There is a significant delta between monitoring and control. Agent 365 can provide visibility into many agent types, registry-only, synced, or shadow agents, but full control depends on identity and integration. Agents with Entra Agent ID can be governed and controlled with features like policy enforcement, lifecycle management, and stronger security controls.  Agents without that identity may still be visible, but not fully controllable.

No—reviewing agent risk activities does not require blocking the agent. IRM is designed to allow organizations to detect and investigate risk first, with actions like blocking applied only if DLP or Conditional Access policies dictate (typically for higher-risk scenarios). 

Here is how you can think about the different offerings when it comes to Shadow AI:

• ME5 enables discovery and basic action to manage local agents
• A365 enables risk-based controls to manage local agents at scale

In a bit more detail:

• Discovery of endpoint agents: ME5
• Coarse grain controls to block select endpoint agents (OpenClaw): ME5
• Adv. management, runtime protection, and blocking of endpoint agents: Agent 365 license
  
  

To summarize, you'd need ME5 for discovery and coarse-grained controls. 

In A365 today, agent rules are not scheduled to run on a recurring basis, but we appreciate this feedback to help improve A365. Is there a scenario you can share where you would want to schedule a rule from executing?

A risky agent is one whose behavior—especially the data it generates or accesses—indicates a higher likelihood of sensitive data exposure or policy violations. IRM determines this by analyzing signals from agent activity (e.g., responses, data access, sharing) against policy-defined indicators and behavioral baselines, then aggregating those signals into a risk score and assigning a risk level to the agent.

You do not lose the ability to run or use autonomous agents without an Agent 365 license. You do lose visibility to the usage data however as Paty just confirmed. 
Without an Agent 365 license, you do lose the governance, security, and advanced management capabilities that Agent 365 provides.

Yes, in A365 you can apply access packages policies when onboarding agents, so they start secure. This policy will define when agents access to resources expire. 

Agent 365 has governance capabilities to help organizations regularly confirm that agents are still needed, owned, and safe to use. Orgs can require sponsors or owners to periodically review and verify their agents, and Identity Governance features can help manage reviews, expiration, and ownership requirements. Today, they're handled manually, but we plan to add more automated capabilities over time.

A365 provides full lifecycle management and governance for agents, including onboarding, monitoring, suspension, and retirement. Today, lifecycle actions are admin-controlled to ensure accountability and auditability. Thank you for this feedback for A365 to evolve towards policy-driven lifecycle automation, we will definitely take it into consideration.

Understand Shadow AI in Microsoft 365 admin center - Microsoft 365 admin | Microsoft Learn