Microsoft is moving Agent 365 out of preview, and the product says a lot about where enterprise AI is heading. The first big wave was about giving workers assistants. The next one is about giving IT a way to find, govern, and sometimes block the agents those workers and teams spin up.
Microsoft says Agent 365 is now generally available and is expanding with controls for unmanaged agents, local agents, and agents created on third-party platforms. Thurrott reported that the platform includes monitoring for AI agents, support for OpenClaw-created local agents, and integrations with Microsoft Defender and Intune.
From chatbot rollout to control plane
The practical shift is that agents are no longer being treated like a feature inside one app. They are becoming an inventory problem. If an agent can read files, call tools, move data between systems, or run code, then security teams need to know it exists and what it is allowed to do.
That is why Agent 365 is being positioned less like another Copilot feature and more like a management layer. Microsoft says organizations can discover local AI agents and apply controls, including blocking unmanaged agents. It also plans broader controls for coding agents such as GitHub Copilot CLI and Claude Code, according to Thurrott's summary of the announcement.
Why IT teams will care
The risk is not only malicious use. It is ordinary sprawl. A sales team may test one agent, finance may build another, developers may run coding agents locally, and operations may connect agents to internal systems. Each one can be useful in isolation while still creating a messy permission, audit, and data exposure problem.
Microsoft's answer is to pull agent governance into tools companies already use: Defender for detection and investigation, Intune for device and policy controls, and Microsoft 365 admin workflows for registry management. That gives Microsoft a strong default position because many large companies already run those systems.
Cross-cloud agents make this bigger
The most interesting part is not just Microsoft managing Microsoft agents. The company is also previewing registry sync for agents built on platforms such as AWS Bedrock and Google Gemini Enterprise Agent Platform, according to Thurrott. That matters because enterprise AI will not be single-vendor, even if vendors want it to be.
If registry sync works, Agent 365 could become a place where admins track agents across different clouds and business apps. If it does not, companies will end up with another dashboard that only sees part of the environment.
Microsoft is also previewing Windows 365 for Agents, a Cloud PC environment designed for agent workloads. That points to a future where some agents get their own managed compute environment instead of running loosely on employee devices.
The business angle
Agent 365 is available in Microsoft 365 E7 or as a standalone product at $15 per user per month, according to Thurrott. That pricing makes the strategy clear: Microsoft sees AI governance as a new enterprise security and management category, not just a bundled add-on.
For customers, the trade-off is familiar. Buying the Microsoft layer may simplify controls if they are already deep in Microsoft 365, Defender, and Intune. It may also increase dependence on Microsoft as the place where agent identity, policy, and observability come together.
What to watch next
The test will be whether Agent 365 can handle messy real-world agents, not just polished partner integrations. Local coding agents, open-source agent frameworks, browser-based agents, and department-built automations are exactly where shadow AI risk grows.
If Microsoft can make those visible and governable without breaking useful workflows, Agent 365 could become important infrastructure. If not, companies will still need separate controls for the most unpredictable part of the AI stack: the agents employees adopt before IT is ready.
