AI is rapidly reshaping how work gets done in companies and organizations. In celebrating National Small Business Month, we want to acknowledge the unique challenges that growing business leaders face as AI creates both opportunity and risk. They face constant tradeoffs between moving fast, managing risk, and keeping operations stable under pressure. At the same time, cybercriminals are moving faster, their attacks are becoming more targeted, and AI is helping increase efficacy of the threats. In fact, AI-automated phishing is 4.5 times more effective than traditional cyberattacks. It takes only one convincing phishing email, and one stray click to enable a breach.1
The key question is: How can we maximize the benefits of AI while staying protected in a rapidly evolving threat landscape?
Todayβs cybersecurity landscape is defined by speed, scale, and automationβtrends that disproportionately affect growing businesses. According to the 2025 Microsoft Digital Defense Report, Microsoft now processes more than 100 trillion security signals every day and blocks 4.5 million new malware files daily, underscoring just how industrialized cybercrime has become. Increasingly, cyberattackers are using AI to automate phishing, generate highly convincing scams, and rapidly adapt malware, making cyberattacks more frequent and harder to detect.
For businesses that often lack dedicated security teams or round-the-clock monitoring, this shift has real business consequences: disrupted operations, financial loss from ransomware or fraud, and lasting damage to customer trust. The report also notes that most modern cyberattacks now target identities, like user accounts and accessβa challenge for organizations relying on cloud services and remote work without strong protections in place for accounts and access. As AI continues to amplify both the volume and sophistication of cyberattacks, cybersecurity is no longer just an IT issue for businessesβitβs a core business risk that can directly affect resilience and growth.
Source: Cyber Signals Issue 9.2
Building a foundation of trust
In this new reality, security becomes the foundation of trustβhelping growing businesses protect their operations, preserve customer trust, and move forward with confidence. For business owners, cybersecurity isnβt just about stopping cyberattacks; itβs about keeping the business running day to day. When systems go down, orders canβt be processed, employees canβt do their work, and customers are left waiting or wondering whether their data is safe. Even short disruptions can have outsized consequences for growing businesses, from lost revenue and stalled growth to reputational damage thatβs hard to repair. By making security a core part of how the business operatesβnot an afterthoughtβeven the smallest businesses put themselves in a stronger position to withstand disruptions, maintain credibility with customers, and create a stable foundation for long-term growth.
Source: The Devastating Impact of Ransomware Attacks on Small Businesses.3
Simple, builtβin security for your growing business
Effective security must be simple, approachable, and fit the realities of running a business with limited time and resources. Many growing businesses donβt have dedicated security teams or the time and resources to manage complex tools, yet they still need protection that keeps pace with modern threats. Microsoft Security is built with this in mind, offering integrated, easyβtoβmanage protections that help safeguard devices, identities, email, and cloud apps without adding unnecessary complexity. Microsoft 365 Business Premium combines productivity and built-in security in one streamlined solution, with centralized visibility and automation that reduces manual effort. It helps protect your users, devices, and data across your business, so you can stay focused on customers and day-to-day operations. By providing security that works quietly in the backgroundβand scales as the business growsβMicrosoft helps businesses of all sizes protect what matters most without slowing them down.
Allowing people to operate devices and applications without conditional access increases risks. Getting that done was a huge success for us.β
To learn more about Microsoft Security solutions, visit ourΒ website.Β Bookmark theΒ Security blogΒ to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity)Β for the latest news and updates on cybersecurity.
AI agents arenβt comingβtheyβre already in your environment. They show up in places you expectΒ (like MicrosoftΒ Copilot,Β MicrosoftΒ Teams,Β andΒ Microsoft 365) and even more places as technology evolvesΒ (a local autonomous personal AI assistant or a new software as a service (SaaS) agentΒ connected to your sensitive data.)
