ElevenLabs $500M ARR: Voice AI Goes Institutional
Microsoft Agent 365 GA: What Enterprise Buyers Need
The thing IT security teams have been quietly asking for since Copilot Studio shipped just landed. On May 1, 2026, Microsoft announced that Agent 365 is generally available — the first unified control plane for governing AI agents across Windows endpoints, Azure, and multicloud partner platforms. It costs $15 per user per month standalone, or it ships inside the new Microsoft 365 E7 SKU.
The timing is what makes this interesting. Enterprise teams this quarter are simultaneously deploying Copilot agents, Claude Code Routines, Gemini agents inside Workspace, and a long tail of partner agents from Zendesk, n8n, and Genspark. Until Friday, there was no single place to inventory those agents, no shared identity model, no audit log, no kill switch. There is now. And the per-user pricing changes how the M365 E7 conversation lands with procurement.
Quick Summary: Agent 365 at GA
Detail Info GA date May 1, 2026 Pricing $15/user/month standalone or bundled in Microsoft 365 E7 License covers Anyone who manages, sponsors, or uses an agent on their behalf Three pillars Observe (fleet dashboard) · Govern (registry sync, lifecycle) · Secure (policy controls, runtime blocking) Multicloud reach Registry sync to AWS Bedrock and Google Cloud agents (public preview) Coming June 2026 preview Policy-based controls and runtime blocking via Intune and Defender Government availability Not formally announced; government roadmap not detailed in GA Launch partners Genspark, Zensai, Egnyte, Zendesk, Kasisto, Kore, n8n Official source Microsoft Security Blog Bottom line: Microsoft just made itself the default identity and audit layer for enterprise AI agents — including agents Microsoft doesn’t make. If your security team has been pumping the brakes on agentic deployments, Agent 365 is the answer they’ve been waiting for. The question is whether $15/user is the right ROI math against your current sprawl.
What Agent 365 Actually Is
Drop the marketing framing. Here’s what this product literally does.
Agent 365 is a control plane that sits alongside Microsoft Entra (identity), Purview (data), and Defender (security). It gives every AI agent running inside your Microsoft 365 tenant a managed identity, a lifecycle, and an auditable footprint. Think of it as Active Directory, but for non-human actors that take actions on behalf of humans.
Three things it does today, on the day of GA:
- Inventories every agent in your tenant. Copilot Studio agents, custom agents built on Azure AI Foundry, partner agents from launch partners (Genspark, Zensai, Egnyte, Zendesk, Kasisto, Kore, n8n), and — via discovery — local desktop agents like OpenClaw running on managed Windows endpoints.
- Assigns each agent a managed identity tied to a sponsor. That sponsor is a real licensed human. The agent borrows the human’s permissions, runs inside their data perimeter, and shows up in audit logs as “X agent acting on behalf of Y user.”
- Extends Microsoft Entra network controls to those agents. Conditional access, network policies, and IP allowlists that already protect humans now extend to the agents the humans run.
What it does not do today, but will in June 2026 public preview: enforce policy-based blocking at runtime via Intune and Defender, surface asset context mapping that shows which devices and cloud resources each agent touches, and roll out Windows 365 for Agents (U.S. only at preview) — which is essentially a sandboxed cloud PC scoped to a single agent’s task.
The June preview is the part most CISOs will care about. Inventory and identity are nice. Runtime blocking is what turns a dashboard into a control plane.
The Pricing Math Is Sharper Than It Looks
$15 per user per month sounds like another stack tax. Read the small print.
The license covers anyone who manages, sponsors, or uses an agent on their behalf. That last clause is the load-bearing one. If your customer service team has 200 reps and 5 of them sponsor a Zendesk agent that drafts ticket replies for the entire team — every rep whose tickets the agent touches needs an Agent 365 seat. The licensing motion is closer to a workload-tax than a per-admin tax.
For a 10,000-employee enterprise where roughly 60% of users will eventually have an agent acting on their behalf in some capacity (reasonable based on Copilot adoption curves), that’s $90,000 a month. $1.08M a year for the governance layer alone. That’s a real number.
