Microsoft’s Agent 365 is now generally available for commercial customers as of May 1, 2026 — a unified control plane that lets IT and security teams discover, govern, and secure AI agents running across Microsoft’s ecosystem, AWS Bedrock, Google Cloud, third-party SaaS platforms, and employee endpoints. The release arrives as enterprises face a new category of security risk: autonomous AI agents deployed by employees without IT’s knowledge or approval.

Key takeaways:

• Microsoft Agent 365 went generally available on May 1, 2026, after a November preview at Microsoft Ignite.
• The product targets “shadow AI” — AI agents installed by employees outside IT oversight.
• It covers agents across Microsoft, AWS Bedrock, Google Cloud, SaaS platforms, and local employee devices.
• Microsoft plans to expand local agent discovery to 18 agent types by June 2026, including GitHub Copilot CLI and Claude Code.
• Google announced a competing AI control center for Workspace the same week.

What is Microsoft Agent 365?

Agent 365 is a management layer for AI agents — not a new AI model or assistant, but a governance platform. It sits above wherever agents run and gives IT teams a single dashboard to see what’s running, who authorized it, what data it can touch, and whether it’s behaving within policy.

First announced at Microsoft Ignite in November 2025, the product goes beyond Microsoft’s own Copilot ecosystem. It can discover agents running on AWS Bedrock, Google Cloud, third-party SaaS applications, and — most notably — individual employee devices. Context mapping, policy-based controls, and runtime blocking will arrive through Intune and Defender in a public preview slated for June 2026.

David Weston, Corporate Vice President of AI Security at Microsoft, told VentureBeat that most enterprises are caught between two bad defaults: “YOLO — just let anything run — and ‘oh no,’ where nothing works at all.” Agent 365 is Microsoft’s answer to that governance vacuum.

Why is shadow AI already a security crisis inside enterprises?

Shadow AI is the AI equivalent of shadow IT, but with higher stakes. When an employee installs a coding assistant or personal productivity agent on their laptop, that agent may invoke APIs, access sensitive corporate data, chain with other agents, and act autonomously on the user’s behalf — all without passing through any corporate review.

Weston described three categories of security incidents Microsoft is already observing across enterprise customers: developers inadvertently connecting agents to backend systems without proper access controls; agents escalating privileges beyond their intended scope; and sensitive data flowing to third-party model endpoints that IT never approved.

Microsoft’s 2026 Work Trend Index, published May 5 and based on 20,000 knowledge workers surveyed across 10 countries, documents a dramatic year-over-year surge in active agents on Microsoft 365 — with the growth rate even steeper inside large enterprises. The implication: agent sprawl is not a future concern but a present one.

Microsoft isn’t alone in responding. Google announced an AI Control Center for Workspace the same week, offering admins centralized visibility into AI usage, data protection settings, and privacy controls within the Workspace environment. Computerworld noted that both moves signal a broader shift: AI governance is moving from an abstract IT policy discussion to an operational discipline owned jointly by IT and security teams.

What does this mean for CIOs and CISOs?

The practical implication for executives is that agent governance is no longer optional — it’s a liability question. An agent that accesses sensitive customer data without authorization or exfiltrates documents to an unapproved model provider creates exposure that exceeds the productivity value it generates.

Three things to act on now:

Audit what’s already running. Before any governance platform can help, you need visibility. Most organizations don’t have an accurate inventory of AI agents operating across their estate — Microsoft’s own data suggests the gap between perceived and actual agent activity is significant. Start with an honest assessment.

Define your policy before locking it. The “oh no” failure mode — blanket prohibition — is as operationally damaging as YOLO. The goal is a policy framework that enables fast-moving development teams while establishing hard perimeters around data access and external connectivity. Agent 365 and comparable platforms require policy inputs before they can govern anything useful.

Watch the June 2026 preview closely. Microsoft’s expansion to 18 local agent types — including GitHub Copilot CLI and Claude Code — is where the shadow AI problem becomes most acute. Developer endpoints are the primary vector for unauthorized agent proliferation, and June’s release will be the first real test of how well enterprise tooling can manage that layer.

For a deeper look at why enterprise AI deployments hit governance walls even when the technology works, see The Agentic Stack Problem.

---

Frequently asked questions

What is Microsoft Agent 365?

Microsoft Agent 365 is an enterprise management platform for AI agents, generally available as of May 1, 2026. It gives IT and security teams a centralized control plane to discover, govern, and secure AI agents running across Microsoft’s ecosystem, third-party cloud platforms like AWS and Google Cloud, SaaS applications, and employee devices — including agents employees deployed without IT approval.

What is shadow AI, and why does it matter to enterprises?

Shadow AI refers to AI tools — particularly autonomous agents — that employees deploy on their own devices or accounts without going through their organization’s IT or security review processes. Unlike shadow IT of the past, AI agents can act autonomously: accessing corporate data, invoking external APIs, and chaining with other agents. This creates data governance, compliance, and security risks that most enterprise frameworks weren’t designed to catch.

How does Agent 365 differ from Microsoft Copilot?

Copilot is an AI assistant — it generates text, summarizes documents, and answers questions. Agent 365 is a governance layer that manages how AI agents behave, regardless of which AI model or vendor powers them. It monitors, controls, and applies policy to agents across the enterprise stack, including agents built on non-Microsoft models and platforms.

Is Google doing the same thing as Microsoft with Agent 365?

Partially. Google announced an AI Control Center for Workspace the same week Agent 365 went GA. Google’s solution focuses on visibility and data protection within Workspace specifically. Microsoft’s approach is broader in scope, covering multi-cloud, third-party SaaS, and local employee endpoints — not just Microsoft’s own productivity suite.

When will Microsoft expand Agent 365 to cover developer tools like Claude Code?

Microsoft plans to expand local agent discovery to 18 agent types in June 2026, including GitHub Copilot CLI and Claude Code. Runtime blocking and policy-based controls will be available through Intune and Defender in a public preview slated for the same period.

---

Published May 7, 2026.

Advanced AI covers enterprise AI strategy and deployment. Browse more briefings.