Management and security of customers’ rapidly expanding fleets of AI agents were a major focus of day one of the annual Microsoft Ignite conference on Tuesday.
Major developments in the realm of management and governance include Agent 365, which the company refers to as an agent “Control Plane” as well as Foundry Control Plane for management of agentic development initiatives.
Agent 365 “helps safely scale agents across your whole company no matter where or how they’re built: agents from Microsoft, agents you create, agents from partner clouds and companies,” said Charles Lamanna, President, Business and Industry Copilot at Microsoft.
Foundry Control Plane builds on Agent 365 to give developers visibility and security over agents in the Microsoft Cloud. It provides observability, behavioral guardrails, and lifecycle management in a unified platform.
Among the wide range of security deliverables that Microsoft detailed, the company said it’s now including Microsoft Security Copilot as a core feature for all Microsoft 365 E5 cloud-subscription customers, pushing it deeper into the “flow of work,” and the company also expanded its range of AI tools with security-focused AI agents.
Control Plane Features
During his portion of the keynote, Lamanna detailed how Agent 365 aims to help customers address, and govern, their sprawling agent installations. The new control plane introduces five key features:
- Registry provides a comprehensive inventory of all agents in use – this includes those with Entra agent ID, agents that are registered in the Microsoft Teams Store and even shadow agents in the future. It connects agents to employee roles (IT, developer, business leader) to help users discover the optimal agents for the work they need to perform.
- Access control assigns every agent a unique ID so they can be managed and have access limited only to required resources. IT can set guardrails for who can create, onboard, and manage agents using policy templates. Entra enforces risk-based access policies.
- Visualization through a unified dashboard and advanced analytics for a view into connections among agents, users, and resources across the organization, as well as role-based reporting and tracking of agent performance. “It’s an easy way to see and understand your agent ecosystem, usage and risks, and manage all of your estate in one place,” Lamanna said.
- Interoperability across Microsoft platforms, open-source frameworks, and partner clouds while giving agents access to the data and applications stored in Word, Excel, SharePoint, and Dynamics 365.
- Security through Microsoft Defender, which detects threats targeting agents and blocks attacks in real time by working with Microsoft Entra. Purview provides visibility into AI-related data exposure risks.
Mason Whitaker, president of the Microsoft partner Volt Technologies, said he’s in strong alignment with Microsoft’s vision of “ensuring agents have the right security and permissions and that they’re interacting with other agents in a safe and manageable way.”
Whitaker added that the SMB customers he’s working with haven’t deployed agents at a scale to require Agent 365 today but trends indicate they will need a control plane in the future. “I definitely think it’s not a right now where hundreds of thousands of agents, like they showed in demos, are being managed, but this is definitely laying that groundwork for the future, which is coming to us faster than we think.”
Development Control Plane
Foundry Control Plane is conceptually similar to Agent 365 but with a focus on developers. It natively integrates Microsoft Defender, Entra, and Purview functions so developers and security pros can unify security controls and policies and gain visibility into risks in real time. Entra ID provides verified identity, Defender secures runtime activity, and Purview protects data flow.
Developers can use Foundry Control Plane to publish agents directly to Agent 365 for IT enablement and activation with the same security foundations.
Key features of Control Plane include:
- Unified view to observe and govern all of an organization’s agents across Microsoft Foundry, Entra, Copilot Studio, and external platforms
- Connecting development to operations so teams can build robust controls into agents, evaluate performance and alerts once deployed, and easily act on insights to optimize how agents perform
- Observability for real-time tracing, continuous monitoring, evaluations, and red teaming to measure and improve quality, safety, and efficiency across the agent lifecycle
- Agent controls to define and enforce policies that govern agent inputs and outputs, tools, calls and responses in order to prevent unsafe behavior
- Cost and usage management for models, agents and Model Control Protocol (MCP) interoperability tools
Foundry Control Plane is now available in preview.
Agentic Security Developments
Microsoft pushed agent security more deeply into the flow of work and also introduced new agents and other security platform enhancements — all of them tapping AI to provide more robust data protection.
The addition of Security Copilot to Microsoft 365 E5 subscriptions means those customers can utilize a range of agents today at no additional cost, including:
- Security operations in Defender
- Data security in Purview
- Identity and access in Entra
- Endpoint management in Intune
In addition to making those agents more easily accessible, Microsoft rolled out a raft of new security agents: 12 built by Microsoft and more than 30 built by partners. The new Microsoft agents – as depicted in the graphic shared below by Corporate Vice President Dorothy Li — span Defender, Entra, Intune, and Purview.
The new agents target a variety of professional roles including security operations teams, identify and access administrators, data security pros, and IT admins. “Our goal is simple: empower security professionals to stay ahead by putting AI agents to work alongside your team—accelerating investigations, streamlining tasks, and delivering smarter outcomes,” Li said in a LinkedIn post.
Microsoft’s security deliverables also included a Security Dashboard for AI that centralizes discovery, protection and governance by aggregating signals from Defender, Entra, and Purview. In so doing, it helps manage security posture and mitigate risk across the AI estate.
To use one example shared by Microsoft, tech leaders can use the Security Dashboard for AI to gain visibility into a quarantined agent that is flagged for high data risk. The dashboard in this scenario will correlate signals with identity insights from Entra and threat protection alerts from Defender for a comprehensive view of exposure.
Finally, Purview is gaining expanded data security and compliance controls for Microsoft 365 Copilot. These include data oversharing reports within the Microsoft 365 admin center, automated bulk remediation of overshared links, and data loss prevention for Microsoft 365 Copilot and chat prompts.
Concluding Thoughts
With these new controls and additional AI agents, Microsoft is positioning customers to take major steps forward in asserting enterprise-grade controls for management, security, and governance. In so doing, customers can rein in risks including agent sprawl, data loss, oversharing, and more. Those new governance measures will help them unlock the full power of agentic AI for competitive differentiation and advantage.
Ask Cloud Wars AI Agent about this analysis