TheΒ problemΒ isnβt that agents exist. Itβs that they proliferate fast, span apps, endpoints and cloud, and often operate outside theΒ visibilityΒ and controlΒ of the teams accountable for risk.Β When an agent can invoke tools,Β access data,Β and interact with other agents,Β anyΒ βhelpfulβ workflow can turn into dataΒ oversharing, tool misuse,Β or over-privileged actions in seconds.Β And as agents become even easier to create and deploy, your attackΒ surface grows with them.Β
Thatβs why end-to-end observability matters: you canβt govern what you canβt see, and you canβt secure what you donβt understandβespecially when the number of agents is a moving target.Β
Microsoft Agent 365Β helps youΒ take controlΒ of agent sprawlΒ asΒ yourΒ control plane toΒ observe, govern, andΒ secure agentsΒ and their interactionsβincluding agents built with Microsoft AI and agents from our ecosystem partnersβusing the admin and security workflows your teams already run.Β
Additionally, weβre announcing the previews ofΒ newΒ Agent 365Β capabilities and integrations to help you scale agent adoption with the right controls inΒ place.Β
Observability, governance, and securityΒ for agents operating independentlyβAgent 365Β is expandingΒ to cover agentsΒ that operate with their own credentials and permissions.
AΒ secured, managed environmentΒ for agents to workΒ inΒ Windows 365Β for Agents.
Coverage for a wide ecosystem of SaaS agents,Β includingΒ agents innovated byΒ software development companies (SDCs).
SupportΒ for evaluation, adoption, and usageΒ from Microsoft andΒ ecosystem partners worldwide.
Manage agents with a single control plane, regardless of how or where they work
As organizations move from pilot to adoption, AI agents are being deployed across increasingly diverse use cases. Some act with delegated access, working on behalf of users; others operate with their own credentialsΒ and permissions, participatingΒ inΒ team workflows orΒ operating behind theΒ scenes.Β
WithΒ Agent 365,Β youΒ canΒ observe, govern, and secure AI agentsΒ whether they act on behalf of users with delegated accessβfor example,Β an agent that helps employees organize their inboxβorΒ agents thatΒ operate with their own access and scope of workβsuch asΒ anΒ agentΒ autonomously triaging support tickets.Β
Supported by Agent 365
Agents working on behalf of usersΒ (delegated access)Β Generally availableΒ
AgentsΒ operatingΒ behind the scenesΒ (own access)Β Generally availableΒ
AgentsΒ participatingΒ in team workflowsΒ (own access)Β Public PreviewΒ Β Β
DiscoverΒ and manageΒ localΒ and cloud-hosted agentsΒ
Users areΒ installing agentsΒ likeΒ OpenClaw and Claude CodeΒ on their devices and adopting SaaS agentsΒ built byΒ developersΒ on new and emerging platforms. Many of these local and cloud-hostedΒ agentsΒ run unmanaged and outside of traditional governance,Β as theyΒ autonomously execute tasks, modify code, or access confidential information,Β creating a newΒ waveΒ of shadowΒ AI.Β Β
To help organizations address acceleratingΒ agent sprawl andΒ the rise of unmanaged agents, weβreΒ introducing newΒ capabilities as part of Agent 365, Microsoft Defender, and Intune so you can discoverΒ shadow agents, and apply appropriate controls,Β such as blocking unmanaged agents.Β
Discover and manage local agents
With Microsoft DefenderΒ and Intune, organizationsΒ will be able toΒ discover and manageΒ local AI agents running onΒ WindowsΒ devices, starting with OpenClaw agents andΒ expanding soon toΒ otherΒ widely used agents like GitHub Copilot CLI and Claude Code.Β Customers enrolled in the Frontier program can see if OpenClaw agents are being used in the organization, which devices they are running on, and use Intune policies to block common ways that OpenClaw runs on the new Shadow AI page in Agent 365 in the Microsoft 365 admin center and in the Intune admin center. ThroughΒ Agent 365 registry,Β the inventory of local agents will be available inΒ Defender and Intune so IT, endpoint management, andΒ securityΒ teamsΒ canΒ get aΒ consistent view of discoveredΒ localΒ agents in their environment andΒ takeΒ appropriateΒ action.
In the Microsoft 365 admin center,Β anΒ ITΒ professional canΒ apply Intune policies toΒ continuously detect managed devices and block theΒ commonΒ methods of runningΒ OpenClawΒ onΒ them.Β
Starting in June 2026, Microsoft Defender will also provide asset context mapping for each agent including the devices they run on,Β MCP servers configured for those agents, the identities associated with them, and the cloud resources those identities can reach. This will give security teams the context needed to assess exposure and potential blast radius.Β TheyΒ can then investigate agent activity, such as file access and network behavior, using familiar endpoint data, and use those insights to identify misconfigurations and even define custom detections.
