Agent 365 Governance 5 Decisions IT Leaders Must Make Before May 2026
Microsoft Agent 365 goes generally available on May 1, 2026, and it changes how AI agents operate inside your tenant. Every agent gets its own identity in Entra ID, its own access permissions, and its own lifecycle -- much like a user account, but automated. If governance policies aren't in place before that date, you'll spend the rest of the year cleaning up agent sprawl.
This guide covers the five Agent 365 governance decisions you need to make right now, with the specific admin centre settings and configuration steps to back each one up. It's written for IT Directors and senior IT leaders at mid-market organizations (200 to 1,000 employees) who need a practical plan, not a feature overview.
What Is Agent 365 and Why Does It Matter for Your Organization?
Before Agent 365, AI agents lived in silos. A Power Automate flow here, a Copilot Studio agent there, maybe a Teams bot built by a vendor. Each had its own access model, its own lifecycle, and its own governance gap.
Agent 365 changes that. It's the control plane for every AI agent in your tenant -- whether those agents are built in Copilot Studio, deployed through a third-party connector, or created by users through the new Agent Builder experience. Every agent gets a managed identity in Entra ID, centralized access policies, and lifecycle automation, all visible from the Microsoft 365 admin centre.
For mid-market organizations, this is both an opportunity and a risk. The opportunity: you can now govern AI agents the same way you govern user accounts. The risk: if governance isn't configured before May 1, agents will start proliferating with default permissions that may be far too broad for your environment.
What is the difference between Agent 365 and Copilot Studio?
Copilot Studio is where you build agents. Agent 365 is where you govern them.
Copilot Studio remains the development environment for creating custom agents, designing conversational flows, and connecting to data sources. Agent 365 sits above that. It's the admin layer that controls who can deploy agents, what data agents can access, how agents are shared across the organization, and when agents are decommissioned.
If you already have Copilot licences, you'll see Agent 365 governance controls appear in your admin centre automatically after the May 1 rollout. No separate licence required for the governance layer.
Decision 1: Who Can Create and Deploy Agents?
This is the most consequential governance decision you'll make, and it needs to be settled before GA day.
By default, Agent 365 will allow any licensed user with Copilot Studio access to create and deploy agents within your tenant. For a 200-person professional services firm, that could mean dozens of agents appearing within the first week -- most of them unreviewed, ungoverned, and accessing data their creators didn't fully understand.
What to configure
Navigate to the Microsoft 365 admin centre > Settings > Agent 365 > Agent creation policies. You'll find three options:
Open -- any licensed user can create and deploy agents (default)
Controlled -- only members of a specified security group can create agents; all other users can use agents shared with them
Restricted -- only admins can create agents
For most mid-market organizations, Controlled is the right starting point. Create a security group in Entra ID (something like "Agent Creators -- Approved") and populate it with power users, IT team members, and department leads who have demonstrated responsible use of automation tools. This gives you a manageable pool of agent creators while keeping the door open for broader adoption later.
If your organization is under 100 users, Restricted may make more sense -- the overhead of managing an approved creators group is minimal, and it gives IT full visibility before anything goes live.
How do I manage AI agents in Microsoft 365?
The management console lives in the Microsoft 365 admin centre under Settings > Agent 365 > Active agents. From here you can see every agent in your tenant, who created it, what data sources it connects to, when it was last used, and its current sharing scope. Think of it as the equivalent of the Entra ID user list, but for agents.
Decision 2: What Data Can Agents Access?
Agent access to data is governed through a combination of Entra ID permissions and Agent 365 data access policies. This is where your existing governance posture -- sensitivity labels, SharePoint permissions, Purview data loss prevention -- either pays off or exposes you.
What to configure
In the Agent 365 > Data access policies section, you control:
SharePoint site access: Which SharePoint sites agents can read from. By default, agents inherit the permissions of their creator. If your SharePoint permissions are over-shared (and in most tenants we walk into, they are), this means agents will have access to far more data than intended.
Sensitivity label enforcement: Agents can be blocked from accessing content with specific sensitivity labels. If you've deployed Microsoft Purview sensitivity labels, enable this immediately. Any document labelled "Confidential" or above should be off-limits to agents unless explicitly approved. If your labels aren't deployed yet, that's a prerequisite worth addressing before May 1. Our Copilot Readiness Audit covers sensitivity label gaps as part of its governance validation.
External data connectors: Agents can connect to external data sources through Graph connectors. Review which connectors are available in your tenant and disable any that aren't actively needed.
And here's the step most organizations skip: audit your SharePoint permissions before May 1. If you haven't run a SharePoint oversharing assessment, Agent 365 GA is the forcing function. Agents will surface every permissions gap you've been ignoring.
Not sure where your tenant stands? Floor 16's complimentary Microsoft 365 assessment gives you a clear picture of your governance posture and readiness, with actionable recommendations you can implement right away. Book your complimentary assessment.
Decision 3: How Are Agents Shared Across Your Organization?
