Problem
The 2026 enterprise not only has shadow IT. It has shadow AI: agents created in different tools, with different permissions, by different teams, for tasks that sometimes no one has catalogued.
Microsoft Agent 365, generally available since May 2026, targets that problem. It does not aim to be just another agent builder. It positions itself as a control plane: inventory, security, observability, and governance for agents both inside and outside the Microsoft ecosystem.
The message is clear: when any area can create agents, the bottleneck ceases to be creation. It becomes control.
Thesis
Agent 365 matters because it names a new layer of the operating model: management of non‑human workforce.
Until now, enterprises governed users, devices, applications, and data. Now they need to govern agents: which exist, who created them, what permissions they have, what data they touch, what actions they execute, and what impact they produce.
The agents control plane is not a security feature. It is an organizational design element.
Framework
An agent inventory must answer seven questions:
- Identity: which agent it is and who owns it.
- Purpose: what work it should do and what it should not do.
- Permissions: which data, tools, and actions are allowed.
- Risk: what damage it could cause if it fails.
- Observability: which logs and metrics it produces.
- Escalation: when it should request human assistance.
- Retirement: how it is shut down if it stops delivering value.
Mini‑case: marketing creates an agent to prepare briefs, finance creates another for reconciliation, IT creates another for internal tickets. Each seems minor. Together they form a parallel operational force. Without an inventory, no one knows which agents exist. With a control plane, each agent becomes a governable resource.
Measurable signal: percentage of active agents with owner, purpose, permissions, and documented retirement criteria.
Stance: you cannot scale agents if you don’t first know how many you have.
Why it matters now
Microsoft presented Agent 365 as part of its “Frontier Transformation” suite and describes it as a layer to keep agents governed, observable, and secure. In May 2026, general availability places it at the center of the enterprise conversation alongside Microsoft 365 E7, Copilot, and third‑party agent management.
The important phrase is not “create agents”. It is “operate agents”.
Anti‑example
“Agents live inside approved tools, so they are already controlled.”
Not always. An approved agent can call an unchecked integration, generate undocumented decisions, or duplicate another agent’s work. Control must not end at the tool. It must follow the action.
Protocol (3 steps)
- Conduct an agent census. Include Copilot Studio, Azure AI Foundry, Claude Code, OpenAI, internal scripts, and no‑code workflows.
- Classify by impact. Informational, productive, transactional, regulated.
- Define lifecycle. Onboarding, review, permission change, suspension, and retirement.
| Agent type | Primary risk | Minimum control |
|---|---|---|
| Informational | incorrect response | source and owner |
| Productive | duplicated work | log and version |
| Transactional | undesired action | approval and rollback |
| Regulated | non‑compliance | audit and segregation |
Related
- AI Governance Backlog: turning risk into executable work
- AI Decision Ledger: the record that separates learning from noise
- AI Tool Sprawl: too many tools destroy decision
Sources consulted
- Microsoft Agent 365: the control plane for agents
- Microsoft Agent 365, now generally available, expands capabilities and integrations
- Microsoft 365 Copilot, human agency, and the opportunity for every organization
Next step
Create a list of real agents in your organization, not of tools. If the list does not exist, that is the first governance backlog.
Translated from the Spanish original with AI assistance and reviewed for accuracy. Read the original in Spanish.