Security teams can investigate local AI agent exposure in Microsoft Defender through a relationship mapΒ thatΒ showsΒ where an agent runs, which MCP servers are configured for use, which identities are associated with it, and which cloud resources those identities can reach. Defender context such as resource criticality and sensitive-data exposure helps teams prioritize the agents and paths that matter most.Β
BeyondΒ monitoring,Β organizationsΒ will be able toΒ apply policy-based controls to set guardrails for what agents are allowed to doβhelpingΒ protectΒ bothΒ agents and organizations from compromise andΒ misuseβwith initial support delivered for OpenClaw throughΒ Intune.Β IfΒ aΒ managedΒ agent exhibits malicious behavior patterns,Β such as attempting toΒ accessΒ orΒ exfiltrate sensitive data,Β DefenderΒ will be ableΒ toΒ blockΒ coding agentsΒ inΒ runtimeΒ andΒ generateΒ alertsΒ withΒ richΒ incident context to supportΒ investigation andΒ response.Β Β
Context mapping capabilities, policy-based controls,Β plus runtime blocking and alerts will be availableΒ in Agent 365 throughΒ Intune andΒ DefenderΒ public preview inΒ June 2026.Β
Visibility across clouds and AI-builder platforms
As developers are rapidly buildingΒ agentsΒ with Microsoft Foundry, AWS Bedrock, andΒ GoogleΒ Gemini Enterprise Agent PlatformΒ (formerly GoogleΒ Vertex AI) and deploying cloud agents across multicloud and multi-platform environments, the agent sprawl challenge intensifies.Β To manage potential security risks or vulnerabilities before they become breaches, security and IT teams need visibility toΒ which cloud agents are running, what models these agents are built on, and what resources theyβre accessing.
Today, we are excited to announceΒ the public preview ofΒ Agent 365 registry sync with AWS Bedrock and GoogleΒ Cloud connections, enabling IT teams to automatically discover, inventory, and, soon, perform basic lifecycle governanceβfor example, start, stop, delete agentsβacross these platforms.
Now in public preview,Β Microsoft 365Β adminsΒ canΒ connect and syncΒ the Agent 365 registryΒ with Amazon Bedrock and GoogleΒ CloudΒ for cross-platform observability andΒ governance.Β
Manage a wideΒ ecosystemΒ of SaaS agentsΒ
Agent 365 works withΒ prebuiltΒ agentsΒ inΒ MicrosoftΒ 365 Copilot and Teams, agents built with MicrosoftΒ Copilot Studio orΒ MicrosoftΒ Foundry for your organization,Β and agents built by software development companies partnered with Microsoft.
Delivering on our promise of control plane for the broad agent ecosystem, weβre excitedΒ toΒ announceΒ ecosystem partner agentsΒ fully configured to be managed byΒ Agent 365, including Genspark, Zensai, Egnyte,Β andΒ Zendesk, and agents built on agentΒ factories, including Kasisto, Kore, and n8n. Organizations can observe, govern, and secure these agentsΒ inΒ the Agent 365 control plane, with no integration workΒ byΒ IT or security teams.Β Β
Agent 365 software development company launch partners
Agent 365 Software Development Company Launch PartnersΒ have builtΒ agentsΒ fully enabled to be managed by Agent 365.Β
Enterprises can easily build AI agents today, but scaling them with trust and governance is where most initiatives stall. With Kore.ai deeply integrated into Microsoft Agent 365, identity, security, and governance are built in from the startβempowering enterprises to move from pilots to AI at scale with confidence.
ββΒ Raj Koneru, Chief Executive Officer of Kore.ai
The Agent 365 developer and ecosystem partners play a critical role in extending agents into line-of-business systems, building vertical and scenario-specific integrations, modernizing legacy automation into agent workflows, extending Copilot experiences with custom agents, and helping customers operationalize agent ecosystems at scale. These Agent 365 enabled agents are then observable, governable, and securable in the Agent 365 control plane, accelerating adoption for your organization.
