As organizations adapt to evolving regulatory requirements and operational demands we’re focused on the parallel evolution of our Copilot and Agent controls infrastructure. The Copilot Control System (CCS), includes three core areas of Copilot infrastructure: Security and Governance, Management Controls, and Measurement and Reporting.
This blog offers customers a practical overview of what’s new in Copilot and agents administration at Ignite 2025 for IT administrators and security professionals.
Announcing Agent 365
As Frontier firms integrate AI agents into their workflows, administrators must have the ability to manage, secure, and enable them across the entirety of the enterprise. To address this need, we’re pleased to introduce Microsoft Agent 365, a new control plane designed specifically to address the need for agent registration, access control, visualization, interoperability, and security. Microsoft Agent 365 management experiences are built directly into the Microsoft 365 admin center, enabling administrators to manage every agent in a familiar context while using purpose-built infrastructure and capabilities designed to address agent-specific needs.
Agent 365 is initially rolling out in a Public Preview program – interested customers can sign up through the Frontier early access program to trial Agent 365 in their tenants. Learn more at the Microsoft Agent 365 web page.
Data Security, governance, and threat protection
Managing data responsibly is a foundational concern for organizations operating across multiple regions. One of the most significant updates we’re introducing this year is in-country processing under normal operations for Microsoft 365 Copilot prompts and responses in 15 geographic locations starting with Australia, UK, India, and Japan by the end of 2025, and 11 additional geographic locations including United Arab Emirates, Canada, Germany, Italy, Malaysia, Poland, South Africa, Spain, Sweden, Switzerland, and the United States coming online in 2026. In-country processing of prompts and responses supports compliance by ensuring that customers can both store and process AI prompts and responses according to local regulations and privacy requirements when necessary. This helps teams address legal obligations and maintain trust in environments where data sensitivity and security is paramount. For additional details, read our announcement blog.
Security administrators often ask us for recommendations about security settings. Baseline security mode (BSM) applies Microsoft-recommended security settings across Office, SharePoint, and Teams. By standardizing protections administrators can more easily identify gaps and reduce risk, supporting a consistent security posture across cloud environments. General Availability in November 2025.
The adoption of AI can accelerate the ability for malicious actors to exploit configuration gaps, specifically legacy configurations that can be the most vulnerable, in your enterprise environment. Baseline security mode delivers preconfigured defaults that protect against known vulnerabilities from legacy configurations and emerging AI risks exploiting them. By blocking legacy authentication flows, restricting addition of new password credentials, and limiting end-user consent to risky apps, BSM reduces exposure to common attack vectors in an increasingly AI-forward digital work environment. BSM also allows you to test configurations safely in simulation mode before rollout, making adoption straightforward and minimizing risks. Moreover, take advantage of BSM’s purpose-built integration with Microsoft 365 – available with your Microsoft 365 license and regularly updated to keep pace with the rapidly evolving threat landscape, helping to ensure that your security protections stays current. To learn more, read the Ignite '25 Spotlight: Announcing Microsoft Baseline Security Mode (BSM) blog.
Accidental data leakage is also always top of mind. That’s why we’re excited to announce that we are expanding Microsoft Purview Data Loss Prevention (DLP) for Microsoft 365 Copilot to safeguard prompts containing sensitive data, which helps to ensure this data stays protected. Now, if a prompt includes sensitive data, like credit card numbers or personal details, Purview DLP for Copilot prompts immediately blocks Copilot and agents from responding, ensuring that the sensitive information is not used for grounding in Microsoft 365 or through a web search. This feature is designed to safeguard confidential data during everyday interactions with Copilot and agents. Public Preview starts in November 2025 with a planned GA rollout in Q1 of 2026.
For data stored in SharePoint and OneDrive, Microsoft Purview Data Security Posture Management (DSPM) Data risk assessments item level investigation and remediation automatically detects and remediates risky links, reducing the likelihood of unauthorized access. Rolling out to Public Preview in November 2025.
The Content Governance Agent, powered by SharePoint Advanced Management (SAM), helps enforce governance policies, and manage site lifecycles, permissions, access, and storage, rolling out to Public Preview in November 2025, while new Content Management Assessment tools are designed to evaluate and improve content management, identify content risks, ensure compliance, and maintain data integrity. Rolling out to General Availability in November 2025.
Oversight of automated agent activity is addressed through Microsoft Purview AI Observability in Data Security Posture Management (DSPM), which provides full visibility into agents operating across your data environments, including both Microsoft and non-Microsoft agents, helping security teams make informed decisions and proactively manage risk. Public Preview starts in December 2025.
Finally, we’ve heard from many of our Copilot customers who serve as first responders and healthcare providers that their users must have access to sensitive content that is otherwise blocked by our content safety filters. In response we recently released the Harmful Content Protection policy or HCP. With HCP, administrators can now give users the ability to disable content protection measures to access sensitive content when it’s essential to the performance of their duties. This setting only applies to content returned in Copilot chat and does not have any effect on security protections. Generally Available since September 2025.
