Skip to content
May 18, 2026 Mid-Level (3-5 years) Deep Dive

Microsoft Agent 365 Is Now GA: What IT Teams Need to Know

Microsoft Agent 365 hit general availability on May 1, 2026. Here's a practical breakdown of what the control plane does, how it integrates with Intune and Defender, and where shadow AI governance stands today.

AI agents are already on your endpoints. If you manage a mid-size or enterprise Microsoft 365 environment, there’s a reasonable chance that developers, power users, and automated workflows have installed local agents — things like Claude Code, OpenClaw, or GitHub Copilot CLI — without ever going through a ticket or a change request. That’s the problem Microsoft built Agent 365 to solve.

On May 1, 2026, Agent 365 moved from preview into general availability for commercial customers. It ships as part of the new Microsoft 365 E7 plan, or as a standalone add-on at $15 per user per month. This article breaks down what the platform actually does, what’s live versus still in preview, and what your team should do in the next 30 days.

What Agent 365 Is (and Isn’t)

Agent 365 is a control plane, not an agent builder. Microsoft already has tools for building agents. Copilot Studio and Azure AI Foundry handle that. Agent 365’s job is to manage what happens after agents are deployed: observing their activity, enforcing policies, and securing the data they touch.

The core problem it targets is agent sprawl. Agents are easy to create and cheap to run, which means they multiply quickly. A procurement agent, a support-ticket triage bot, a code review assistant, and a dozen departmental Copilot Studio automations can all be running simultaneously, each with different permissions, different data access, and nobody centrally accountable for any of them. When an agent can invoke tools, modify files, and interact with cloud resources, each one represents a potential blast radius.

What Agent 365 provides at GA:

  • Centralized inventory of agents running in your Microsoft 365 environment, including Copilot Studio agents, Microsoft 365 Copilot agents, and agents built on Microsoft Foundry
  • Governance for delegated-access agents (agents working on behalf of a user) and own-access agents (agents running with their own identity and permissions)
  • Entra network controls extended to Copilot Studio agents and local agents on Windows endpoints
  • Registry sync with AWS Bedrock and Google Cloud (public preview), for organizations running agents across multicloud environments

The Shadow AI page and local agent discovery through Intune are in Frontier preview as of GA day, with broader Defender and Intune integration moving to public preview in June 2026.

Shadow AI: The Feature IT Teams Will Care About Most

The announcement buried the most important feature for endpoint managers. Microsoft is adding a dedicated Shadow AI page in the Microsoft 365 admin center, surfaced through a combination of Intune and Defender telemetry. This page shows which local AI agents are running on Windows devices in your estate.

At GA, support covers OpenClaw agents. Expansion to Claude Code, GitHub Copilot CLI, and other widely used local agents is planned but not yet scoped to a specific date. Organizations enrolled in the Frontier program can already see OpenClaw activity today.

Once discovered, admins can apply Intune policies to block common OpenClaw execution methods directly from the admin center. The Intune policy flow is the same as any other endpoint configuration policy. Nothing net-new to learn if your team already manages Intune.

The June 2026 public preview extends this significantly. Defender will gain asset context mapping for each local agent, showing:

  • Which devices the agent runs on
  • Which MCP servers are configured for that agent
  • Which identities are associated with it
  • Which cloud resources those identities can reach

That last point is significant. A developer with a locally installed coding agent connected to an MCP server that has Azure credentials is an identity risk, not just an IT policy problem. Defender’s context map will let security teams evaluate that exposure path before something goes wrong.

How the Intune Integration Actually Works

If you’re already using Intune for endpoint management, Agent 365 plugs into workflows you have. There’s no new console to learn for basic operations. The agent inventory from Agent 365 syncs into both the M365 admin center and the Intune admin center, giving endpoint and security teams a consistent view.

For organizations running Intune at scale, the practical workflow looks like this:

  1. Enable the Shadow AI page in M365 admin center (Frontier license required at GA, broader availability in June)
  2. Review the agent inventory: what’s installed, which devices, which users
  3. Create an Intune configuration profile to block or restrict specific local agents
  4. Monitor Defender alerts for runtime anomalies, such as agents attempting to access or exfiltrate sensitive data

The runtime blocking capability (where Defender can terminate a coding agent mid-execution if it exhibits malicious behavior) is coming in June’s public preview, not available yet in the GA build.

One genuine limitation at launch: the local agent discovery scope is narrow. OpenClaw is covered. Claude Code is listed as “expanding soon” with no committed date. If your developers primarily use tools other than OpenClaw, the Shadow AI inventory will have gaps for the next several months. Plan around that.

