The number and sophistication of agents that our employees are building here at Microsoft is growing rapidly.
To help us and all enterprises respond to this new opportunity, the company just announced Microsoft Agent 365 at Microsoft Ignite. This product serves as the control plane for AI agents—a new evolution of the existing systems that organizations like ours use to manage people and apps.
“We’re empowering our employees and teams to build agents with guardrails. We have governance structures in place to ensure our internal agents are useful, safe, and properly scoped.”
David Johnson, principal program manager architect, Microsoft Digital
Our team—Microsoft Digital, the company’s IT organization—is now using Agent 365 to track agents that employees and teams from across the company are building and deploying. We’re also using it to access the dashboard that allow us to manage and govern agents companywide. We plan to utilize the new platform to comprehensively manage our agent workload.
Agent 365 will enable Microsoft Digital to help our employees, teams, and organizations to build and deploy agents safely and effectively, according to David Johnson, principal program manager architect for governance for the organization.
“We’re empowering our employees and teams to build agents with guardrails,” says Johnson, who notes that we have more than 100,000 agents on the Microsoft tenant today. “We have governance structures in place to ensure our internal agents are useful, safe, and properly scoped.”
Agent 365 is the control plane for AI agents and will play a key role in accelerating our journey toward becoming an AI-powered Frontier Firm. Whether your agents are created with Microsoft platforms, open-source frameworks, or third-party tools, Agent 365 helps you deploy, organize, and govern them securely.
“Agent 365 delivers unified observability across your entire agent fleet through telemetry, dashboards, and alerts,” says Charles Lamanna, president of Business Apps & Agents for Microsoft. “IT leaders can track every agent being used, built, or brought into the organization, eliminating blind spots and reducing risk.”
Here in Microsoft Digital, we’re planning to use Agent 365 for multiple purposes, including:
- Filtering our agent inventory on specific criteria, such as the type of agent or how it was built
- Enhancing governance-specific actions we can take with agents in areas like ownership and quarantining
- Gaining visibility into trends like agent usage
- Ingesting agent blueprints and defining policy templates
If you are unfamiliar with an agent blueprint, it’s a portable specification for an AI agent’s identity, capabilities, constraints, data access, and lifecycle.
Agent 365 is part of our Frontier Firm organizational blueprint, which we’re using to blend machine intelligence with human judgment to create agents that are AI-operated but human-led.
Boosting governance with Agent 365
Agent 365 maximizes the value of agents while minimizing tenant risk. These are capabilities that play well with the data governance foundation that we’ve already laid here in Microsoft Digital, in which we use data sensitivity labels and data loss prevention controls to govern the data that agents use in our environment.
We incorporated elements of our tenant’s minimum bar for governance into how we secure agents. Those include Microsoft Purview Information Protection, a functional inventory, activity logging, lifecycle management, and the ability to properly isolate agents against crossing data boundaries.
Our intention is always to act as proactively as possible while putting reactive structures in place to catch any issues that arise. After all, this is a new technology, and there are bound to be some surprises. By combining all of these elements, we’ve landed on six core principles for governing agents:
- We built a data hygiene foundation: This enables you to trust your data estates with which employees build and use agents.
- We empower employees to create and share simple, low-risk agents: We provide a safe space and personal flexibility that allows individual employees to experiment, without implicating company data or content that users don’t own.
- We capture and vet sensitive data flows at the enterprise level: More complex or far-reaching agents owned by teams or lines of business need enterprise documentation to account for external audits or security and privacy validation.
- We protect data designated confidential or higher: We contain data flows to tenant mandates and only trust suitable storage destinations for content. This depends on the ability to gate which connectors can work with which particular source data and sensitivity labels.
- We enable internal teams and organizations with a smooth path to develop agents: This provides them with all of the services and sources they need along a path to release to the company.
- We honor the enterprise lifecycle: Both user-based and attestation-based lifecycles come into play. We treat agents that individual users own like any other user app, and delete them when the employee leaves the organization. Agents owned by teams have a lifecycle defined by the tenant and tied to attestation, the software development lifecycle, and accountability confirmations.
“We want and need feedback from our own IT team. It will help ensure all our customers are able to move quickly to deploy the platform with speed and safety.”
Charles Lamanna, president, Business Apps & Agents
Customer Zero for Agent 365
In our role as Customer Zero for Microsoft, our team in Microsoft Digital shares our insights on Agent 365 and our suite of agentic AI products with Lamanna and the product team. This makes the products more effective for our customers.
“We want and need feedback from our own IT team,” Lamanna says. “It will help ensure all our customers are able to move quickly to deploy the platform with speed and safety.”
While it’s still early days for Agent 365, the potential for transformative impact is significant.
“I meet with many of our top enterprise customers, and some of their primary questions are around how Microsoft manages agents to prevent sprawl, allows agent enablement against company data, and governs those agents,” Johnson says. “Agent 365 gives us a powerful new tool to manage our agentic estate, ensuring that our agents are delivering the transformative impact we expect while also enabling us to manage and secure our environment more effectively. Enabling self-service agent creation at scale necessitates enterprise observability and governance.”
We’re excited to share more about our Customer Zero journey with Agent 365 on Inside Track soon.
Key takeaways
Here are five ways you can use Agent 365 to unlock agent observability and management at your company:
- Registry: Get the complete view of all agents in your organization, including agents with agent ID, agents you register yourself, and shadow agents.
- Access control: Bring agents under management and limit their access to only the resources they need. Prevent agents from being compromised with risk-based conditional access policies.
- Visualization: Explore connections between agents, people, and data, and monitor agent behavior and performance in real time to assess their impact on your organization.
- Interoperability: Equip any agent with apps and data to simplify human-agent workflows. Connect them to Work IQ to provide context for the work to onboard them into business processes.
- Security: Protect agents from threats and vulnerabilities, and detect, investigate, and remediate attacks that target agents. Protect data that agents create and use from oversharing, leaks, and risky agent behavior.
Related links
- Read the official blog post announcing Microsoft Agent 365.
- Learn how we’re powering agentic AI adoption at Microsoft through our ‘Customer Zero’ story.
- Explore how we’re becoming an AI-first frontier firm in the agentic future.
- See AI-powered agents in action and discover how we’re embracing this new ‘agentic’ moment at Microsoft.
- Learn how we’re riding the wave of agents washing over Microsoft with strong governance.
- Discover how we unlocked enterprise AI extensibility at Microsoft with Microsoft Copilot Studio.
- Find out how we powered AI value with Microsoft 365 Copilot extensibility at Microsoft.
- See how our employees are extending enterprise AI with custom retrieval agents.
- Learn how our strategy and vision for deploying the Employee Self-Service Agent internally at Microsoft.
- Explore how we’re reimagining campus support at Microsoft with the Employee Self-Service Agent.
We’d like to hear from you!
