Analyst(s): Keith Kirkpatrick, Brad Shimmin
Publication Date: May 8, 2026
Microsoft has made Agent 365 generally available for commercial customers, delivering a unified control plane to observe, govern, and secure AI agents across Microsoft and partner ecosystems. The release signals Microsoft’s intent to own the governance layer for enterprise agentic AI, extending identity, endpoint, and network controls to agents regardless of where they originate or operate.
What is Covered in This Article:
- Microsoft Agent 365 general availability and new capabilities
- Cross-cloud agent discovery spanning AWS and Google Cloud
- Windows 365 for Agents as managed runtime infrastructure
- Network-level controls applied to agent traffic
- Ecosystem partner coverage and governance implications.
The News: Microsoft announced the general availability of Agent 365, a control plane designed to observe, govern, and secure AI agents and their interactions across Microsoft and partner environments. The platform supports agents operating with delegated user access, agents running behind-the-scenes automation with their own credentials, and agents participating in team workflows with their own permissions. New capabilities include cross-cloud registry sync with AWS Bedrock and Google Cloud connections in public preview, local agent discovery and management via Microsoft Defender and Intune, and Windows 365 for Agents in public preview for the United States. Agent 365 extends Microsoft Entra network controls to Copilot Studio agents and to agents running on user endpoint devices, including local agents such as OpenClaw. The platform now supports agents in Microsoft 365 Copilot and Teams, agents built with Copilot Studio or Microsoft Foundry, and agents built by partner software development companies. Since March 2026, ecosystem support has expanded to include partners such as Genspark, Zensai, Egnyte, Zendesk, and agent factories such as Kasisto, Kore, and n8n.
Microsoft Agent 365 Turns Shadow AI Into a Governed Asset Class
Analyst Take: Microsoft’s decision to position Agent 365 as a governance layer rather than an agent-building platform represents a distinct strategic choice in the enterprise agentic AI market. Where competitors race to help enterprises create agents, Microsoft is betting that the harder and more durable problem is controlling them once they exist. This is a bet grounded in the reality that enterprises will inevitably run agents across multiple vendors, clouds, and runtime environments.
The cross-cloud inventory capability extending to AWS Bedrock and Google Cloud is particularly notable, as it acknowledges that agent sprawl won’t respect platform boundaries. Microsoft is applying the same logic it used to establish Azure Active Directory as the enterprise identity standard: become the governance default before governance becomes optional.
The Control Plane as Strategic Moat
Microsoft’s approach with Agent 365 mirrors its historical strategy of owning management and identity layers rather than competing solely on workload execution. By extending discovery and policy enforcement to agents running on AWS Bedrock and Google Cloud, Microsoft positions itself as the governance authority even for agents that never touch Azure. This is designed to address the expected reality for many enterprises: homegrown DIY agents, platform agents, and application or workflow agents coexisting with specific roles, functions, and dependencies. Managing these agents without elevating or deprecating any specific agent or agent type will be key to ensuring workflows are executed efficiently and effectively.
The company’s existing footprint in enterprise identity through Entra, endpoint management through Intune, and threat detection through Defender gives it an integration advantage that pure-play governance startups can’t easily replicate. Enterprises already running Microsoft 365 inherit Agent 365 governance through familiar admin workflows, which dramatically lowers adoption friction compared to deploying a standalone agent management platform.
The inclusion of partner agents from Zendesk, Egnyte, and agent factories such as n8n, without requiring additional integration work by IT teams, demonstrates how Microsoft intends to make Agent 365 the path of least resistance. The implication is that Microsoft doesn’t need to win the agent creation market; it merely needs to become the default place where agent behavior is observed, constrained, and audited.
Shadow AI Visibility Becomes an Endpoint Problem
The decision to surface local agent discovery through Microsoft Defender and Intune reframes agentic AI governance as an endpoint security concern, not just a cloud administration task. Initial coverage targets OpenClaw, with planned expansion to other local agents such as GitHub Copilot CLI and Claude Code, suggesting Microsoft views developer workstations as a primary vector for unmanaged agent proliferation.
Shadow AI visibility in the Microsoft 365 admin center allows administrators to see where supported local agents are running and apply Intune policies to block common execution methods. Defender context mapping, arriving in June 2026, will map relationships between agents, devices, configured Model Context Protocol (MCP) servers, associated identities, and reachable cloud resources to help assess exposure. The framing here is significant: Microsoft treats local AI agents with the same security posture it applies to potentially malicious software on managed endpoints. Whether enterprises will accept that framing — and the implied control it grants IT over developer tooling — remains an open question.
Windows 365 for Agents Redefines Cloud PC Economics
Windows 365 for Agents introduces a managed Cloud PC environment specifically designed for agent workloads, governed by Intune policies and observable through Agent 365. The concept extends Microsoft’s existing Cloud PC infrastructure from human users to non-human compute actors, creating a policy-controlled sandbox where agents can execute tasks without direct access to production systems or sensitive data stores.