Windows 365 for Agents

This one got less attention in the GA announcement, but it’s worth understanding. Microsoft is previewing Windows 365 for Agents, a new class of Cloud PCs built specifically for agentic workloads. These are managed in Intune like standard Cloud PCs but purpose-built for agents to run in, with policy controls, identity management, and Defender coverage baked in.

The practical use case: instead of letting an autonomous agent run on a developer’s physical workstation where it might interact with local files, credentials, or other sensitive tooling, you give the agent its own managed Cloud PC. The agent operates in a controlled environment with defined resource access, and the whole thing is visible in Agent 365.

Windows 365 for Agents is in public preview in the United States only. It’s not something most teams will need immediately, but it’s the right architectural direction for organizations that want to run production agentic workloads with proper isolation.

Multicloud Agent Governance

For teams running AI workloads across AWS and Google Cloud, Agent 365 now offers registry sync with AWS Bedrock and the Google Cloud agent platform (previously Google Vertex AI). This is in public preview.

The sync gives IT a unified inventory of agents across platforms. Basic lifecycle operations (start, stop, delete) will follow. For organizations where engineering teams have spun up Bedrock agents or Gemini-based automations outside the IT purview, this is the beginning of actual visibility into a blind spot that has existed since these services launched.

The setup requires connecting your AWS and Google Cloud accounts to the Agent 365 registry. Microsoft hasn’t published the exact permissions scopes required yet; check the Microsoft Learn documentation before planning a rollout.

Pricing and Licensing Reality

Agent 365 is included in Microsoft 365 E7, the new tier Microsoft announced alongside this GA. Existing E3 and E5 customers get it as a $15/user/month standalone add-on.

The licensing model covers “individuals who manage or sponsor agents, or use agents to do work on their behalf.” In practice, that likely means IT admins, security teams, and power users who operate agents, not every employee in the organization. Microsoft’s intention is for the license count to scale with agent usage, not with org headcount.

That said, the definition leaves room for interpretation in enterprise licensing agreements. If you’re planning procurement, get explicit clarification from your Microsoft account team on how they’ll count covered users for your specific use case.

What to Do in the Next 30 Days

If you’re an IT admin or endpoint manager, here’s a practical sequence:

Week 1: Audit your Intune tenant for any existing policies or compliance rules that might interact with local AI agent management. Check which users have local admin rights on their devices. These are the users most likely to have installed unapproved agents.

Week 2: If you’re on an eligible license, enable the Shadow AI page and run a baseline inventory. Even if coverage is limited to OpenClaw today, the inventory is valuable.

Week 3: Brief your security team on the June 2026 Defender integration timeline. The context mapping and runtime blocking features are significant enough that your SOC should know they’re coming. Start defining what your acceptable-use policy for local AI agents looks like.

Week 4: Evaluate whether Windows 365 for Agents makes sense for any high-privilege autonomous workflows your organization is running or planning to run. Get clarity on Windows 365 for Agents pricing before the preview expires.

Caveats Worth Stating Plainly

Agent 365 is a v1 GA product. The feature Microsoft is marketing most heavily — discovering and blocking shadow AI agents — covers one agent (OpenClaw) at launch. Claude Code is “coming soon.” GitHub Copilot CLI is also listed but unscheduled. If your environment’s biggest risk comes from developers running Claude Code autonomously, you don’t have a solution yet.

The multicloud registry sync is in preview, not GA. AWS Bedrock and Google Cloud connections exist, but lifecycle management beyond inventory is not there yet.

The runtime behavioral blocking in Defender (where a coding agent can be terminated for suspicious behavior) is a June preview, not available today.

None of this means Agent 365 isn’t worth the attention. The architecture is the right one: unified inventory, policy enforcement through Intune, identity context through Entra, and behavioral monitoring through Defender. That’s the right stack. The completeness of coverage will improve over the next two quarters, and organizations that start auditing their agent footprint now will be significantly ahead when those features land.

The Bottom Line

AI agents are an endpoint management problem now, not just a developer tooling problem. Microsoft Agent 365’s GA marks the point where the industry has a named product category for managing them. The platform integrates cleanly with Intune, Defender, and Entra, the tools your team likely already operates. That matters more than any individual feature.

Start with the basics: know what agents are running in your environment, apply policy controls where you can today, and build toward the more complete governance posture that June’s preview will enable. The Shadow AI problem won’t wait for a perfect solution.

#Microsoft Agent 365 #Intune #Shadow AI #AI Governance #Microsoft Defender #Entra ID #Enterprise AI
Was this helpful?

Comments

Comments are coming soon. Have feedback? Reach out via the About page.