CISO
Enterprise Architect
CTO
Industry relevance
Financial Services
Healthcare
Government
MARCH 28, 2026
Microsoft Foundry now treats agent identity, tracing, and versioning as first-class requirements — organizations skipping these at deployment are building a compliance deficit from day one.
Microsoft Foundry Agent Service is described as handling hosting, scaling, identity, observability, publishing, and guardrails for agents. That matters because the platform narrative is shifting from ‘build an agent’ to ‘operate an agent system’ with traceability, versioning, and policy boundaries expected from the start.
GOVERNANCE IMPLICATION
The Foundry Agent Service's positioning of identity, traceability, versioning, and policy boundaries as first-class operating requirements signals a shift in Microsoft's platform expectations. Organizations building agents in Foundry that do not implement these capabilities from day one are accumulating governance debt with each agent deployed. When Microsoft's own platform documentation treats auditability and versioning as defaults, the absence of those controls in a production deployment is a documented architectural choice that examiners and auditors will eventually ask about.
SCENARIO
An enterprise architecture team at a financial services firm builds a multi-agent orchestration system in Azure AI Foundry to process client risk assessments. They implement the agent logic but defer identity assignment and trace logging to a later phase. Six months later, an agent produces an incorrect risk rating that influences a credit decision. The compliance team needs to reconstruct exactly which agent version ran, what inputs it processed, and what it returned. Because trace logging was never implemented, the reconstruction requires a four-week manual investigation.
THE GOVERNANCE QUESTION
Do we have an operating model for agent identity, trace review, and published version control before we let teams move from prompt experiments to managed agents?
CONTROL GAP
Foundry Agent Service capabilities for identity, tracing, and versioning are available but must be explicitly configured. Teams building agents in Foundry frequently treat these as phase-two concerns and deploy to production without them, leaving no auditable record of agent behavior.
REGULATORY RELEVANCE
NIST Ai RMF
SEC Cyber
FINRA
OCC
PRIMARY SOURCE
What is Microsoft Foundry Agent Service?
Microsoft
March 25, 2026
Read the primary source ->(opens in new tab)CONTINUE READING
JUNE 2, 2026
AgentsMicrosoft announced Scout at Build 2026 on June 2, 2026, as the first product in a new agent category called Autopilots. Scout is an always-on agent operating across Microsoft 365 apps including Teams, Outlook, OneDrive, and SharePoint, with its own governed Microsoft Entra identity. It is available in private preview for Frontier enterprise customers requiring a GitHub Copilot subscription, built on the OpenClaw open-source agent framework. The announcement was published on the Microsoft 365 Blog by Omar Shahine, Corporate Vice President, Microsoft 365.
JUNE 2, 2026
AgentsOn June 2, 2026, Microsoft announced the Agent Control Specification (ACS) and ASSERT at Build 2026, authored by Sarah Bird on the Microsoft Foundry Blog. ACS is an open industry specification, part of the Agent Governance Toolkit, that places deterministic safety and security controls at five validation checkpoints in an agent's lifecycle: input, LLM, state, tool execution, and output. Controls are expressed as portable, versionable, auditable policy and are designed to work across any agent framework. ASSERT, a separate open-source project, converts written policies into executable evaluation scenarios. ACS launched with customer and partner endorsement including KPMG, Zscaler, IBM, and Arize AI.
MAY 11, 2026
AgentsMicrosoft Copilot Studio published April 2026 feature updates on May 11, 2026, authored by Nitasha Chopra, VP and COO of Copilot Studio. Key releases include the Analytics Viewer role reaching GA providing read-only access to agent analytics separated from configuration rights; agent nodes embeddable directly into workflows to delegate AI reasoning within deterministic automation; MCP server-enabled tools in preview for external system connectivity within workflows; and a centralized admin-controlled DLP-enforced environment for the Workflows Agent. The post also confirms Microsoft Agent 365 is now generally available as the centralized control plane for agents.