On May 1, 2026, Microsoft made Agent 365 generally available. That matters because Agent 365 is not another chatbot, not another agent builder, and not a new place to write prompts. It is Microsoft’s control plane for AI agents: the layer meant to help enterprises see which agents exist, what they can access, who owns them, how they are being used, and where risk is starting to build.
That distinction is important. Many companies are now past the stage where the main question is can we build an agent? The harder question is what happens when those agents multiply across Microsoft 365, partner apps, local devices, and third-party clouds. Agent 365 is Microsoft’s answer to that second problem.
What Microsoft Agent 365 actually is
Microsoft describes Agent 365 as a control plane to observe, govern, and secure AI agents. In practice, that means it extends familiar Microsoft administration and security tooling to a new class of workload: agents that can act on behalf of users or with their own identities.
Instead of treating agents like vague product features, Agent 365 treats them like managed enterprise objects. That gives IT and security teams a central place to work across four jobs that usually get fragmented:
- Inventory: seeing which agents exist across the organization.
- Lifecycle control: deciding which agents are approved, published, blocked, reassigned, or retired.
- Security: applying identity, access, threat, and runtime protections.
- Compliance: governing the data agents use and the outputs they create.
The easiest way to think about Agent 365 is this: Copilot Studio, Foundry, and partner platforms help create or run agents. Agent 365 is the operating layer Microsoft wants enterprises to use once those agents start spreading.
What changed at general availability in May 2026
The May 1, 2026 general-availability milestone matters because Microsoft is no longer positioning Agent 365 as a future governance concept. It is now a sellable product with concrete admin surfaces, pricing, and a growing feature set.
The most important live capabilities center on visibility. Agent 365 now includes an overview dashboard in the Microsoft 365 admin center, giving admins a real-time view of total registered agents, active users, growth trends, connected platforms, runtime hours, and emerging risk signals. That may sound like admin plumbing, but it is exactly the kind of plumbing enterprises need once agent adoption stops being small enough to track manually.
From there, Microsoft adds a unified registry that acts as a system of record for agents across the organization. That registry is not just a list. It includes metadata such as publisher, platform, ownership, permissions, tools and data access, security and compliance details, certifications, and usage activity. In other words, Microsoft is trying to make “what agents do we have?” a question with an auditable answer.
May 2026 also introduced one of the more important expansion signals: Registry sync in preview. That feature lets organizations connect external agent platforms so their agents and metadata appear inside the Agent 365 registry. The initial preview includes AWS and Google Cloud. That is a bigger deal than it may seem. It shows Microsoft understands that enterprise agent fleets will not remain Microsoft-only, and that governance tooling has to work across clouds if it wants to matter.
Another notable May addition is Shadow AI detection and blocking in preview. This targets local agents running on endpoint devices outside normal IT visibility. Agent 365, together with Microsoft Defender and Intune, can surface local agent activity on Windows devices and help apply controls to reduce unsanctioned use. The initial support starts with OpenClaw, with Microsoft explicitly pointing to wider coverage over time, including tools such as GitHub Copilot CLI and Claude Code. That makes Agent 365 part of a broader enterprise response to agent sprawl, not just a catalog for officially approved tools.
How pricing and licensing work
Agent 365 is now sold on a per-user basis rather than a per-agent basis. The standalone plan is priced at $15 per user per month, paid yearly. Microsoft also includes Agent 365 in Microsoft 365 E7, which is priced at $99 per user per month and bundles Agent 365 with Copilot plus broader identity, security, and governance capabilities.
The licensing model tells you a lot about Microsoft’s strategy. Microsoft is not pricing Agent 365 as a narrow admin add-on for a tiny specialist team. It recommends the license for users who interact with, own, manage, or sponsor Agent 365-managed agents. That framing suggests Microsoft expects agent governance to become a shared operational function, not an isolated security product.
There are also no hard product prerequisites just to enable Agent 365, although Microsoft recommends related Entra and Purview capabilities if you want fuller value from the governance and protection stack. So the buying decision is less about raw access and more about whether your organization wants a serious governance layer before agent usage scales further.
Where Agent 365 fits in a real enterprise stack
The strongest case for Agent 365 is not “we use Microsoft, so we should buy Microsoft’s latest AI thing.” The strongest case is that enterprises are heading toward a messy, multi-platform reality in which agents are built in different tools, run with different identities, touch sensitive systems, and increasingly appear on endpoints as well as in the cloud.
In that world, Agent 365 does three useful things.
1. It gives enterprises a single inventory and policy surface
That reduces the chance that AI adoption happens in isolated pockets with no shared record of ownership, permissions, and exposure.
2. It turns agent governance into an extension of existing Microsoft controls
Instead of inventing a new security and compliance operating model from scratch, Microsoft maps agent oversight onto Entra, Defender, Purview, Intune, and the Microsoft 365 admin center.
3. It acknowledges that the future fleet is heterogeneous
The preview support for syncing agents from AWS and Google Cloud is especially telling. Microsoft is effectively saying the governance layer should sit above the agent runtime wars, not depend on winning all of them.
That last point is what makes Agent 365 more strategically interesting than a simple Microsoft 365 feature launch. Microsoft is trying to become the place where enterprise leaders manage agents even when those agents are not purely Microsoft-native.
Who should pay attention now
Agent 365 is most relevant for three groups.
- Microsoft-heavy enterprises that already expect agent adoption through Copilot, Copilot Studio, Foundry, or Microsoft 365 workflows.
- Security and compliance leaders who want better visibility into agent identities, data access, risky behavior, and local endpoint agent use.
- Platform and AI teams that know agent demand will spread faster than manual governance can keep up.
If your organization is still experimenting with a handful of low-risk internal agents, Agent 365 may feel early. But if you can already see multiple teams heading toward agent deployment across productivity, engineering, operations, and knowledge work, the product makes more sense. It is designed for the moment when AI agents stop being demos and start becoming part of enterprise operations.
The practical takeaway
Microsoft Agent 365 matters because it shifts the enterprise AI conversation from building agents to running an estate of agents. The product’s core promise is not model quality. It is operational control.
That makes it a very Microsoft-style move. As AI agents spread, the company is betting that the next valuable layer is not just the assistant or the builder, but the administrative, identity, security, and compliance fabric around them. If that bet is right, Agent 365 could become one of the more important enterprise AI launches of 2026—not because employees will love using it directly, but because large organizations may eventually feel they need something like it before agent adoption becomes manageable at scale.