Live AMA: Microsoft Agent 365
Learn more about the capabilities of Agent 365 in this live 'Ask Microsoft Anything' with product and engineering team experts! Get your questions answered about capabilities for agent observability, security, and governance, developer resources, and how to get started as you confidently scale agents in your organization. How to Participate Register for the Microsoft Tech Community using your email if you haven’t already. This allows you to post comments and ask questions. Visit this page during its scheduled time to join the conversation. You can post your questions in the comments, and product team members will respond live during the AMA. Watch the session live or catch the recording on demand after the event. Keep the conversation going in the Agent 365 discussion space after the sessions conclude. It’s a great place to follow up, share what’s working, and connect with others exploring similar topics. Hope to see you there! Come ready to learn and ask our experts all of your burning questions!How Microsoft Agent 365 works
Agents can now have their own identity, email, OneDrive and Teams accounts, and collaborate just like coworkers. Microsoft Agent 365 lets you onboard agents, give them the policies and knowledge they need, and let them work in parallel with you to handle tasks like procurement, approvals, research, and updates using the same Microsoft 365 tools you already rely on. As your use of agents grows, keep full visibility and control. See what they've worked on and understand their impact across your organization as an agent manager. If you're in IT, you have full visibility and control over access permissions and agent relationships. You can manage all agents from a single unified control plane with the same tools you use now to manage users. Jeremy Chapman, Microsoft 365 Director, shares how you can adopt autonomous agents at scale across your organization. Agents that work alongside you. Assign tasks and get full visibility into what they have worked on using Microsoft 365 tools like Teams and OneDrive. See it here with Microsoft Agent 365. Automate workflows. Agents access your data and tools to execute complex tasks. Take a look at Microsoft Agent 365. Understand agent impact. Map their actions, connections, and interactions in Microsoft 365 workflows. Get started using Agent 365. QUICK LINKS: 00:00 — Microsoft Agent 365 01:04 — Agent capabilities 02:48 — Visualize the agent’s impact 03:23 — How it works 04:48 — Agent 365 control plane 07:31 — Zero in on risks 08:18 — Agent map 09:10 — Wrap up Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -What if an AI agent was truly autonomous, working independently alongside you, with its own email and OneDrive account, capable of joining Teams meetings and conversations to get work done? It means, as a user, you can onboard and manage agents with a unique identity, the right information access, and skills to work on your behalf. These agents can perform the tasks that you define, working autonomously and work with you using the same managed apps and services in Microsoft 365 that you use. And as an IT admin, you have granular control over what agents can do, and knowledge sources they can access. Along with end-to-end visibility into agents in your environment, no matter where they’re created. In fact, with the Agent 365 control plane, we’re extending the same familiar administrative surfaces that you use now to manage people for full visibility, control, and management of agents, while introducing new capabilities. -So, first, let’s start by looking at what Agent 365 can do from a business user’s perspective. In this case, a coworker has created a procurement agent. And our IT team has approved it, and made it available in our company’s agent store. Now, as a procurement manager, I can find the agent and also set it up with just a couple of clicks. Then once it’s up and running, it contacts me in Teams and asks what I’d like it to do and which tasks to perform. As a procurement agent, it recommends that I give it supplier policies, approved supplier lists, and a procurement playbook. So I’ll do that here with my Teams policy guidelines and just type, use this policy guide for your actions. And then / reference my Zava procurement file. -Now the agent has what it needs to start working. For interoperability with me, other people, and other agents, it has its own suite of Microsoft 365 apps and a unique account to work on its own. In fact, as an order request comes in from a customer for new laptops, the agent reasons over that request using the instructions I provided. And it can also use contextual business information across Microsoft 365 with Work IQ to find these suppliers, their SLAs, pricing from recent orders, and related documents. Based on the fulfillment time, it even recommends a supplier and asks me if it should proceed. Once I confirm, it creates the purchase order for the laptops and logs that into our purchasing tracker Excel spreadsheet in SharePoint. And right from the comments, like I would at mention any coworker, here I’ve at mentioned the procurement agent for status updates. Agent 365 also makes it easier to visualize the agent’s connections, activities, and impact. -As a business user, you can see details about the agent, who it’s managed by, its skills, and what it works on in the agent card. You can also see where it fits in the organization, and who it frequently interacts with. Then in the agent activity view, you’ll find its recent sessions with details on actions performed. And clicking into any session activity expands on what was done, the information that was used, and the steps performed to complete its tasks. This is a fully autonomous agent with everything it needs to be effective. In fact, let’s break down the mechanics of how the agent was able to do what it did when it used the Agent 365 control plane. -The first behind the scenes, once created, the IT approved agent is assigned its own identity in Microsoft Entra and granted access to specific knowledge sources. It’s provided with its own email, calendar, OneDrive, and Teams account, and other services in Microsoft 365. Importantly, it’s also connected to Work IQ, which provides the agent with additional context that’s specific to the jobs it’s performing and the activities by people and other agents around it. But has what it needs to interop with you in the tools that you use every day to get work done. -Importantly, because it runs on the Agent 365 control plane, it works according to your organization’s security and compliance requirements. For example, least privilege access control ensures that the agent can only access defined content, and nothing more. Also, access can be blocked in real-time based on Conditional Access policies that you have in place. Integrated data security prevents data loss, adhering to your protection policies as it works. And there are also safeguards to keep the agent resilient to targeted attacks. That’s how agents can be onboarded and how they work. Next, as an IT admin, Agent 365 gives you more visibility and control to manage the breadth of agents in your environment, let me show you. -The Agent 365 control plane in the Microsoft 365 admin center provides an overview of all agents in your organization, with a breakdown by publisher and platform. You can also see whether they were built internally using Copilot Studio, Microsoft Foundry, non-Microsoft platforms, and