Data technology server room
February 16, 2026

The Agent Sprawl Problem

Enterprise AI adoption follows a predictable pattern. A few agents get built by early movers. They work. Word spreads. Other teams build their own. Within months, an organisation can have dozens of agents running across different departments, built on different platforms, accessing different systems, with no centralised view of what any of them are doing.

This is not hypothetical. IDC predicts 1.3 billion agents will be in circulation by 2028. Microsoft reports that 80% of the Fortune 500 are already using Microsoft agents. The speed of agent creation and proliferation is outpacing the governance frameworks that organisations have in place to manage them. That gap is exactly what Agent 365 is designed to close.

What Agent 365 Is

Agent 365 is Microsoft's control plane for AI agents — a centralised governance, security, and observability platform that gives IT and security teams a unified view of every agent running across their Microsoft 365 environment, regardless of how or where each agent was built.

It is generally available from May 1, 2026, priced at $15 per user per month. It is also included in Microsoft 365 E7: The Frontier Suite, the new enterprise bundle priced at $99 per user per month that brings together Copilot, Agent 365, Microsoft Entra Suite, and E5 security capabilities.

Agent 365 covers agents built in Copilot Studio, agents built through Foundry, Copilot Cowork, and third-party agents registered in the Agent Store. The control plane is not limited to Microsoft-built agents — it is designed to be the governance layer for the entire agent ecosystem operating within a Microsoft 365 tenant.

What Agent 365 Actually Does

The platform operates across four core functional areas.

Visibility and inventory. Agent 365 maintains a real-time registry of all agents in your environment: what they are, who built them, when they were last active, and what resources they are consuming. Without this, most organisations have no reliable way to answer the question "what agents are running in our environment right now?" With it, that answer is always available.

Usage analytics and performance. Agent 365 tracks which agents are being used, by whom, and how frequently. It surfaces quality and performance metrics over time, allowing IT and business leaders to evaluate whether agents are delivering value and where adoption is concentrated or lagging. This data feeds decisions about where to invest further in agent development and where to retire underperforming agents.

Access control and permissions governance. Agent 365 allows administrators to review and manage the permissions that agents have been granted, enforce least-privilege principles, and ensure that no agent has access to data or systems beyond what its function requires. As agents become more capable and autonomous, this layer of access governance becomes as important as user identity management.

Security and threat protection. Agent 365 provides runtime threat protection for agents using the Agent 365 tools gateway. This includes detection, investigation, and response capabilities for attacks targeting agents — prompt injection, permission escalation, and data exfiltration attempts. Malicious agent activities can be detected, blocked, and investigated within the same security operations workflows that cover the rest of the Microsoft 365 environment.

Why This Matters Now, Not Just in May

The May 1 general availability date does not mean organisations should wait until May to think about agent governance. The agents being built today will be the ones that need governing then. The architectural decisions being made now — what systems agents can access, who can build agents, how agents are authenticated — determine how tractable the governance challenge will be when Agent 365 is in place.

Organisations that establish clear agent governance principles now — before agent sprawl sets in — will have a significantly easier path to compliance and security assurance. Those that let agents proliferate without governance will find Agent 365 valuable but insufficient to retroactively bring order to a chaotic agent landscape.

Preparing Your Organisation

The practical preparation steps are straightforward. Audit what agents already exist in your environment, even informally. Define who is authorised to build agents and under what conditions. Establish standards for what data agents can access and how access requests are reviewed. These are governance questions that Agent 365 will help you enforce — but the policies themselves need to come from your organisation.

At Trim Journey, we help organisations establish agent governance frameworks alongside agent deployment — so that adoption and accountability move together rather than one racing ahead of the other. Book a call to discuss your agent governance readiness.

Back to all blogs

Contact us

Subscribe to our newsletter

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Related Use Cases

Developers writing code on computers
March 12, 2026

The Microsoft Agent Framework gives .NET and Python developers a clean, model-agnostic SDK for building enterprise agents — now with native Claude support. Here's what developers need to know.

Team working on business workflow
March 12, 2026

The most effective way to evaluate AI agents is to see them applied to real business workflows. Here are five that are working in production today using Microsoft 365 Copilot and Claude.

Person searching knowledge database
March 12, 2026

SharePoint is where most organisations store their knowledge. Claude is the AI that can reason over it. Here's how to build an agent that connects the two — with intelligent retrieval and full governance.

© All rights reserved.Trimjourney