While Agent 365 provides the control plane to observe, govern, and secure agent activity across the enterprise,Β Windows 365 for Agentsβnow available in public previewΒ (in the United States only)βprovides a secured, managed environment where agents can carry out that work. It introduces a new class of Cloud PCs purpose-built for agentic workloadsΒ and managed in Intune, allowing agents to run in policy-controlled environments, interact with applications, and operate with the same identity, security, and management controls already used for employees.
Now, with Agent 365, you can also observe and secure agents running on Windows 365 for Agents in Microsoft 365 admin center, understanding which agents are connected to the cloud-poweredΒ compute.Β Together, they enable organizations to move from visibility and governance of agents to confidently running them in production environments.Β
Secure agents againstΒ internetΒ threats with network controlsΒ Β
AIΒ agents canΒ operateΒ muchΒ faster thanΒ humanΒ users. Without proper guardrails, they canΒ connect to riskyΒ webΒ destinations, interact with unsanctioned AI services, handle sensitive filesΒ unsafely, orΒ be manipulated throughΒ malicious prompt-basedΒ attacks.Β These risks are harder to manage when security teams lack consistent visibility and controls for agent traffic to internet, SaaS, and AI services.Β
ToΒ giveΒ security teams a consistent way to inspect agent traffic at the network layer,Β in general availability today,Β Agent 365 extendsΒ MicrosoftΒ Entra network controlsΒ to Microsoft Copilot Studio agentsΒ and agents running on user endpoint devices,Β includingΒ localΒ agents such asΒ OpenClaw.Β These controls can help identify unsanctioned AI usage, restrict connections toΒ onlyΒ approved web destinations, filter risky file movement, and help block malicious prompt-based attacksΒ before they lead to harmful actions.Β
Confidently scale and govern AI agents while maintaining security and controlΒ
Agent 365 extendsΒ evenΒ further beyond Microsoft platforms toΒ discover, observe, govern, and secureΒ local, SaaS,Β and cloud agents acrossΒ yourΒ agentic AI ecosystem.Β EachΒ of todayβsΒ announcementsΒ buildΒ uponΒ Agent 365 capabilities weΒ shared in March 2026Β as well asΒ detailed feedbackΒ of customers using the Frontier program,Β developersΒ integrating with the platform, and partners testing Agent 365Β capabilities.Β
With Agent 365, we can scale and govern AI agents with confidence, while maintaining enterprise grade security and control. Agent 365 enables organizations to move beyond experimentation, driving tangible business value and innovation through trusted AI adoption. By providing a robust and integrated platform, Agent 365 empowers teams toΒ confidently embrace AI and accelerate transformation across the enterprise.
βYuji Shono, HeadΒ ofΒ the Global AI Office,Β NTTΒ DATA Group Corporation, a global infrastructure, networking, and IT services provider.
As organizations begin to adoptΒ Agent 365Β at scale,Β weβve collaborated with strategic partners toΒ createΒ targeted servicesΒ to help customersΒ onboard,Β tackle governance challenges and realize the platformβs full value.
FeaturedΒ Agent 365 launch partners, includingΒ Accenture,Β Bechtle, Capgemini, Insight, KPMG,Β ProtivitiΒ andΒ Slalom,Β collaborated withΒ MicrosoftΒ engineering teamsΒ to developΒ services for planning, adopting, and managingΒ your agentΒ control plane implementation.
Partner servicesΒ offered today includeΒ expertiseΒ and guidance for:Β
Inventory and ownership:Β What agents exist, who owns them, and where they run.
Least privilege:Β Right-sizing permissions and enforcing access guardrails without slowing delivery.
Compliance and data protection:Β Preventing oversharing and producing audit-ready evidence.
Threats and multi-platform estates:Β Understanding attack paths and governing across vendors and clouds.
Ongoing operations:Β Lifecycle management, monitoring, and continuous governance hygiene.Β
TheseΒ valuableΒ servicesΒ areΒ typicallyΒ scopedΒ asΒ workshops and assessments (diagnose and roadmap),Β governance and enablementΒ (stand up the control plane and guardrails),Β managed servicesΒ (run and improve continuously), advisory and readinessΒ (operating model and adoption readiness), andΒ security and integrationΒ (harden posture and integrate third-party agents.)
