Centralize Control Over Diverse AI Agents to Prevent Sprawl Risks
AI agents proliferate across apps, endpoints, and clouds, invoking tools, accessing data, and interacting autonomously, which expands attack surfaces through data oversharing or misuse. Agent 365 serves as the single control plane for end-to-end observability, governance, and security, covering agents with delegated user access (e.g., inbox organizers) or independent credentials (e.g., ticket triagers). It manages agents from Microsoft AI, ecosystem partners, local installs like OpenClaw and Claude Code, cloud platforms (AWS Bedrock, Google Gemini), and SaaS providers. General availability starts now, with previews for expanded capabilities like independent agent coverage and worldwide partner support. License at USD15 per user/month covers managers, sponsors, or users of agents for predictable scaling.
Apply policy-based controls via Intune to block unmanaged agents; use Defender for runtime blocking of malicious behaviors like data exfiltration, generating alerts with incident context. By June 2026, gain asset context mapping for agents—including devices, MCP servers, identities, and cloud resources—to assess blast radius, investigate file/network activity, and define custom detections.
Discover Shadow and Unmanaged Agents Across Environments
Shadow AI emerges from users installing local agents (OpenClaw, GitHub Copilot CLI, Claude Code) or adopting unmanaged SaaS/cloud agents, which execute tasks, modify code, or access sensitive data outside governance. Use Agent 365's Shadow AI page in Microsoft 365/Intune admin centers to discover these on Windows devices: view usage, devices, and block via Intune policies. Registry inventory syncs to Defender/Intune for unified views, enabling IT/security teams to act consistently.
For multi-cloud, public preview registry sync with AWS Bedrock and Google Cloud auto-discovers agents, inventories them, and soon supports lifecycle actions like start/stop/delete. This visibility reveals models used and resources accessed, mitigating risks before breaches. Network controls (GA today) via Microsoft Entra inspect agent traffic, blocking unsanctioned AI services, risky web destinations, unsafe file handling, or prompt attacks—applied to Copilot Studio agents and endpoint locals.
Secure Production Workflows with Ecosystem Integrations
Manage prebuilt agents in Microsoft 365 Copilot/Teams, custom ones from Copilot Studio/Foundry, and partner agents (Genspark, Zensai, Egnyte, Zendesk; factories like Kasisto, Kore, n8n) without IT integration—observe, govern, secure directly in Agent 365. Explore 100+ via Agent Showcase; develop via Microsoft Learn guidance.
Run agents in production via Windows 365 for Agents (US public preview): Intune-managed Cloud PCs for agentic workloads with employee-grade identity/security controls. Agent 365 observes these in Microsoft 365 admin center, tracking connected compute. Together, shift from visibility to confident scaling, building on March 2026 announcements and Frontier program feedback.