more. As well as how they’re being used. Below that are recommended top actions to take control, so that you can prioritize your time. Next, to see all of your agents in one place, there’s a complete registry, which pulls in details for security risks, activities, and agent performance into one view. Each agent has comprehensive details. In addition to configuration options, like the data and tools it can access. Information stores it can read from, provisioned compute, graph connectors, tools, and knowledge sources. Then security and compliance provides all of the details for enabled policies with that agent across Microsoft Purview, Microsoft Entra, and Defender. -Next, in permissions, it goes a step further to display which memberships it has across groups and teams, applications it can access, the SharePoint sites it can use. And detailed permissions across graph API calls. Finally, activity displays information about the agent usage, exceptions and active users. And before agents are available for people to use, as an admin, you’re in full control of validating and approving which agents will appear in your organization’s agent store, here’s how. -From requests, you can review agents submitted for approval. For example, drilling into this product backlog agent, you can check its configurations, the data it can access, security and compliance protections. And the detailed permissions requested. If everything checks out, you can approve and activate the agent. Then select the right users and groups to access it. In this case, I’ll just keep Mona Kane as the requester. From there, I can apply uniform guardrail policies using customizable templates, like this one, to restrict content sharing. These policy templates leverage Microsoft Entra for access controls, Microsoft Purview to secure data. As well as SharePoint policies, like this one, to enforce specific restrictions on external sharing at the agent level. -Then I can just review and accept the permissions for the agent, and finally confirm to grant access to its requester. Next, for your running agents, as we saw in the Agent 365 overview, the service automatically and continuously evaluates potential agent risk to alert you of any actions to take. Here, I can zero in on agents with risks. For example, I can see that this comms agent has two risks identified. And when I dig in to see why, it looks like this agent has abnormal sign-in frequency, and was accessed by a user flagged as risky. It’s possible that their account was compromised. And in these cases, Microsoft Entra Conditional Access will automatically block risky agents from accessing resources. And as an admin, you can also block the agent right from here. So it’ll be disabled immediately for current users, and won’t be discoverable for new users. -Those were single agent operations, but as more agents enter your agent ecosystem with connections to other agents, tools, and knowledge sources, you can see these relationships using the Agent Map. This helps you visually map all agents in your environment across platforms. Importantly, you can see agent connections and multi-agent workflows. Then quickly spot alerts, like this one, for high exception rates. Then drill into view its details, and also take necessary actions. And while today I focused on the experience in the Microsoft 365 admin center, the Agent 365 control plane extends to role-specific views for agents in Microsoft Entra for agent identity and access management, Microsoft Purview for data security protections. And Microsoft Defender for threat detection, investigation, and response. -And that’s how the new Agent 365 gives you a single control plane to manage agents within the same familiar admin experiences that you’re using today. To get started, from the Microsoft 365 admin center, make sure the Frontier Program is enabled for early access to new AI capabilities. Keep watching Microsoft Mechanics for the latest updates, and thanks for watching.The Agent Era Has Already Arrived in Healthcare. Are You Ready to Govern It?
Start here. Answer honestly. Right now, how many AI agents are running inside your organization? Who built them? Which patient data, claims information, or proprietary research are they configured to access? If your CISO walked into your office tomorrow and asked for a complete inventory of every agent in your enterprise, including each one's owner, the systems it is permitted to access, and the policies that govern how it operates, could you produce that inventory before lunch? When the analyst who built that clinical summarization agent moves to a new role next quarter, what happens to the agent? Does its access continue? Does anyone notice? If a regulator opened an audit tomorrow, could you prove that every AI agent operating in your environment is subject to the same lifecycle controls, identity standards, and data protection policies you apply to your human workforce? Could you disable a compromised agent enterprise-wide with a single click, the same way you would revoke a lost access credential? If those questions made you hesitate, you are not alone. Almost no healthcare or life sciences organization can answer them confidently today. And that gap is exactly where the next decade of risk, and the next decade of competitive advantage, will be decided. The quiet crisis nobody talks about yet Healthcare and life sciences leaders are caught in a paradox. You need AI to survive the operational pressures squeezing your organization from every direction. Physician burnout is at crisis levels, with 45.2% of US physicians reporting symptoms in recent Mayo Clinic research. Revenue cycle complexity continues to climb, and McKinsey now estimates that the cost to collect consumes 30 to 60 percent of net patient revenue at many provider organizations. Prior authorization backlogs delay care. Clinical trial timelines stretch into years. Documentation burden eats hours that belong to patients. So you started piloting Microsoft 365 Copilot. You experimented with agents in Copilot Studio. Maybe a clinical team built an agent to draft discharge summaries. A revenue cycle group spun up an agent to triage denials. A medical affairs team built one to comb through literature. Each one delivered value. Each one was approved on its own merits. And then a quiet thing happened. You lost track of how many agents you have. According to KPMG's AI Quarterly Pulse Survey, 88 percent of organizations are now exploring or piloting AI agents. IDC projects that 1.3 billion agents will be in operation by 2028. Inside your own walls, the number is climbing fast. Each new agent is a digital identity that authenticates into your environment, accesses your data, and executes work on behalf of your business. Most have no formal owner. Most have no documented access scope. Most have no decommissioning plan. Most have never been reviewed by Compliance. Microsoft's 2024 Data Security Index found that 84 percent of organizations lack confidence in their AI data security posture, and 40 percent have already experienced an AI related data security incident. That is not a future problem. That is a now problem. If shadow IT was the defining governance challenge of the last decade, agent sprawl is the defining challenge of this one. And in healthcare and life sciences, where ePHI, member PII, and proprietary clinical trial data are at stake, the consequences are not theoretical. They are existential. The reframe