Microsoft Agent 365 Exits Preview, Adds Local Agent Discovery

Microsoft has officially launched Agent 365 out of preview, marking a shift from experimental tooling to enterprise-grade governance for AI agents. The platform now provides a unified control plane for observing, securing, and managing autonomous agents whether they operate within Microsoft 365, across third-party SaaS platforms, or running locally on Windows devices.

General availability begins May 1, 2026, according to the company's security blog. The announcement clarifies that Agent 365 addresses what Microsoft calls "agent sprawl"—the rapid proliferation of autonomous agents that can invoke tools, access data, and interact with other agents outside traditional visibility boundaries.

The core problem isn't that agents exist. It's that they proliferate fast, span apps, endpoints and cloud, and often operate outside the visibility and control of the teams accountable for risk. When an agent can invoke tools, access data, and interact with other agents, any "helpful" workflow can turn into data oversharing, tool misuse, or over-privileged actions in seconds.

Agent 365 now supports three distinct agent categories with varying maturity levels. Agents working on behalf of users with delegated access are generally available. Agents operating behind the scenes with their own credentials are also generally available. Agents participating in team workflows remain in public preview.

A significant expansion comes with local agent discovery. Organizations using Microsoft Defender and Intune can now detect and manage local AI agents running on Windows devices. Initial support targets OpenClaw agents, with plans to expand to GitHub Copilot CLI and Claude Code. Customers enrolled in the Frontier program can identify which devices run OpenClaw and use Intune policies to block common execution methods.

Starting in June 2026, Defender will provide asset context mapping for each agent, including the devices they run on, MCP servers configured for those agents, the identities associated with them, and the cloud resources those identities can reach. This gives security teams the context needed to assess exposure and potential blast radius (a problem that has plagued users for years, frankly).

Beyond monitoring, organizations can apply policy-based controls to set guardrails for what agents are allowed to do. If a managed agent exhibits malicious behavior patterns, such as attempting to access or exfiltrate sensitive data, Defender can block coding agents in runtime and generate alerts with rich incident context to support investigation and response.

For agents built on other clouds, Microsoft is launching the Agent 365 registry sync in public preview. This allows Microsoft 365 admins to discover agents on platforms like AWS Bedrock and the Google Gemini Enterprise Agent Platform, then import them to their agent registry for further monitoring. The company has also partnered with Adobe, SAP, Zendesk, and Manus to make their agents fully manageable by Agent 365.

Another preview launch is Windows 365 for Agents, a Cloud PC purpose-built for running AI agents at enterprise scale. It introduces a new class of Cloud PCs managed in Intune, allowing agents to run in policy-controlled environments, interact with applications, and operate with the same identity, security, and management controls already used for employees.

Pricing sits at $15 per user per month for standalone Agent 365, or included in Microsoft 365 E7. Windows 365 for Agents requires an Agent 365 license, an Intune license, and an active Azure subscription during public preview.

The physical reality of this shift matters. IT admins will now see discovered local agents in the Microsoft 365 admin center and Intune admin center. Through the Agent 365 registry, the inventory of local agents will be available in Defender and Intune so IT, endpoint management, and security teams can get a consistent view of discovered local agents in their environment and take appropriate action.

Microsoft's adoption hub provides additional resources including the Agent Success Kit, which helps prepare tenants for AI agents and enables users to create and use them. The company also offers an Agent governance whitepaper and message usage estimator for planning purposes.

Whether organizations actually pay for this remains the real question. Many enterprises are already running agents without formal governance, and the friction of retroactively discovering and controlling them may be substantial. The tool exists now. The adoption challenge is just beginning.

Artūras Malašauskas is an AI Systems Integrator with 20+ years of production-grade web engineering experience. He has designed, shipped, and scaled enterprise Python/PHP systems for logistics, SaaS, and public-sector clients. For the past year, he has focused exclusively on AI integrations: deploying open-source LLMs, building generative media pipelines (image, audio, video), and engineering multi-agent workflows for real production environments. His standard: reproducibility, security, cost-efficient inference—no vaporware. He documents and evaluates emerging AI tooling, separating verified capabilities from marketing noise. Technical editor at: muza-ai.eu, ai-verslas.lt, ai-naujinos.lt Connect on LinkedIn