Agent 365Β isΒ nowΒ availableΒ inΒ Microsoft 365 E7Β orΒ standaloneΒ atΒ USD15 per user per month.Β EachΒ Agent 365Β licenseΒ coversΒ anΒ individual who managesΒ or sponsors agents, or usesΒ agents to do work on their behalf, ensuring all agent activity is consistently governed across the organizationΒ in a way thatβs predictable forΒ scaled growth.Β Β
Today we shared the next step to make Frontier Transformation real for customers across every industry with Wave 3 of Microsoft 365 Copilot, Microsoft Agent 365, and Microsoft 365 E7: The Frontier Suite.
As our customers rapidly embrace agentic AI, chief information officers (CIOs), chief information security officers (CISOs), and security decision makers are asking urgent questions: How do I track and monitor all these agents? How do I know what they are doing? Do they have the right access? Can they leak sensitive data? Are they protected from cyberthreats? How do I govern them?
Agent 365 and Microsoft 365 E7: The Frontier Suite, generally available on May 1, 2026, are designed to help answer these questions and give organizations the confidence to go further with AI.
Agent 365βthe control plane for agents
As organizations adopt agentic AI, growing visibility and security gaps can increase the risk of agents becoming double agents. Without a unified control plane, IT, security, and business teams lack visibility into which agents exist, how they behave, who has access to them, and what potential security risks exist across the enterprise. With Microsoft Agent 365 you now have a unified control plane for agents that enables IT, security, and business teams to work together to observe, govern, and secure agents across your organizationβincluding agents built with Microsoft AI platforms and agents from our ecosystem partnersβusing new Microsoft Security capabilities built into their existing flow of work.
Here is what that looks like in practice:
As we are now running Agent 365 in production, Avanade has real visibility into agent activity, the ability to govern agent sprawl, control resource usage, and manage agents as identity-aware digital entities in Microsoft Entra. This significantly reduces operational and security risk, represents a critical step forward in operationalizing the agent lifecycle at scale, and underscores Microsoftβs commitment to responsible, production-ready AI.
βAaron Reich, Chief Technology and Information Officer, Avanade
With Agent 365, IT, security, and business teams gain visibility into all Agent 365 managed agents in their environment, understand how they are used, and can act quickly on performance, behavior, and risk signals relevant to their roleβfrom within existing tools and workflows.
Agent Registry provides an inventory of agents in your organization, including agents built with Microsoft AI platforms, ecosystem partner agents, and agents registered through APIs. This agent inventory is available to IT teams in the Microsoft 365 admin center. Security teams see the same unified agent inventory in their existing Microsoft Defender and Purview workflows.
Agent behavior and performance observability provides detailed reports about agent performance, adoption and usage metrics, an agent map, and activity details.
Agent risk signals across Microsoft Defender*, Entra, and Purview* help security teams evaluate agent riskβjust like they do for usersβand block agent actions based on agent compromise, sign-in anomalies, and risky data interactions. Defender assesses risk of agent compromise, Entra evaluates identity risk, and Purview evaluates insider risk. IT also has visibility into these risks in the Microsoft 365 admin center.
Security policy templates, starting with Microsoft Entra, automate collaboration between IT and security. They enable security teams to define tenant-wide security policies that IT leaders can then enforce in the Microsoft 365 admin center as they onboard new agents.
*These capabilities are in public preview and will continue to be on May 1.
Secure and govern agent access
Unmanaged agents may create significant risk, from accessing resources unchecked to accumulating excessive privileges and being misused by malicious actors. With Microsoft Entra capabilities included in Agent 365, you can secure agent identities and their access to resources.
Agent ID gives each agent a unique identity in Microsoft Entra, designed specifically for the needs of agents. With Agent ID, organizations can apply trusted access policies at scale, reduce gaps from unmanaged identities, and keep agent access aligned to existing organizational controls.
Identity Protection and Conditional Access for agents extend existing user policies that make real-time access decisions based on risks, device compliance from Microsoft Intune, and custom security attributes to agents working on behalf of a user. These policies help prevent compromise and help ensure that agents cannot be misused by malicious actors.