that changes everything Here is the counterintuitive truth that separates HLS organizations that scale AI from those stuck in pilot purgatory. Governance is not the brake on AI adoption. Governance is the accelerator. When security, identity, and agent oversight are engineered in from day one, your teams stop tiptoeing. They build with confidence because the guardrails are real. They expand into clinical use cases because Compliance trusts the foundation. They scale wall-to-wall because IT can prove every agent is accounted for. The organizations that lead with trust end up moving faster in the long run, not slower. This is the bet behind Microsoft Agent 365 and Microsoft 365 E7. What Agent 365 and Microsoft 365 E7 actually are Microsoft 365 E7, announced March 6, 2026 and now generally available, is the Frontier Suite. It is Microsoft's answer to a single question that every healthcare CIO, CISO, and COO is wrestling with: how do you run AI safely, at scale, across an entire organization? E7 is not another SKU on top of your existing stack. It is one cohesive platform that brings together four essential capabilities: Microsoft 365 E5 for your enterprise productivity, collaboration, and security foundation, including Microsoft Defender, Microsoft Purview, and Microsoft Intune. Microsoft 365 Copilot for AI grounded in your organizational data through Work IQ, embedded in the flow of work for clinicians, researchers, operations teams, and administrators. Microsoft Entra Suite for identity governance, Conditional Access, and Zero Trust network access, extended consistently across users, applications, and AI agents. Microsoft Agent 365 as the centralized control plane to observe, govern, and secure every AI agent, whether built by Microsoft, your internal teams, or external partners. Agent 365 is also available as a standalone capability. But the magic happens when it works alongside the rest of E7, because that is where AI, identity, security, and governance stop being separate disciplines and become one operating system for the agentic era. The mental model that unlocks everything: agents are first-class digital identities Here is the simplest way to understand what Agent 365 does. Microsoft 365 governs your enterprise identities. Agent 365 governs your agent identities. The same control plane disciplines apply to both. Think about the rigor you apply to any privileged identity in your environment, whether a service account, an API integration, or a third-party application connector. You issue it a unique identity in Microsoft Entra. You assign a human owner who is accountable. You scope its access to least privilege. You apply DLP, sensitivity labels, and Conditional Access. You monitor for anomalous behavior. You have a documented decommissioning path. Identities that no one watches over become identities that get exploited. Now ask yourself how the last AI agent in your environment was created. The honest answer at most organizations: someone opened Copilot Studio, pointed it at a SharePoint library of clinical protocols, gave it a name, and moved on. No documented owner. No access review. No retirement plan. Compliance was never consulted. You would never stand up a privileged service account that way. Yet that is exactly how most organizations are standing up the fastest-growing class of digital identities in their environment. Agent 365 closes that gap by extending the identity, security, and lifecycle controls you already trust for users and applications so they apply with the same rigor to AI agents. Every agent receives a unique Entra Agent ID, a first-class identity in Azure AD with the same governance primitives as any other privileged identity. Every agent has a designated human owner who is accountable for its scope and behavior. Access is granted explicitly through Conditional Access and policy templates, so each agent operates only against the resources its purpose requires. Microsoft Purview DLP and sensitivity labels govern which data the agent is permitted to read, generate, or share. Microsoft Defender monitors agent activity for anomalies and surfaces alerts the same way it does for any other identity-driven risk. Lifecycle rules flag or auto-retire agents that are dormant, orphaned, or risky, eliminating the unowned automations that quietly accumulate in every enterprise. This is not metaphor. It is the actual architecture. The fastest path to governing agents is to extend the identity infrastructure you already trust. The three pillars of Agent 365: Observe, Govern, Secure Pillar 1: Observe. Know what is actually happening. You cannot govern what you cannot see. The first job of Agent 365 is to give you complete, continuous visibility into every AI agent operating in your environment. The Agent Registry is the single authoritative inventory of every agent, whether built by Microsoft, custom developed by your team, deployed by a partner, or discovered as a shadow agent operating without oversight. Each entry shows the owner, purpose, capabilities, lifecycle status, and business context. Agent Analytics tracks adoption, quality, performance, and business impact. Agent Map visualizes how agents connect with other agents, people, tools, and data sources, surfacing dependencies and risk concentrations you would never spot in a spreadsheet. Real time monitoring flows directly into Microsoft Defender, so unusual agent behavior generates alerts the same way unusual user behavior does today. For a health system CISO, that means finally being able to answer the question: which agents are touching ePHI, and is every one of them authorized? For a life sciences compliance officer, it means audit ready visibility into every AI system operating across R&D, regulatory affairs, and commercial. For a payer operations leader, it means knowing which claims processing agents are actually delivering accuracy and throughput, and which are quietly underperforming. Pillar 2: Govern. Set the rules. Control the lifecycle. Visibility is the start. Control is what turns visibility into outcomes. Agent 365 ensures that every agent is approved, compliant, and accountable from creation through retirement. IT led onboarding workflows make sure each agent launches with the right identity, access, and ownership before it ever touches data. Policy templates enforce data handling, permission, and usage rules consistently from day one through Defender, Entra, and Purview. Rules based agent management gives admins an automated If This Then That interface. If an agent is unused for 90 days, auto retire it. If an agent is flagged as risky, block it and alert the security operations team. No human in the loop required for the routine cases, full alerting and override for the exceptions. Ownership enforcement requires every agent to have a designated human owner. When that owner leaves the organization, the platform flags the orphaned agent for bulk reassignment, so nothing operates without clear accountability. The Tools Gateway brokers and audits tool access for agents, enabling least privilege at the action level, not just the identity level. For HLS specifically, that translates to outcomes you can take to your board. A hospital CIO can ensure any agent touching Epic or Cerner goes through standardized approval. A pharma IT director can enforce that clinical trial matching agents only touch de identified data unless elevated permissions are explicitly granted and documented. A payer compliance