Agent 365 integration means that agents running on Windows 365 for Agents inherit the same observation and security capabilities applied to all other governed agents. The public preview is currently limited to the United States, which suggests Microsoft is staging a controlled rollout before broader availability. From a monetization perspective, this creates a new consumption surface: enterprises may soon purchase Cloud PC capacity not for employees but for the agents those employees deploy. The question is whether dedicated agent infrastructure becomes a meaningful revenue line or remains a niche use case for compliance-heavy industries.
Ecosystem Breadth as a Governance Prerequisite
Agent 365’s expansion to cover agents from Genspark, Zensai, Egnyte, Zendesk, and agent factories such as Kasisto, Kore, and n8n demonstrates that Microsoft views ecosystem breadth as a prerequisite for governance credibility. A control plane that only governs first-party agents offers limited value in an enterprise environment where third-party and partner-built agents proliferate across business functions. By supporting agents built with Copilot Studio, Microsoft Foundry, and external partner development environments without requiring additional integration work, Microsoft removes a common objection to centralized governance adoption.
In addition, the inclusion of agent factories — platforms that generate agents at scale — is particularly relevant, as it addresses the scenario where agent creation outpaces manual registration and policy assignment. Microsoft’s agent showcase of ecosystem partners now functions as both a marketplace and a governance registry, creating a dual incentive for partners: distribution in exchange for observability. The risk is that partners with competing governance ambitions may resist the level of visibility Agent 365 demands.
What to Watch:
- Will AWS and Google Cloud actively support or passively resist Microsoft’s cross-cloud agent discovery, and how will registry sync permissions be negotiated?
- How quickly will enterprises move from agent inventory and observation to active runtime blocking, given the potential for business disruption?
- Will the June 2026 public preview of local agent policy controls create friction with developer teams accustomed to running AI tools without IT oversight?
- Can Windows 365 for Agents establish a new infrastructure category, or will enterprises default to running agents on existing compute without dedicated sandboxes?
- How will Microsoft price Agent 365 capabilities relative to the E5 and E7 license tiers, and will governance become a standalone SKU?
See the full press release on Microsoft’s Agent 365 general availability announcement on the company’s website.
Declaration of generative AI and AI-assisted technologies in the writing process: This content has been generated with the support of artificial intelligence technologies. Due to the fast pace of content creation and the continuous evolution of data and information, The Futurum Group and its analysts strive to ensure the accuracy and factual integrity of the information presented. However, the opinions and interpretations expressed in this content reflect those of the individual author/analyst. The Futurum Group makes no guarantees regarding the completeness, accuracy, or reliability of any information contained herein. Readers are encouraged to verify facts independently and consult relevant sources for further clarification.
Disclosure: Futurum is a research and advisory firm that engages or has engaged in research, analysis, and advisory services with many technology companies, including those mentioned in this article. The author does not hold any equity positions with any company mentioned in this article.
Analysis and opinions expressed herein are specific to the analyst individually and data and other information that might have been provided for validation, not those of Futurum as a whole.
Other Insights From Futurum:
Microsoft Q3 FY 2026 Earnings Show Cloud Growth, With Capacity Still Tight
Is Microsoft Dynamics 365 Contact Center the Catalyst for Agentic CX at Scale?
Will Microsoft’s Unified AI Agents Force Contact Center Vendors to Rethink Their Playbooks?
Author Information
Keith Kirkpatrick is VP & Research Director, Enterprise Software & Digital Workflows for The Futurum Group. Keith has over 25 years of experience in research, marketing, and consulting-based fields.
He has authored in-depth reports and market forecast studies covering artificial intelligence, biometrics, data analytics, robotics, high performance computing, and quantum computing, with a specific focus on the use of these technologies within large enterprise organizations and SMBs. He has also established strong working relationships with the international technology vendor community and is a frequent speaker at industry conferences and events.
In his career as a financial and technology journalist he has written for national and trade publications, including BusinessWeek, CNBC.com, Investment Dealers’ Digest, The Red Herring, The Communications of the ACM, and Mobile Computing & Communications, among others.
He is a member of the Association of Independent Information Professionals (AIIP).
Keith holds dual Bachelor of Arts degrees in Magazine Journalism and Sociology from Syracuse University.
Brad Shimmin is Vice President and Practice Lead, Data Intelligence, Analytics, & Infrastructure at Futurum. He provides strategic direction and market analysis to help organizations maximize their investments in data and analytics. Currently, Brad is focused on helping companies establish an AI-first data strategy.
With over 30 years of experience in enterprise IT and emerging technologies, Brad is a distinguished thought leader specializing in data, analytics, artificial intelligence, and enterprise software development. Consulting with Fortune 100 vendors, Brad specializes in industry thought leadership, worldwide market analysis, client development, and strategic advisory services.
Brad earned his Bachelor of Arts from Utah State University, where he graduated Magna Cum Laude. Brad lives in Longmeadow, MA, with his beautiful wife and far too many LEGO sets.
