CISO
CIO
Enterprise Architect
Compliance Officer
Industry relevance
Financial Services
Healthcare
Government
Manufacturing
MAY 1, 2026
Agent 365 can now detect AI agents installed directly on employee devices and previously invisible to IT. First discovery will almost certainly surface agents that have never been formally authorized.
Microsoft's May 1, 2026 What's New in Agent 365 announcement introduced a Shadow AI page within Agent 365, enabled by Microsoft Defender and Microsoft Intune. The page identifies local agent activity on Windows devices: agents installed directly on company machines outside IT and security visibility. These local agents can read files, execute code, and act on behalf of users without touching managed cloud services, and were previously invisible to the Agent 365 registry. The Shadow AI page is the first native Microsoft control surface for detecting this category of ungoverned agent.
GOVERNANCE IMPLICATION
Local agents installed directly on company devices represent the highest-risk category of agent sprawl because they access organizational data and execute actions without appearing in any registry, compliance log, or governance framework. The Shadow AI page surfaces these agents for the first time in the Microsoft governance stack. For regulated organizations, the Shadow AI page's initial population will almost certainly reveal agents operating outside any authorization framework. The governance obligation that follows is not simply to see them: it is to determine which are approved, which require retroactive authorization, and which must be removed. Visibility without a defined remediation workflow produces a list, not a governed fleet.
SCENARIO
A large bank enables Agent 365's Shadow AI page in May 2026. The first scan identifies 34 local agents on employee devices across three business lines. None appear in the Agent 365 registry. The CISO asks compliance to determine which were approved by IT. Compliance finds no approval records for any of them. All 34 have been reading files and executing code on company devices for an average of four months without any authorization record.
THE GOVERNANCE QUESTION
When Agent 365's Shadow AI page runs its first scan of your environment, what is your documented process for evaluating each local agent it finds, determining which are approved, which require retroactive authorization, and which must be removed, and who owns that process before the scan runs?
CONTROL GAP
The Shadow AI page surfaces local agents but does not retroactively create authorization records or assign consequence owners. Discovery without a defined remediation workflow leaves the organization with a list of ungoverned agents rather than a governed agent fleet.
REGULATORY RELEVANCE
OCC
FINRA
FFIEC
SEC Cyber
NIST Ai RMF
PRIMARY SOURCE
What's New in Agent 365: May 2026
Microsoft Agent 365 Blog
May 1, 2026
Read the primary source →(opens in new tab)CONTINUE READING
MAY 11, 2026
AgentsMicrosoft Copilot Studio published April 2026 feature updates on May 11, 2026, authored by Nitasha Chopra, VP and COO of Copilot Studio. Key releases include the Analytics Viewer role reaching GA providing read-only access to agent analytics separated from configuration rights; agent nodes embeddable directly into workflows to delegate AI reasoning within deterministic automation; MCP server-enabled tools in preview for external system connectivity within workflows; and a centralized admin-controlled DLP-enforced environment for the Workflows Agent. The post also confirms Microsoft Agent 365 is now generally available as the centralized control plane for agents.
MAY 5, 2026
AgentsMicrosoft's 2026 Work Trend Index Annual Report, published May 5, 2026, includes the first WTI telemetry on AI agent volume. Active agents on Microsoft 365 grew 15x year-over-year across all customer segments, rising to 18x in large enterprises. This is the first time Microsoft has disclosed agent volume scale as part of its annual workforce research.
MAY 1, 2026
AgentsMicrosoft's May 1, 2026 What's New in Agent 365 announcement introduced registry sync, allowing organizations to connect the Agent 365 registry to external agent platforms. Initial preview connections include Amazon Web Services and Google Cloud, with additional partner platforms planned. When connected, agents built on those platforms appear in the Agent 365 unified registry with governance actions including agent deletion available directly from the registry interface. Without registry sync connections configured, Agent 365 shows only Microsoft-hosted agents.