Microsoft Agent 365

Video Review

About

Microsoft Agent 365 went generally available on May 1, 2026, and it is not a chatbot. It is the first cross-cloud control tower for the agent fleet your company already has — the ones IT knows about and the dozens it does not. You probably have shadow agents running right now. A finance lead spun up a Copilot Studio bot last quarter. Two engineers are running local agents on their laptops via OpenClaw. Marketing wired a Bedrock agent into HubSpot without telling anyone. Agent 365 finds them. All of them. The product runs on three pillars: observe, govern, secure. Observe means a unified registry that pulls in agents from Microsoft 365, AWS Bedrock, Google Cloud and local Windows deployments — the cross-cloud sync is in public preview. Govern means policy: which agents can run, which can install, which can publish to other employees. Secure means Microsoft Defender and Intune enforce those policies on real endpoints, starting with OpenClaw on Windows. Pricing is the part that breaks the market. $15 per user per month standalone, or bundled at no incremental cost in the new Microsoft 365 E7 SKU. That is below what most enterprises spend per user on a single shadow-IT discovery tool today. Microsoft is not trying to make money on Agent 365. Microsoft is trying to make sure every Fortune 5000 buys its agent governance from Redmond before Anthropic's new forward-deployed services firm shows up with a different answer. The June 2026 roadmap adds policy-based runtime blocking through Defender and Intune — meaning if an agent tries to call a forbidden API or exfiltrate a tagged document, the action gets killed at the OS level, not just logged after the fact. That is the feature that turns Agent 365 from a registry into a genuine zero-trust agent platform. The honest critique: agent governance is still an emerging category and Agent 365's coverage of non-Microsoft agents is uneven. Bedrock and Vertex AI sync works. Cursor agents, custom Python scripts and self-hosted LangChain stacks do not yet have first-class support. Expect that to change fast — Microsoft has every incentive to standardize the registry interface across vendors before someone else does. Where it fits in the wider stack: for a multi-agent harness Agent 365 will need to govern, see jcode on Skila Repos. For engineering teams pairing governance with spec-driven development, the Jama Connect MCP Server ships agent context from live requirements.

Key Features

• Cross-cloud agent registry across Microsoft 365, AWS Bedrock and Google Cloud (public preview)
• Shadow AI detection — discover, install, publish, block or delete agents from a single console
• Policy-based runtime enforcement via Microsoft Defender and Intune on Windows endpoints
• Unified observability — agent activity logs, tool calls, prompt content with redaction
• OpenClaw local agent governance for Windows-side AI workloads
• DLP integration with Microsoft Purview for data exfiltration prevention
• Identity-bound agents — every agent ties back to an Entra ID identity for audit
• Granular delegation — separate roles for agent owners, governance admins and security reviewers

Use Cases

• 1Discovering shadow agents your IT team did not know existed across cloud and local environments
• 2Enforcing a corporate policy that no agent can access HR or finance systems without explicit approval
• 3Replacing a patchwork of agent inventory spreadsheets with an automated registry
• 4Producing audit-ready logs of every agent prompt, tool call and document read for SOC2 or HIPAA
• 5Blocking unsanctioned agent installations on managed Windows fleets via Intune
• 6Standardizing agent identity so that retiring an employee also retires the agents they spun up