Hub for deeper coverage of agent orchestration patterns.
Shadow AI: The Problem Agent 365 Solves
The core problem is straightforward: developers install Claude Code on their laptops. Data analysts run custom GPT wrappers. Teams across the organization create SharePoint agents and Agent Builder bots without filing a ticket. Each of these agents has access to some combination of corporate data, external APIs, and user credentials. Without a detection layer, IT has no way to know they exist until something goes wrong.
Agent 365's Shadow AI Discovery addresses this by using endpoint telemetry from Defender and Intune. At launch, detection covers:
- OpenClaw agents on Windows devices -- the first detection target, using Defender endpoint telemetry to identify running agent processes and their network activity.
- Planned expansion: GitHub Copilot CLI, Claude Code, and other third-party agents -- Microsoft has confirmed these are on the roadmap, but specific timelines have not been published.
The detection works through endpoint telemetry, not network interception. This is important for two reasons. First, it catches agents that run locally and never route through a corporate proxy. Second, it works on Intune-managed devices regardless of network location, covering remote workers and BYOD scenarios where the device is enrolled.
Once a shadow agent is discovered, Agent 365 registers it in the Unified Agent Registry and applies the organization's governance policies. IT can then decide to allow it (with guardrails), restrict it, or block it entirely through Intune compliance policies.
How Much Does Agent 365 Cost (and What It Does NOT Cover)
Agent 365 has a simple per-user price, but the total cost of running an agent-powered enterprise is anything but simple.
| Component | Price | What it covers |
|---|---|---|
| Agent 365 (standalone) | $15/user/mo | Governance: registry, shadow AI discovery, security integrations |
| M365 E7 Frontier Suite | $99/user/mo | Includes Agent 365 + M365 E5 + M365 Copilot + Entra Suite |
| Copilot Studio (agent building) | $200/mo for 25K credits | Separate: building and running custom agents |
| SharePoint agent queries | $0.12/question | Separate: unlicensed user interactions billed to Azure |
| Azure AI Foundry | Consumption-based | Separate: custom model hosting and inference |
The cost distinction that matters: Agent 365 covers the governance of agents. It does not cover the execution of agents. If you build 50 agents in Copilot Studio and govern them through Agent 365, you are paying the Agent 365 per-user fee for governance plus Copilot Studio credits for execution. These are two separate billing streams.
For organizations already on M365 E5 ($60/user/mo), the E7 upgrade at $99/user/mo adds Agent 365, Copilot, and the Entra Suite for an incremental $39 per user. Whether that math works depends on how many agents you are running and how much governance risk you carry. For a full breakdown of the Microsoft licensing stack, see the Microsoft Copilot Pricing Guide.
Who Needs Agent 365?
Not every organization needs a dedicated agent governance product. Here are the decision criteria:
When you do NOT need it: If you are a small team with fewer than 10 agents, all built in Copilot Studio, and you have no third-party AI tools on endpoints, the built-in governance in Copilot Studio and Entra ID may be sufficient. Agent 365 adds value at scale, not for a handful of simple bots.
What Are the Limitations of Agent 365?
Agent 365 fills a real gap in enterprise AI governance, but it ships with constraints you should understand before budgeting.