But run the alternative math. The same enterprise is probably already paying for:
- Copilot Studio enterprise SKUs to build the agents
- Defender for Cloud licensing to monitor cloud workloads (which currently doesn’t cover agent-specific risk signals)
- Purview licensing for data governance
- Custom SIEM rules and a security analyst’s time to manually correlate agent activity from the audit logs of Copilot, Bedrock, Vertex, and whatever else
- Risk acceptance memos that the legal team writes because there’s no formal control framework for agent activity
If Agent 365 collapses two or three of those line items into a single managed control plane, the $15/user math gets a lot more defensible. The CFO conversation isn’t “do we add Agent 365.” It’s “do we add Agent 365 and consolidate, or do we keep eating the operational cost of doing this with duct tape.”
The Microsoft 365 E7 angle is what makes this interesting for net-new conversations. E7 is Microsoft’s new top-tier productivity SKU that bundles Agent 365 alongside the existing Copilot, Defender, and Purview entitlements that come in E5. For enterprises currently on E5 with Copilot add-ons, the E7 upgrade ROI now has to clear “is the bundled Agent 365 worth more than the price delta?” — and for security-conscious orgs, that math probably tilts yes.
For context on how Microsoft has been pricing the productivity stack, the Microsoft Copilot pricing breakdown covers the underlying SKU geometry. Agent 365 is the next layer on top.
Why a Control Plane Now
The reason this product had to exist is the reason most enterprise security teams have been visibly nervous since late 2025.
Three forces collided in the last six months:
Agent count exploded. A single mid-sized enterprise running Microsoft 365 Copilot today might have a dozen Copilot Studio agents in production, three or four custom agents built on Azure AI Foundry, a partner agent from Zendesk for support, an n8n automation agent for ops, and increasingly — local agents running on user desktops via tools like OpenClaw. Pre-2026 there was no single inventory of all of those. Pre-2026 there couldn’t be, because Microsoft didn’t ship the registry to host one.
Multicloud agent sprawl became real. It’s not just Microsoft anymore. Enterprise customers are running Claude Code Routines from Anthropic on internal infrastructure, agents inside the Google Gemini Enterprise Agent Platform, and — as of last week — OpenAI agents through Bedrock Managed Agents on AWS. Every hyperscaler has its own agent runtime. None of them talk to each other. None of them roll up to a single control surface.
Agent risk got specific. The 2025 incidents that scared procurement weren’t model accuracy stories. They were agent-action stories. An agent with delegated calendar access that double-booked a CEO. An agent with file-write permissions that overwrote a customer record. An agent with email-send permission that replied to a phishing test as if it were real. None of those need a frontier-model breakthrough to break things — they just need an action with no boundary.
Microsoft’s bet with Agent 365 is that the right answer to all three is identity-and-policy-at-the-control-plane, not policy-at-each-agent. That’s the same bet they made when they built Active Directory in 1999. And it’s the bet that, if it works, makes them the default governance vendor for enterprise AI in the same way they became the default identity vendor for enterprise computing.
The Multicloud Registry Sync Is the Quiet Power Move
Read the GA announcement carefully and the most strategically interesting clause is buried halfway down: registry sync to AWS Bedrock and Google Cloud agents in public preview.
Translation: Microsoft is offering to be the inventory of record for agents running on competitor infrastructure.
Why would AWS and Google participate? They probably won’t, with enthusiasm. But enterprise customers will demand it. If your security team needs a single audit trail of every agent action across the organization, and Microsoft offers to be that single trail — and the alternative is building a custom SIEM correlation across three hyperscaler-specific audit feeds — most CISOs will pick the Microsoft path even if it makes AWS and Google nervous.
This is the same play Microsoft ran with Defender for Cloud (formerly Azure Security Center). It started as Azure-only, expanded to AWS and GCP, and is now the default cloud security posture management tool for many organizations that don’t even use Azure as their primary cloud. Agent 365 is on the same trajectory.
The risk for Microsoft is that AWS and Google build their own competing control planes. AWS’s Bedrock AgentCore already has the foundations. Google’s Gemini Enterprise Agent Platform has the inventory layer in early form. Whoever ships the cleanest cross-cloud governance story first owns the long game. Microsoft just put down the first marker.
