Microsoft 365 Copilot’s Agent Store just gained a critical piece of enterprise plumbing. Merge, the unified API platform, has launched its Agent Handler on the Microsoft Agent Store, promising organizations a governed way to let AI agents safely connect to third-party business applications like Salesforce, Slack, Jira, and GitHub. The move, announced in June 2026, addresses a growing headache for IT teams: how to give AI agents the tools they need without turning every integration into a security nightmare.

What Agent Handler Actually Does

Agent Handler isn’t a flashy new agent—it’s the infrastructure that lets agents interact with other services under tight controls. Think of it as a managed bridge between your Copilot-powered workflows and the dozens of SaaS tools your business relies on.

At its core, Agent Handler provides prebuilt connectors for popular platforms including Salesforce, Slack, Jira, GitHub, HubSpot, NetSuite, and Workday. But connectivity alone isn’t the selling point. What makes this different from a simple script or API call is the governance layer wrapped around every connection.

For each tool an agent might use, administrators can define tool packs—narrow sets of allowed actions that an agent can perform. Authentication can be tied to individual users or shared across a team, and every call can be scanned for sensitive data before it leaves your Microsoft 365 environment. If an agent tries to push credit card numbers or personal information into a Slack channel, the security gateway can block or redact it.

And because the AI era demands accountability, all activity is logged: which agent acted, on whose behalf, which system was called, what arguments were used, and what result came back. That audit trail is not just a nice-to-have; it’s rapidly becoming a requirement for any organization that wants to deploy agents beyond a sandbox.

Agent Handler is also built to work with the Model Context Protocol (MCP), a standard that makes it easier to connect AI systems to external data and tools. That means developers can write connectors once and reuse them across different agent platforms, reducing the fragmentation that often plagues enterprise integrations.

Who Benefits (and Who Needs to Watch Closely)

This launch isn’t for the average home user. It’s aimed squarely at organizations that are already using or piloting Microsoft 365 Copilot and need to expand its reach into their existing software stack.

For IT administrators, Agent Handler is a sigh of relief. Until now, the choice was often between locking down all third‑party access (making agents barely useful) or allowing broad integrations with little visibility (inviting disaster). With Agent Handler, admins get a middle path: approve agents through the familiar Microsoft 365 admin center, then use Merge’s controls to limit what those agents can actually do outside the Microsoft bubble. You can answer the hard questions after an incident—who did what, when, and with what data—without playing forensic archaeologist.

For power users and developers, it shortens the path to building agents that matter. Instead of wrestling with OAuth tokens, API nuances, and error handling for every service, you can focus on the agent’s logic and user experience. Merge abstracts away the plumbing, and because it’s in the Agent Store, your creation becomes discoverable by your organization’s users without a custom deployment.

For everyday employees, the impact is indirect but real. If your IT department adopts governed agents, you might soon see Copilot capable of updating a CRM record, creating a ticket, or pulling a report from a finance system—all within a Teams chat. The convenience is tempting, but it also means the stakes are higher. A poorly configured agent could do real damage, so user education on what to trust and how to verify actions will become part of the culture.

The Road to Governed Agents

Microsoft’s Agent Store hasn’t been around long, but its vision is ambitious: to make Microsoft 365 the control plane for all enterprise AI agents. The store itself is a curated catalog where organizations can discover, deploy, and manage agents—whether they’re built by Microsoft, partners, or in-house teams.

Agent 365, the underlying framework, gives each agent a proper identity through Microsoft Entra (formerly Azure AD). That means agents can be governed like users or apps: assigned permissions, monitored, and blocked if needed. It’s a shift from treating AI as just a feature to treating it as a workforce that needs management.

Merge’s history made it a natural fit for this moment. Known for unified APIs that help software companies integrate with dozens of business apps, Merge already had a library of reliable connectors. Agent Handler repackages that expertise for the agent era, understanding that tool calling isn’t a one-off API integration—it’s a dynamic process where an agent might decide which endpoint to hit based on a user’s prompt.

The announcement comes amid a broader industry push toward agent governance. With the rise of shadow AI and employees connecting sensitive data to unvetted tools, IT teams have been scrambling for control. Microsoft’s answer is to absorb the chaos into familiar management surfaces, and partners like Merge are filling in the gaps that Microsoft can’t cover alone.

Your First Steps with Agent Handler

If your organization is already licensed for Microsoft 365 Copilot and you’re curious about giving agents controlled access to third‑party systems, here’s a practical checklist.

1. Find the agent in the store. In the Microsoft 365 admin center, browse the Agent Store for “Merge Agent Handler.” Review the details—capabilities, data handling, certification—just as you would for any app registration.

2. Start with a pilot. Don’t connect every SaaS tool at once. Pick one low-risk, high-value workflow. For example, let a support agent read recent Zendesk tickets but not modify them. Run it with a small team and monitor closely.

3. Define tool packs tightly. Merge allows you to specify which actions the agent can perform on each connected system. Resist the temptation to open up broad access; begin with read-only operations and gradually add writes only after proving the workflow is safe.

4. Enable and test data‑loss prevention (DLP). Use Merge’s security gateway to scan outbound calls for sensitive data. Test it with realistic data—including edge cases—to ensure it’s not just a checkbox.

5. Integrate audit logs into your existing tools. Merge sends detailed logs, but they’re only useful if someone monitors them. Feed them into your SIEM or compliance dashboard alongside Microsoft 365’s own observability data. Set alerts for anomalous activity.

6. Train your users. Even the best governance won’t prevent an employee from naively asking an agent to “email all customer records to my personal address.” Teach teams to treat agent interactions like any other system with privileges—verify, don’t blindly trust.

7. Plan for failure. Before an agent takes an action that could cause business disruption (e.g., updating hundreds of records), ensure there’s a rollback plan. Human approval steps for high-impact actions are a smart early policy.

What’s Next

Agent Handler’s arrival on the Microsoft Agent Store is one sign of a maturing market. Expect more connector and governance players to join, and expect Microsoft to deepen its own tooling around agent identity, policy enforcement, and compliance.

But the real test won’t be the next press release; it’ll be the first time an organization’s agent goes wrong and the admin team can trace exactly what happened, contain the damage, and prove to auditors that reasonable controls were in place. That’s when governed agents move from a slide deck promise to an operational reality.

In the meantime, the best advice is to start small, demand transparency from your vendors, and remember that the most secure agent is one that doesn’t have more power than it needs. Merge’s new tool gives you the levers; it’s up to you to pull them.