Microsoft's Agent 365 goes live to tame rogue AI agents in enterprises

Microsoft has officially launched Agent 365, its AI agent management platform, out of preview and into general availability. The move comes as enterprises struggle to keep pace with the rapid adoption of autonomous AI tools that operate beyond traditional IT oversight. Unlike conventional software, these agents can access sensitive data, trigger actions, and even collaborate with other agents—creating a new frontier of governance challenges.

Shadow AI: The invisible risk lurking in enterprise environments

The most pressing concern for organizations isn’t just the agents deployed by IT teams—it’s the ones employees install unofficially. Microsoft refers to this as "shadow AI," a phenomenon where workers integrate AI assistants, coding tools, and automation scripts into their workflows without corporate approval. These locally running agents often bypass security controls, exposing companies to data leaks, unauthorized system access, and compliance violations.

David Weston, Microsoft’s Corporate Vice President of AI Security, highlighted the urgency of this issue in a recent interview. "Enterprises are caught between two extremes," he explained. "One is the 'YOLO' approach—letting anything run without oversight—which is dangerous. The other is over-restriction, where nothing works and productivity grinds to a halt." The balance, he argues, lies in visibility and control—exactly what Agent 365 aims to provide.

Three critical security gaps AI agents are exploiting today

Microsoft’s security teams have identified recurring patterns in how rogue AI agents trigger breaches. The first involves developers connecting agents to backend systems with inadequate authentication. "We frequently see MCP servers exposed to the internet without proper safeguards," Weston noted. "This can lead to personally identifiable information being leaked or stolen."

The second threat comes from prompt injection attacks, where malicious instructions are embedded in data sources like support tickets or internal wikis. While less common, these attacks can hijack an agent’s behavior to exfiltrate data or execute unauthorized commands. "Attackers leverage untrusted inputs to redirect an agent’s actions," Weston warned. "When this happens, the impact is severe."

The third issue stems from outdated data loss prevention (DLP) systems that fail to recognize agent-specific access patterns. "Legacy DLP tools treat AI agents like human users," Weston said. "They expose sensitive data to vendors or third parties without realizing the agent isn’t following human protocols."

How Agent 365 centralizes governance for autonomous AI

Agent 365 functions as a single control plane for tracking, securing, and managing AI agents across diverse environments. Whether an agent runs on Microsoft Copilot Studio, AWS Bedrock, a SaaS integration like Zendesk, or a developer’s local machine, the platform provides IT teams with a unified dashboard to monitor activity, enforce policies, and audit access.

The platform categorizes agents into three tiers:

• - Agents acting on behalf of users (e.g., an email organizer with delegated permissions) are now fully supported.
• - Autonomous agents with their own credentials (e.g., a ticket triage system) are also generally available.
• - Team-based agents participating in shared workflows are entering public preview.

Available as part of the Microsoft 365 E7 suite or as a standalone offering, Agent 365 introduces tiered pricing starting at $15 per user. This positions it as both a budget-friendly and scalable solution for enterprises grappling with AI sprawl. Early adopters include organizations in finance, healthcare, and manufacturing—sectors where data sensitivity and regulatory scrutiny are particularly high.

The road ahead: AI governance as a core IT function

Microsoft’s move to general availability underscores a broader shift: AI governance is no longer optional. As agents become more autonomous, enterprises must treat them as first-class citizens in their security frameworks. The challenge ahead isn’t just technical—it’s cultural. Organizations will need to redefine policies, retrain staff, and invest in tools that can keep pace with AI’s evolution.

For now, Agent 365 offers a starting point. But the real test will be how quickly industries adopt these controls—and whether they can stay ahead of the next wave of AI-driven threats.