Microsoft 365 E7 & Agent365: From Where You Are to Enterprise AI at Scale
Introduction As organizations move beyond AI experimentation and begin operationalizing agent-based AI workloads, a new set of challenges is emerging governance, visibility, and control. Microsoft’s response to this shift is Microsoft 365 E7, introduced on May 1, 2026. It bundles: Microsoft 365 E5 Microsoft 365 Copilot Microsoft Entra Suite Microsoft Agent 365 This represents Microsoft’s strategic direction toward a human-led, agent-operated enterprise. However, a key pattern is emerging: Many organizations deploy Agent 365 and assume governance is complete. It isn’t. Understanding Agent 365: Control Plane, Not Control Source Agent 365 is not a standalone security solution, it is a control plane for AI agents. It provides: Agent registry and discovery Blueprint governance and lifecycle control Observability across agents Aggregation of signals from Entra, Defender and Purview Simple analogy Agent 365 is like a dashboard in a car It shows status It aggregates signals But it does not generate signals Without identity, data and threat signals → governance visibility is incomplete. The Key Gap: “Enabled” vs “Governed” Agent 365 can be enabled standalone but governance requires: Identity signals (Entra) Threat signals (Defender) Data risk signals (Purview) This gap between “enablement” and “full governance” is where most deployments fall short. Agent 365 Governance Maturity Heatmap The following heatmap summarizes how governance capabilities evolve as you layer the Microsoft stack: Capability Agent 365 on E3 + Defender Suite + Purview Suite + Entra Suite E7 (Full) Agent registry / inventory ✅ Full ✅ ✅ ✅ ✅ Shadow agent discovery ✅ Full ✅ ✅ ✅ ✅ Blueprint governance / kill-switch ✅ Full ✅ ✅ ✅ ✅ First-party agent observability ✅ Full ✅ ✅ ✅ ✅ Conditional Access for agents (P1) ✅ Already in BP/E3 ✅ ✅ ✅ ✅ ID Governance for agents (P1) ✅ Already in BP/E3 ✅ ✅ ✅ ✅ Risk-based CA / ID Protection (P2) ❌ ✅ ❌ ✅ ✅ MDA behavioral risk detection ❌ ✅ ❌ ❌ ✅ Risks column fully populated ⚠️ Entra only ⚠️ Entra + Defender ⚠️ Entra + Purview ⚠️ Entra + Network ✅ All signals Purview DLP for agent interactions ⚠️ Basic only ⚠️ Basic only ✅ Full ⚠️ Basic only ✅ Full DSPM for AI ❌ ❌ ✅ ❌ ✅ Shadow AI discovery (external tools) ❌ ❌ ❌ ✅ ✅ Security Copilot SCUs ❌ ❌ ❌ ❌ ✅ (via E5) 🔍 Interpretation of the Heatmap Key insight: Agent 365 on its own provides visibility and governance scaffolding, but true governance maturity emerges only when identity (Entra) threat (Defender), and data (Purview) signals are combined. Microsoft 365 E7 is the only SKU that delivers all signals, identity, security, compliance and AI governance in a single integrated model. What Works with Agent 365 Alone On Business Premium or E3 + Agent 365, you still get meaningful capabilities: Agent registry (full visibility) Shadow agent discovery Blueprint governance and kill-switch Entra Agent ID (identity registration) Conditional Access for agents (via Entra P1) ID Governance (via Entra P1) First-party agent observability This provides a strong governance foundation, especially for early-stage adoption. What’s Missing Without the Full Stack Without Defender, Purview, and Entra Suite key capabilities are limited: Risk-based Conditional Access (requires Entra P2) Behavioral threat detection (Defender) Data interaction governance (Purview DLP) AI data security posture (DSPM for AI) External shadow AI discovery (Entra Internet Access) Result: You can see agents exist but you cannot fully assess risk, behavior or data exposure. What changes across layers: Layer Added What Improves Defender Threat detection, behavioral risk Purview Data protection, AI data governance Entra Suite Network + identity-level AI control E7 Full integration across all layers Licensing Model: Clarifying Agent 365 Agent 365 licensing is simple but often misunderstood: Licensed per user (not per agent) Covers all agents owned or managed by that user Agents do not need individual licenses This eliminates agent sprawl licensing concerns and anchors governance to the user identity. Upgrade Math by Starting Point This is where architecture meets commercial reality. 📍 Business Premium Starting point: $22/user Step Add-on Total Step 1 Agent 365 ($15) $37 Step 2 Defender + Purview Combo ($15) $52 Step 3 Entra Suite ($12) $64 Step 4 Copilot + Intune Suite ~$95 👉 Full E7 Parity: ~$95/user 👉 E7: $99/user At this stage: Minimal price difference E7 adds Security Copilot + removes 300-user limit ✅ This is where consolidation becomes compelling. 📍 E3 Starting point: $39/user Component Cost E3 Base $39 Agent 365 $15 Defender Suite $12 Purview Suite $12 Entra Suite $12 Intune Suite $10 Copilot $30 Total $130/user 👉 E7: $99/user 💥 Delta: $31/user 💥 ~$74K/year extra for 200 users ✅Use Agent 365 for visibility if needed ✅Avoid building full add-on stack ✅Move to E5 or E7 early 📍 E5 Starting point: $60/user Remaining gaps: Copilot ($30) Entra Suite ($12) Agent 365 ($15) 👉 Total: $117/user 👉 E7: $99/user 💥 Savings: $18/user 💥 ~$108K/year for 500 users ✅ ~15% savings ✅ Simplified licensing ✅ This becomes a strong renewal conversation driver. Architectural Perspective AI governance requires layered architecture: Layer Function Agent 365 Control plane Entra Identity + access Defender Threat detection Purview Data protection Governance is not a feature, it is a system built on continuous signals across identity, security and data. How to Position This in Customer Conversations For Business Premium