Microsoft takes Agent 365 out of preview as shadow AI becomes an enterprise threat
Microsoft made a significant move last week by taking Agent 365, its management platform for AI agents, out of preview and into general availability. This move signals that the software giant believes the governance challenge around autonomous AI is no longer theoretical but operational and urgent.
Agent 365, first announced at Microsoft’s Ignite conference in November, positions itself as a unified control plane that allows enterprise IT and security teams to observe, govern, and secure AI agents wherever they run. This includes inside Microsoft’s ecosystem, on third-party cloud platforms like AWS Bedrock and Google Cloud, on employee endpoints, and across a growing ecosystem of SaaS agents built by partner software companies.
One of the most striking elements of this launch is Microsoft’s focus on discovering and managing local AI agents, also known as “shadow AI.” This category of enterprise security risk involves the tools that employees are installing on their own devices without IT’s knowledge or approval. This phenomenon is new and poses a challenge that most organizations are just beginning to address.
David Weston, Corporate Vice President of AI Security at Microsoft, highlighted the urgency of managing autonomous agents, stating that enterprises are trying to strike a balance between allowing anything to run (YOLO) and shutting everything down (oh no).
The timing of Agent 365’s general availability reflects the fact that AI agents have outpaced the governance infrastructure designed to manage them. Security incidents related to AI agents are already occurring within enterprises, including exposing sensitive infrastructure, cross-prompt injection attacks, and inadequate data source and DLP system awareness.
Agent 365 serves as a centralized registry and policy engine for AI agents, providing IT administrators with a comprehensive view of all agents operating within their environment. The platform supports different types of agents and offers policy-based controls to set guardrails for agent behavior.
Microsoft is also introducing capabilities to discover and manage local AI agents installed on employee devices. The platform can detect and manage agents like OpenClaw and provide asset context mapping to assess the potential impact of compromised agents.
Furthermore, Microsoft is extending Agent 365’s governance reach to rival cloud platforms like AWS Bedrock and Google Cloud. This allows IT teams to automatically discover and inventory agents running on these platforms and perform lifecycle governance actions.
In addition, Microsoft is launching Windows 365 for Agents, providing Cloud PCs for high-risk AI workloads managed through Intune and governed by security controls. The platform also includes partnerships with ecosystem partners and services firms to enhance agent governance.
Overall, Microsoft’s approach with Agent 365 reflects the company’s belief that agents are the new apps and require the same level of enterprise controls. The phased adoption model outlined by Weston emphasizes the importance of visibility, identity and access management, isolation, control, and visibility for managing AI agents effectively.
As enterprises navigate the agentic era, Microsoft’s comprehensive approach to governance and security with Agent 365 positions the company as a leader in managing the challenges of autonomous AI agents in the modern workplace.