Management and Productivity controls
As organizations expand the use of Copilot and agents, it’s critical that they have the controls they need to ensure that licenses are allocated efficiently to users who need them, that agents are managed throughout their lifecycle, and that associated costs are controlled and contained. We are introducing several new CCS features in the Microsoft 365 admin center that are designed to further refine how IT teams can manage Copilot and agent deployments.
We’re adding several new controls to support and manage billing associated with agent usage. New Agent Billing Policies allow admins to assign agents to specific billing policies, improving cost tracking and financial transparency. Usage and Cost Insights for pay-as-you-go (PAYG) provide detailed analytics for PAYG services, supporting budgeting and resource allocation decisions. And with prepaid Copilot credit capacity now integrated into billing policies in the Microsoft 365 admin center, organizations can apply prepaid capacity to agents, helping control usage costs. Public Preview started in October 2025 with a planned GA rollout in December 2025.
Agent lifecycle management tools are also evolving rapidly. For starters, we’re consolidating agent management to a single agent inventory in the Microsoft 365 admin center. SharePoint Agents are now in the agent inventory, meaning that all the agents your organization uses with Microsoft 365 are now manageable through a single pane of glass - helping improve governance and security while reducing operational risk. Agent pinning makes it easier for admins to promote and manage frequently used or critical agents, streamlining workflows. And finally, ownerless agent management identifies agents without assigned owners and reassign them to other users or admins, supporting proper lifecycle management and oversight to reduce governance and security risks. General Availability in October 2025.
We’re also introducing agent usage insights under Billing & usage in the Microsoft 365 admin center. Now, AI admins have real-time, granular visibility into consumption and spending for Copilot pay-as-you-go services at the billing policy level. Admins can monitor usage, set budget limits, receive usage threshold alerts, and allocate costs accurately, ensuring resources are used efficiently and budgets are managed proactively Public Preview started in October 2025 with a planned GA rollout in December 2025.
Measurement, observability, & reporting
Understanding how Copilot and agents are used is essential for ongoing optimization and maximizing value. We’re excited to announce several new enhancements to our collection of AI reports we refer to as Copilot Analytics. These updates provide broader and deeper insight into how employees are adopting Copilot and agents across the organization and give analysts easier access to the underlying data to create their own custom reports.
Understanding the adoption of agents in your organization and making data-driven decisions is critical. The Agent Dashboard provides a single, centralized view for tracking agent activity and adoption across your organization. Leaders, AI adoption specialists, and analysts can instantly monitor key metrics — including active agents, user engagement, responses, and usage retention — all in one place. The Agent Dashboard helps you analyze how different groups use agents to get work done. It’s easy now to identify your most popular agents, uncover how specific agents are used or deep dive into specific agents to measure performance at a more granular level. The initial release supports agents within Microsoft 365 Copilot, with plans to expand support to additional agent types and metrics in future updates. Private preview starts in December, with Public Preview to follow in January and a planned GA rollout in February 2026.
The Copilot Dashboard now offers new Copilot Chat adoption reports. These reports provide organizations with valuable insights into Microsoft 365 Copilot Chat adoption and usage. They enable users to view total users, track adoption trends by group, analyze usage intensity, and monitor retention. Additionally, these reports help organizations understand how different groups utilize Copilot Chat across various Microsoft 365 apps, helping leaders accelerate adoption and optimize Copilot Chat engagement across the organization.
Of course, we know that customers often want to create custom reports and solutions to help them with analytics and decision making, in addition to the pre-built reports we provide in product. The new Copilot Dashboard Data Export enables users to pull data via CSV file from the Copilot Dashboard for deeper analysis in your own reporting tools. Data export will be available in public preview in November.
We’re also adding Copilot Analytics data to the Microsoft Graph API. This will enable the creation of customized reporting and analytics for users who prefer an API solution. Metrics included in the Graph API will match those available in the Microsoft 365 Copilot usage report in the Microsoft 365 admin center, including tenant-level count of enabled users and active users, as well as last activity date per user (all up and per Microsoft 365 app). This will be available in November. We will make additional metrics for Copilot Chat, agents available over time.
Conclusion & next steps
The latest CCS updates and the introduction of Microsoft Agent 365 are designed to help IT administrators and security professionals address practical needs: establishing clear guardrails for data and collaboration, managing cost and configuration, and measuring usage and outcomes. These features can be used to align with regional data requirements, standardize protections, map agents to policies and budgets, and analyze adoption using built-in dashboards and programmatic access. Teams can use this information to plan incremental rollout or refine existing deployments. Learn more in the Getting Started with CCS playbook and Microsoft 365 Copilot agents deployment blueprint.
Microsoft