team can automatically retire agents tied to a completed open enrollment campaign instead of letting them silently expand the attack surface. Pillar 3: Secure. Protect agents and data with the stack you already trust. The final pillar is what makes Agent 365 production grade for healthcare and life sciences. Security and compliance are not bolted on. They are the same proven Microsoft security stack you already run for your users, extended natively to agents. Microsoft Purview, your data security and compliance backbone: Data Security Posture Management for AI gives visibility into how agents interact with sensitive data and detects risky usage patterns. Data Loss Prevention stops agents from accessing or processing files labeled Highly Confidential, even when a user prompts them to. Sensitivity labels are inherited automatically by agent outputs, governing how data is viewed, extracted, or shared downstream. Insider Risk Management detects risky behavior by users interacting with agents, such as unusual prompt patterns or excessive access to sensitive data. Communication Compliance monitors AI driven interactions for regulatory or ethical violations and unauthorized disclosures. eDiscovery and Audit logs every agent interaction, giving legal, compliance, and IT teams the transparency required for HIPAA, GDPR, and FDA 21 CFR Part 11. Oversharing Assessments run weekly checks for sensitive data exposure across SharePoint sites and agent access patterns. Microsoft Entra, your identity control plane: Entra Agent ID gives every agent a unique identity in Azure AD, so Conditional Access, role based access, and risk based policies apply individually. Conditional Access for agents enforces policies like only allow this prior authorization agent to access claims data from approved devices and locations during business hours. Identity Governance provides access packages for agents with reduced scope permissions and least privilege defaults. Block at Scale lets you instantly disable all high-risk agents from Entra in a single action. Microsoft Defender, your threat protection layer: Security Posture Management identifies and remediates agent misconfigurations, such as agents running with no authentication. Threat Detection and Blocking monitors suspicious agent activity, generates alerts, and blocks unauthorized tool invocations. Threat Investigation and Hunting collects unified agent observability logs so SOC teams can forensically trace every action an agent took. One Click Kill Switch instantly disables any agent and surfaces the complete audit trail of every action it took before being stopped. For a hospital security operations team, that means the same DLP policies protecting patient records in email and Teams now protect agents that summarize clinical notes. For a life sciences data protection officer, it means agents accessing proprietary compound data respect the same sensitivity labels as human researchers. For a payer CISO, it means an anomalous claims agent can be killed in seconds, with a complete forensic record of every member record it touched. Why this only works as an integrated platform Individual capabilities are useful. Integration is what makes them transformative. Here is the contrast HLS leaders feel today versus what changes the moment E7 lights up. Without an integrated platform, you operate with: Fragmented tools for identity, security, compliance, and AI, each with its own console and its own gaps. No centralized agent inventory, forcing your IT and security teams to track bots and automations in spreadsheets. Inconsistent policy enforcement across agents, creating compliance gaps every audit team will eventually find. Blind spots where agents access data, invoke tools, or interact with other agents without any oversight. Manual triage when an incident hits, because nothing connects user identity, agent identity, and data classification in one view. With Microsoft 365 E7, you gain: A Unified Agent Registry providing a single source of truth for every agent, whether Microsoft built, custom developed, partner deployed, or shadow discovered. Entra Agent ID giving each agent a unique identity, so Conditional Access, role based access, and risk based policies apply at the individual agent level. Full lifecycle governance with standardized onboarding, periodic review, ownership transfers, auto retirement of dormant agents, and structured offboarding. Policy by design, where Purview DLP, sensitivity labels, and compliance rules extend to all agent interactions through pre built templates applied consistently from day one. One click disable to instantly freeze any agent, with Defender threat detection extended to agents and full audit trails for forensic investigation. Expanded threat coverage that addresses agent sprawl, overprivileged access, tool misuse, misconfiguration, and inter agent risk patterns no legacy tool was designed to see. Shared registry and controls that let IT, Security, and Compliance reference the same authoritative inventory across Defender, Entra, and Purview, eliminating the silos that slow incident response. This is the reason E7 exists as a platform, not a bundle. AI, identity, security, and governance stop being separate disciplines and start operating as one system. What this is actually worth: the Forrester numbers Microsoft commissioned Forrester to conduct a Total Economic Impact study of Microsoft 365 Copilot, published in March 2025. The composite organization in that study, modeled on real customer interviews, achieved: 132 percent three-year ROI with payback in under one year. 9 hours saved per Copilot user per month through automation of routine work like drafting, summarizing, and analysis. Up to 2.6 percent top line revenue lift through better qualified opportunities, improved win rates, and stronger retention in customer facing teams. 25 percent acceleration in new employee onboarding as new hires ramp faster on summarized institutional knowledge. Those are the verified numbers. The bigger story for HLS is what they look like when applied to clinical, claims, and research workflows where every reclaimed hour is an hour that goes back to patients, members, or science. AI is already defending AI The same agentic capabilities transforming clinical and operational workflows are now embedded in your security stack. Microsoft Security Copilot agents work alongside human analysts inside Defender, Entra, Purview, and Intune, accelerating threat response and absorbing the manual load that today drowns most security operations teams. Independent benchmarks back the impact. In a 162 admin randomized study published in 2025, the Conditional Access Optimization Agent in Microsoft Entra completed configuration tasks 43 percent faster and produced 48 percent more accurate Conditional Access policies than admins working without it. Security triage, alert investigation, and identity hygiene are following the same trajectory. For HLS security teams already stretched thin, that is hours reclaimed every week to focus on the threats that actually matter, with the same Agent 365 governance applying to the security agents themselves. The defenders are governed by the same rules as the workforce they defend. How HLS organizations are putting Agent 365 to work Here is how the value shows up across the three biggest HLS segments. For providers: reclaiming time for care The challenge: clinicians spend more time on documentation than on patients. Care