Microsoft released its Agent 365 management platform into general availability last week. The move signals that the governance challenge around autonomous AI is no longer theoretical. It is operational and urgent.

Agent 365 gives enterprise IT and security teams a single view to observe, govern and secure AI agents. The platform works across Microsoft's own ecosystem, third-party clouds like AWS Bedrock and Google Cloud, employee endpoints and SaaS agents from partner companies.

The most striking element of the launch is Microsoft's push to discover and manage local AI agents. These are coding assistants, personal productivity tools and autonomous workflows that employees install on their own devices. Often IT has no knowledge of them. Microsoft calls this phenomenon shadow AI. It represents an entirely new category of enterprise security risk.

Why This Matters

Enterprises already face problems from agents that operate outside governance. David Weston, Microsoft's Corporate Vice President of AI Security, told VentureBeat that companies struggle to find a balance between letting anything run and locking everything down. Without proper controls, agents can leak data or be hijacked by attackers.

Microsoft has observed three specific categories of security incidents. The most common involves developers connecting agents to sensitive backend systems without authentication. That exposes personal data or secrets to the internet. The second category is cross-prompt injection. Attackers embed malicious instructions in data sources like tickets or wikis that agents ingest. This is less common but carries higher impact. The third and most pervasive issue is that data sources and data loss prevention systems are not designed for agentic access patterns. They expose sensitive data to vendors or other third parties without proper oversight.

How Agent 365 works and what it costs

Agent 365 acts as a centralized registry and policy engine. It gives IT administrators a single view of every agent operating in their environment. This includes agents built with Microsoft Copilot Studio, deployed on AWS Bedrock, running as SaaS integrations from partners like Zendesk or SAP, or installed locally on a Windows machine.

The platform supports three categories of agents with different availability at launch. Agents that work on behalf of users with delegated access are generally available. Agents that operate behind the scenes with their own credentials are in preview. The platform costs $15 per user per month. Microsoft also offers a free tier with limited capabilities.

Weston said the goal is to help enterprises harness the potential of autonomous agents without falling into chaos. He described the current environment as a mix of YOLO and panic. Agent 365 aims to give companies a middle path.