Microsoft announced Agent 365, a new control plane designed to govern AI agents inside the Microsoft ecosystem. It introduces long-needed identity primitives — Agent IDs, lifecycle management, policy templates, risk-based access controls, and full auditability — signaling a clear shift in how the industry views AI agents. They’re no longer background automations. They’re non-human identities, with permissions, secrets, and operational blast radius.
But Agent 365 also exposes the larger reality enterprises are already dealing with: AI agents do not live in a single provider. They span Azure, AWS, GCP, OpenAI, Bedrock, GitHub, Slack, CI/CD systems, SaaS platforms, and internal agentic frameworks. Governing only one environment solves a slice of the problem, not the whole. Identity may be the right control plane for AI agents, but without cross-visibility it is inherently incomplete.
Enterprise Security for AI Agents & Non-Human Identities
What is Microsoft Agent 365?
Agent 365 is Microsoft’s new control plane for AI agent identity and access governance. It brings structure to a space that has grown faster than traditional IAM controls can handle. The platform introduces several foundational capabilities.
- Agent Registry: A centralized catalog of sanctioned and shadow agents operating within Microsoft environments.
- Agent Identity: Unique Agent IDs with lifecycle rules for creation, rotation, and decommissioning.
- Policy Templates: Standardized least-privilege access models to contain agent blast radius.
- Risk-Adaptive Controls: Access evaluation based on real-time Entra risk and behavioral signals.
- Unified Dashboards: Visibility into each agent’s permissions, interactions, and data flows.
- Full Auditability: Unified logs and e-discovery for agent actions, access, and decision paths.
Together, these capabilities lay down a baseline for identity-grade AI agent management. For Microsoft environments, this is an important step forward.
The Gap: AI Agents Operate Far Beyond Microsoft
Microsoft positions Agent 365 and Agent ID as a way to govern AI agents across environments. Conceptually, that’s the right goal. But practically, it mirrors the pattern we’ve already seen with secrets management: every other vendor built its own vault, and the result wasn’t centralized security and elimination of Secrets Sprawl, it was vault sprawl.
The same risk applies here.
Even with Agent ID, Agent 365 is fundamentally anchored to the Microsoft ecosystem. It provides strong governance for agents running through Azure, Microsoft 365, and Entra-integrated systems, but enterprise agents don’t confine themselves to one identity plane or one cloud runtime.
Developers today run their AI agents across:
- Azure + AWS + GCP
- OpenAI, Anthropic, and Amazon Bedrock
- GitHub Actions, GitLab CI, Jenkins, Argo, CircleCI
- Slack bots, Jira automations, ServiceNow flows
- Internal frameworks, MCP servers and bespoke LLM tooling
If every cloud and platform creates its own “agent identity model,” enterprises end up exactly where they are with secrets today: fragmented control, inconsistent governance, and a proliferation of blind spots.
The result mirrors what happened with service accounts and secrets: rapid sprawl, growing blind spots, and identities accumulating faster than teams can govern them now accelerated by AI agents.
Why Unified Agent Governance Matters
AI agents now function as non-human identities with real access, real permissions, and real blast radius. They create and consume secrets, call APIs across clouds, move data between systems, and operate continuously without human supervision.
This is no longer a Microsoft-versus-AWS problem. It’s an enterprise-wide risk surface.
No single cloud provider can answer the key questions security teams now face:
- Where do all my agents actually run?
- Which secrets and tokens power them?
- What permissions do they have across clouds and SaaS?
- Where are their credentials leaking?
- Who owns them, and how are they behaving across environments?
If each platform governs agents in its own silo, organizations get the same outcome they got with secrets vaults: fragmented control, inconsistent policies, and critical blind spots.
Agent 365 is a step forward but it doesn’t solve the wider cross-environment discovery and governance problem that defines enterprise AI risk today.
How Entro Complements Agent 365 with Global, Cross-environment Agentic Discovery
Microsoft is creating identity foundations for AI agents inside its ecosystem. But enterprises need visibility and control that span every environment, not just the Microsoft one. This is where Entro fits. Entro’s Agentic AI & Non-Human Identities Platform provides the unified layer that ties together agent identity, secrets, entitlements, and behavior across the full enterprise stack:
- Global agent discovery across Azure, AWS, GCP, SaaS, code, CI/CD, AI platforms, and even endpoints.
- Deep secrets visibility for every agent, token, API key, and credential powering autonomous workflows
- Entitlement mapping across clouds and applications
- Behavioral analysis for agent drift, misuse, and anomalous access
- Cross-environment lineage and ownership
- NHIDR™ detection logic for real-time monitoring of suspicious or anomalous agent activity.
Where Agent 365 delivers identity governance for Microsoft environments, Entro delivers the global discovery and governance layer enterprises actually need, bridging clouds, SaaS, AI ecosystems, and internal agentic systems into one continuous security view.
Next Steps
If your organization is beginning to adopt AI agents at scale, start by mapping them across every environment, not just the MSFT stack. Agent 365 gives you part of the picture. Entro connects the rest.See how unified, cross-cloud agent governance looks in practice at https://entro.security/platform-ai-agents/
