On May 1, 2026, Microsoft will launch Agent 365, a new governance solution for enterprise agentic AI. This revolutionary tool will empower companies to discover, monitor, and govern agentic AI solutions that their teams are already using or may use in the future.
In a word, it’s a game-changer for agentic AI.
But what exactly can Agent 365 do?
Is it available outside Microsoft’s new E7 package?
What does it take to manage Agent 365 in-house?
We’ve got all the answers below.
Key takeaways:
- Microsoft Agent 365 gives IT administrators programmatic visibility and control over the use of AI agents within their organization.
- Starting May 1, Agent 365 will be available as a separate purchase or as part of Microsoft 365 E7.
- M365 E7 is a new bundle that includes everything in M365 E5 (which is the entire Office, Defender, Intune, and Purview product line), plus Office Copilot, plus the new Agent 365. The price of the bundle is a few dollars less than the sum cost of the individual components.
- Agent 365 allows organizations to govern both Microsoft-derived agents as well as third-party agents that access internal data and systems.
- Agent 365 cannot control the actual operation of AI agents, only their access, permissions, and handling of your internal data.
What is Microsoft Agent 365?
Microsoft Agent 365 is an enterprise control plane for AI agents that lets organizations observe, govern, and secure all AI agents at scale, regardless of where those agents are built or acquired. The solution is designed to move companies from risky, ad‑hoc AI experiments to production‑grade, compliant, and manageable agentic AI across Microsoft 365 and third‑party systems.
Agent 365 will be available separately or as part of Microsoft’s new E7 package for Microsoft 365. Both Agent 365 and E7 will become available to customers on May 1, 2026.
What capabilities does Agent 365 provide?
Microsoft Agent 365 provides a centralized set of capabilities for governing, securing, and operating AI agents at scale in an enterprise context. Microsoft positions the solution as the “control plane for agents,” extending identity, security, and observability models traditionally used for users to AI agents.
Here are the core capabilities of Agent 365.
- Agent inventory and registry. Agent 365 can discover all agents in use, including sanctioned, third‑party, and “shadow” agents.
- Identity and access control. Agent 365 assigns each agent a Microsoft Entra Agent ID, enabling least‑privilege access, conditional access, and lifecycle management.
- Observability and monitoring. Agent 365 allows administrators to track agent behavior, performance, actions, and business impact in real time.
- Security and compliance. Agent 365 integrates with Microsoft Defender and Purview to detect risky behavior, protect data, and investigate incidents involving agents.
- Governance at scale. Agent 365 allows administrators to apply policies, guardrails, and automated lifecycle rules (e.g., flagging risky or ownerless agents).
What is Microsoft 365 E7?
E7 is Microsoft’s new top‑tier enterprise licensing suite for M365, officially called Microsoft 365 E7: The “Frontier Suite”. It’s designed for organizations that are ready to operationalize AI at scale, moving beyond ad hoc use of Copilot and third-party AI tools to a human‑led, agent‑operated way of working with built‑in security, identity, and governance.
What’s included in Microsoft 365 E7:
- Microsoft 365 E5 – Core Office apps plus Microsoft’s most advanced security, compliance, and analytics capabilities
- Microsoft 365 Copilot – AI embedded across Word, Excel, PowerPoint, Outlook, Teams, and Copilot Chat
- Agent 365 – A centralized control plane to observe, govern, and secure AI agents at enterprise scale
- Microsoft Entra Suite – Advanced identity, access, and Zero Trust controls for users, apps, and agents
- Advanced Defender, Intune, and Purview capabilities – For threat protection, endpoint management, and data governance
How does Microsoft 365 E7 compare to E5?
At a high level, Microsoft 365 E5 is designed to support enterprise productivity and security requirements. E7 takes these capabilities and adds centralized, programmatic governance for AI agents.
Here’s a full breakdown of E5 vs. E7.
Category | Microsoft 365 E5 | Microsoft 365 E7 (Frontier Suite) |
Primary focus | Secure cloud productivity and compliance | Secure cloud productivity and compliance PLUS enterprise-‑scale, fully governed agentic AI |
Copilot | Not included (licensed separately) | Included by default across Microsoft 365 apps |
Agentic AI capabilities | Limited to Copilot features and basic agents | Full agentic AI support, including Copilot agents and multi‑step autonomous workflows |
AI agent governance | No centralized agent control plane | Built-in via Agent 365: centralized inventory, identity, monitoring, security, and lifecycle management for AI agents |
Agent identity & access control | User-centric identity only (Entra ID for people/apps) | Agents treated as first-class identities using Microsoft Entra Agent IDs with least-privilege access |
Security & compliance | Advanced Defender, Purview, Intune, compliance tooling | Same E5 security stack plus agent-level security and compliance enforcement |
Intended use case | Organizations focused on secure productivity and compliance | Organizations ready to operationalize AI and AI agents at scale with full governance capabilities |
Pricing (list) | ~$57–$60/user/month (Copilot extra) | $99/user/month, bundled |
If you were to purchase each of the three (3) primary components of M365 E7 individually, the cost would be $102-$105/user/month, so there is a modest cost savings present in the bundle.
