Remember how, for many years, technology leaders at enterprise organizations have been painstakingly identifying and tackling their shadow IT problem? I’m sure some are still only partially complete, when suddenly and seemingly out of nowhere you find yourself at the doorstep of a Shadow AI problem. The worst part? Until very recently nobody even thought this was a real thing. As organizations turn the corner from AI exploration towards meaningfully embedding AI into their enterprise business processes, the need for robust AI governance has skyrocketed up the list of CISO concerns. This blog post series is intended to serve as a Microsoft Agent 365 explainer for CISOs and any technology leaders asking themselves the important governance questions that are crucial to enabling responsible use of AI and Agents..
This post is part of a series on Microsoft Agent 365. This is blog post 1, in which my focus is on what Agent 365 is and why CISOs should care, the biggest problem it solves, and how to get started with Agent 365 if you want to evaluate its capabilities more closely.
What is Agent 365, and why should CISOs care?
Agent 365 is the “control plane” for AI agents. Thankfully despite how that sounds, this isn’t another marketing rebranding job by Microsoft where just buzzwords are doing the heavy lifting. Agent 365 helps enterprise technically manage agents the way they manage people, by extending the existing infrastructure to agents, whether the agents deployed are built by your org or acquired. It equips your agents with the same apps and protections (tailored to specific agentic needs), thereby saving valuable support time and effort on integrating agents into business processes. Agent 365 is organized around 5 “pillars” or capabilities. Here’s what they are and how they solve some of the biggest concerns CISOs have today:
| Agent 365 Pillar | What does this do? | Why should a CISO care? |
|---|---|---|
| Registry | A centralized, comprehensive inventory of every agent in your production environment, that acts as a single source of truth. | Eliminates “Shadow AI.” If it’s not in the registry, it doesn’t run. |
| Access Control | By requiring every agent to have a unique agent ID, this implements granular controls to resources they can access via adaptive, risk-based policies that enforce the principles of least privilege. | The concerns of rogue ungoverned agents being hijacked are valid. Access control enables responding to real-time context and risk and thereby help to prevent “agent hijacking.” Even if an agent is compromised, its blast radius is strictly contained. |
| Visualization | A map showing connections between agents, users, and data that helps to monitor agent behaviours and performance. | SecOps analysts stand no chance against the threats they cannot see. This pillar of Agent 365 enables real-time observability to help spot anomalous behaviour immediately. i.e.: the sort of risky stuff that would keep you up at night if it was a real person at your org doing it (e.g.: accessing hundreds of sensitive documents). |
| Interoperability | Creates seamless human-agent workflows by enabling access to M365 apps and WorkIQ. | This means it’s one less tool to be concerned about when it comes to surfacing the signals you want your SecOps teams to be paying attention to. |
| Security | Natively integrated with Defender for detecting and remediating threats targeting agents, Entra to block attacks in real-time and limit, and Purview for stopping agents from processing or leaking sensitive data. | For two reasons. Firstly, it helps protect, detect, and remediate attacks specifically targeting agents. Secondly, it confers data protection for data created and used by agents. |
What’s the biggest problem Agent 365 solves?
The Shadow AI problem is massive from a risk standpoint, and yet it can sound like it’s a “maybe” problem. People can sort of understand why it would be a problem that you would want to prioritize, and yet it’s nebulous to conceptualize… and therefore provide prescriptive remedies for. There’s another very real, and much clearer problem that’s starting to worry a lot of technology leaders who are now witnessing the security risks as users start building agents. That very real problem is agent sprawl. It’s true, Agent 365 isn’t a fully mature solution… yet. We do expect it will benefit from ongoing customer feedback and feature enhancements over time, meaning it will get better at securing and governing enterprise agentic AI. Even at its current maturity, it tackles the agent sprawl problem to better manage, secure, and control agentic AI systems. Let’s keep in mind that agents could execute tasks and access your corporate resources, and a few agents you don’t have sight lines on is a shadow AI problem. At scale is where agentic sprawl happens, and the risk compounds to a level that keeps you up at night.
How can you get started with Agent 365?
Agent 365 is in preview and currently only available through the Frontier preview program. To get started with Agent 365, sign into Microsoft 365 admin center > select Copilot > select Settings > under User access, select Copilot Frontier > choose the specific users, groups, or select all to grant access to the Frontier program.
After you’ve granted users and groups the access to the Copilot Frontier program, go to Agents from the left-pane inside the Microsoft 365 admin center to get started. You might be prompted to agree to the terms of service.
Thanks for reading, and please reach out if you’d like to discuss the practical next steps you can take… or if you have a question and just want to chat more!