Start with Agent 365 Add Defender + Purview for maximum value For E3 Avoid incremental add-ons Move to E5/E7 For E5 Position E7 as cost optimization + simplification Final Thought Agent 365 is a foundational capability but it is not a complete solution. On its own, it gives you visibility and a governance layer. But enterprise AI governance is not just about seeing and managing agents it’s about understanding what they’re doing, what they’re accessing and whether they should be doing it at all. A simple way to think about it: Deploying Agent 365 alone is like setting up a badge system in your building you can track who is inside and control access. But without the broader security stack, you still can’t: Detect risky or unusual behavior Protect sensitive data from overexposure Enforce governance consistently across the environment Bottom Line Agent 365 provides the control plane Security and compliance services provide the signals Microsoft 365 E7 brings these together into a unified governance model The Strategic Shift Organizations are moving from: AI as tools → isolated productivity gains AI as systems → integrated workflows and automation AI as governed ecosystems → secure, compliant, and scalable operations Sustainable AI adoption is not defined by capability alone it is defined by how effectively that capability is governed at scale. E7 is not just a licensing evolution it represents a shift to an integrated AI operating model, where governance is embedded by design, not added as an afterthought.Make any agent enterprise-ready with the Agent 365 SDK
One of the biggest barriers to enterprise adoption is the lack of centralized controls. Before deploying an agent broadly, organizations need clear answers: What is this agent allowed to do? What data can it access? How is it monitored? And how do we step in when something goes wrong? Today, developers often piece together identity, runtime protection, and observability using a mix of point solutions and open-source tools. The result is fragmented policy management, disconnected monitoring, and operational overhead that’s difficult to scale within existing IT and security systems. What enterprises need instead is a unified control plane that brings these capabilities together. Introducing the Agent 365 SDK On May 1, Microsoft announced the general availability of Agent 365, the control plane for enterprises to observe, govern, and secure agents at scale. Agents built on the Microsoft AI platform (Agent Builder, Copilot Studio, and Microsoft Foundry) get Agent 365 capabilities automatically, with zero additional developer effort. For agents built on external platforms or open-source frameworks, the Agent 365 SDK provides the path in. The SDK enables enterprise-grade observability, governance, and security, while the Agent 365 CLI provisions the agent identity and registers the agent in Agent 365 from day one. For example, a back-office agent built on Microsoft Foundry and a customer-facing agent built with the OpenAI Agents SDK can both be managed through Agent 365, using the same identity model, observability signals, and policy engine, no matter which platform or framework on which the agent runs. What you get with the Agent 365 SDK Observability A unified agent registry. Every agent registered through the SDK appears in a unified Agent 365 registry, giving admins visibility into ownership, usage, connected tools and knowledge sources, and assigned permissions. Additional signals also help surface unmanaged local agents in the same control plane. Security Operations Center (SOC) visibility in Microsoft Defender. Security Operations Center teams can use Microsoft Defender telemetry to hunt across agent activity, identify vulnerabilities, and investigate potential risks across the entire agent fleet Governance Agent lifecycle management. Apply rules-based policies to automatically expire inactive agents, flag ownerless agents, and block risky ones. Onboarding and agent governance. Deploy agents to specific users or groups only after permissions, policies, and reviews are complete. Block, unblock, or remove agents on demand to control availability. Policy templates. Group existing policies from Entra, Purview, Defender, and SharePoint into reusable templates that apply automatically during agent approval or onboarding. Tool controls for agents. View, allow, or block tools across the tenant so agents only use approved tools, enforcing consistent governance without per-agent configuration. Security Agent identity in Entra. The SDK generates an agent identity in Entra so the agent can be managed, and policies and role assignments can be applied to it the same way they are applied to users. Learn more in our Entra Agent ID developer blog post. Access control. Agents can be secured by Entra Conditional Access and Identity Protection for runtime protections as agent behavior evolves. Threat detection in Defender. Agent activity surfaces in Microsoft Defender alongside the rest of the estate, with alerts wired into the same incident pipeline the SOC already runs on. Threat blocking tool invocation. When you register tools with Agent 365, calls to and responses from those tools are protected by Defender’s runtime protection, blocking high-risk tool calls and actions before they execute. How companies are putting it to work Many software companies have already integrated the Agent 365 SDK into the agents they build, spanning three primary categories. The first is AI-native software vendors building