Identity Governance for agents enables identity leaders to limit agent access to only resources they need, with access packages that can be scoped to a subset of the users permissions, and includes the ability to audit access granted to agents.
Prevent data oversharing and ensure agent compliance
Microsoft Purview capabilities in Agent 365 provide comprehensive data security and compliance coverage for agents. You can protect agents from accessing sensitive data, prevent data leaks from risky insiders, and help ensure agents process data responsibly to support compliance with global regulations.
Data Security Posture Management provides visibility and insights into data risks for agents so data security admins can proactively mitigate those risks.
Information Protection helps ensure that agents inherit and honor Microsoft 365 data sensitivity labels so that they follow the same rules as users for handling sensitive data to prevent agent-led sensitive data leaks.
Inline Data Loss Prevention (DLP) for prompts to Microsoft Copilot Studio agents blocks sensitive information such as personally identifiable information, credit card numbers, and custom sensitive information types (SITs) from being processed in the runtime.
Insider Risk Management extends insider risk protection to agents to help ensure that risky agent interactions with sensitive data are blocked and flagged to data security admins.
Data Lifecycle Management enables data retention and deletion policies for prompts and agent-generated data so you can manage risk and liability by keeping the data that you need and deleting what you donβt. Β
Audit and eDiscovery extend core compliance and records management capabilities to agents, treating AI agents as auditable entities alongside users and applications. This will help ensure that organizations can audit, investigate, and defensibly manage AI agent activity across the enterprise.
Communication Compliance extends to agent interactions to detect and enable human oversight of risky AI communications. This enables business leaders to extend their code of conduct and data compliance policies to AI communications.
Defend agents against emerging cyberthreats
To help you stay ahead of emerging cyberthreats, Agent 365 includes Microsoft Defender protections purpose-built to detect and mitigate specific AI vulnerabilities and threats such as prompt manipulation, model tampering, and agent-based attack chains.
Security posture management for Microsoft Foundry and Copilot Studio agents* detects misconfigurations and vulnerabilities in agents so security leaders can stay ahead of malicious actors by proactively resolving them before they become an attack vector.
Detection, investigation, and response for Foundry and Copilot Studio agents* enables the investigation and remediation of attacks that target agents and helps ensure that agents are accounted for in security investigations.
Runtime threat protection, investigation, and hunting** for agents that use the Agent 365 tools gateway, helps organizations detect, block, and investigate malicious agent activities.
AgentΒ 365 will be generally available on MayΒ 1, 2026, and priced at $15 per user per month. Learn more about Agent 365.
*These capabilities are in public preview and will continue to be on May 1.
**This new capability will enter public preview in April 2026 and continue to be on May 1.
Microsoft 365 E7: The Frontier Suite
Microsoft 365 E7 brings together intelligence and trust to enable organizations to accelerate Frontier Transformation, equipping employees with AI across email, documents, meetings, spreadsheets, and business application surfaces. It also gives IT and security leaders the observability and governance needed to operate AI at enterprise scale.
Microsoft 365 E7 includes Microsoft 365 Copilot, Agent 365, Microsoft Entra Suite, and Microsoft 365 E5 with advanced Defender, Entra, Intune, and Purview security capabilities to help secure users, delivering comprehensive protection across users and agents. It will be available for purchase on May 1, 2026, at a retail price of $99 per user per month. Learn more about Microsoft 365 E7.
Frontier Transformation is anchored in intelligence and trust, and trust starts with security. Microsoft Security capabilities help protect 1.6 million customers at the speed and scale of AI.1 With Agent 365, we are extending these enterprise-grade capabilities so organizations can observe, secure, and govern agents and delivering comprehensive protection across agents and users with Microsoft 365 E7.
Secure your Frontier Transformation today with Agent 365 and Microsoft 365 E7: The Frontier Suite. And join us at RSAC Conference 2026 to learn more about these new solutions and hear from industry experts and customers who are shaping how agents can be observed, governed, secured, and trusted in the real world.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Today we shared the next step to make Frontier Transformation real for customers across every industry with Wave 3 of Microsoft 365 Copilot, Microsoft Agent 365, and Microsoft 365 E7: The Frontier Suite.