What Agent 365 Doesn’t Do (Yet)
Honest reading requires the limits.
Runtime blocking is preview, not GA. The headline capability — actually preventing an agent from taking an action that violates policy — doesn’t ship in GA on May 1. It shows up in public preview in June through Intune and Defender. If your security team is evaluating Agent 365 for a Q3 deployment that requires runtime enforcement, you’re buying on a roadmap promise, not a shipped feature.
Coverage of non-partner agents depends on discovery. Agent 365 inventories partner-launch agents (the seven named launch partners) cleanly because those agents register themselves at deployment. For everything else — including most internal custom agents and any third-party agent that hasn’t joined the launch partner program — coverage relies on discovery via Intune-managed endpoints and tenant-side telemetry. Discovery works well for agents that touch Microsoft 365 data. It works less well for agents that operate purely in third-party SaaS environments.
Government and regulated cloud customers wait. Government cloud availability has not been formally announced. Microsoft typically follows commercial GA with GCC, GCC High, and DoD rollouts on a multi-quarter lag, but Agent 365’s specific government roadmap was not detailed in the GA announcement. If you’re a federal contractor or regulated industry org running on government cloud, Agent 365 is announced but plan for a meaningful wait before it reaches your environment.
The license model has a workload tax shape. This is not a flaw — it’s correctly priced — but it catches procurement teams off guard. The “anyone an agent acts on behalf of” clause means total seats grow with agent-touched user counts, not with agent count. Most ROI models that assume “we’ll license the security team plus a few admins” will undercount by 5-10x.
It doesn’t replace your existing AI governance work. Agent 365 is the technical control plane. It is not a substitute for AI risk policy, vendor due diligence, employee training on agent-acceptable use, or model-output review. If your AI program is mature, Agent 365 fills a real gap. If your AI program is a list of memos and a Slack channel, buying Agent 365 first is putting the alarm system in before the doors.
How This Reshapes Procurement Conversations
A few specific shifts I expect to see in the next 90 days.
Microsoft 365 E5 renewal motions get an E7 upsell pitch. Customers in the middle of E5 renewals will hear an E7 pitch with Agent 365 as the load-bearing differentiator. The math will be presented as “you’re already paying for Copilot — add Agent 365 and you don’t need a separate AI governance tool.” Whether that math actually holds depends on what AI governance tooling you’ve already deployed (or planned to deploy).
The “agent inventory” RFP question becomes universal. Until last week, “how do we inventory all our AI agents” was a question security teams kicked down the road because there was no good answer. Now there’s an answer, and that answer requires either Microsoft’s product or a competitive response. Every vendor selling agent-related tooling — including the hyperscalers, the SIEM vendors, the cloud security posture vendors — will be asked this question in their next renewal cycle.
Smaller enterprises reconsider the Microsoft commitment. A mid-market company that has been on Google Workspace plus a la carte AI tools may take Agent 365 as the trigger to consolidate onto Microsoft 365 E7. The governance pitch is simpler if your stack is simpler. This is exactly the consolidation move Microsoft has been waiting for the AI wave to deliver.
Internal AI governance committees get a vendor to point at. Enterprise AI committees have been writing policy documents that ended in “and we’ll review tooling options as the market matures.” The market just matured. Those committees now have to either adopt Agent 365, justify a competing tool, or explain why they’re not adopting either. The path of least resistance is adoption.
For broader context on how enterprises are landing AI deployments this year, the enterprise AI deployment guide walks through the architectural decisions Agent 365 sits on top of.
