For a while now, IT and security teams have been playing catch-up with AI agents. Employees are deploying them left and right – through Microsoft Copilot, through third-party SaaS apps, and even by downloading local coding tools like OpenClaw and Claude Code directly onto their work devices. The agents are helpful, sure, but they’re also multiplying faster than anyone can track, and they often operate completely outside the visibility of the people who are actually responsible for keeping enterprise data safe. That problem just got a very real solution.

On May 1, 2026, Microsoft officially flipped the switch on Microsoft Agent 365, its new control plane built specifically to observe, govern, and secure AI agents across the enterprise. It’s now generally available for commercial customers, and it arrives alongside a wave of new previews and integrations that make clear Microsoft is treating this as one of its biggest platform bets in years.

So what exactly is Agent 365, and why does it matter?

At its core, Agent 365 is designed to solve what Microsoft calls “agent sprawl” – the messy reality where organizations end up with dozens or even hundreds of AI agents running across different apps, platforms, and environments, with no unified way to see what they’re doing or stop them from doing something risky. When an agent can autonomously invoke tools, access sensitive files, connect to external services, and even interact with other agents, the attack surface of an organization grows every single time a new one gets deployed. You can’t govern what you can’t see, and until now, most companies simply couldn’t see their full agent footprint.

Agent 365 addresses this by giving IT and security teams a single pane of glass – or in Microsoft’s words, a “control plane” – to manage agent activity across the entire enterprise ecosystem. This includes agents built on Microsoft’s own stack (Copilot, Microsoft Foundry, Teams) and agents from ecosystem partners, all managed through the same admin and security workflows organizations already rely on.

One of the biggest highlights coming alongside the general availability launch is the expanded coverage for agents that operate independently – not just on behalf of a user, but with their own credentials and permissions. Think of an agent that automatically triages support tickets or scans inboxes without a human in the loop. Previously, these kinds of “autonomous” agents were harder to govern because they didn’t operate through delegated user access. With Agent 365 now in GA, these agents – whether they act on behalf of users, operate behind the scenes, or participate in team workflows – all fall under the same governance umbrella.

Another major piece of the launch is shadow AI detection. Users across organizations have been installing agents like OpenClaw and Claude Code directly on their Windows devices, completely outside of IT oversight. Microsoft is now tackling this head-on through a new Shadow AI page in the Microsoft 365 admin center, which leverages Microsoft Defender and Microsoft Intune to detect and flag these local agents. IT admins can see which devices are running unmanaged agents and apply Intune policies to block them. Starting in June 2026, Defender will go further by providing full asset context mapping for each agent – including the devices they run on, the MCP servers they’re configured with, the identities tied to them, and the cloud resources those identities can reach. That’s a level of visibility most security teams have never had for AI workloads before.

The cloud story is equally significant. Developers are building and deploying agents across not just Microsoft Azure, but also AWS Bedrock and Google Cloud’s Gemini Enterprise Agent Platform. Agent 365 is now bringing those platforms into the fold too. Starting today in public preview, the Agent 365 registry can sync directly with Amazon Bedrock and Google Cloud connections, giving IT teams the ability to automatically discover and inventory cloud agents across multi-cloud environments – and soon, even perform basic lifecycle governance like starting, stopping, or deleting agents across those platforms. For organizations already operating in multi-cloud environments, this is a genuinely big deal.

On the SaaS front, Microsoft has brought in a wide set of ecosystem partners whose agents are now fully configured to be managed by Agent 365 without any integration work required from IT or security teams. Launch partners include Genspark, Zensai, Egnyte, and Zendesk, along with agent factories like Kasisto, Kore.ai, and n8n. Raj Koneru, CEO of Kore.ai, put it plainly – enterprises can build agents today, but scaling them with actual trust and governance is where most initiatives stall. That’s precisely the gap Agent 365 is designed to close.

There’s also a new infrastructure piece worth paying attention to: Windows 365 for Agents. Now available in public preview in the United States, this is essentially a new class of Cloud PCs purpose-built for agentic workloads. Rather than letting agents run wild on shared or unmanaged infrastructure, organizations can now give agents their own managed, policy-controlled compute environments with the same identity and security controls applied to human employees. Agent 365 can observe and secure agents running inside Windows 365 for Agents directly from the Microsoft 365 admin center.

From a network security perspective, Agent 365 also extends Microsoft Entra network controls to Copilot Studio agents and agents running on user endpoint devices – including local agents like OpenClaw. This matters because AI agents can move a lot faster than human users, and without proper guardrails, they can easily connect to risky or unsanctioned web destinations, interact with unauthorized AI services, or be manipulated through malicious prompt injection attacks. These Entra network controls are now generally available and help filter, inspect, and restrict agent traffic at the network layer.

On the pricing side, Agent 365 is available as a standalone license at $15 per user per month. It’s also included as part of Microsoft 365 E7, the new flagship enterprise suite priced at $99 per user per month that bundles Microsoft 365 E5, Microsoft 365 Copilot, the Microsoft Entra Suite, and Agent 365 all together. Purchased separately, those components would run about $117 per user per month, so the E7 bundle delivers around 15% savings for organizations that need all four. That math gets a lot more interesting in July 2026 when Microsoft’s upcoming price increases on E3 and E5 kick in.

For organizations looking to get started, Microsoft has partnered with a number of major consultancies to deliver deployment and governance services. Featured launch partners include Accenture, KPMG, Capgemini, Deloitte, EY, PwC, and others, offering everything from workshops and roadmaps to managed services and ongoing governance operations. For those who prefer to self-serve, Microsoft is hosting a live “Ask Microsoft Anything” session on May 12, 2026, where a team of Agent 365 experts will be available to answer questions directly.

The broader takeaway here is that Microsoft is making a very deliberate move to own the agent management layer of enterprise AI – not just the tools for building agents, but the infrastructure for running them safely at scale. As Yuji Shono, Head of the Global AI Office at NTT DATA Group Corporation, noted, Agent 365 is what allows organizations to move beyond experimentation and into tangible, trusted AI adoption at enterprise scale. With agent sprawl already a real problem and the number of AI agents in corporate environments expected to keep climbing, having a governance layer that spans Microsoft, AWS, Google Cloud, and a growing roster of SaaS partners is exactly the kind of thing security and IT teams have been asking for. The general availability of Agent 365 means that layer is finally here.