Microsoft Agent 365 Is Live: Why Every CTO Now Needs an AI Agent Control Plane

The question used to be whether your organization was ready for AI agents. That question is now settled. The agents are already there. The question is whether anyone is watching them.

On May 1, 2026, Microsoft shipped a direct answer to that problem: an agent control plane built for enterprise security and IT teams. And within three weeks, every major enterprise platform vendor followed with something similar. May 2026 may be the month the governance category became real.

What Microsoft Actually Shipped

According to the Microsoft Security Blog, Microsoft Agent 365 reached general availability (GA) on May 1, 2026, priced at $15 per user per month. It is also bundled into the new Microsoft 365 E7 subscription tier, which combines Copilot, security, identity management, and the Agent 365 control plane into a single SKU.

The product handles two distinct agent patterns. The first is delegated-access agents: agents that act on behalf of a human user, borrowing that user's permissions to complete tasks. The second is autonomous agents with their own identity and defined scope, operating independently of any single user session. Both patterns need governance, and both are now inside the platform.

Coverage spans the full ecosystem. Agent 365 can observe and govern agents running inside Microsoft's own cloud, on AWS Bedrock, on Google Cloud, on Windows endpoints, and across a growing list of partner software-as-a-service (SaaS) products. Partners already integrated at launch include Genspark, Zensai, Egnyte, and Zendesk. Organizations building agents on top of "agent factory" platforms, including Kasisto, Kore, and n8n, can also bring those agents under the same control plane.

Key Facts

• Microsoft Agent 365 reached general availability on May 1, 2026, priced at $15 per user per month (Microsoft).
• It governs agents across Microsoft, AWS Bedrock, Google Cloud, employee endpoints, and partner SaaS from one control plane (Microsoft; VentureBeat).
• Microsoft Defender and Intune can now detect unmanaged "shadow" agents such as Claude Code and GitHub Copilot CLI on Windows devices (Microsoft).

Shadow AI Is the New Shadow IT

For a chief technology officer (CTO) thinking about risk, the most significant capability in Agent 365 is not the governance dashboard. It's the discovery layer.

Microsoft Defender and Intune can now scan Windows devices and surface unmanaged agents running without IT's knowledge or approval. VentureBeat's coverage highlighted specific examples: tools like Claude Code, GitHub Copilot CLI, and a third-party agent referred to as OpenClaw were identified in enterprise environments during the preview period. Admins can now discover these agents, and they can block them.

This is the shadow AI problem made concrete. Shadow IT, the old version of this headache, meant employees using unsanctioned SaaS tools. Those tools accessed company data but sat outside the firewall. Shadow AI is structurally worse. An unmanaged coding agent running on a developer's laptop can read source code, write to repositories, call internal APIs, and generate outputs that never pass through a review layer. The blast radius of a misconfigured or compromised agent is an order of magnitude larger than a rogue SaaS subscription.

The Futurum analysis framed this as a category shift: shadow AI is becoming a governed asset class rather than an uncontrolled liability. That framing is right, but it only holds if the organization actually deploys the control plane. Right now, most haven't.

For more on the gap between AI adoption and governance readiness, see the governance gap analysis for AI at work and the breakdown of the differences between copilots and agents.

It's Not Just Microsoft: The Control Plane Became a Category in May

Microsoft was first to GA, but the category didn't form in isolation. In roughly the same three-week window, three other enterprise platform vendors shipped agent governance products.

At Google Cloud Next '26 (around May 19-20), Google announced its Agentic Enterprise blueprint, which includes the Gemini Enterprise Agent Platform. The framing was identical to Microsoft's: give enterprise IT teams visibility and control over agents operating across the business.

Salesforce shipped "Agentforce Coworker" around May 22, extending its existing Agentforce platform with capabilities aimed at enterprise-wide agent deployment and oversight. SAP, at SAP Sapphire, announced what it called "the Autonomous Enterprise," a vision for governed agentic workflows running inside and alongside SAP's core business systems.

Four vendors. Three weeks. One shared premise: enterprises need a layer that sits above individual agents and gives the IT and security organizations actual control.

For CTOs tracking this wave, the earlier pieces on agentic AI governance for CEOs and agentic governance for revenue operations give broader business context. The no-code agent wave explains why this problem accelerated so fast.

The Architecture Decision CTOs Can't Defer

The governance category becoming real creates a forced choice. You can adopt a single-vendor control plane like Agent 365, you can build a vendor-neutral governance layer, or you can wait. Waiting is no longer a neutral option.