coordination is fragmented. Burnout is gutting retention. The strategy: deploy agents that absorb administrative load while Agent 365 ensures every one of them respects ePHI boundaries. Clinical documentation agents integrated with Microsoft Dragon Copilot structure dictation against EHR requirements, apply billing codes, and flag missing elements before submission. Care coordination agents generate care plans, allocate tasks, and surface relevant patient context during multidisciplinary rounds, optimized for HL7 FHIR interoperability. Patient intake and scheduling agents built in Copilot Studio handle appointment booking, reminders, eligibility verification, and referral management. Handoff and shift summary agents pull from multiple systems to generate complete handoff summaries for nurses and physicians transitioning between shifts, reducing communication gaps that drive adverse events. The aha moment: applied across a 10,000 employee health system, nine hours per user per month is more than one million reclaimed hours a year. That is the equivalent of hundreds of full time clinicians, returned to direct patient care, with every agent governed under the same Conditional Access and DLP policies your IT team already manages today. For payers: transforming revenue cycle and member experience The challenge: prior auth backlogs delay care. Denial rates climb. Member services teams drown in volume. The strategy: agentic AI rewires the most expensive, most manual workflows in your operation while Agent 365 keeps every agent inside the lines on member PII. Prior authorization agents autonomously gather clinical documentation, cross reference medical policy, determine approval criteria, and route decisions, accelerating turnaround from days to hours. Claims processing agents automate billing and denial management. With cost to collect running 30 to 60 percent of net patient revenue at many organizations, even modest automation produces material margin recovery. Denial resolution and appeals agents analyze denial patterns, surface root causes, generate appeal documentation, and track success rates over time, turning a cost center into a continuous improvement engine. Member services agents integrated with Microsoft 365 Copilot Chat handle benefits inquiries, claims status, and self service triage, deflecting call volume and improving first contact resolution. Fraud detection and risk adjustment agents scan claims data for anomalies and optimize coding accuracy for Medicare Advantage and ACA populations. The aha moment: a payer CISO can disable an anomalous prior auth agent in one click and produce a complete forensic record of every member record it accessed, while Compliance simultaneously confirms the agent never violated DLP. That is regulatory readiness that legacy automation cannot deliver. For life sciences and pharma: accelerating discovery and commercialization The challenge: clinical trials take years. Regulatory submissions consume teams. Medical affairs cannot keep up with literature volume. The strategy: orchestrate agents across R&D, regulatory, medical, and commercial, with Agent 365 enforcing the data classification rules that proprietary IP and clinical data demand. Clinical trial matching agents scan patient profiles and eligibility criteria to surface trial opportunities, accelerating recruitment. Regulatory document preparation agents assemble submissions, cross reference data across modules, and ensure consistency in FDA, EMA, and global filings. Medical research and literature review agents powered by Microsoft GraphRAG retrieve research backed insights with verified source references, giving medical science liaisons trustworthy synthesis on demand. Pharmacovigilance agents monitor safety databases, flag potential adverse events, and generate timely case reports. Commercial insights and launch planning agents synthesize market data, payer policy, and HCP sentiment for sharper launch and field strategy. The aha moment: cutting even three months off a regulatory cycle on a single high revenue product can mean tens of millions in additional sales, while Purview sensitivity labels guarantee every agent accessing proprietary compound data respects the same data classification as your senior researchers. A phased path that actually works in regulated industries In regulated industries, a big bang AI rollout is a recipe for incidents. The HLS organizations getting this right are following a five-phase pattern that builds expertise and validates governance before scale. Establish. Form a cross-functional champion team across IT, Compliance, Clinical Operations, and Research. Define what risks you are mitigating and what outcomes you are unlocking. Inventory the agents already in flight. Configure. Stand up identity, DLP, and policy templates in Microsoft 365 Admin Center, Power Platform Admin Center, and Microsoft Purview. Enforce that any agent handling PHI runs in a secure environment with audit logging on by default. Pilot. Choose a small group of makers in a controlled environment. Start with non-critical workflows like internal reporting or scheduling before moving to clinical or member facing use cases. Run weekly reviews with Compliance and Security. Empower. Launch role specific training for clinicians, researchers, makers, and IT. Stand up a Center of Excellence to provide templates, best practices, and reusable patterns. Promote success stories internally to build momentum. Scale. Expand agent development across departments with governance as a guardrail, not a gate. Use pay as you go metering to track usage and optimize licensing. Refine policies continuously based on Purview signals and audit results. The strategic insight: organizations that lead with governance reach scale faster than those that lead with experimentation. Trust is the unlock, not the obstacle. Governance is a team sport Here is the pattern we see again and again. The HLS organizations that succeed with AI at scale are not the ones with the smartest IT shop or the boldest Compliance officer. They are the ones whose IT, Security, Compliance, Clinical, Research, and Operations leaders sit at the same table on agent strategy from week one. Agent 365 was designed for that table. The Agent Registry is the shared truth. Purview policies satisfy your Compliance officer. Entra controls reassure your CISO. The lifecycle workflows give your CIO confidence. The clinical and research outcomes give your COO and Chief Medical Officer the business case. Everyone gets the view they need from the same single source. Stand up an agent governance council. Meet every two weeks. Use the Agent Registry as your standing agenda. Make decisions in plain sight. The organizations that do this consistently outperform on both speed and safety. The ones that try to keep AI inside a single function fall behind on both. Who contributes what Think back to the mental model. You would never let a single function authorize, configure, and oversee a new privileged system on its own, not when it touches ePHI, claims, or proprietary research. Security, IT, Compliance, Clinical, and the relevant business owner all weigh in because the stakes are too high for any one seat to carry alone. Agent governance demands the same multidisciplinary scrutiny, and the council is where that happens. Each seat brings something the others cannot. CIO. Owns the agent strategy and the platform investment. Translates board-level AI ambition into an