Everyone Is Building AI Agents. Who Controls Them?

12.06.2026

6 min read

Microsoft has made Agent 365-a central control plane for AI agents-generally available. It manages agents like identities, complete with inventory, permissions, and logging. The real question now isn’t whether agents will enter the enterprise, but who controls them and with what mandate.

Key Takeaways

Agents are becoming commoditized: With Copilot Studio, virtually any department can build its own agents. Without a control plane, this creates a shadow IT ecosystem of agents.
Agent 365 is the solution: A central control layer that inventories agents, assigns permissions, monitors behavior, and logs activity.
Governance-not licensing-is the deciding factor: The real effort lies in defining agent identities, mandates, and audits. This work can’t be outsourced.

What Agent 365 actually controls

What is Agent 365? Agent 365 is Microsoft’s central control plane for AI agents. It consolidates which agents exist within an organization, what permissions they have, how they behave, and what they do-all in one place. It became generally available in early May 2026.

The game-changer is the layer above individual agents. Until now, AI assistants operated in silos, making oversight difficult. Agent 365 treats agents like managed identities: with inventory, access rights, behavioral rules, and logging. This shifts the conversation from *”What can the agent do?”* to *”Who authorized it, and for what purpose?”*

Agent 365 is available as a standalone license for around €14 per user per month or included in the new E7 package. But the price tag is the smaller concern-the real investment lies in the governance work behind it.

Why the control question is urgent now

The trigger is the democratization of agents. With Copilot Studio, any department can build an agent without involving IT. What starts as a productivity boost becomes shadow IT-this time, not from apps, but from autonomously acting agents.

Microsoft positions Agent 365 as the answer. The critical factor is the order: control plane first, broad scaling second. Deploy agents first and retrofit governance later, and you’ll be chasing agents that are already moving data.

May 2026

Since May 2026, Agent 365 has been generally available, allowing organizations to centrally inventory, permission, and log AI agents.

Source: Microsoft, Agent 365 General Availability

Three Things Agent Governance Must Deliver

A control plane isn’t an end in itself. It must cover three core functions-or it remains a dashboard without impact.

First: Inventory and identity. Every agent needs a unique identity and a registry entry. What isn’t recorded can’t be controlled. An agent without an identity is the blind spot where governance fails.

Second: Permissions with a mandate. An agent inherits the access it’s granted. The principle of least privilege applies even more strictly here than with humans, because an agent can trigger thousands of operations in seconds. Every access requires a documented mandate.

Third: Monitoring and logging. Every action an agent takes must remain traceable. Without logs, there’s no chain of evidence in case of damage-and no clear liability. For agents, auditing is non-negotiable.

Dimension	Agent with Governance	Shadow Agent
Visibility	recorded in central registry	unknown to anyone in full
Permissions	minimal, with documented mandate	inherited, often overly broad
Traceability	logged	no chain of evidence
Liability	clearly assignable	unresolved in case of damage

What This Means for SMEs

The real lesson lies in the mechanics. The governance layer that large corporations once had to build in-house is now available off the shelf. SMEs can purchase the same control logic without funding their own trusted-AI program.

For DACH companies, data protection and co-determination add another layer. An agent accessing employee or customer data touches GDPR and often works council concerns. Implementing the governance layer early answers these questions once and for all-rather than renegotiating with every new agent.

The Decision at Hand

The open question is one of ownership. Who owns agent governance: the CIO, the CISO, or a dedicated role? Until this is clarified, every department will keep building agents-and no one will be accountable for the big picture.

The first step for the next 90 days is straightforward: an inventory of existing agents and a clear ownership decision. Both require minimal effort but determine whether scaling happens in a controlled way-or spirals into chaos. The control plane can be bought; its responsibility must be assigned internally.

Frequently Asked Questions

What sets Agent 365 apart from Copilot?

Copilot is the assistant that executes tasks. Agent 365 sits above it, inventorying, authorizing, monitoring, and logging all agents across an organization. Copilot is the execution tool; Agent 365 is the oversight layer.

How much does Agent 365 cost?

Agent 365 is available as a standalone license for around 14 Euro per user per month or included in the new E7 package. However, the bigger effort lies in establishing and maintaining governance-not the license itself.

Why is agent governance more urgent than app governance?

An agent operates autonomously and at high speed. A single misconfigured permission doesn’t just cause a minor error-it can trigger thousands of actions in a short time. Visibility and logging must be in place from the start.

Who should be responsible for agent governance?

There’s no one-size-fits-all answer, but clear ownership is non-negotiable. Common choices include the CIO or CISO, sometimes even a dedicated role. What matters most is that one entity takes charge-not every department managing its own silo.

Is this worth it for smaller companies?

Absolutely. The control logic that large corporations once had to build in-house is now available as a standard product. Smaller businesses benefit the most-they can implement clean governance upfront without needing their own AI program, preventing chaos before it starts.

Editor’s Picks