How Agent 365 Compares to the Multicloud Alternatives
| Microsoft Agent 365 | AWS Bedrock AgentCore | Google Gemini Enterprise | |
|---|---|---|---|
| Cross-cloud agent inventory | Yes (registry sync, preview) | AWS-native only | GCP-native only |
| Identity model | Sponsor-tied via Entra | IAM role-based | Workspace identity |
| Runtime policy enforcement | Preview June 2026 (Intune/Defender) | IAM + Bedrock guardrails | Vertex AI guardrails |
| Endpoint agent coverage | Yes (Intune-discovered) | No (cloud-only) | No (cloud-only) |
| Office productivity tie-in | Native (M365) | None | Workspace |
| Per-user license model | $15/user/month | Pay-per-call (model-tier) | Bundled in Workspace SKUs |
| Multicloud partner registry | Yes (launch: 7 partners) | Limited | Limited |
| Government cloud | Not formally announced | GovCloud available | Limited |
The cleanest read on this table: Microsoft is the only vendor pricing governance per-user as a separable line item. AWS and Google bundle agent management into their compute consumption model. Whether that’s better or worse depends on your enterprise procurement preferences. Per-user pricing is predictable and easy to model. Consumption pricing is variable and follows actual usage. Most enterprises prefer predictable.
Our Take
This is the product Microsoft was always going to ship. The question is whether it’s the product the market actually needed.
The bull case: enterprise AI agent governance is a real, growing problem with no other credible vendor solution today. Microsoft has the identity layer, the security stack, the productivity tie-in, and the buyer relationship to make Agent 365 the default. The $15/user pricing is aggressive enough to be a procurement-friendly number while being big enough to fund the engineering investment. Two years from now, “what’s your agent control plane” is a question every CISO will answer, and Microsoft has the inside track on owning that answer.
The bear case: the load-bearing capability — runtime enforcement — is preview, not GA. The cross-cloud registry sync is a defensive moat that the hyperscalers will fight, not embrace. The licensing model assumes Microsoft can charge per-user for governance of agents that may not run on Microsoft infrastructure at all. And the multicloud Claude story and the OpenAI-on-AWS story both point toward a future where Microsoft is one of three peers, not the dominant cloud — and a Microsoft control plane in that world has less natural gravity than it does today.
The honest read is in between. Agent 365 will be a serious product for serious customers. It will not be a default for every enterprise. The companies that adopt it fast are the ones already deepest in the Microsoft 365 stack — and those companies were going to write Microsoft a bigger check anyway. The interesting question is whether Microsoft can earn the multicloud customers, and that question gets answered in 2027, not this week.
For now, if you’re a Microsoft 365 enterprise customer with a meaningful agent footprint or roadmap, Agent 365 is worth taking through formal evaluation in the next quarter. If you’re not, the watch is on whether AWS or Google ships a credible competitor before runtime enforcement reaches GA. The first vendor with shipped, working, multicloud agent governance owns this category. Microsoft just stepped to the line.
How to Decide Whether Agent 365 Fits Your Stack
A few quick framings.
You’re already on Microsoft 365 E5 with Copilot: The E7 upsell math probably works. Run the numbers on consolidating any standalone AI governance tooling into the bundled Agent 365 entitlement. The break-even point is usually inside 12 months.
You’re on Google Workspace with a few Microsoft seats: Wait. The Gemini Enterprise governance story will catch up enough to keep you from needing to migrate platform-of-record. Don’t let the Agent 365 launch pull you into a Microsoft consolidation you weren’t planning.
You’re cloud-multi with no productivity-suite primary: This is the hardest call. Agent 365 gives you a cross-cloud inventory layer that nothing else offers today. But you’re paying Microsoft for visibility into systems Microsoft doesn’t run. Worth it if your security team values single-pane-of-glass; not worth it if your team is comfortable correlating audit feeds.
You’re regulated and on government cloud: You’re not buying this yet — government cloud availability hasn’t been formally announced. Plan accordingly and keep evaluating the alternatives while you wait for Microsoft to publish a public sector roadmap.
You’re a small or mid-market enterprise with limited agent deployment: Don’t buy yet. The license model penalizes you for users-acted-on-behalf-of, which scales faster than your actual agent count. Wait until you have 50+ agents in production before the math justifies the seat tax.
For the broader read on how the agent ecosystem is shaking out, the best AI agents of 2026 covers which agents are actually shipping production work today.
Frequently Asked Questions
When did Microsoft Agent 365 reach general availability?