Agent sharing is where sprawl starts. An employee builds a helpful agent for their team, shares it with a colleague, that colleague shares it with their department, and suddenly an ungoverned agent has access to data across half your organization.
What to configure
Under Agent 365 > Sharing and publishing policies, you'll find controls for:
Internal sharing scope: Choose between "Creator only," "Specific people," "Security group," or "Organization-wide." Set the default to Specific people. This forces agent creators to explicitly choose who can use their agent rather than broadcasting it.
Publishing to the agent catalogue: Agent 365 includes an internal catalogue where approved agents can be discovered by all users. Require admin approval before any agent appears in the catalogue. Navigate to Agent 365 > Agent catalogue > Settings and enable "Admin approval required for publishing."
External sharing: Disable agent sharing with external users unless you have a specific B2B scenario that requires it. This setting lives under Agent 365 > Sharing and publishing > External access.
How do I prevent agent sprawl in my organization?
The governance model above introduces appropriate friction at every step: only approved creators can build agents, sharing defaults to "Specific people," and the agent catalogue requires admin approval. Combined with lifecycle policies (Decision 5 below), this makes sure agents don't accumulate unchecked. It won't prevent all sprawl, but it will make sprawl visible.
Decision 4: How Do You Handle Agent Identity and Compliance?
Every Agent 365 agent gets an Entra Agent ID -- a managed identity that appears in your Entra ID directory alongside your user accounts and service principals. This is a significant change from how bots and automations worked previously, and it has compliance implications worth taking seriously.
What to configure
Entra Agent ID naming convention: Establish a naming convention before agents start appearing. Something like AGT-[Department]-[Function] (e.g., AGT-Finance-InvoiceProcessor) makes agents identifiable at a glance in your Entra ID directory. Document this in your agent creation policy and enforce it through the approval workflow.
Conditional Access policies: You can apply Conditional Access policies to Entra Agent IDs. Consider requiring agents to operate only from compliant locations or during business hours for sensitive operations. Configure this in Entra ID > Conditional Access > New policy, and include "Agent identities" in the assignment scope.
Purview audit logging: Under Microsoft Purview > Audit > Audit policies, verify that agent actions (data access, sharing, creation, deletion) are included in your audit scope. If they aren't, you'll have no record of what agents did or when.
What is agent lifecycle management in Microsoft 365?
Agent lifecycle management covers the full span of an agent's existence: creation, approval, deployment, monitoring, and decommissioning. Agent 365 provides lifecycle controls in the admin centre, but they're not enabled by default. Which leads directly to Decision 5.
Decision 5: When and How Are Agents Decommissioned?
Most organizations will skip this decision and regret it six months later. Agents don't decommission themselves. Without lifecycle policies, you accumulate orphaned agents: agents whose creators have left the organization, agents built for one-time projects that are still running, agents connected to data sources that have moved or been restructured.
What to configure
Under Agent 365 > Lifecycle policies, configure the following:
Inactivity timeout: Automatically flag agents that haven't been used in 90 days for review. The admin centre can send a notification to the agent's owner (or their manager, if the owner has left) asking them to confirm the agent is still needed.
Owner departure workflow: When an employee leaves your organization and their Entra ID account is disabled, Agent 365 can automatically disable their agents and notify a designated admin. Configure this under Lifecycle policies > Owner departure and assign a fallback owner. Typically this is the departing employee's manager or the IT team.
Quarterly agent review: The admin centre can generate a report of all active agents, their usage statistics, data access patterns, and owner status. Schedule a quarterly review. Use it to identify agents that should be retired, consolidated, or updated.
Do I need Agent 365 if I already have Copilot licences?
The Agent 365 governance controls are part of the Microsoft 365 admin experience -- no separate licence. If you have Copilot licences, you'll see the Agent 365 settings in your admin centre after the May 1 rollout. But here's the thing: even if you're not planning to build custom agents immediately, other users in your tenant might start the moment the feature is available. Configure governance policies first.
What to Do This Week
You have less than four weeks before Agent 365 goes GA. Here's your minimum viable governance checklist:
Audit your SharePoint permissions. Agents inherit user permissions. Fix oversharing now, before agents amplify it.
Create your "Agent Creators -- Approved" security group in Entra ID and populate it with your initial approved creators.
Document your agent naming convention and share it with the approved creators group before the first agent is built.
Enable sensitivity label enforcement for agent data access if you've deployed Purview labels.
Configure lifecycle policies. At minimum, set up the inactivity timeout and owner departure workflow.
These five steps will take a prepared organization a day or two. But if you discover along the way that your SharePoint permissions are a mess, your sensitivity labels aren't deployed, or your Entra ID governance is behind -- that's valuable information. Better to surface it now than after agents are live and accessing data at scale.
If you want a structured read on your tenant's current posture before May 1, our Digital Business Maturity Assessment is designed exactly for this. We'll walk through your governance gaps, prioritize what matters most before GA, and give you a plan you can actually execute in the time you have. Get in touch to get started.