Microsoft Agent 365 reached general availability today, May 1, 2026, delivering an enterprise-grade control plane for managing AI agents at scale. The commercial rollout follows its initial announcement at Ignite 2025 and comes as a $15-per-user monthly add-on for Microsoft 365 customers. It promises to solve what has become a critical blind spot for IT departments: giving non-human workers persistent identities, clear permissions, and auditable governance.

AI agents have moved from experimental demos to production workflows inside Word, Teams, Dynamics, and custom line-of-business apps. A sales agent might read CRM data, draft an email, and schedule a meeting—all without a human in the loop. But that agent needs an identity. It needs access to the same resources a human employee does, yet it cannot be managed like one. Agent 365 is Microsoft’s answer to that gap, providing a single console to declare what an agent is, what it may do, and how its actions are recorded.

The stakes are enormous. Without a dedicated control plane, every agent becomes a shadow identity. An administrator might bind it to a service principal or a shared user account, neither of which reflects the agent’s actual purpose or risk profile. Permissions get over-provisioned because nobody knows the minimum required scope. When something goes wrong—a mis-sent email, a data leak, a compliance violation—there is no clean audit trail tied to the agent itself. Agent 365 closes these gaps by treating agents as first-class principals inside the Microsoft 365 ecosystem.

At its core, Agent 365 introduces the concept of an Agent Identity. This is not merely a renamed service account but a dedicated object type inside Entra ID. It carries a unique identifier, a display name, a verified publisher, and a set of assigned capabilities. An agent can be created with just enough privilege to send mail on behalf of a specific group, read files from a single SharePoint library, or interact with a Teams channel. The identity carries a lifecycle: it can be provisioned, suspended, audited, and retired—just like a user account.

Governance gets its own pillar. Policy templates let admins decide which types of agents users may deploy, which data repositories they can access, and whether human approval is required for high-impact actions. For example, a template might state: "Agents published by verified line-of-business developers may read HR data, but only with a manager’s approval before generating external emails." These policies are enforced at runtime by the Microsoft 365 compliance framework, meaning an agent that steps outside its bounds is blocked before it acts—not flagged after.

Security is woven throughout. Agent 365 integrates with Microsoft Purview for data classification and with Microsoft Defender for Cloud Apps to monitor agent activity across the estate. An agent trying to exfiltrate sensitive data triggers the same DLP policies a human would face. Risk scoring draws on the Microsoft Intelligent Security Graph, so an agent exhibiting unusual behavior—accessing a file store it has never touched, at an odd hour—can be dynamically restricted. All agent actions appear in the unified audit log, searchable by agent name, not just by a cryptic GUID.

The pricing model is straightforward: $15 per user per month. The license is consumed by the human users who benefit from agent capabilities, not by the agents themselves. So a department of 50 people who use 20 custom agents inside their workflows would pay $750 monthly on top of their existing Microsoft 365 E3 or E5 subscriptions. Microsoft has confirmed that agent activity does not require additional API call charges or consumption meters for the base auditing and governance features.

Industry watchers see Agent 365 as a logical extension of Microsoft’s strategy to embed AI everywhere. The company already gives Copilot an identity in Entra ID; Agent 365 formalizes that practice for any agent, whether built by Microsoft, an ISV, or a citizen developer using Copilot Studio. It also aligns with the new \u201cSecure Future Initiative\u201d tenets that demand least-privilege access and continuous verification for every identity, human or otherwise.

Early adopters who tested the private preview report a steep reduction in the time it takes to onboard a new agent. A typical financial services firm might spend weeks wrangling service principals, conditional access policies, and manual RBAC assignments. With Agent 365, that firm can define a “Finance Agent” template once and reuse it, cutting deployment from days to minutes. Auditors like it too: every agent action is stamped with a compliance record that fits neatly into existing reporting workflows.

Critics, however, flag the price tag. At $15 per user, an enterprise with 10,000 seats would pay $150,000 per month before any Copilot or extra AI API costs. Those costs must be weighed against the alternative: building a bespoke governance layer or—dangerously—doing nothing. For many organizations, the math favors Agent 365 because a single data leak caused by an unmanaged agent could dwarf the licensing cost.

Another concern is vendor lock-in. Agent 365 governance policies are currently exclusive to the Microsoft cloud. An agent that runs in a competitor’s environment cannot be managed through the same pane of glass, though Microsoft has hinted at federated agent identity protocols under development with other major platforms. No timeline is public, but the company’s recent investments in multi-cloud identity brokering suggest this is a near-term priority.

From a deployment standpoint, Agent 365 slots into existing Microsoft 365 tenancies without requiring a migration. Administrators enable it from the Microsoft 365 admin center. Once turned on, a new “Agents” blade appears in Entra ID, Purview, and Defender portals. There is no agent agent to deploy; the control plane is a SaaS layer that sits atop the existing identity and security stack.

The road ahead is ambitious. Microsoft plans to add fine-grained consent management, allowing an agent to request elevation for a one-time task. Imagine a procurement agent that normally reads a product catalog; when it needs to issue a purchase order, it prompts a human for consent, the elevation is granted for that single transaction, and then it reverts. This model, inspired by modern access management in cloud infrastructure, would add a new dimension to agent governance.

For now, Agent 365 represents a significant step toward an enterprise reality where AI agents are trusted members of the team. It recognizes that accountability does not fade just because a process is automated. By giving agents identity, governance, and security, Microsoft is building the controls that will let enterprises scale AI from a few pilots to hundreds of production agents without losing sleep over audit failures or data breaches.

The product is available worldwide to commercial customers effective immediately. Partners and ISVs can integrate with Agent 365 through the Microsoft Graph API, which exposes endpoints for agent registration, policy assignment, and activity reporting. Detailed documentation is live on Microsoft Learn, and the company will host a digital readiness session on May 8, 2026, to walk through the administration experience.

Agent 365 is not the first AI governance tool on the market, but its tight coupling with the Microsoft 365 fabric gives it a reach that standalone products lack. It understands Exchange mailboxes, SharePoint sites, Teams channels natively. It knows the difference between an agent that reads a Word document and one that modifies it. That context is what turns a generic policy engine into a governance control plane that actually reflects how work gets done.

As regulated industries rush to adopt generative AI, the timing is no coincidence. Financial services, healthcare, and government customers have been clamoring for a way to map agent permissions to compliance frameworks like PCI DSS, HIPAA, and FedRAMP. Agent 365’s audit trails and policy enforcement give them a concrete artifact to show examiners. It may not eliminate the need for separate risk assessments, but it will dramatically simplify them.

The bottom line: Agent 365 closes a dangerous gap between the speed of AI innovation and the rigor of enterprise governance. For $15 per user per month, you get a centralized, identity-first control plane built on the same foundation that already manages millions of human workers. It is boring in the best possible way—the kind of infrastructure that prevents headlines rather than making them.