customer-facing agents, such as Genspark, Zensai, Egnyte, and Zendesk. The second includes agent platforms and “agent factories” where customers build and run their own agents, including Kore.ai, Kasisto, and n8n. And the third is enterprises developing custom internal agents for their own employees and business processes. All three groups integrate with the Agent 365 SDK for the same reason: when these agents are deployed into an enterprise, organizations can immediately observe, govern, and secure them in Agent 365 with no additional work required for the core capabilities. More advanced scenarios such as data security and compliance can then be added through Microsoft Purview APIs when required. Two examples of what this looks like in practice Kore.ai is an enterprise platform for building and managing AI agents and assistants. Raj Koneru the CEO of Kore.ai had this to say about Agent 365: "Enterprises can easily build AI agents today but scaling them with trust and governance is where most initiatives stall. With Kore.ai deeply integrated into Microsoft Agent 365, identity, security, and governance are built in from the start, empowering enterprises to move from pilots to AI at scale with confidence." — Raj Koneru, Chief Executive Officer, Kore.ai Zensai is an AI-native software development company that ships its Human Success Agent to enterprise customers. Emma Taylor, Culture & Organizational Development Manager at Phoenix Software Solutions, one of Zensai’s customers, on what Agent 365 makes possible: "Zensai has given us a clear view of how our people and programs are performing, helping us track the metrics that matter. The depth of reporting across the Human Success Platform has been a game changer for our team. We're particularly excited about the Human Success Agent, with Agent 365 delivering the governance and observability our administrators need to confidently manage AI in the enterprise responsibly while surfacing the data and insights that drive better decisions across our business." — Emma Taylor, Culture & Organizational Development Manager, Phoenix Software Solutions The takeaway is direct: integrate once with Agent 365 SDK, and every customer who deploys your agent can easily enable enterprise-grade controls. Get started today The Agent 365 SDK is available now. If your agent is already running, you can onboard it in three steps. Install the SDK in your agent project using Python, TypeScript, or .NET. Register the agent with the Agent 365 CLI to provision its identity and automatically onboard it into Agent 365. Wrap your agent entry point with the SDK to stream activity and telemetry into the Agent 365 control plane. For data security visibility and controls, you can integrate Microsoft Purview APIs to enable capabilities such as prompt-based Data Loss Prevention (DLP), Data Security Posture Management, Insider Risk Management, and core compliance features including eDiscovery, Communication Compliance, Audit, and Data Lifecycle Management. Learn more in our Purview developer blog post. Get started with Agent 365 development Keep learning Microsoft is actively shaping the Agent 365 SDK based on what builders are asking for. A few places to go deeper and see the SDK in action: Watch OD840: The Microsoft Build on demand developer session that goes deeper on Agent 365 SDK and the design decisions behind it. Watch BRK251: Build secure and enterprise-ready agents with Agent 365. A hands-on breakout that walks through how Agent 365 SDK and Microsoft Purview APIs work together across the agent lifecycle, with practical examples for runtime visibility, identity-aware access, data protection, and policy-based governance. Available on Wed, Jun 3 11:30 AM - 12:15 PM PDT and on demand. Browse the docs: For quick-starts, reference, and the layered toolkit guide. Go deeper on Purview for agents: Start with the Purview developer blog for the story, then the Microsoft Purview developer documentation for the full reference. Read more on Entra Agent ID: Start with the Entra Agent ID developer blog, then the Microsoft Entra Agent ID documentation for the full reference. Shipping an agent that IT and security teams can actually approve doesn't have to mean piecing together multiple solutions. With the Agent 365 SDK, you can build enterprise-ready agents that organizations can deploy with confidence. Co-Authored by Jeremiah FollisAgent365: The Identity-First Control Plane for Scalable AI Agents
As organizations move from AI experimentation to enterprise-scale adoption, AI agents are increasingly becoming persistent actors within the digital environment accessing data, invoking APIs, and executing workflows autonomously. This shift introduces a new governance challenge: How do organizations ensure visibility, control and security as the number of agents scales across cloud, SaaS and endpoint environments? Microsoft Agent365 addresses this challenge by introducing a control plane for AI agents, built on Microsoft Entra, that enables organizations to manage agents using the same identity-driven approach applied to users and applications. Why Identity Becomes Foundational for Agent Governance In traditional enterprise systems, identity platforms were designed to manage: Human identities Application identities Service principals With the introduction of Agent365, this model expands to include AI agents as first-class identities. Each agent is assigned a unique identity in Microsoft Entra, enabling consistent authentication, authorization, and