operating model the rest of the organization can execute against. CISO and Security Operations. Define agent identity standards, Conditional Access policies, and incident response playbooks. Without this seat, an anomalous agent touching ePHI becomes a breach instead of a contained event. Chief Compliance Officer and Privacy. Translate HIPAA, GDPR, FDA 21 CFR Part 11, and state regulations into Purview policies and audit requirements. This is the seat that keeps you out of an OCR investigation or a 483 letter. Chief Medical Officer and Clinical Operations. Validate that clinical agents are safe, accurate, and aligned with care standards. Own the clinical risk review for any agent that touches patient care, the same way you would for a new clinical protocol. Chief Research Officer or Head of R&D. Govern how agents interact with proprietary trial data, compound libraries, and scientific IP. The seat that protects the next decade of pipeline value. COO and Revenue Cycle Leadership. Prioritize the operational workflows where agents will move the needle on cost to collect, denial rates, and throughput, and own the business outcomes that justify the investment. Center of Excellence Lead. Maintains templates, reusable patterns, and maker enablement. Turns every council decision into a guardrail builders can actually use the next morning. Frontline champions. Clinicians, claims specialists, and researchers who pilot, give feedback, and carry credibility back to their peers. The seat that decides whether agents get adopted or quietly ignored. When every one of these voices is in the room, your governance council operates like a tumor board for AI. Different lenses, one shared decision, full accountability. That is how regulated industries make complex calls safely, and it is exactly the muscle Agent 365 was built to support. Seven questions to bring to your next leadership meeting If you want to know whether your organization is ready, run through these together. The places you hesitate are exactly where Agent 365 and E7 deliver the most value. Visibility. Do you know which AI agents, bots, and automations are running in your environment today, who built them, what they have access to, and whether they are still needed? Control. If someone on your team builds a new AI agent tomorrow, what is the actual process to make sure it is approved and secured? Or could they deploy it with wide open access? Security. What prevents an AI agent from reading or transmitting patient data it should not? Do you have a way to detect and stop a rogue or compromised agent? Accountability. Who owns the outputs of an AI agent's actions? What is the offboarding process when the agent or its creator leaves? Scale. Six months from now, you may have a hundred agents deployed across departments. Are your oversight and compliance structures ready for that volume? Cross-functional alignment. How are your IT, Security, and Compliance teams partnering on AI today? Governance is a team sport. Data readiness. How confident are you that your data estate is clean, labeled, and governed well enough for AI to surface accurate answers and not outdated or conflicting information? If you hesitated on even one of those, you have just identified where Agent 365 and Microsoft 365 E7 will pay for themselves the fastest. The path forward Here is the honest truth. The healthcare and life sciences organizations that lead in the next decade will not be the ones that adopted AI first. They will be the ones that adopted AI safely, compliantly, and at scale, with intelligence and trust woven into every layer. Microsoft Agent 365 and Microsoft 365 E7 give you the only integrated platform that brings AI, identity, security, and governance into one cohesive system, running in the flow of work you already use. This is not about adding another tool to your stack. It is about extending the investments you have already made in Microsoft 365, Entra, Defender, and Purview to cover the fastest-growing class of digital identities in your environment. The agent era has already arrived. The question is whether you will govern it with confidence or chase it with anxiety. We would love to help you lead. Take the next step Explore Microsoft Agent 365: The Control Plane for Agents Microsoft Entra Agent ID: aka.ms/EntraAgentID Learn more about Microsoft 365 E7, the Frontier Suite: Introducing Microsoft 365 E7 See Microsoft 365 Copilot in action: Microsoft 365 Copilot Read the Forrester TEI study: The Total Economic Impact of Microsoft 365 CopilotMicrosoft 365 Champion community call | May 2026 | AM
Join our next community call on May 26, 2026, to explore the new Copilot Hub experience and learn more about Agent 365. Host: Tiffany Lee Guests: Jessie Hwang, Samer Baroudi Moderators: Jessie Hwang, Casandra Marrero, Abby Schilbach 📢 NOTE: our community call formats are Teams webinars so you must register at https://aka.ms/M365ChampionCallAM to receive the link to join. The join link will be sent to you in email with your webinar registration confirmation. 🗨️ Each call includes an open Q&A discussion section at the end, where you'll have a chance to ask your questions about Microsoft 365. 👋 Was this forwarded to you? Join the Microsoft 365 Champion program today! Champions combine technical acumen with people skills to drive meaningful change. Our community calls are open to everyone, but only Champion program members have access to the presentation resources (access link is in the initial welcome email and in the monthly newsletters). Join now: https://aka.ms/M365Champions. Note: If you are unable to watch the recording on YouTube, try watching it here.Agent 365 | Your Security & Compliance Controls
Block agent access to labeled files at runtime, stop sensitive data from leaving in agent-drafted emails, and catch agents that cross conduct lines using the same Microsoft Purview controls you already run for users. Map every risky agent action in Insider Risk Management, drill into Activity Explorer for interaction-level detail, and pull regulator-ready forensics from Purview Audit. Shilpa Ranganathan, Microsoft Purview Partner Group Squad Leader, shares how IT and data security teams can govern agent behavior on a single Agent 365 control plane built into the Microsoft tools that you're already using today. Block labeled files from agent access in real time. No policy bypass, no data leak. See how it works using Microsoft Purview as part of Agent 365. Same policies, now extended to agents. Purview DLP catches sensitive content and blocks the send. Watch it in action. Map the full chain of risky agent actions in one view. Insider Risk Management in Purview sequences sensitive file access & DLP blocks. See how it works. QUICK LINKS: 00:00 — Agent security, compliance, & IT 01:13 — IT & data security teams using Agent 365 02:22 — Visibility with Microsoft Purview 03:14 — End user perspective 04:05 — DLP on Agent-Initiated Messages 04:23 — Communication Compliance for Agent Behavior 04:50 — Data Security admin in the Purview portal 06:04 — Policy violations 06:39 — Purview Audit 07:06 — Microsoft 365 admin center 07:44 — Wrap up Link References Check out https://aka.ms/Agent365DataSecurity Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -How do you make sure agents don’t run unchecked across your environment? It starts with the right level of observability across security, compliance, and IT, insights that’s tailored to each team’s domain expertise, yet shared