Agent 365 Governance Planner
Plan your AI agent governance, registry, and deployment strategy
Plan your AI agent governance, registry, and deployment strategy
What describes you best?
What Is Agent 365?
Agent 365 is Microsoft's control plane for AI agents. It extends Entra ID, Defender, Purview, and Intune to agents — treating them like a digital workforce alongside your human workforce.
5 Things You Can Control
Best Practices Checklist
Track your governance progress. Each item can be marked as Done, Partial, or Not Done.
0% complete4 Agent Types
Microsoft Agents — Built and maintained by Microsoft
Pre-built agents like Researcher, Planner, and Interpreter. Available to all licensed users. IT can pin, block, or restrict these via the Agent Registry.
Partner Agents — Built by trusted ISVs and partners
Agents from ServiceNow, SAP, Workday, and other partners. Available through the Agent Store. IT controls which partner agents are allowed in the tenant.
Org-Published Agents — Custom agents approved by your IT
Agents built by your organisation's developers or power users, reviewed and published through your approval workflow. These are your custom knowledge bots, process agents, and department helpers.
User-Shared Agents — Created and shared by individuals
Personal agents that users create for their own productivity and optionally share with colleagues. Lowest governance overhead but highest sprawl risk without controls.
Blueprint → Instance
Every agent starts as a Blueprint (the template) and becomes an Instance (deployed in your tenant). Blueprints define what an agent can do; instances are managed by IT.
- Capabilities defined
- Permission model
- Behaviour rules
- Created by developers
- Own Entra Agent ID
- Tenant configuration
- Inherited permissions
- Managed by IT
Roles & Responsibilities
| Role | Responsibility |
|---|---|
| AI Administrator | Agent Registry access, publish/block/remove agents, approval workflows |
| AI Reader | View-only access to Agent Registry (least privilege for reporting) |
| Global Admin | Full tenant control, delegates to AI Admin for day-to-day operations |
| Security Admin | Defender monitoring, Conditional Access for agents, incident response |
| Compliance Admin | Purview policies, sensitivity labels, Information Barriers |
| Agent Owner | Lifecycle of their specific agent — reviews, updates, retirement |
| Business Sponsor | Business case justification, success metrics, budget approval |
Key Terms
Do I Need an Agent?
Answer a few questions to find the right approach for your use case.
Frequently Asked Questions
1. Is Agent 365 generally available?
Yes — Microsoft Agent 365 went generally available on 1 May 2026, alongside the Microsoft 365 E7 'Frontier Suite'. It's live on the Commercial CSP price list, with FastTrack remote guidance available for enablement. At launch, a set of pre-integrated ecosystem partner agents (ServiceNow, SAP, Workday, etc.) are deployable directly from the M365 Admin Center.
2. What licence do I need for Agent 365?
Agent 365 is available standalone at $15/user/month or included in Microsoft 365 E7 ($99/user/month — bundles E5 + Copilot + Entra Suite + Agent 365). The M365 Copilot licence ($30/user/month) does NOT include Agent 365 governance features. Microsoft recommends Entra ID P1/P2 or Entra Suite plus Purview DLP to make full use of Agent 365 capabilities.
3. Do agents need their own licences?
No — agents acting on behalf of a licensed user are covered under that user's Agent 365 or M365 E7 licence. However, Microsoft updated multiplexing rules in May 2026: ALL users or devices that indirectly benefit from M365 through agents, bots, or RPA still require licensing. Closing automation loopholes was a deliberate change.
4. What's the difference between Agent 365 and Copilot Studio?
Copilot Studio is where you BUILD agents. Agent 365 is where you GOVERN them — identity, access, compliance, and lifecycle management. Think of Copilot Studio as the workshop and Agent 365 as the HR department.
5. Can I use this tool without Agent 365 licences?
Absolutely. This planner helps you prepare BEFORE you buy. Use the Readiness Assessment and Checklist to create your framework and policies in advance.
6. What is agent sprawl and why should I worry about it?
Agent sprawl happens when users create dozens of agents without governance — no naming convention, no ownership, uncertain data access, overlapping functionality. The best time to prevent it is BEFORE you enable Agent 365.
7. How do I handle agents when the owner leaves the organisation?
Agent 365 has 'Manage Ownerless Agents' functionality in the M365 Admin Centre. Your governance policy should define automated reassignment or scheduled retirement for ownerless agents. Entra Agent ID lifecycle workflows handle this at scale.
8. Does Agent 365 govern agents running outside Microsoft?
Yes — Agent 365's discovery extends to third-party AI agents including those running on AWS Bedrock, Google Cloud, and custom frameworks. The Agent Registry gives you a single inventory across Microsoft and non-Microsoft agents, which is critical for closing the 'shadow AI' gap.
9. Is this tool still being improved?
Yes! This is V1 and we're actively improving it. Have a suggestion? Share your feedback at /feedback/ — we'd love to hear what features would help you most.