lifecycle management. This approach allows organizations to: Apply policy-based access controls to agents Enforce least privilege access models Integrate agents into existing IAM and Zero Trust frameworks As highlighted in recent partner perspectives, identity is evolving from a supporting capability to a centralized control plane for AI governance. Managing Agent Sprawl with a Unified Control Plane As AI agents proliferate across business units, organizations often face challenges such as: Limited visibility into deployed agents Inconsistent ownership and lifecycle management Over-permissioned or unmanaged access to data Increased operational and security risks Agent365 addresses these challenges through a unified control plane that enables organizations to: Discover and inventory agents across the environment Apply governance policies consistently Secure agent interactions and data access This aligns with Microsoft’s broader approach to enable organizations to observe, govern, and secure AI workloads at scale. Agents as Managed Identities in Microsoft Entra One of the core innovations of Agent365 is the introduction of Entra Agent ID, which treats agents as managed identities within the directory. This enables organizations to manage agents using familiar identity capabilities, including: Conditional Access Role-based and attribute-based access control (RBAC/ABAC) Identity governance workflows (e.g., access reviews, lifecycle policies) Audit and compliance monitoring By aligning agent governance with identity, organizations can extend existing security controls without introducing separate governance silos. Architecture Overview: Identity-Centric Control Plane Agent365 integrates across Microsoft’s security and compliance ecosystem to provide a layered governance model: Identity Layer (Control Plane Foundation) Microsoft Entra ID for Agents Identity governance and lifecycle controls Conditional access enforcement Governance Layer Centralized agent registry (inventory of agents) Ownership and accountability tracking Policy enforcement across agent lifecycle Security and Compliance Layer Microsoft Defender for threat detection and behavior monitoring Microsoft Purview for data protection and compliance Integration with Zero Trust architecture Observability Layer Unified telemetry and dashboards Monitoring of agent activities and interactions Agent365 brings these capabilities together into a centralized experience within Microsoft 365, enabling consistent control across heterogeneous agent ecosystems. Extending Zero Trust Principles to AI Agents As agents operate autonomously and interact with multiple systems, extending Zero Trust principles becomes essential. Agent365 allows organizations to apply: Continuous verification of agent identity Least privilege access enforcement Real-time monitoring and anomaly detection This ensures that agents operate within defined boundaries, reducing the risk of unintended actions or data exposure, while enabling secure scaling of AI adoption. Key Capabilities Supporting Identity as the Control Plane Agent365 enables identity-driven governance through a set of core capabilities: Agent Registry Provides a centralized inventory and visibility across all agents Access Control Enables policy-based and conditional access through Microsoft Entra Lifecycle Management Supports provisioning, updates, and decommissioning of agents Security and Compliance Integration Extends Defender and Purview capabilities to agent workflows Cross-platform Support Enables governance across Microsoft, open-source, and third-party agents These capabilities help organizations manage agent ecosystems with the same rigor applied to workforce identities. Key gaps Agent365 will surface Shadow agents More agents exist than you think built across Copilot Studio, Power Platform, or third-party tools… but never inventoried. Ownerless agents Agents continue running in production with no clear owner or accountability. Over-permissioned access Agents often inherit excessive privileges far beyond least-privilege intent. No lifecycle governance No expiry, no reviews, no retirement. Agents accumulate over time. Untracked multi-agent workflows Agent-to-agent interactions lack complete audit trails. Data exposure via agents Agents amplify existing oversharing risks across enterprise data. Identity & access gaps Traditional conditional access wasn’t designed for autonomous, non-human identities. And in most enterprises, the true scale of these gaps is often underestimated. Enabling Secure and Scalable Agentic AI Organizations are increasingly recognizing that scaling AI is not just about deploying agents, but about ensuring control, visibility and compliance across their operations. Agent365 provides a framework to: Bring agents under a common governance model Align AI operations with enterprise identity architecture Reduce risks associated with unmanaged automation By anchoring agents within Microsoft Entra, enterprises can leverage existing investments in identity, security and compliance to support AI at scale. Conclusion The transition to agentic AI introduces a new category of identity within the enterprise. With Agent365, Microsoft establishes identity as the foundational control plane enabling organizations to manage AI agents as governed, auditable and secure entities. As enterprises continue to adopt AI, this approach ensures that innovation can scale while maintaining the control, trust and compliance required in modern digital environments.