What are the security risks of agentic AI?
Agentic AI introduces a new class of security risks that go beyond traditional generative AI or automation threats. The risks stem from the fact that agents don’t just generate content; they interact with systems, data, identities, and workflows—and they can act autonomously.
Here are the common risks associated with agentic AI. (Note: Agent 365 empowers organizations to address each of these risks.)
- Identity and access abuse. Agentic AI systems often require broad, persistent access to applications, APIs, files, and SaaS platforms to perform meaningful work. Over-privileged agents can access more data than intended, while compromised agents can act like autonomous insider threats.
- Shadow agents and AI sprawl. Business users, given the opportunity, often create agents using low-code tools, plugins, or SaaS-embedded AI assistants. IT administrators rarely have visibility into these ad hoc agents, which means they aren’t monitored or patched.
- Data leakage and oversharing. Agents often aggregate data from multiple sources to execute complex tasks. This can lead to the exposure of sensitive data to unintended users, systems, or external tools.
- Noncompliance with regulation. The data security risks of agentic AI can extend into the realm of compliance. Agentic AI can violate regulatory requirements without alerting administrators that it’s doing so.
- Autonomous execution of harmful actions. Unlike chatbots, agentic AI can initiate and complete actions without human review. This can lead to deleting or modifying critical data, sending emails inappropriately, misconfiguring systems or user permissions, or triggering workflows that create real-world business impact. (Think cyber-Frankenstein’s monster.)
How does Agent 365 deal with the security risks of agentic AI?
Agent 365 addresses the security risks of agentic AI by treating AI agents like privileged digital workers and applying enterprise‑grade identity, security, monitoring, and governance controls to them. Instead of trying to “trust” autonomous agents, Agent 365 is designed to constrain, observe, and secure their behavior at scale.
Here’s how Agent 365 addresses each type of risk associated with agentic AI.
- Identity sprawl → Agent identities and least‑privilege access. Agent 365 assigns each agent a unique identity in Microsoft Entra. The tool also enforces least-privilege access to data, apps, APIs, and tools—and it applies conditional access policies, just as Entra does with human users.
- Shadow agents → Centralized discovery and inventory. Agent 365 maintains a central registry of all agents, including Microsoft-built solutions, third-party tools, internally developed agents, and unsanctioned or ownerless agents. This gives IT and security teams full visibility into what agents exist and where they operate.
- Data leakage → DLP and auditing. Agent 365 integrates with Microsoft Purview to extend DLP (data loss prevention) policies to watch how agents interact with an organization’s internal data. The tool also logs what data agents access, create, or share, enabling audit trails for forensic purposes.
- Noncompliance → Compliance-oriented governance and auditing. Agent 365’s integration with Purview also allows organizations to control and audit agent interaction with data for compliance-related purposes.
- Unsupervised agentic decisions → Guardrails and policy-driven execution. Agent 365 applies policy guardrails that limit which tools agents can use, which systems they can modify, and which data they can access or share. This allows administrators to programmatically block risky behaviors and bring the productivity of agentic work under full control.
Can Agent 365 help govern and secure third-party AI tools?
Yes, Agent 365 can help govern and secure third‑party AI tools, but with important boundaries. It does not magically control every external AI product on its own. Instead, Agent 365 governs how third‑party AI agents interact with your Microsoft environment, your data, your applications, and your users.
What does it take to manage and secure AI agents in-house?
Even with Agent 365 in place, managing and securing AI agents in‑house is a full‑stack operational effort. Because agentic AI can plan, act, and execute autonomously, organizations must treat agents like privileged digital workers with their own identities, access, monitoring, and lifecycle controls. Managing these AI agents from a security perspective creates additional work for an organization’s existing IT and security personnel.
Here are the resources and functions that need to be covered to manage AI agents in-house.
- Dedicated people with the right skillsets
- IAM (identity and access management)
- Threat detection and incident response
- Data protection and compliance controls
- Governance and lifecycle management
This is a tall order for many companies, which is why they choose to engage an MSSP (managed security service provider) to help manage and secure their AI agents.
The takeaway: Secure your AI agents with expert assistance
Agent 365 delivers incredible capabilities to secure AI agents at scale, but it also creates more work for security teams. If you need help leveraging the power of AI agents securely, get in touch with us. Corsica Technologies has helped 1,000+ companies solve their technology challenges. We are a long-standing, proven Microsoft Solutions Partner for Security with specializations in Cloud Security, Identity and Access Management, and Threat Protection, and a member of the Microsoft Intelligent Security Association (MISA). Contact us today, and let’s get started on your Agent 365 or M365 E7 journey.
