Agent 365 eliminates AI agent shadow IT with unified Entra identity

Microsoft is moving to own the agent governance layer.

The company announced Agent 365 this week — a unified control plane for enterprise AI agents that bundles observability, identity governance, data security, and threat protection into a single product. According to the Microsoft Security Blog post anchoring this announcement, Agent 365 gives IT and security teams visibility into all agents running in an organization, assigns each one a unique Entra identity, enforces Conditional Access policies based on risk signals, and extends Defender and Purview protections to agent workflows. It goes generally available May 1, 2026 at $15 per user per month.

The core problem Microsoft is solving is fragmentation. In enterprise environments built around Microsoft tooling, agents proliferate across Copilot Studio, Foundry, and third-party platforms — often without IT or security having any inventory of what exists, what access it has, or what it did with that access. Agent 365's Registry feature is the response: a unified inventory of every agent in the organization, surfaced in both the Microsoft 365 admin center and existing Defender and Purview workflows.

The identity layer is where this connects most directly to the non-human identity governance story we've been tracking. Agent ID assigns each agent a unique Microsoft Entra identity — the same system used for human users — enabling security teams to apply trusted access policies at scale, evaluate identity risk signals, and enforce Conditional Access based on device compliance, sign-in anomalies, and behavioral risk. This extends Microsoft's existing Entra, Defender, and Purview stack into the agent realm rather than building a separate system.

Avanade is cited as running Agent 365 in production. Aaron Reich, Avanade's Chief Technology and Information Officer, is quoted saying the platform has given his team "real visibility into agent activity, the ability to govern agent sprawl, control resource usage, and manage agents as identity-aware digital entities in Microsoft Entra." That quote is from the Microsoft Security Blog; it hasn't been independently verified by type0.

The threat protection layer covers prompt manipulation, model tampering, and agent-based attack chains — targeting the specific vulnerability categories that security researchers have documented in MCP and agentic workflows. Security posture management for Foundry and Copilot Studio agents detects misconfigurations proactively. Runtime threat protection for agents using the Agent 365 tools gateway detects and blocks malicious agent activities.

For buyers evaluating the landscape: Microsoft is positioning Agent 365 as the governance layer for its own ecosystem, with explicit support for "agents from ecosystem partners" — meaning agents built outside Microsoft AI platforms but registered through APIs. Whether that cross-platform coverage extends to non-Microsoft agent frameworks like OpenClaw or agent platforms not explicitly listed is an open question the blog post doesn't answer.

The pricing is notable. At $15 per user per month, agent governance is now a line item comparable to a SaaS productivity tool — not a six-figure enterprise security project. Combined with Microsoft 365 E7 (which bundles Copilot, Agent 365, Entra Suite, and advanced Defender/Entra/Intune/Purview capabilities at $99 per user per month), Microsoft is making the argument that enterprise AI governance should be built into the productivity platform, not bolted on separately.

Our read: this is Microsoft doing what Microsoft does — extending an existing enterprise platform into a new category rather than building from scratch. The Entra identity layer is the credible part. The question for buyers is whether unified visibility within Microsoft's ecosystem is enough, or whether heterogeneous environments with agents running across multiple frameworks need something more platform-agnostic.