CISO
CIO
Enterprise Architect
Compliance Officer
Industry relevance
Financial Services
Healthcare
Government
APRIL 30, 2026
Microsoft now gives AI agents their own managed Cloud PCs with the same identity and device controls used for employees. Who owns each agent Cloud PC lifecycle is the open governance question.
Microsoft announced Windows 365 for Agents in public preview on April 30, 2026, initially available in the US. The offering provides purpose-built, Microsoft Intune-managed Cloud PCs designed for running AI agents at enterprise scale. Each agent receives its own dedicated Cloud PC, extending the same identity, security, and compliance model IT uses for employees to agent execution. Windows 365 for Agents is designed for agents that interact with UI-based or legacy applications through computer-use workflows: systems that have no API surface and require agents to navigate interfaces the way a human would.
GOVERNANCE IMPLICATION
Windows 365 for Agents places agent execution infrastructure inside the same Intune policy framework as employee devices, shifting agents from ad hoc compute to an auditable, policy-controlled surface. Agents previously ran on local machines, shared virtual machines, or unmanaged cloud environments, creating gaps in identity, policy enforcement, and auditability. For regulated organizations, this changes the governance conversation from whether agent infrastructure can be audited to who formally owns each agent Cloud PC lifecycle. Provisioning, access review, and decommissioning are not automatically assigned to a named owner at deployment. That gap needs to be closed before the Cloud PCs are provisioned.
SCENARIO
A financial services firm deploys 12 agents using Windows 365 for Agents in Q3 2026. Each agent receives a dedicated Intune-managed Cloud PC. An OCC examination asks for device management records for those Cloud PCs. IT produces the Intune enrollment records. The examiner then asks for the authorization record documenting who approved each agent, what it was permitted to do, and who is the named accountable owner. The Cloud PC records exist. The agent authorization records do not.
THE GOVERNANCE QUESTION
Windows 365 for Agents gives every AI agent a managed Cloud PC with the same Intune controls used for employee devices. Who in your organization is formally accountable for each agent Cloud PC lifecycle including provisioning, access review, and decommissioning, and is that accountability documented before the Cloud PC is provisioned?
CONTROL GAP
Cloud PC provisioning for agents does not automatically generate a governance record for the agent running on it. An agent can receive a managed Cloud PC without a corresponding authorization document, a named consequence owner, or a documented scope of permitted actions.
REGULATORY RELEVANCE
OCC
FINRA
FFIEC
NIST Ai RMF
SEC Cyber
PRIMARY SOURCE
Windows 365 for Agents now in public preview: Run AI agents securely, at scale
Microsoft Windows IT Pro Blog
April 30, 2026
Read the primary source →(opens in new tab)CONTINUE READING
MAY 11, 2026
AgentsMicrosoft Copilot Studio published April 2026 feature updates on May 11, 2026, authored by Nitasha Chopra, VP and COO of Copilot Studio. Key releases include the Analytics Viewer role reaching GA providing read-only access to agent analytics separated from configuration rights; agent nodes embeddable directly into workflows to delegate AI reasoning within deterministic automation; MCP server-enabled tools in preview for external system connectivity within workflows; and a centralized admin-controlled DLP-enforced environment for the Workflows Agent. The post also confirms Microsoft Agent 365 is now generally available as the centralized control plane for agents.
MAY 5, 2026
AgentsMicrosoft's 2026 Work Trend Index Annual Report, published May 5, 2026, includes the first WTI telemetry on AI agent volume. Active agents on Microsoft 365 grew 15x year-over-year across all customer segments, rising to 18x in large enterprises. This is the first time Microsoft has disclosed agent volume scale as part of its annual workforce research.
MAY 1, 2026
AgentsMicrosoft's May 1, 2026 What's New in Agent 365 announcement introduced registry sync, allowing organizations to connect the Agent 365 registry to external agent platforms. Initial preview connections include Amazon Web Services and Google Cloud, with additional partner platforms planned. When connected, agents built on those platforms appear in the Agent 365 unified registry with governance actions including agent deletion available directly from the registry interface. Without registry sync connections configured, Agent 365 shows only Microsoft-hosted agents.