across teams, so issues can be identified early and addressed quickly when something goes wrong. This is where Agent 365 comes in to bring together security and IT teams so they can stay in control through a unified control plane, built to work with the Microsoft tools you already use. -Whether you’re viewing agents along with their configurations and high-level activities in the Microsoft 365 Admin Center, understanding agent activities and protecting sensitive information with Microsoft Purview, managing agent identities and permissions to apps, data, and resources with Microsoft Entra, or investigating and responding to incidents in Microsoft Defender, Agent 365 provides a common source of truth for agent activity, enabling teams to assess and respond to risks from their own domain expertise using the tools and workflows they know best. Today is the first episode in a series where we go deeper on using Agent 365 across your organization, starting with protecting your sensitive data. For example, if data isn’t properly classified and protected, AI, which uses powerful semantic search, can quickly surface information that was once hard to find, leading to data loss. -At the same time, it can potentially share it with the wrong people, and related other risks can escalate quickly. Microsoft Purview now extends the controls you have for users in your organization to agents so they stay aligned with your organization’s data security and compliance requirements. Let me show you how IT and data security teams can work together using Agent 365. Starting in Agent 365 in the Microsoft 365 Admin Center. As an IT admin, I can see a comprehensive list of agents in our organization. I can manage agent deployment requests to review the details for agent configurations and even leverage built-in security defaults for Agent 365 to quickly establish policy controls. -That said, as agents are used inside of your organization, Microsoft Purview, as part of the Agent 365 control plane, provides more granular controls with deeper visibility over data security. This includes rich AI observability, protection, and compliance. Right from Microsoft Purview, I can see agents running in my organization with the same left-to-right agent visibility we saw in the Microsoft 365 Admin Center. From Data Security Posture Management, or DSPM, for short, I can find key agent metrics and what’s important for data security, like which agents are active and their risk levels, whether they’re interacting with sensitive data, in which ways, along with interaction trends. I can also see if their activities are protected with sufficient policy coverage. -Let me show you an example of how this level of oversight and protection works, starting from the end user perspective. This is a custom, in-house-developed Zava supplier agent. It’s designed to review and summarize purchase orders for clients. Here, a member of the procurement team asks the agent to review a few linked purchase orders PDF files and check for delays and impacts. The reasoning agent gets to work almost immediately, providing a summary for the linked files. It then attempts to access a contract file to figure out the contractual impacts of any delays. -Now, because the contract has a label that the agent is not allowed to process, it stops and says that it cannot access the information contained in that file. This is Microsoft Purview enforcing least-privilege access in real time. Next, our same user asks the agent to email the summary to an external supplier. The agent tries, but Purview spots sensitive data in the message. In fact, if we move to Outlook and open the message, we can see that our sensitive information policies have blocked the email from being sent. Back in Teams, we can see that the same user is attempting to use the agent to draft an email that promises an exclusive gift incentive to fast track the PO approval. The agent stops again. It recognizes the request crosses ethical and compliance lines and explains why to our user. -Importantly, behind the scenes, Purview logs all activity as it happens and flags the interaction for review. In fact, let’s switch perspectives to the data security admin in the Purview portal after these activities have taken place. I’m back in DSPM under AI Observability with a view of my running agents. And on top of my list, Purview has flagged the supplier agent as high risk. Let’s drill into it. For that, I’m in insider risk management view for this activity. It maps out the sequence of events that our user and agent attempted to carry out, starting with sensitive file access in SharePoint, including the contract I mentioned. -Then the DLP policy block, which stopped the email summary from being sent to the external supplier. And, finally, the unethical behavior block when a user attempted to offer a gift in exchange for faster contract approval. All these activities raise the risk level of the agent, and each action is clearly outlined. To get more detailed context about the agent’s behavior, I can view the activity timeline, which links me directly into Activity Explorer in DSPM to see other interactions with this agent. It looks like there’s a mix of benign activity at the bottom of the list, and the higher risk activities for our user are at the top. All prompts and responses are evaluated against compliance policies and classifiers, and any matches are surfaced using the same investigation and remediation workflows you already use today. -In fact, you can find the details for agent policy violations across solutions in Microsoft Purview. For example, if your focus is on communication compliance, you can find the details for the agent interaction that was flagged as unethical. In this case, it matched the gifts and entertainment condition. And clicking in, you can see related matches for other sources too. And Purview Audit also captures every agent interaction, which you’ll find using an audit search. -Here we’ve searched across agent interactions that occurred between February 1st and March 1st for our agent, and you can see the exportable details for each interaction, including IP, user, agent, record, and activity details. So when a regulator asks: “How did this happen?” You can trace it instantly using Purview Audit. Of course, with Agent 365 at the foundation, everything is connected and integrated across the control plane. So now as an IT admin working in the Microsoft 365 Admin Center, I can see the agents running in our environment filtered by high risk, and there’s our supplier agent. In its details, under Security and Compliance, I can see it has performed a few risky activities. This is all signal that has been pulled in from Microsoft Purview as part of Agent 365. -From here, I can tune the agent configurations, including its permissions, or even block it all together from use. AI agents move fast, and without the right level of visibility and guardrails in place, they can easily access data they shouldn’t overshare, and even work against your company’s ethics. Agent 365 with Microsoft Purview keeps your agents in line, spots trouble before it happens, and makes sure that actions are recorded. -To learn more, check out aka.ms/Agent365DataSecurity. In the next episode of the series, we’ll explore Agent 365 with Microsoft Defender to investigate and respond to security incidents involving agentic activity. Subscribe to Microsoft Mechanics if you haven’t already, and thanks for watching.
