While everyone debates which coding agent to use, enterprises quietly face a more urgent problem: they cannot see, control, or secure the AI agents already running inside their networks. As of May 1, 2026, Microsoft offers an answer. Agent 365 is now generally available as an enterprise control plane for AI agents at $15 per user per month.

Through implementing production agent systems, I have observed a consistent pattern: the gap between what developers build and what IT can govern creates the most painful deployment failures. An agent that works perfectly in your terminal becomes a compliance nightmare when security teams cannot audit its behavior. Agent 365 directly addresses this gap.

Aspect	Key Point
What it is	Enterprise control plane for AI agent governance
Key benefit	Unified visibility, governance, and security across all AI agents
Pricing	$15/user/month standalone, included in Microsoft 365 E7
Limitation	Full benefits require Entra P1/P2 and Purview DLP

Why Agent Governance Became Urgent

Gartner predicts that by 2030, over 40% of enterprises will experience security or compliance incidents linked to unauthorized shadow AI. The prediction understates the urgency. Many organizations already face this reality today.

The challenge is not theoretical. AI coding agents like Claude Code, Cursor, and GitHub Copilot CLI now have filesystem access, can execute shell commands, and interact with production systems. When developers use these tools without IT visibility, the organization loses control over what data flows through external APIs, what credentials agents access, and what actions agents take on sensitive systems.

Agent 365 treats this as an observability problem first. You cannot govern what you cannot see. You cannot secure what you do not understand. The platform starts by detecting every agent running across your organization, then extends governance controls to that complete picture.

The Three Pillars: Observe, Govern, Secure

Microsoft built Agent 365 around three core capabilities that address the full agent lifecycle.

Observe delivers real-time visibility into your agentic environment. The centralized Agent Registry shows all agents in one view with adoption metrics, activity logs, and health indicators. Shadow AI detection identifies local agents including Claude Code, OpenClaw, and Cursor running on Windows devices without IT approval. Context mapping shows which devices run which agents, what identities they use, and what cloud resources they access.

Govern establishes consistent guardrails across the enterprise. Lifecycle management lets IT start, stop, or delete agents through the registry. Access controls enforce least-privilege through Microsoft Entra integration. Policy-based controls, coming in June 2026 preview, will enable runtime blocking based on organizational rules.

Secure extends Microsoft’s enterprise security stack to agents. Entra enforces risk-based access controls for both users and agents acting on their behalf. Purview provides data loss prevention and information protection. Defender adds continuous threat detection to block unsafe behaviors before they cause damage.

Shadow AI Detection in Practice

The most immediately valuable capability for many organizations is shadow AI detection. Agent 365 can identify AI tools running on managed Windows devices even when IT never deployed them.

The detection covers:

• Local coding agents: Claude Code, OpenClaw, GitHub Copilot CLI, Cursor
• Cloud agent platforms: AWS Bedrock agents, Google Cloud agents
• Desktop AI applications: ChatGPT desktop, Claude desktop, Gemini

For organizations that officially or unofficially block certain AI tools, this visibility matters. Many enterprises tolerate Claude in the browser but prohibit Claude Code with its filesystem access. Agent 365 surfaces this usage so IT can make informed policy decisions rather than guessing what developers actually use.

The multi-cloud discovery capability, currently in public preview, extends this visibility to agents running on AWS Bedrock and Google Cloud. IT teams can automatically discover and inventory agents across cloud platforms, with lifecycle governance capabilities planned for general availability.

What Developers Need to Know

If you build AI agents for enterprise deployment, Agent 365 changes your requirements. Agents not built on Microsoft platforms need self-serve registration through the Microsoft Graph API.

Registration involves two components:

Agent Instance contains operational details: endpoint URL, agent identity, originating platform, and owner information. This is how IT tracks your agent in the registry for inventory and lifecycle management.

Agent Card contains discovery metadata: capabilities, skills, and collaboration information. This is how other users and agents find and interact with your agent.

The Agent 365 CLI automates much of this setup. The a365 setup command creates Azure resources and registers your agent blueprint, which defines identity, permissions, and infrastructure requirements. Every agent instance you deploy derives from this blueprint.

For agents built on Microsoft Agent Framework or Copilot Studio, registration happens automatically. The platform integration handles identity, governance, and security controls without additional developer work.

The practical implication: if you want your agents deployed in enterprises running Agent 365, build registration into your deployment process. Organizations with Agent 365 will increasingly reject agents that cannot be registered, monitored, and governed through their standard controls.

