Agent 365 Goes Live May 1. Here Is What It Still Cannot Tell You.

The dashboard loaded on a Tuesday morning. Agent 365 was live. The inventory populated automatically: every agent the organization had deployed through Copilot Studio, every process built through Microsoft Foundry and registered with Microsoft Entra Agent ID, appeared in a single view. Risk signals. Lifecycle status. Audit trails.

The CISO had been waiting for this moment for six months. She scrolled through the list. Forty-seven agents. She recognized about thirty of them. The other seventeen she did not. They were not unauthorized. The platform confirmed they had all been registered. She did not recognize them because the people who deployed them had moved to other teams, or left the organization, or simply had not told security they existed.

Agent 365 was working exactly as designed. That was not the uncomfortable part.

Microsoft describes Agent 365 as the control plane for agents. The product delivers a complete inventory of all agents, IT-controlled onboarding workflows, least-privilege access controls, and detailed logging of agent actions, data security risks, and audit trails. Brian Fielder, Microsoft's VP of Tenant and Platform Management, calls it a unified control plane for governed, observable, and secure agents.

These are genuine capabilities. The Defender integration flags compromised agents. The Purview integration surfaces data exposure. The Entra Agent ID registration creates an identity record for every agent deployed through Microsoft channels. Enterprises that have been waiting for unified agent visibility are going to get it.

Here is what they are going to see when the inventory populates: agents making decisions that someone approved at some point, through some process, that may have been a Slack thread, or a verbal agreement in a sprint review, or an email chain that lived only in the inbox of a person who left eight months ago.

The governance committee, which meets quarterly, will be asked to review an inventory that the deployment teams have been building weekly for eighteen months. They will review it with great seriousness. They will produce a report. The agents will have been making decisions for a year and a half.

What Agent 365 does not have is a record of the meeting where someone with actual organizational authority said: this agent is permitted to accomplish this outcome, this person is accountable when it goes wrong, and this condition triggers a mandatory human review. In most enterprises, that meeting never produced a document. The agent was deployed. The accountability conversation was deferred.

The control plane has perfect visibility into what happened next.

Agent 365 can show you everything your agents are doing. The question is whether the thing they are doing was ever formally authorized. Visibility into agent behavior is not the same as documented intent. An audit trail of what happened is not the same as an authorization record of what was permitted to happen. These are different documents. Agent 365 creates one of them. The other requires organizational design that no product can substitute for.

The CISO scrolled to agent seventeen. Registered. Active. Data access confirmed. Risk tier: medium. Owner: unassigned.

Agent 365 had answered every technical question correctly. The organizational question was still sitting there, waiting.