The single-vendor path has obvious appeal if your organization is already deep in the Microsoft 365 stack. The $15/user cost is manageable, the integration with Defender and Intune is real and already working, and the E7 bundle consolidates several line items. The tradeoff is lock-in: an organization that governs its agents exclusively through Agent 365 creates a dependency that will be expensive to unwind if the governance needs outgrow what Microsoft offers.

The vendor-neutral path, building or buying a governance layer that works across Microsoft, Google, Salesforce, and custom deployments, offers more flexibility but requires more architectural work. It also requires a clear identity model for agents before any other governance decision makes sense.

That identity point is worth pausing on. Human identity in the enterprise is mostly solved: single sign-on (SSO), directory services, role-based access control. Agent identity is not solved. An agent needs a non-human identity, a clear owner, a defined scope, and an auditable action log. Without that foundation, governance tooling is surveillance on top of chaos rather than control.

The CTO-focused piece on enterprise API and MCP infrastructure covers the technical layer underneath this problem. The comparison of copilots versus agents is useful for explaining the identity model difference to non-technical stakeholders.

The Agent Governance Readiness Test

Before picking a control-plane posture, a CTO should be able to answer four questions honestly:

1. Can you see every agent currently running against your production data or customer data?
2. Can you attribute each active agent to a named owner and a specific non-human identity?
3. Can you block a specific agent across your entire environment within 10 minutes of a decision to do so?
4. If an auditor asked for an agent activity log from last Tuesday, could you produce it?

If the answer to any of these is "no" or "I don't know," the governance architecture needs work before the next AI investment decision. The control-plane category going GA means the tooling to answer yes on all four is now commercially available.

What to Do This Quarter

Three concrete moves for a CTO who wants to close the governance gap before the next budget cycle:

• Run a discovery pass on endpoints and cloud environments. Before you can govern agents, you need to know which ones exist. Enable endpoint discovery in your existing security tooling or pilot Agent 365's Defender and Intune integration. The output should be a full inventory of agents touching production or customer data, with a named owner for each.

• Assign every agent a non-human identity and an owner. This is the foundational step that makes all subsequent governance possible. An agent without an identity is ungovernable by definition. Define the identity model now, even if the governance tooling comes later. Each agent needs a service account or equivalent, a human owner who is accountable for its behavior, and a documented scope of access.

• Pick your control-plane posture before the next planning cycle. The choice between Microsoft-native, vendor-neutral, and a hybrid approach has cost, coverage, and lock-in implications that affect budget. Make the architectural call while the options are still open. Piloting Agent 365's discovery capability on a subset of endpoints is a low-cost way to evaluate the Microsoft-native path without committing to it.

The ROI framing matters too: ungoverned agents create audit exposure, potential data leakage, and incident response costs that dwarf the per-user cost of a control plane. For context on how to frame AI governance investments to a board or CFO, see measuring AI ROI.

Frequently Asked Questions

What is Microsoft Agent 365? Microsoft Agent 365 is an enterprise control plane for AI agents. It lets IT and security teams discover, govern, and secure agents running anywhere in an organization's environment: Microsoft's cloud, third-party clouds like AWS and Google Cloud, employee endpoints, and partner SaaS applications. It reached general availability on May 1, 2026, at $15 per user per month.

What is shadow AI and why is it a risk? Shadow AI refers to AI tools and agents that employees deploy and use without the knowledge or approval of IT or security teams. Unlike shadow IT (unsanctioned SaaS apps), shadow AI agents can read sensitive code, call internal APIs, write to production systems, and generate outputs that bypass review processes. The risk is not just data exposure but unpredictable autonomous actions in systems that weren't designed to accommodate them.

Do I need a control plane if I only use Copilot? If you only use Microsoft Copilot in its standard configuration, your exposure is lower because Copilot operates within Microsoft's existing permission model. But most organizations with Copilot also have developers using coding agents, operations teams using automation agents, and employees experimenting with third-party tools. The discovery step alone, running a scan to see what's actually running, tends to surface agents that leadership didn't know existed. That's the case for deploying a control plane even in organizations that believe their agent footprint is small.

Learn More

• OpenAI Enterprise Agent Platform: What RevOps Leaders Need to Know
• The No-Code Agent Wave: What CEOs Need to Understand
• Agentic AI and the Governance Gap: A CEO Briefing