Hightouch's $150M Raise Signals the End of Human-Run Marketing Campaigns
With governance capabilities spanning Microsoft, AWS, and Google Cloud AI agents, Microsoft is betting that owning the control layer is worth more than owning the agents themselves.
By Raj Patel, AI & Infrastructure · May 29, 2026
Microsoft Agent 365 is now GA: an AI agent control plane that inventories, governs, and enforces policy on all AI agents across the enterprise stack.
Frequently Asked Questions
What is Microsoft Agent 365 and what does it do?
Microsoft Agent 365 is an enterprise governance layer for AI agents, generally available as part of Microsoft 365 E3 and E5 plans as of May 2026. It provides four core capabilities: agent inventory (automatically discovering all AI agents making Microsoft Graph API calls in your tenant, including third-party tools), policy enforcement (allowing IT administrators to set granular rules about which users can access which agents and what data those agents can read or write), usage analytics (aggregate reporting on agent adoption across departments), and audit logging (tamper-resistant records of all agent actions within the tenant for compliance purposes). The system operates at the Microsoft Entra ID identity layer, which means policies apply regardless of what endpoint or device the agent is accessed from. Agent 365 also includes a connector framework that extends governance to non-Microsoft agents from AWS, Google, and OpenAI.
How does Microsoft Agent 365 handle multi-cloud AI governance?
Agent 365 uses a connector framework to extend governance to AI agents running outside the Microsoft ecosystem. AWS Bedrock agents, Google Vertex AI agents, and OpenAI-based agents can be registered in the Agent 365 inventory if they implement the connector specification published by Microsoft. Once registered, governance policies apply at the connector boundary: the agent can only access Microsoft 365 data through the connector, which enforces approved OAuth scopes. Crucially, the enforcement still runs through Microsoft Entra ID infrastructure, which means organizations with large non-Microsoft footprints—Google Workspace shops, AWS-native companies—may find the governance architecture less seamless than for Microsoft-centric environments. Those organizations should evaluate whether Microsoft's connector framework meets their multi-cloud governance requirements or whether a third-party identity governance solution provides better coverage.
What does Microsoft Agent 365 cost and how does licensing work?
Microsoft Agent 365 governance capabilities are included at no additional charge in Microsoft 365 E3 and E5 plans. For organizations on lower-tier Microsoft 365 plans, Agent 365 governance features are available as an add-on at $15 per user per month. The agent inventory and discovery features specifically are available to all Microsoft 365 commercial tenants without additional licensing, which means there is no cost barrier to running the discovery phase. Microsoft 365 E3 runs approximately $36 per user per month (pricing as of 2026, subject to change) and E5 runs approximately $57 per user per month. Organizations that have already invested in E3 or E5 licensing should activate Agent 365 immediately—there is no incremental cost and the governance data has immediate value regardless of whether you move to enforcement.
How does Microsoft Agent 365 compare to ServiceNow AI governance tools?
ServiceNow's AI Agent Orchestrator approaches AI governance from a workflow and IT service management lens: it focuses on defining what AI agents are authorized to do within IT processes, approval workflows for agent actions, and integration with existing ITSM change management. Microsoft Agent 365 operates at the identity and infrastructure layer, governing which agents can access enterprise data at all. The two tools address different parts of the governance problem. Microsoft's approach is more foundational—if an agent isn't authorized in Entra ID, it can't access Microsoft 365 data, period. ServiceNow's approach is more procedural—it manages what authorized agents are allowed to do within ServiceNow workflows. For Microsoft-heavy enterprises, Agent 365 provides a more comprehensive governance baseline. Organizations that run their enterprise operations primarily through ServiceNow workflows may find that ServiceNow's governance tooling integrates more naturally with their existing processes.
Can Microsoft Agent 365 control third-party AI agents from OpenAI, Anthropic, or other vendors?
Agent 365 can govern third-party agents' access to Microsoft 365 data through its connector framework, but it cannot control what those agents do with information they receive or how they operate within their own systems. When a third-party agent implements the Agent 365 connector specification, Microsoft can enforce what data scopes the agent is permitted to request (email read, calendar write, SharePoint read, etc.) and can revoke those permissions at the identity layer if needed. What Agent 365 cannot do is inspect or audit the internal processing of a third-party agent, prevent the agent from storing information in its own systems, or enforce output policies on what the agent generates. Organizations seeking comprehensive governance of third-party agent behavior—including output monitoring and data handling—will need to supplement Agent 365 with contractual agreements with the AI vendor and additional monitoring tooling specific to each platform.
Related Articles
Topics: AI, Enterprise, Distribution & Strategy, SaaS, Product Management
Browse all articles | About Signal