As our customers rapidly embrace agentic AI, chief information officers (CIOs), chief information security officers (CISOs), and security decision makers are asking urgent questions: How do I track and monitor all these agents? How do I know what they are doing? Do they have the right access? Can they leak sensitive data? Are they protected from cyberthreats? How do I govern them?
Agent 365 and Microsoft 365 E7: The Frontier Suite, generally available on May 1, 2026, are designed to help answer these questions and give organizations the confidence to go further with AI.
Agent 365βthe control plane for agents
As organizations adopt agentic AI, growing visibility and security gaps can increase the risk of agents becoming double agents. Without a unified control plane, IT, security, and business teams lack visibility into which agents exist, how they behave, who has access to them, and what potential security risks exist across the enterprise. With Microsoft Agent 365 you now have a unified control plane for agents that enables IT, security, and business teams to work together to observe, govern, and secure agents across your organizationβincluding agents built with Microsoft AI platforms and agents from our ecosystem partnersβusing new Microsoft Security capabilities built into their existing flow of work.
Here is what that looks like in practice:
As we are now running Agent 365 in production, Avanade has real visibility into agent activity, the ability to govern agent sprawl, control resource usage, and manage agents as identity-aware digital entities in Microsoft Entra. This significantly reduces operational and security risk, represents a critical step forward in operationalizing the agent lifecycle at scale, and underscores Microsoftβs commitment to responsible, production-ready AI.
βAaron Reich, Chief Technology and Information Officer, Avanade
With Agent 365, IT, security, and business teams gain visibility into all Agent 365 managed agents in their environment, understand how they are used, and can act quickly on performance, behavior, and risk signals relevant to their roleβfrom within existing tools and workflows.
Agent Registry provides an inventory of agents in your organization, including agents built with Microsoft AI platforms, ecosystem partner agents, and agents registered through APIs. This agent inventory is available to IT teams in the Microsoft 365 admin center. Security teams see the same unified agent inventory in their existing Microsoft Defender and Purview workflows.
Agent behavior and performance observability provides detailed reports about agent performance, adoption and usage metrics, an agent map, and activity details.
Agent risk signals across Microsoft Defender*, Entra, and Purview* help security teams evaluate agent riskβjust like they do for usersβand block agent actions based on agent compromise, sign-in anomalies, and risky data interactions. Defender assesses risk of agent compromise, Entra evaluates identity risk, and Purview evaluates insider risk. IT also has visibility into these risks in the Microsoft 365 admin center.
Security policy templates, starting with Microsoft Entra, automate collaboration between IT and security. They enable security teams to define tenant-wide security policies that IT leaders can then enforce in the Microsoft 365 admin center as they onboard new agents.
*These capabilities are in public preview and will continue to be on May 1.
Secure and govern agent access
Unmanaged agents may create significant risk, from accessing resources unchecked to accumulating excessive privileges and being misused by malicious actors. With Microsoft Entra capabilities included in Agent 365, you can secure agent identities and their access to resources.
Agent ID gives each agent a unique identity in Microsoft Entra, designed specifically for the needs of agents. With Agent ID, organizations can apply trusted access policies at scale, reduce gaps from unmanaged identities, and keep agent access aligned to existing organizational controls.
Identity Protection and Conditional Access for agents extend existing user policies that make real-time access decisions based on risks, device compliance from Microsoft Intune, and custom security attributes to agents working on behalf of a user. These policies help prevent compromise and help ensure that agents cannot be misused by malicious actors.
Identity Governance for agents enables identity leaders to limit agent access to only resources they need, with access packages that can be scoped to a subset of the users permissions, and includes the ability to audit access granted to agents.
Prevent data oversharing and ensure agent compliance
Microsoft Purview capabilities in Agent 365 provide comprehensive data security and compliance coverage for agents. You can protect agents from accessing sensitive data, prevent data leaks from risky insiders, and help ensure agents process data responsibly to support compliance with global regulations.
Data Security Posture Management provides visibility and insights into data risks for agents so data security admins can proactively mitigate those risks.
Information Protection helps ensure that agents inherit and honor Microsoft 365 data sensitivity labels so that they follow the same rules as users for handling sensitive data to prevent agent-led sensitive data leaks.
