Microsoft Agent 365 just hit general availability at $15 per user. Here’s what it does, why it matters, and the questions to ask your IT team before signing.
TL;DR
Microsoft Agent 365 went generally available on May 1, 2026 at $15 per user per month. It’s a governance and security layer for AI agents inside your organisation, not a new AI agent itself. Here’s what it actually does, what problem it solves, and the practical questions to ask before rolling it out.
Two months ago, an HR director at a mid-sized professional services firm told me her company had counted 47 different AI agents running across their tools. Some Microsoft-built, some Salesforce, some built by a contractor three years ago, some bought as point solutions, and a handful that nobody could explain.
None of them showed up in IT’s dashboard. None had been security-reviewed. Two were sending data to vendors the legal team had blocked. The CISO described it, accurately, as “an explosion of unmanaged employees that no one hired”.
This is the problem Microsoft Agent 365 was built for, and on May 1, 2026, it went generally available at $15 per user per month. [1]
If you’re not in IT, you might have seen the headlines and skipped past them. Don’t. Agent 365 is one of those products that quietly changes how your company operates over the next 18 months. Here’s what it actually does, in plain English, plus the questions to ask before anyone in your organisation signs the contract.
This is the most common confusion: Agent 365 is not a new AI agent. It’s not a chatbot. It’s not a Copilot replacement.
Agent 365 is a control plane. [1] Think of it as the management dashboard that watches every AI agent operating inside your organisation, the same way Active Directory has watched every user account for the last twenty years. Microsoft is straightforward about this framing: in their own language, it’s “the agent layer for the enterprise”.
What it does, in three jobs:
The pitch from Microsoft is blunt: ungoverned AI agents become “corporate double agents”. [3] They have access to your data, they take actions, and right now most of them aren’t tracked. Agent 365 is the fix Microsoft is selling.
The honest take: This is governance infrastructure, not a productivity tool. If your company has fewer than 100 employees and isn’t running multiple AI agents already, you probably don’t need this. If you’re at a 500+ person organisation where employees are using ChatGPT, Claude, Copilot, custom GPTs, and a few specialised agents, you’re already in the territory Agent 365 was built for.
Agent 365 ships in two forms, and the pricing tells you what Microsoft is really doing.
Option 1: Standalone add-on at $15 per user per month. [1] This is the simplest form. You add it on top of your existing Microsoft 365 licenses to get the agent governance layer.
Option 2: Microsoft 365 E7 Frontier Suite at $99 per user per month. [2,5] This is the new top-tier bundle and it includes everything: Microsoft 365 E5 (the existing top-tier license), Copilot for Microsoft 365, Agent 365, the Microsoft Entra Suite, advanced Defender, advanced Intune, and advanced Purview capabilities.
For context, M365 E5 is roughly $57 per user per month and Copilot is $30 per user per month. Stacked separately, that’s $87 before you add Agent 365 or the advanced security pieces. The $99 E7 bundle is positioned to make the new top tier feel inevitable for any company that’s already a heavy Microsoft customer. [4]
What this signals: Microsoft expects every enterprise customer running Copilot to also need Agent 365 within the next 12 to 18 months. The bundle exists to make sure the answer to “should we add this?” is yes by default.
Forget the marketing language. Here are the specific capabilities, in language a non-IT business owner would actually use.
1. The agent inventory. Agent 365 gives IT a single dashboard showing every AI agent running in your tenant: who built it, who owns it, what data it has access to, when it last ran, and what it’s done. [1] If your company has 47 agents running today, this is the first time anyone will see all 47 in the same place.
2. Agent identity through Entra. Every agent gets a managed identity, just like users do. [1] That means you can apply conditional access policies (this agent can only run during business hours, this agent can’t access HR data, this agent requires multi-factor approval before deleting files). For ten years, this has been how user accounts have been managed. Now it’s how agents will be managed.
3. Data governance through Purview. Purview already controls what data your employees can share, where, and with whom. Agent 365 extends those same controls to agent activity. [1] If your finance team can’t share unencrypted customer data externally, neither can an agent acting on their behalf.
4. Threat detection through Defender. If an agent starts behaving oddly (suddenly trying to access HR records it’s never touched, exfiltrating data, making 10,000 API calls in five minutes), Defender flags it the same way it would for a compromised user account. [1]
5. Policy-based runtime controls. Microsoft has said context mapping, runtime blocking, and alerts will be available through Intune and Defender in public preview in June 2026. [1] This is the layer that actually stops an agent from doing something it shouldn’t, in real time.
Notice what’s not on this list: Agent 365 doesn’t help employees build better agents, doesn’t write better prompts, doesn’t make your existing agents smarter. It’s purely a management and security layer.
If you’re in IT, security, or compliance: you’re already paying attention. This is your tool.
