Follow ZDNET: Add us as a preferred source on Google.

ZDNET’s key takeaways

• Machine identities are multiplying far faster than human users
• Agent 365 gives IT visibility into enterprise AI agent activity
• Microsoft 365 E7 combines Copilot, security, and agent governance

AI can seem exciting, especially when it comes to the productivity improvements AI agents provide in the corporate world. But what’s rapidly dawning on company and IT leaders is that AI agents are also becoming the ultimate insider threat.

In ZDNET’s Special Feature: Cybersecurity in the New AI Era, I outlined how this threat is growing by leaps and bounds. In particular, I showed a statistic that, on average, 82 machine identities (often with high-level network access privileges) are being created for every human identity.

Also: Why enterprise AI agents could become the ultimate insider threat

This enormous management challenge hasn’t gone unnoticed by Microsoft. According to Vasu Jakkal, Corporate Vice President, Microsoft Security, “Fueled by more than 100 trillion daily signals, Microsoft Security protects over 1.6 million customers, more than one billion identities, and 24 billion Copilot interactions, at the speed and scale of Al.”

In that context, Microsoft is announcing Agent 365, a centralized control plane designed to observe, govern, and secure AI agents across organizations. Essentially, this is a system that provides tracking and control over agents across silos, enterprise-wide.

Microsoft is also launching Microsoft 365 E7 (Microsoft likes to call it “ME7”), which is a new enterprise suite that includes Copilot, security tools, and agent management capabilities.

The growing need to secure enterprise AI agents

The incredible speed with which new agents are being deployed is creating a massive governance and visibility challenge for CIOs, CISOs, and security teams.

The visibility issue is important because if you don’t know what an agent is doing or that it even exists, you can’t control it. To drive home the scope of this problem, let’s use air traffic as an analogy.

Back when airplanes were new, there weren’t all that many of them. While accidents did happen, pilots could use their Mark I Eyeballs to identify other planes, especially during takeoffs and landings.

But fast forward a hundred years or so, and the skies are full of aircraft. Imagine if there were no air traffic control and airplanes were trying to take off and land at LaGuardia Airport (probably my least favorite airport anywhere). It would be absolute chaos. There’s almost no way pilots could keep track of everything and avoid disaster.

Agent 365 introduces a unified control dashboard

Microsoft’s Agent 365 is essentially air traffic control for agents. The idea of this tool is to coordinate all the AI agents that have been flying under the radar throughout your network.

Without a unified control dashboard, “IT, security, and business teams don’t have the agent visibility and protection they need for their agents,” says Microsoft’s Jakkal. She continues, “Furthermore, teams often work in silos, making it difficult to understand which agents exist, how they behave, who has access to them, and what potential security risks can exist across your enterprise.”

There are three main areas that an agent control dashboard can manage: tracking agent activity, managing permissions, and preventing sensitive data exposure.

Also: Why enterprise AI agents could become the ultimate insider threat

Here’s another analogy. Microsoft Agent 365 is like an HR department, but for AI agents instead of people. The analogy is pretty strong because Microsoft is creating a framework that subjects agents to the same identity and security management as human employees, including unique IDs.

This credentialing is created with Agent Registry, which maintains an inventory of agents available through the Microsoft Admin Center and security workflows. It’s the AI agent equivalent of issuing each AI agent a badge and a lanyard.

Agent 365 provides centralized visibility into all managed AI agents across an organization, including Microsoft-built and partner ecosystem agents. With this mechanism, IT teams can track, observe, and analyze agent performance, usage, and activity both through detailed reporting and agent mapping.

Identity and access controls for AI agents

Within Agent 365, Microsoft Entra Agent ID assigns each AI agent a unique identity within the enterprise environment. That’s the badge we’ve been talking about.

Identity protection and conditional access policies extend existing user protections to AI agents acting on behalf of users. Here’s an important aspect of that: AI agents are assigned access privileges at or below that of the human issuing the prompt that instantiates them.

Governance is built into identity management tools that limit AI agent access. They lock down capabilities so that only the resources necessary for a given task are made available. Through Agent 365, IT and security teams can audit the permissions granted to AI agents.

These features help mitigate the risks posed by unmanaged identities and excessive agent privileges.