Inline Data Loss Prevention (DLP) for prompts to Microsoft Copilot Studio agents blocks sensitive information such as personally identifiable information, credit card numbers, and custom sensitive information types (SITs) from being processed in the runtime.
Insider Risk Management extends insider risk protection to agents to help ensure that risky agent interactions with sensitive data are blocked and flagged to data security admins.
Data Lifecycle Management enables data retention and deletion policies for prompts and agent-generated data so you can manage risk and liability by keeping the data that you need and deleting what you donβt. Β
Audit and eDiscovery extend core compliance and records management capabilities to agents, treating AI agents as auditable entities alongside users and applications. This will help ensure that organizations can audit, investigate, and defensibly manage AI agent activity across the enterprise.
Communication Compliance extends to agent interactions to detect and enable human oversight of risky AI communications. This enables business leaders to extend their code of conduct and data compliance policies to AI communications.
Defend agents against emerging cyberthreats
To help you stay ahead of emerging cyberthreats, Agent 365 includes Microsoft Defender protections purpose-built to detect and mitigate specific AI vulnerabilities and threats such as prompt manipulation, model tampering, and agent-based attack chains.
Security posture management for Microsoft Foundry and Copilot Studio agents* detects misconfigurations and vulnerabilities in agents so security leaders can stay ahead of malicious actors by proactively resolving them before they become an attack vector.
Detection, investigation, and response for Foundry and Copilot Studio agents* enables the investigation and remediation of attacks that target agents and helps ensure that agents are accounted for in security investigations.
Runtime threat protection, investigation, and hunting** for agents that use the Agent 365 tools gateway, helps organizations detect, block, and investigate malicious agent activities.
AgentΒ 365 will be generally available on MayΒ 1, 2026, and priced at $15 per user per month. Learn more about Agent 365.
*These capabilities are in public preview and will continue to be on May 1.
**This new capability will enter public preview in April 2026 and continue to be on May 1.
Microsoft 365 E7: The Frontier Suite
Microsoft 365 E7 brings together intelligence and trust to enable organizations to accelerate Frontier Transformation, equipping employees with AI across email, documents, meetings, spreadsheets, and business application surfaces. It also gives IT and security leaders the observability and governance needed to operate AI at enterprise scale.
Microsoft 365 E7 includes Microsoft 365 Copilot, Agent 365, Microsoft Entra Suite, and Microsoft 365 E5 with advanced Defender, Entra, Intune, and Purview security capabilities to help secure users, delivering comprehensive protection across users and agents. It will be available for purchase on May 1, 2026, at a retail price of $99 per user per month. Learn more about Microsoft 365 E7.
Frontier Transformation is anchored in intelligence and trust, and trust starts with security. Microsoft Security capabilities help protect 1.6 million customers at the speed and scale of AI.1 With Agent 365, we are extending these enterprise-grade capabilities so organizations can observe, secure, and govern agents and delivering comprehensive protection across agents and users with Microsoft 365 E7.
Secure your Frontier Transformation today with Agent 365 and Microsoft 365 E7: The Frontier Suite. And join us at RSAC Conference 2026 to learn more about these new solutions and hear from industry experts and customers who are shaping how agents can be observed, governed, secured, and trusted in the real world.
To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.
Use of Microsoft 365 products in security testing is not a new concept. For a long time, Iβve incorporated various activities using Office products into my testing regimen. In the [β¦]
Patterson Cake // PART 1 PART 2 In part one of βWrangling the M365 UAL,β we talked about acquiring, parsing, and querying UAL data using PowerShell and SOF-ELK. In part [β¦]
Patterson Cake // In PART 1 of βWrangling the M365 UAL,β we talked about the value of the Unified Audit Log (UAL), some of the challenges associated with acquisition, parsing, [β¦]
Patterson Cake // When it comes to M365 audit and investigation, the βUnified Audit Logβ (UAL) is your friend. It can be surly, obstinate, and wholly inadequate, but your friend [β¦]
Steve Borosh // Why Phishing? Those of us on the offensive side of security often find ourselves in the position to test our clientsβ resilience to phishing attacks. According to [β¦]