Integration with the Microsoft Security Stack

Agent 365 does not operate in isolation. It extends existing Microsoft security infrastructure to cover AI agents.

Microsoft Entra handles identity. Agents register as first-class entities similar to service accounts, with unique identities that can be assigned permissions, audited, and revoked. Risk-based access controls evaluate agent behavior the same way they evaluate human behavior.

Microsoft Purview handles data governance. All agent activities, such as accessing sensitive files or sending emails, fall under the same audit rules as human users. Data loss prevention policies extend to agent actions.

Microsoft Defender handles threat detection. Runtime protection monitors agent behavior for malicious patterns. The integration can generate incident context when agents exhibit suspicious activity, connecting agent behavior to the broader security investigation workflow.

For organizations already using these tools, Agent 365 extends existing policies rather than requiring new governance frameworks. The agent that reads your SharePoint documents follows the same DLP rules that apply to human users reading those documents.

Licensing and Prerequisites

Agent 365 launches with straightforward licensing. The standalone product costs $15 per user per month. Organizations with Microsoft 365 E7 get Agent 365 included.

Each license covers individuals who manage, sponsor, or use agents. This per-user model differs from traditional per-agent licensing and reflects Microsoft’s view that agent governance is a user productivity concern rather than purely an infrastructure cost.

The platform works without specific prerequisites, but full benefits require additional Microsoft products. Entra P1, Entra P2, or Entra Suite enables complete identity controls. Purview Data Loss Prevention enables data governance. Defender for Cloud Apps enables runtime threat detection.

Organizations starting fresh face a significant licensing commitment for full capabilities. Organizations already running Microsoft enterprise security get Agent 365 as a natural extension of their existing investment.

What This Means for AI Engineers

Agent 365 signals a maturation of enterprise AI governance. The era of deploying agents without IT visibility is ending at organizations that adopt this platform.

For AI engineers, the practical implications are clear:

Build for registration. If your agents will deploy to enterprises, plan for Agent Registry integration. Use the Microsoft Graph API for custom agents or build on Microsoft platforms for automatic registration.

Expect shadow AI restrictions. Organizations deploying Agent 365 will have visibility into every coding agent running on managed devices. Tools that were previously tolerated through ignorance may face explicit policy decisions.

Design for auditability. Agents that cannot explain their actions, log their data access, or integrate with enterprise security tools will face increasing resistance in enterprise procurement.

The distinction between personal AI tools and enterprise AI tools is hardening. Agent 365 represents the infrastructure that enforces this distinction at organizational scale.

Frequently Asked Questions

How does Agent 365 detect Claude Code on developer machines?

Agent 365 integrates with Microsoft Intune for endpoint management. On managed Windows devices, Intune continuously detects installed applications and running processes, identifying AI tools like Claude Code, Cursor, and OpenClaw. This detection feeds into the Agent Registry for centralized visibility.

Can developers opt out of Agent 365 monitoring?

On corporate-managed devices running Windows with Intune, developers cannot opt out. Agent 365 detection operates at the system level. On personal devices or unmanaged machines, Agent 365 has no visibility. This creates a clear line between corporate and personal AI tool usage.

Does Agent 365 work with agents built on LangChain or other open source frameworks?

Yes, but it requires manual registration. Agents built on non-Microsoft platforms must register through the Microsoft Graph API to appear in the Agent Registry. This enables governance and lifecycle management but requires developer action during deployment.

What happens in June 2026 with the new preview features?

Microsoft plans to release policy-based runtime controls through Intune and Defender in public preview. This will enable organizations to block specific agent behaviors based on organizational policy, moving from visibility-only governance to active enforcement.

Recommended Reading

• AI Agents as Insider Threats: Enterprise Security Guide
• Microsoft Agent Framework 1.0: Production Guide
• AI Agent Evaluation and Optimization Frameworks
• OpenAI Multi-Cloud on AWS Bedrock

Sources

• Microsoft Agent 365, now generally available, expands capabilities and integrations

To see exactly how to build AI systems that integrate with enterprise governance requirements, check out related tutorials on the YouTube channel.

If you’re building production AI agents and want guidance on enterprise deployment patterns, join the AI Engineering community where members work through real governance challenges.

Inside the community, you’ll find direct help from engineers who have deployed agents into enterprise environments with security and compliance requirements.