Microsoft this week outlined tools for governing AI agents at runtime; they perform policy enforcement prior to executing actions, identity management between agents, and agnostic support for widely used AI agent frameworks.
Collectively, the Agent Governance Toolkit ensures enterprise-level controls that are emerging as critical requirements for companies to move beyond experimentation to production use cases and to scale those use cases to higher levels of automation and autonomy.
Need for Governance
The nature of AI agents, and the ways they interact with systems and each other, require the introduction of governance at runtime, especially as agent usage becomes more widespread. For example, agents call tools, query databases and other enterprise apps, delegate to other agents, and even browse the web. Once they are deployed, they can make decisions autonomously, but enterprise IT leaders need to know
- whether the actions they will take are allowed
- which agent in a multi-agent system took a particular action, which is especially important information when something goes wrong
- whether they can prove an action or outcome took place for auditing or regulatory purposes; this includes the need for records of every decision that was made, what an agent requested, and why the action was allowed or denied
This means that business and tech leaders need to go beyond prompt-level safety with functions to intercept tool calls, messages, and delegation decisions before an AI model’s work progresses. If the governance toolkit denies an action, that action can’t be taken, and Microsoft said that’s the difference between asking an agent to follow rules and making it incapable of misbehaving in the first place.
Core Governance Features
Core functions of the Agent Governance Toolkit that make agents incapable of misbehaving include:
- Agent OS, a policy engine that sits between agents and their actions, providing deterministic policy enforcement without requiring agent code changes
- Agent Mesh, which performs agent discovery, routing, and a trust mesh, as well as identity management with human sponsor accountability
- Agent Runtime, which supervises AI agents while “sandboxing” execution, enforcing decisions by Agent OS at the session level. It uses a four-tier privilege model to control what actions that agents can take at runtime
- Agent Compliance, with support for GDPR privacy, HIPAA healthcare, and SOX financial frameworks
- A Site Reliability Engineer, or SRE, agent that manages non-deterministic agent workloads, including a kill switch and chaos testing, which introduces unexpected failures or disruptions to test software’s resilience
- Agent Hypervisor, which conducts execution audits, enforces resource limits, and applies runtime governance for agent accountability
- Multi-language software development kits for Python, Rust, .NET, and more
- A framework-neutral approach — which is critical in the multi-vendor AI agent environment of the corporate enterprise — that integrates with ecosystems including LangChain, OpenAI Agents SDK, Semantic Kernel, Claude Code, Microsoft Agent Framework, and several others
- A Model Context Protocol (MCP) Security Gateway for tool poisoning detection and hidden instruction scanning
- Shadow AI discovery features to find unregistered agents across processes, configurations, and repositories
- A governance dashboard with real-time visibility into the agent fleet to ensure health, trust, and compliance
With the preceding features (and many others) for agent governance, Microsoft is putting in place a robust security layer for agentic AI. That layer increases controls and confidence for both IT/security pros and business leaders that must ensure secure AI infrastructure and gain the confidence of strong policies and controls while relying on AI to drive greater business efficiency.
The Agent Governance Toolkit is in public preview; more details are available on the GitHub site.
More Agent Governance Insights:
- Microsoft Outlines Security and Governance Features Coming to Agent 365
- Microsoft 365 Copilot Updates Advance Governance
- Microsoft and Third-Party Agents Build Out Security Copilot Ecosystem
Ask Cloud Wars AI Agent about this analysis
