Microsoft Agent 365 is now generally available, and it wants to find the AI tools your IT team doesn't know about
Microsoft Agent 365 is now GA at $15/user/month, with preview tools to discover and manage shadow AI agents running on employee devices.
Microsoft has moved Agent 365 from early-access preview into general availability, priced at $15 per user per month. The product is Microsoft’s answer to a problem that has been quietly building for a while: organisations are deploying, buying, and downloading AI agents faster than IT can track them, and most of those agents are completely invisible to the people responsible for security and compliance.
The GA launch comes with a significant new capability in preview, a dedicated Shadow AI page in the Microsoft 365 admin center, designed to help IT teams find and manage AI agents that are already running in their environment without their knowledge.
What is Agent 365, exactly?
Think of it as a control plane for AI agents, the same way Intune is a control plane for devices or Entra is one for identities. It brings together visibility into what agents exist in your environment, what permissions they hold, how they are behaving, and who is using them, all in one place.
Agent 365 does not replace Entra, Purview, Intune, or Defender. It connects them, so that an AI agent gets its own Entra identity, has Purview labels applied to its outputs, has its runtime behaviour governed through Defender, and falls under Intune device management if it is running locally on a Windows machine. The idea is that agents become managed, observable entities rather than invisible processes doing unknown things.
It also now reaches beyond Microsoft’s own stack. A public preview of registry sync with AWS Bedrock and Google Cloud means admins can discover agents running on other clouds and pull them into the Agent 365 inventory. For now that is limited to discovery and basic lifecycle actions like stopping or deleting an agent, rather than full policy enforcement, but it signals where this is heading.
The shadow AI problem
The more interesting development is the shadow AI capability. Microsoft is using the term to describe AI agents that employees install and run on their own devices, outside of any IT-sanctioned process. Coding assistants, autonomous task runners, CLI-based tools — many of these can read files, execute code, and take actions on a user’s behalf, all without passing through any managed cloud service that security teams can monitor.
The poster child for this right now is OpenClaw, a free, open-source autonomous agent that runs on Windows, Mac, and Linux, connects to Anthropic, OpenAI, or local models, and requires absolutely no IT approval to install and run. That last point is the entire problem. An employee can have it running on a company laptop, accessing company files, within minutes.
Microsoft is addressing this through a new Shadow AI page in the Microsoft 365 admin center, surfaced through Microsoft Defender and Intune. When an agent like OpenClaw is detected on a managed Windows device, admins can review it and choose to block it. A block creates an Intune policy that propagates automatically across all managed Windows devices enrolled in Intune, though depending on your Intune configuration that can take anywhere from 15 minutes to 8 hours to fully apply.
Starting in June 2026, Microsoft Defender will add asset context mapping for each discovered agent, showing which devices it runs on, which MCP servers it has configured, the identities associated with it, and which cloud resources those identities can reach. That last piece is particularly important. An unmanaged local agent connected to a developer’s cloud credentials could have a substantial blast radius.
Microsoft plans to expand detection coverage to 18 different agent types by June 2026, including GitHub Copilot CLI and Claude Code.
What this means for IT and security teams
The practical implication is that shadow AI is now being treated as an endpoint security problem, not just a cloud governance one. That framing matters, because it changes where you look and what tools you reach for.
If your organisation uses Microsoft Defender and Intune today, you will get this capability with a Microsoft 365 E3 licence and by opting into the Frontier preview in the admin center. There is no separate agent to deploy. The detection surface starts with managed Windows devices, which is a reasonable starting point given that developer workstations running local coding agents represent the most immediate risk.
For teams already managing AI agents built in Copilot Studio, those agents sit in the same Agent 365 inventory alongside agents from Microsoft 365 and partner ecosystems, with shared policies and lifecycle controls. The vision is a single register of all the agents touching your organisation, regardless of where they were built or deployed.
What this means for the rest of the organisation
For most workers, none of this is directly visible. The significance is that the tools people are already using or want to use may start appearing on IT’s radar. If your team has been quietly using local AI coding tools, expect those conversations with IT to happen sooner rather than later.
That is probably healthy. The data from Microsoft’s 2026 Work Trend Index, which surveyed 20,000 AI users across 10 countries, suggests 58% of AI users say they are producing work they could not have done a year ago. The tools clearly matter to people. Getting them properly governed means organisations can keep using them rather than discovering them after an incident and banning them wholesale.
Pricing and packaging
Agent 365 is available as a standalone add-on at $15 per user per month, or bundled into the new Microsoft 365 E7 suite at $99 per user per month alongside Copilot and other Frontier capabilities. The E7 bundle went generally available alongside this announcement.
The shadow AI discovery features require Microsoft 365 E3 as a baseline, Intune enrolment for Windows devices, and opting into the Frontier preview in the Microsoft 365 admin center.
The core thing to take away here is that AI agent governance has moved from a theoretical concern to a product category with a price tag and a shipping date. If your organisation has been deferring decisions about how to manage AI agents, Agent 365 is Microsoft’s answer to what that management layer looks like, and the shadow AI work signals they expect the problem to get more acute before it gets easier.