Microsoft Agent 365 became generally available on May 1, 2026, per the official Microsoft Security Blog announcement. The release brought the core observe and govern capabilities to GA, with policy-based runtime controls scheduled for public preview in June 2026.
How much does Agent 365 cost?
Agent 365 is $15 per user per month standalone, or it’s bundled inside the new Microsoft 365 E7 SKU. The license covers anyone who manages, sponsors, or uses an agent on their behalf — meaning the seat count scales with agent-touched users, not with the number of agents deployed.
What are the three pillars of Agent 365?
The three pillars are Observe (real-time agent fleet dashboard with risk signals), Govern (registry sync and lifecycle management across multicloud partner platforms), and Secure (policy-based controls and runtime blocking). Observe and Govern are GA on May 1, 2026; the Secure pillar’s runtime enforcement reaches public preview in June 2026 via Intune and Defender.
Does Agent 365 work with non-Microsoft agents?
Yes, partially. Launch partners — Genspark, Zensai, Egnyte, Zendesk, Kasisto, Kore, and n8n — register their agents directly with Agent 365 at deployment. Registry sync to AWS Bedrock and Google Cloud agents is in public preview. For other agents, coverage depends on discovery via Intune-managed endpoints.
Is Agent 365 included in Microsoft 365 Copilot?
No. Copilot is a productivity tool that lets users invoke AI capabilities. Agent 365 is the governance control plane that monitors, manages, and secures the agents — including Copilot agents and others. Agent 365 is bundled in the Microsoft 365 E7 SKU but is a separate license from Microsoft 365 Copilot.
When does Agent 365 reach government cloud?
Government cloud availability has not been formally announced. Microsoft typically follows commercial GA with GCC, GCC High, and DoD rollouts on a multi-quarter lag, but Agent 365’s specific government roadmap was not detailed in the GA announcement. Federal contractors and regulated industry organizations on government cloud cannot deploy Agent 365 in the GA timeframe and should monitor Microsoft’s public sector blog for an official timeline.
What’s the difference between Agent 365 and AWS Bedrock AgentCore?
AWS Bedrock AgentCore is a runtime framework for deploying agents on AWS. Microsoft Agent 365 is a control plane for governing agents across any cloud, including AWS. The two are complementary in concept — AgentCore runs the agents; Agent 365 inventories and governs them. In practice, the cross-cloud registry sync is in public preview and depends on partner cooperation.
Should I upgrade from Microsoft 365 E5 to E7 just for Agent 365?
It depends on your agent deployment scale. For enterprises with 50+ agents in production or a clear roadmap to that scale, the E7 bundle math typically works because Agent 365 replaces line items you’d otherwise pay for separately. For enterprises with limited agent deployments, the per-user license model can outpace the value — wait until you have a more concrete agent footprint.
Does Agent 365 replace Defender for Cloud?
No. Defender for Cloud handles cloud workload protection broadly. Agent 365 specifically handles the AI agent layer — agent identity, lifecycle, audit, and (in June 2026 preview) runtime policy enforcement via Intune and Defender integration. The two products work together; Agent 365 extends Defender’s coverage rather than replacing it.
What happens if Microsoft’s runtime enforcement preview slips?
If the June 2026 preview slips, Agent 365 customers in early adoption will have inventory and identity controls but no enforcement layer. That’s still useful but doesn’t fully justify the $15/user pricing for organizations buying primarily for security control. Watch the public preview release date as the load-bearing milestone for evaluating whether Agent 365 hits its full promise on schedule.
Last updated: May 2, 2026. Sources: Microsoft Security Blog — Microsoft Agent 365 now generally available · Microsoft Learn — Microsoft Agent 365 overview · Microsoft Tech Community — What’s New in Agent 365: May 2026.
Related reading: Claude Code Routines: What Enterprises Should Know · Google Cloud Next 2026: Agents Are the New OS · OpenAI Ends Azure Exclusivity: AWS Gets OpenAI Models on Bedrock · Microsoft Copilot Pricing in 2026 · Enterprise AI Deployment Guide · Best AI Agents of 2026 · Google’s $40B Anthropic Bet