Can Agent 365–registered 3rd-party agents be invoked outside MS 365 clients and still track usage?
Hello, The documentation describes how to register a third-party agent with the Microsoft Agent 365 platform (for example an agent hosted on Google Cloud Run) in order to benefit from capabilities such as observability, governance, security, and centralized management. Does this mean that users must access these agents through Microsoft 365 entry points (such as Copilot Chat, Teams, or other Microsoft clients) in order for those capabilities to apply? Or can the same registered agent also be invoked and interacted with from third-party clients or external services (for example applications running in GCP) while still benefiting from Agent 365 features like observability, governance and/or security? What if third party agent is registered to Agent 365, but it doesn't use EntraID? It's what observability, governance and/or security will be available then? Thank you.
Task Module shows popup but Adaptive Card does not render using M365 Agent SDK (Python)
I am using the new M365 Agent SDK for Python to return a Task Module (task/fetch). The popup opens successfully when I click the button in Teams, but the Adaptive Card inside the Task Module does not render. Instead, Teams shows the generic error: “Unable to reach app. Please try again.” My invoke handler returns the following structure: adaptive_card = { "type": "AdaptiveCard", "$schema": "http://adaptivecards.io/schemas/adaptive-card.json", "version": "1.4", "body": [ {"type": "TextBlock", "text": "Sample task module card"}, {"type": "Input.Text", "id": "notes", "isMultiline": True} ], "actions": [ { "type": "Action.Submit", "title": "Submit", "data": {"action": "sample_task_submit"} } ] } task_response = { "task": { "type": "continue", "value": { "title": "Dialog", "width": "medium", "height": "medium", "card": { "contentType": "application/vnd.microsoft.card.adaptive", "content": adaptive_card } } } } return InvokeResponse(status=200, body=task_response) Key symptoms: Task module window opens (so invoke is successful) Adaptive card does not render Shows “Unable to reach app” inside popup No errors in server logs This happens only with Task Modules; normal message replies work fine Questions: Is the above Task Module response format correct for the new M365 Agent SDK for Python? Does the SDK require a different return type or content-type for invoke responses? Are Task Modules fully supported in the M365 Agent SDK preview? Is there an example of returning a Task Module using the Python SDK? Any clarification or working sample for Python would be very helpful. Screen shot -Microsoft 365 Champion community call | May 2026 | PM
Join our next community call on May 26, 2026, to explore the new Copilot Hub experience and learn more about Agent 365. Host: Tiffany Lee Guests: Jessie Hwang, Samer Baroudi Moderators: Jessie Hwang, Casandra Marrero, Abby Schilbach 📢 NOTE: our community call formats are Teams webinars so you must register at https://aka.ms/M365ChampionCallPM to receive the link to join. The join link will be sent to you in email with your webinar registration confirmation. 🗨️ Each call includes an open Q&A discussion section at the end, where you'll have a chance to ask your questions about Microsoft 365. 👋 Was this forwarded to you? Join the Microsoft 365 Champion program today! Champions combine technical acumen with people skills to drive meaningful change. Our community calls are open to everyone, but only Champion program members have access to the presentation resources (access link is in the initial welcome email and in the monthly newsletters). Join now: https://aka.ms/M365Champions. Note: If you are unable to watch the recording on YouTube, try watching it here.OBO Agents vs. Execute-as-User Agents: What Will Agent 365 provide?
It was mentioned during the AMA session that agents from the Microsoft ecosystem (Copilot Studio, Foundry, SharePoint) will be automatically onboarded into Agent 365. However, today many of these agents execute as users, and some may continue to operate this way indefinitely. In other words, they may never receive their own Entra ID agent identity and may never run using an On-Behalf-Of (OBO) model. This raises an important question around observability, governance, and security. If these agents do not have their own identity and continue to execute under user credentials, what capabilities will Agent 365 provide for them in terms of monitoring, governance, and security controls? TL;DR: It is still unclear what observability and governance features will be available for non-OBO agents - both within Agent 365 itself and through standard platform administration tools. A clear comparison between OBO agents and non-OBO agents in terms of visibility, governance, and security capabilities would be extremely helpful. Thank you
