Home Overview AI Risk Products Agent 365 Identity MCP Threats Frameworks Gaps Playbooks CS vs Foundry Changelog Contact
๐Ÿ“Œ Author's note: This site synthesises the author's own understanding from publicly available Microsoft documentation, official Microsoft Security blog posts, RSAC 2026 announcements, and insights from Microsoft Security professionals and MVPs. It is independent and not affiliated with or endorsed by Microsoft.
โœ… GA May 1, 2026 ยท $15/user/month

Microsoft
Agent 365

The enterprise control plane for AI agents. Agent 365 doesn't build or host agents โ€” it wraps agents you've already built in enterprise-grade identity, governance, observability, and security controls.

GA May 1, 2026 $15/user/month standalone Included in M365 E7 ($99/user/mo)
What Agent 365 Is

The enterprise layer above your agent logic

Agent 365 is not an agent builder or hosting platform. It is a management and security layer that sits above whatever platform your agents run on โ€” Copilot Studio, Microsoft Foundry, LangChain, OpenAI Agents SDK, or anything else. Once an agent is onboarded to Agent 365, it gains enterprise-grade controls it didn't have before.

๐Ÿชช
Entra-backed Agent Identity
Each agent gets its own identity in Microsoft Entra ID โ€” including a dedicated mailbox and user resources for secure authentication. Enables Conditional Access, ID Protection, and lifecycle governance per agent.
๐Ÿ”Œ
Governed MCP Tool Access
Agents invoke MCP servers under admin control via the Agent Tooling Gateway (ATG). Tool invocations are evaluated by Defender before execution โ€” unsafe actions blocked in real time. No open-ended permissions.
๐Ÿ“Š
OpenTelemetry Observability
Agent interactions, inference events, and tool usage are instrumented automatically via the Agent 365 SDK. All events routed to Microsoft 365 audit logs โ€” visible in Defender Advanced Hunting via the AIAgentsInfo table.
๐Ÿ“‹
Blueprint-Based Governance
Each agent operates within an IT-approved blueprint defining capabilities, required MCP accesses, security constraints, audit requirements, and linked DLP or external access policies. Consistent configuration at scale.
๐Ÿ””
M365 Notifications
Agents can participate in M365 apps like a human participant โ€” via @mentions in Teams, comments in Word, and Outlook notifications. Enables agents to surface work to users in their existing workflows.
๐Ÿ›ก๏ธ
Defender Integration
Agents registered with Agent 365 appear in the AIAgentsInfo Advanced Hunting table (RegistrySource == "A365"). Near-real-time threat detection, incident alerts, and investigation via Defender portal โ†’ Settings โ†’ Security for AI.
Platform Support

Agent 365 is platform-agnostic

Agent 365 works with agents built on any platform and hosted anywhere. This is not a Microsoft-only capability.

๐Ÿค–Copilot Studio
๐ŸญMicrosoft Foundry
๐Ÿ”—LangChain SDK
๐Ÿค–OpenAI Agents SDK
๐ŸฆพClaude Code SDK
โš™๏ธMicrosoft Agent Framework
โ˜๏ธAWS Bedrock
๐ŸŒGCP Vertex AI
๐Ÿ“Œ What "platform-agnostic" means in practice

You add the Agent 365 SDK to your agent code. Once instrumented, the agent registers with Agent 365 regardless of where it runs โ€” Azure, AWS, GCP, or your own infrastructure. The SDK handles the Entra identity registration, OpenTelemetry event emission, and ATG integration automatically. You don't rewrite your agent; you add a governance layer around it.

Licensing

Two ways to get Agent 365

$15
PER USER / MONTH ยท GA MAY 1, 2026
Agent 365 Standalone
Agent inventory and governance control plane
Entra Agent ID for all onboarded agents
Defender Security for AI integration
Agent Tooling Gateway (ATG) real-time protection
Agent 365 SDK and CLI
AIAgentsInfo Advanced Hunting (A365 agents)

โš ๏ธ Per-user, not per-agent. Governance scope doesn't automatically scale with agent count. An organisation with 50 licensed users but 500 deployed agents has a coverage gap. Plan accordingly.