If you’re in any other function, here’s what changes for you over the next 12 months.
For HR leaders: Once Agent 365 rolls out, IT will be able to see exactly which AI tools your team is using and what data those tools are touching. This is a governance win, but it can also become a productivity blocker if you weren’t aware certain workflows were being run through unsanctioned agents. Have the conversation with IT now about which agents your team relies on.
For marketing leaders: Same situation. If your team is using third-party AI tools for content, analytics, or campaign work, those tools will now show up in IT’s inventory and may need formal approval. Better to flag the ones you depend on early than have them disappear in an audit.
For finance leaders: The $99 per user E7 license is going to land on someone’s budget. If your company is already heavy on Microsoft licenses, the math is straightforward. If you’re a mixed shop running Google Workspace and Microsoft, the calculus is different. Push back if you’re being asked to standardise.
For operations leaders: Every agent in your stack will need an owner and a use case documented. This is governance overhead. It’s the right kind of overhead, but it’s overhead.
For more on how agents are reshaping operational work, we covered the broader pattern in our piece on AI agents getting embedded in every business app.
If you sit on the leadership team at a company that uses Microsoft 365, these are the questions to put in front of IT before any Agent 365 conversation gets to a contract.
One thing Agent 365 reveals: the AI agent market just stopped being about the agents themselves and started being about the layer above them.
For three years, every major vendor competed on building the smartest, most capable agents. [3] That race isn’t over, but the new race is different. Now it’s about who owns the management plane, the security layer, the identity system, and the governance policies. Microsoft moved first at scale with Agent 365. Google, AWS, and Salesforce will likely follow with their own equivalents over the next year.
For business buyers, this is mostly good news. Ungoverned agents are a real risk, and having a serious enterprise security stack built around them changes the conversation from “should we use AI?” to “how do we use it safely?”. That’s a more mature question and one your CFO will appreciate.
For employees, expect to see less freedom to install random AI tools, more formal approval processes, and clearer rules about what agents can and can’t do. This isn’t the AI-free workplace coming back. It’s the AI workplace getting its training wheels off.
If you want a deeper view on how this shift is reshaping enterprise AI strategy, our piece on the agent versus copilot distinction walks through the architectural difference that Agent 365 is built around.
You don’t need to make a buying decision this week. You do need to start the conversation. Three concrete moves:
Monday: Email your IT lead and ask the five questions above. Whether or not Agent 365 is on their radar, the answers will tell you how exposed your organisation is to ungoverned AI agents right now.
Mid-week: Spend 30 minutes inventorying the AI tools your own team uses, including the third-party ones, the custom GPTs people built last year, and the integrations that came in with Salesforce or Slack. Bring that list to your next leadership meeting.
End of week: Decide whether your function needs to participate in an Agent 365 pilot. If you’re in HR, finance, legal, or marketing and your team uses more than three AI tools regularly, the answer is probably yes. Better to shape the policies before they’re applied to you.
Microsoft Agent 365 isn’t the most exciting product launch of 2026. It’s not flashy. It’s not built for you to play with. But it’s quietly going to define how every large company runs AI for the next decade, and the companies that engage with it early will have a much easier transition than the ones that wait for the audit.
Agent 365 is a control plane that lets IT teams discover, manage, secure, and govern AI agents running across an organisation. It’s not a new chatbot. It’s the layer that tracks every agent (Microsoft, third-party, custom-built) and applies the same security and compliance policies your company already uses for users.
Agent 365 is $15 per user per month as a standalone add-on. It’s also bundled into the new Microsoft 365 E7 Frontier Suite at $99 per user per month, which combines E5, Copilot, Agent 365, and advanced Defender, Intune, Purview, and Entra security capabilities.
Probably not immediately. But most large organisations now have agents running in shadow IT (employees using third-party agents without IT visibility). Agent 365 is mostly aimed at companies where this is already happening and they need a single pane of glass to see and govern it.
Yes, partially. Microsoft pitches it as agent-agnostic. It integrates with third-party agents through Microsoft’s expanding agent ecosystem and partner integrations. But the governance is deepest for Microsoft-built agents and gets shallower for agents built outside the ecosystem.
Copilot is the AI assistant employees use to draft emails, summarise meetings, and run workflows. Agent 365 is the management layer that watches, governs, and secures those Copilot interactions plus every other agent in the company. Copilot does the work. Agent 365 makes sure the work is safe.
About This Guide
This article was written for non-technical professionals: leaders, managers, marketers, and consultants who need to understand AI shifts without the jargon. Future Factors AI trains business teams to use AI confidently and practically. Work with us or browse our courses.
Sources
Weekly tips. Real examples. Practical help for busy professionals.
We care about your data, check out our privacy policy.
