Microsoft Agent 365 Now Generally Available, Enhancing AI Agent Security and Governance
Tools & Technology

Microsoft Agent 365 Now Generally Available, Enhancing AI Agent Security and Governance

Global · · microsoft.com

Microsoft has announced the general availability of Agent 365, a control plane designed to observe, govern, and secure AI agents across diverse environments. This release includes new capabilities for discovering and managing 'shadow AI' agents, supporting both local and cloud-hosted instances, and integrating with a broad ecosystem of SaaS agents and cloud platforms. The platform aims to help organizations confidently scale AI adoption while maintaining robust security and compliance.


The Challenge of AI Agent Sprawl and Security

The rapid proliferation of AI agents across enterprise environments, from Microsoft Copilot to independent SaaS agents and locally installed tools, presents significant challenges for internal audit and assurance professionals. These agents, capable of accessing data, invoking tools, and interacting with other agents, can quickly lead to data oversharing, tool misuse, or over-privileged actions if not properly managed. The core issue is a lack of visibility and control over these agents, creating an expanding attack surface and potential compliance risks. Internal auditors must recognize that traditional IT governance models may not adequately address the unique risks posed by autonomous AI agents.

Microsoft Agent 365: A Unified Control Plane for AI Governance

Microsoft Agent 365 is introduced as a comprehensive solution to address these challenges, offering a unified control plane for observing, governing, and securing AI agents. Key features and capabilities now generally available or in public preview include:

  • End-to-End Observability: Agent 365 provides visibility into agents operating with delegated access (on behalf of users) and those with their own credentials and permissions, including agents participating in team workflows.
  • Shadow AI Discovery and Management: Leveraging Microsoft Defender and Intune, the platform can discover local AI agents (e.g., OpenClaw, GitHub Copilot CLI) and cloud-hosted agents across platforms like AWS Bedrock and Google Gemini Enterprise Agent Platform. This allows for the application of appropriate controls, such as blocking unmanaged agents and assessing exposure.
  • Secured Operating Environments: Windows 365 for Agents offers a purpose-built, managed environment for agentic workloads, ensuring agents run within policy-controlled settings and adhere to existing identity, security, and management controls.
  • Ecosystem Integration: Agent 365 supports a wide range of prebuilt agents within Microsoft 365 and Teams, agents built with Microsoft Copilot Studio or Foundry, and a growing ecosystem of third-party SaaS agents from partners like Genspark, Zensai, Egnyte, and Zendesk.
  • Network Controls and Threat Protection: The platform extends Microsoft Entra network controls to inspect agent traffic, identify unsanctioned AI usage, restrict connections to approved destinations, and block malicious prompt-based attacks, thereby securing agents against internet threats.

Implications for Internal Audit and Assurance

For internal audit and assurance professionals, Microsoft Agent 365 offers a critical toolset for managing the risks associated with AI adoption. The ability to discover, inventory, and apply policy-based controls to AI agents, regardless of their origin or deployment method, is paramount for maintaining a strong control environment. Auditors can leverage Agent 365 to:

  • Verify compliance with data privacy regulations by monitoring agent access to sensitive information.
  • Assess the effectiveness of security controls over AI agents, including identity and access management, network security, and threat detection.
  • Evaluate the governance framework for AI, ensuring that agent deployment and operation align with organizational policies and risk appetite.
  • Provide assurance that the organization is effectively managing the expanding attack surface introduced by AI agents and mitigating the risks of data oversharing, misuse, and unauthorized actions.

The availability of partner services for planning, adoption, and ongoing management further supports organizations in establishing robust AI governance, enabling internal audit to focus on strategic oversight and risk assessment rather than granular technical implementation.


Read more
Comments

No comments yet. Be the first.


Sign in to join the discussion.

Sign in or Create account
Subscribe

By email

Get audit & assurance news in your inbox.


By feed reader

We publish RSS, Atom, and JSON feeds sliced by category and region.

View all feeds →

Have a tip? Submit a story or job →

Subscribe by email

Get audit & assurance news in your inbox. Or use a feed reader — view all feeds →