$99
PER USER / MONTH ยท GA MAY 1, 2026
Microsoft 365 E7 โ€” The Frontier Suite
Everything in Agent 365 standalone
Microsoft 365 Copilot (M365 AI assistant)
Microsoft 365 E5 (full compliance + security stack)
Entra Suite (all Entra products bundled)
Best for orgs deploying Copilot + agents together
Single SKU replacing multiple add-ons

๐Ÿ’ก When E7 makes sense: If you're buying M365 Copilot + E5 + Entra Suite anyway, E7 likely costs less than the sum of parts. Run the numbers โ€” the break-even depends on your existing licence baseline.

Access & Preview

Frontier programme โ€” current preview access

Agent 365 is GA on May 1, 2026. Before that date โ€” and for some advanced preview features โ€” access is via the Microsoft Frontier programme.

1
Enrol in Frontier โ€” go to adoption.microsoft.com/copilot/frontier-program and request access. Frontier gives early access to Agent 365, Entra Agent ID, and related preview capabilities.
2
Enable in Power Platform admin center โ€” for Copilot Studio agents: Power Platform admin โ†’ Copilot โ†’ Settings โ†’ Entra Agent Identity for Copilot Studio โ†’ On. This makes new Copilot Studio agents Modern agents automatically.
3
Connect Defender โ€” Defender portal โ†’ Settings โ†’ Security for AI agents โ†’ enable and connect your Agent 365 tenant. Agents registered with Agent 365 start appearing in AIAgentsInfo.
4
Instrument custom agents โ€” add the Agent 365 SDK to agents not on Copilot Studio. This gives them Entra identity, OpenTelemetry observability, and ATG real-time protection. Available on PyPI and npm.
Security Coverage

What you get โ€” by agent type

Coverage depth varies depending on how the agent was built and whether the Agent 365 SDK is integrated.

Agent type Discovery (AIAgentsInfo) Threat detection Real-time protection (ATG) Requires
Copilot Studio agents โœ“ Automatic
RegistrySource == "PowerPlatform"		 โœ“ Extended alert set
Audit logs sent by default		 โœ“ Available Power Platform connector enabled in Defender
Agent 365 SDK agents โœ“
RegistrySource == "A365"		 โœ“ Near-real-time
Requires M365 audit log routing		 โœ“ ATG Agent 365 licence + SDK integration
Foundry / Bedrock / Vertex AI โœ“ UI inventory โš  Limited โ€” no SDK โŒ Without SDK Agent 365 SDK required for detection + ATG
Classic Copilot Studio agents โœ“ via PowerPlatform connector โš  Basic only โœ“ Existing Defender RT No Agent 365 needed โ€” but no Entra Agent ID
Key KQL โ€” Agent 365 Agents

Essential Advanced Hunting queries

Use RegistrySource == "A365" to target Agent 365-registered agents specifically. See Playbook 01 Step 8 for the full query set.

// All A365 registered agents
AIAgentsInfo
| where RegistrySource == "A365"
| summarize arg_max(Timestamp, *) by AIAgentId
| where AgentStatus != "Deleted"
| project AIAgentId, AIAgentName, AgentStatus, IsBlocked, AIModel, Instructions

// Agents with no instructions โ€” prompt injection risk
AIAgentsInfo
| where RegistrySource == "A365"
| summarize arg_max(Timestamp, *) by AIAgentId
| where isempty(Instructions) or Instructions == "N/A"
| project AIAgentId, AIAgentName, Instructions

// Agents with MCP tools โ€” expanded attack surface
AIAgentsInfo
| where RegistrySource == "A365"
| summarize arg_max(Timestamp, *) by AIAgentId
| where isnotempty(AgentActionTriggers)
| extend Triggers = parse_json(AgentActionTriggers)
| mv-expand Trigger = Triggers
| where Trigger.type == "RemoteMCPServer"
| project AIAgentId, AIAgentName, Trigger.type
โ† PREVIOUSProducts NEXT โ†’Identity
STAY UPDATED
Get notified when Microsoft AI security changes
Monthly updates โ€” free, no spam.
Subscribe to updates โ†’
SOURCES: Microsoft Agent 365 documentation ยท Cloudpartner.fi Defender + Agent 365 integration (April 2026) ยท Microsoft RSAC 2026 announcements
Last updated: April 17, 2026