Microsoft Agent 365 Goes GA: AI Agent Control Plane 2026

TL;DR: Microsoft Agent 365 moved from Frontier preview to general availability on May 1, 2026 at $15 per user per month, or bundled into the new Microsoft 365 E7 "Frontier Suite" at $99¹. The control plane assigns each AI agent its own Entra identity, applies Purview labels, governs runtime behavior through Defender, and extends Intune device management to local agents on Windows — starting with the open-source OpenClaw and expanding soon to GitHub Copilot CLI and Claude Code². Registry sync with AWS Bedrock and Google Cloud Gemini Enterprise Agent Platform launched in public preview the same day, putting Agent 365 among the first widely deployed multicloud governance planes for agents that ride on top of an existing enterprise IAM stack².

What You'll Learn

• Why agent sprawl forced enterprises to adopt a dedicated governance plane
• How Agent 365 layers on top of Entra, Purview, Intune, and Defender
• What changed between the November 2025 preview and the May 1, 2026 GA
• How local AI agents on Windows endpoints now fall under enterprise policy
• What multicloud registry sync looks like for AWS and Google Cloud agents
• How Microsoft 365 E7 reshapes enterprise AI licensing
• What still sits in preview and what is shipping next

Why This Matters Now

Six months ago, governing AI agents inside a Fortune 500 looked like governing browser extensions in 2010 — IT could see they existed, knew they were touching customer data, and had no realistic way to inventory them. Each business unit was wiring up its own agents on top of Copilot Studio, LangGraph, AutoGen, and a long tail of open-source frameworks. Some ran in Azure. Some ran in AWS Bedrock. Some ran on a developer's laptop because the OpenClaw GitHub README made it look easy³.

Microsoft introduced Agent 365 at Ignite 2025 in November to address exactly that problem⁴. For roughly six months it was an early-access service inside Microsoft's Frontier Program, available only to customers willing to deploy a control plane that was still under construction. On May 1, 2026 it became a generally available commercial product with a published price list, an Intune-style admin experience inside the Microsoft 365 admin center, and a multicloud reach that goes well beyond Microsoft's own stack².

The product positions itself around three pillars Microsoft repeats consistently across the GA materials: observe, govern, secure². Each pillar maps to existing Microsoft surface area, which is the strategic move that makes the launch interesting.

The Control Plane Architecture

Agent 365 does not replace Entra, Purview, Intune, or Defender. It threads them together so an AI agent looks like a managed identity to all of them at once.

The admin experience lives in the Microsoft 365 admin center as a workload of its own. The Agent 365 overview dashboard surfaces total registered agents, active users, growth trends, connected platforms, total runtime hours, and risk signals — the kind of metrics IT teams already get for managed devices, now applied to agent fleets².

The new piece in GA is agent-aware network policy. Microsoft Entra network controls now extend to Copilot Studio agents and agents running on user endpoint devices, letting admins identify unsanctioned AI usage, restrict connections to only approved web destinations, filter risky file movement, and help block malicious prompt-based attacks². This is the first time Microsoft has shipped agent-specific network controls as a default Entra capability rather than something stitched together with custom firewall rules².

On-Behalf-Of Agents and the Identity Story

The most consequential design decision in Agent 365 is how it handles agent identity. The GA release covers the OBO (On-Behalf-Of) agent model — agents that act on behalf of a specific user⁶. Every action an OBO agent takes is attributable both to the agent's own Entra identity and to the user it represents, which gives Purview and Defender enough context to apply user-scoped DLP and conditional access policies to agent-initiated traffic.

Microsoft's developer SDK, agent identity authentication, and agentic user capabilities — agents that operate as their own first-class users rather than acting on behalf of a human — remain in Frontier preview, with no published GA date beyond the OBO control plane shipping May 1⁶. This is a deliberate phasing choice: the OBO model maps cleanly onto existing enterprise IAM patterns, while autonomous agentic users are a harder governance and audit problem that Microsoft has chosen to keep behind a preview gate.

Local Agents on Windows Endpoints

The headline addition between Frontier preview and GA is local AI agent management. With Defender and Intune integration, organizations can now discover and manage AI agents that run directly on Windows devices, starting with OpenClaw and expanding soon to GitHub Copilot CLI and Claude Code².

OpenClaw is worth understanding here because it is the canonical example of the shadow-AI problem Agent 365 is trying to solve. Created by Austrian developer Peter Steinberger and originally published in November 2025 as Clawdbot, OpenClaw is a free and open-source autonomous agent that executes tasks via large language models, using messaging platforms as its main interface. It runs on Mac, Windows, and Linux, and works with Anthropic, OpenAI, or local models³. None of that requires IT approval, which is the entire point.

For Agent 365 GA, security teams can investigate local AI agent exposure inside Microsoft Defender through a relationship map that shows where an agent runs, which MCP servers are configured for use, which identities are associated with it, and which cloud resources those identities can reach². Intune policies can block the common installation paths for OpenClaw on managed devices, surfacing the agent in the admin center registry instead of letting it run silently. The same path will apply to GitHub Copilot CLI and Claude Code as those integrations land — making Agent 365 one of the first enterprise inventories and gates for local coding agents that integrates directly with Defender and Intune rather than running as a separate agent observability product.