Data protection and compliance for agent activity

Microsoft’s Purview unified data governance, risk, and compliance solution now works inside Agent 365, helping organizations manage data security risks associated with AI agents. Capabilities include:

• Inline data loss prevention: Blocks sensitive information such as personal identity information (PII) or credit card numbers from being processed by Copilot Studio agents.
• Information protection: Ensures agents adhere to the sensitivity labels applied to organizational data.
• Compliance tools: Extend audit, eDiscovery, and records management to AI-generated activity.

By extending Purview into Agent 365, Microsoft is securing the enterprise AI agent landscape with enterprise data governance and compliance controls.

Defending agents from emerging AI threats

According to Jakkal, “There is a growing visibility and security gap, with a risk of agents becoming double agents.” Here, too, she says Agent 365 provides support:

• Microsoft Defender: Protects against identified vulnerabilities, including prompt manipulation, model tampering, and agent-based attack chains.
• Security posture management: Detects agent misconfigurations and vulnerabilities before they become attack vectors.
• Detection and investigation capabilities: Allows organizations to respond to attacks targeting AI agents.

The bad guys are out there. They’re always looking for new ways to wreak havoc. Unsupervised AI agents with escalating access privileges are irresistible to attackers attempting to gain a foothold in your network.

What is Microsoft 365 E7 (ME7)?

If Agent 365 is the control tower for agents in the enterprise, Microsoft 365 E7 is the entire airport. Basically, ME7 is a bundle that, “Enables organizations to accelerate frontier transformation and equips employees with AI that shows up inside real work: email, documents, meetings, spreadsheets, and business applications.”

Also: The biggest AI threats come from within – 12 ways to defend your organization

ME7 includes the following components:

• Microsoft 365 Copilot: AI assistant embedded across Microsoft 365 apps.
• Agent 365: Framework for building and running organizational AI agents.
• Entra Suite: Identity, access, and Zero Trust identity protection.
• Microsoft Defender: Advanced threat protection across users, devices, agents, and apps.
• Intune: Endpoint and device management for secure access.
• Purview: Data governance, compliance, and information protection tools.
• IQ Platform: Shared intelligence layer providing context and organizational data grounding for Copilot and agents.

Jakkal says, “Copilot, agents, and Agent 365 operate together in the flow of work, grounded in shared intelligence from the Microsoft IQ Platform, so they understand context, history, priorities, and constraints.”

Pricing and availability

Microsoft 365 E7 is priced at $99 per user, per month. Both it and Agent 365 will be generally available on May 1.

Microsoft is also setting some expectations about feature availability. Specifically:

• Runtime threat protection, investigation, and the ability to hunt for agents that use the Agent 365 tools gateway will enter public preview in April 2026 and remain there through May 1.
• Detection, investigation, and response for Foundry and Copilot Studio agents are in public preview and will continue to be in public preview on May 1.
• Likewise, Security posture management for Foundry and Copilot Studio agents will “continue to be in public preview on May 1.”

Security foundation for the agentic era

In my article about agents as the new insider threat, I said, “If it takes a team of interviews and multiple rounds before you hire an employee, it should take the same or even a greater level of care before you ‘hire’ a new agent.”

It appears that what Microsoft is offering in Agent 365 and ME7 are the tools to make that analogy into a functional capability inside enterprises with exploding agent populations. Their new offerings aim to bring agents, users, and enterprise data within a unified security framework.

Microsoft calls this change to an agent-enabled environment “frontier transformation,” leveraging the term “frontier model” for bleeding-edge AI models. If you’re going to have a frontier transformation and you’re going to field thousands of AI agents, you’d better have the security and oversight tools to manage all of that.

Also: How to clean up your digital footprint – and why it matters more than you think

If you’re steeped in the Microsoft ecosystem and you’re fielding armies of AI agents, you’ll probably want to give Microsoft’s new offerings a look.

What do you think about the rise of AI agents inside the enterprise? Does the idea of thousands of software agents acting on behalf of employees concern you from a security perspective, or do you see it as a necessary step toward productivity gains?

Do you think tools like Agent 365 and Microsoft 365 E7 are the kind of governance layer companies will need? Will organizations struggle to keep up with the pace of agent deployment? If you’re working in IT, security, or management, are you already seeing these challenges emerge?

Let us know in the comments below.

You can follow my day-to-day project updates on social media. Be sure to subscribe to my weekly update newsletter, and follow me on Twitter/X at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, on Bluesky at @DavidGewirtz.com, and on YouTube at YouTube.com/DavidGewirtzTV.