Agent 365 Governance Planner
Plan your AI agent governance, registry, and deployment strategy
What describes you best?
What Is Agent 365?
Agent 365 is Microsoft's control plane for AI agents. It extends Entra ID, Defender, and Purview to agents — treating them like a digital workforce alongside your human workforce.
5 Things You Can Control
Best Practices Checklist
Track your governance progress. Each item can be marked as Done, Partial, or Not Done.
0% complete4 Agent Types
Microsoft Agents — Built and maintained by Microsoft
Pre-built agents like Researcher, Planner, and Interpreter. Available to all licensed users. IT can pin, block, or restrict these via the Agent Registry.
Partner Agents — Built by trusted ISVs and partners
Agents from ServiceNow, SAP, Workday, and other partners. Available through the Agent Store. IT controls which partner agents are allowed in the tenant.
Org-Published Agents — Custom agents approved by your IT
Agents built by your organisation's developers or power users, reviewed and published through your approval workflow. These are your custom knowledge bots, process agents, and department helpers.
User-Shared Agents — Created and shared by individuals
Personal agents that users create for their own productivity and optionally share with colleagues. Lowest governance overhead but highest sprawl risk without controls.
Blueprint → Instance
Every agent starts as a Blueprint (the template) and becomes an Instance (deployed in your tenant). Blueprints define what an agent can do; instances are managed by IT.
- Capabilities defined
- Permission model
- Behaviour rules
- Created by developers
- Own Entra Agent ID
- Tenant configuration
- Inherited permissions
- Managed by IT
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| AI Administrator | Agent Registry access, publish/block/remove agents, approval workflows |
| AI Reader | View-only access to Agent Registry (least privilege for reporting) |
| Global Admin | Full tenant control, delegates to AI Admin for day-to-day operations |
| Security Admin | Defender monitoring, Conditional Access for agents, incident response |
| Compliance Admin | Purview policies, sensitivity labels, Information Barriers |
| Agent Owner | Lifecycle of their specific agent — reviews, updates, retirement |
| Business Sponsor | Business case justification, success metrics, budget approval |
Key Terms
Do I Need an Agent?
Answer a few questions to find the right approach for your use case.
Frequently Asked Questions
1. What licence do I need for Agent 365?
Agent 365 is available standalone at $15/user/month or included in Microsoft 365 E7 ($99/user/month which bundles E5 + Copilot + Agent 365). The M365 Copilot licence ($30/user/month) does NOT include Agent 365 governance features.
2. What's the difference between Agent 365 and Copilot Studio?
Copilot Studio is where you BUILD agents. Agent 365 is where you GOVERN them — identity, access, compliance, and lifecycle management. Think of Copilot Studio as the workshop and Agent 365 as the HR department.
3. Can I use this tool without Agent 365 licences?
Absolutely! This planner helps you prepare BEFORE you buy. Use the Readiness Assessment and Checklist to create your framework and policies in advance.
4. What is agent sprawl and why should I worry about it?
Agent sprawl happens when users create dozens of agents without governance — no naming convention, no ownership, uncertain data access, overlapping functionality. The best time to prevent it is BEFORE you enable Agent 365.
5. How do I handle agents when the owner leaves the organisation?
Agent 365 has 'Manage Ownerless Agents' functionality in the M365 Admin Centre. Your governance policy should define automated reassignment or scheduled retirement for ownerless agents.
6. Is this tool still being improved?
Yes! This is V1 and we're actively improving it. Have a suggestion? Share your feedback at /feedback/ — we'd love to hear what features would help you most.