Multicloud Registry Sync

The multicloud story moved from a roadmap slide to a public preview on the same day Agent 365 went GA. Registry sync is now available for AWS Bedrock and Google Cloud Gemini Enterprise, allowing Microsoft 365 admins to discover agents running on those platforms and import them into the Agent 365 registry for further monitoring².

This is registry-only governance for now — discover, inventory, and perform basic lifecycle controls — rather than full runtime policy enforcement on third-party clouds. Even at that scope, it is a meaningful capability because it gives a single CISO dashboard a view across Azure, AWS, and Google Cloud agents without forcing a migration to a single platform. Microsoft has named Adobe, SAP, Zendesk, and Manus as launch partners building agents that plug directly into Agent 365's management layer, putting third-party agents under the same Defender and Intune oversight already applied to first-party tooling².

Windows 365 for Agents Hits Public Preview

Alongside Agent 365 GA, Windows 365 for Agents entered public preview as a Cloud PC class purpose-built for agentic workloads⁷. Each agent gets a fully managed, Intune-managed, Entra-governed Cloud PC, governed inside enterprise security and compliance boundaries rather than running on a user's laptop.

The preview supports elastic scaling via warm pools (pre-provisioned) or cold pools (on-demand), API-driven session orchestration, and a check-in/check-out model where an agent reserves a Cloud PC, performs its task, and releases it back to the host pool⁷. This is the architectural pattern that makes long-running, multi-step agentic tasks feasible at fleet scale without paying for idle infrastructure or compromising on the security posture IT already applies to employee endpoints.

Microsoft 365 E7: The Frontier Suite

Microsoft is also reshuffling its enterprise SKU stack. Microsoft 365 E7, announced March 9, 2026 and generally available May 1, 2026, bundles Microsoft 365 E5, the Microsoft Entra Suite, Microsoft 365 Copilot, and Agent 365 into a single $99-per-user-per-month Enterprise plan⁸. Microsoft pitches it as Wave 3 of Copilot — adding Copilot Cowork (long-running multi-step tasks), Work IQ (organizational context), and deeper in-app capabilities across Word, Excel, PowerPoint, and Outlook⁸.

Buying these capabilities separately costs more than buying them together: SAMexpert calculates that the E7 bundle saves up to 15% versus standalone licensing¹. For organizations already on E5 + Copilot, the math on adding Agent 365 looks straightforward: $15 standalone or roll forward into E7 and pick up the Entra Suite alongside it.

What's Still in Preview vs Shipping

The phased rollout signals where Microsoft sees the next risk frontier. Policy-based controls due in June will let organizations define rules governing what agents can access and which actions they are permitted to perform — the equivalent of granular role-based access control for non-human identities². Until those land, GA Agent 365 is best understood as a strong observability and identity layer with selective enforcement at the Defender, Purview, and network levels rather than a full agent-policy DSL.

What This Means for the AI Agent Space

Agent 365 GA matters less because of any single feature than because it crystallizes the shape of the enterprise AI stack in 2026. The bet Microsoft is making is that AI agents will be governed the same way managed devices and managed identities have been governed for the last decade — through a control plane that integrates with the existing IAM, DLP, EDR, and MDM stack rather than a parallel system.

That bet has competitive consequences. Multicloud registry sync means Microsoft is positioning Agent 365 as a CISO-facing inventory of all agents in an organization, regardless of which cloud they run on. AWS and Google Cloud agent platforms become managed entities in a Microsoft tool, which is a familiar pattern from Intune's iOS and Android device management. Customers comparing this to standalone agent observability tools will weigh the integration depth against feature breadth.

For developers building agents, the practical implication is that agent identity is now a first-class enterprise concept. If you ship agents into Microsoft-shop customers, you need to plan for Entra Agent IDs, Purview labels propagating into your prompts, and your agents showing up on a Defender dashboard alongside whatever else IT is watching. The Anthropic ecosystem is converging on a similar story through MCP — the Model Context Protocol hit roughly 97 million monthly SDK downloads in March 2026, and the MCP servers an agent has wired up now show up directly in Agent 365's Defender relationship map for that agent². Both directions point to the same conclusion: agent infrastructure is being absorbed into enterprise governance, not built parallel to it.

Bottom Line

Agent 365 GA is the moment AI agent governance moved from "interesting roadmap discussion" to "line item on the enterprise SKU sheet." At $15 per user per month — or rolled into the new Microsoft 365 E7 Frontier Suite at $99 — Microsoft is treating agents as managed identities that live inside the existing Entra, Purview, Intune, and Defender stack rather than as a separate kind of asset that needs a separate kind of tool. The local-agent and multicloud pieces show how aggressively Microsoft intends to position this as the default agent inventory across heterogeneous environments. The OBO-only identity model and the June timeline for policy-based controls flag where the work is still in progress. For developers shipping agents into Microsoft customers, the implication is direct: design for Entra Agent IDs, expect Purview to read your prompts, and assume Defender is watching. For AI coding agent and agent orchestration builders, this is the day enterprise governance stopped being optional infrastructure.