AI agents are quickly becoming part of how work gets done: they read documents, call APIs, send email, and increasingly make decisions on behalf of people. But most organisations were never designed to manage “non-human actors” at scale. Microsoft Agent 365 is Microsoft’s answer — a single control plane to discover, govern, and secure every agent, wherever it was built. This series explains it from the ground up: no step skipped, every concept built on the last, from a first-day beginner to an architect who can design and run agents at enterprise scale.
Level 100
Foundations — Why & What
The problem Agent 365 exists to solve, what it actually is, its five pillars, where it sits in the Microsoft agent ecosystem, what it costs, and the lifecycle every agent moves through.
-
Article 1 · Level 100
Why Enterprises Need a Control Plane for AI Agents
What a “non-human actor” is, how agent sprawl and shadow agents happen, why the controls built for users and apps do not fully fit agents, and why point solutions are not enough — the case for a single control plane, told from zero.
-
Article 2 · Level 100
What Is Microsoft Agent 365, Explained From Zero
The plain-language definition: a control plane that lets an organisation observe, govern, and secure every agent. What “control plane” means, what it works with, the Microsoft services underneath it, and where it became generally available.
-
Article 3 · Level 100
The Five Pillars of Agent 365
Registry, Access Control, Visualization, Interoperability, and Security — what each pillar does, the Microsoft service that powers it, and how the pillars combine to turn scattered agents into a managed, trusted part of the environment.
-
Article 4 · Level 100
The Microsoft Agent Ecosystem, Mapped
Where agents are built (Agent Builder, Copilot Studio, Azure AI Foundry, the Microsoft 365 Agents SDK), where they run (Microsoft 365 Copilot, Teams, SharePoint), and where Agent 365 governs them all — plus the declarative vs custom-engine fork.
-
Article 5 · Level 100
Licensing, Editions & Prerequisites
How Agent 365 is sold (standalone and with Microsoft 365 E7), its per-user model, the E5 prerequisite, and exactly which capabilities every plan gets versus which require E7 or Agent 365.
-
Article 6 · Level 100
The Agent Lifecycle, End to End
Build, register, deploy, observe, govern, retire — the six stages every agent moves through under Agent 365, told as one continuous loop so every later capability has a home.
Level 200
Identity & the Registry
The foundation the whole control plane stands on: giving every agent its own identity, how that identity is shaped and grouped, and the registry that keeps track of them all.
-
Article 7 · Level 200
Microsoft Entra Agent ID: The Identity Foundation
Why identity comes first, what Microsoft Entra Agent ID is, why the identity types built for people and apps do not fit an autonomous agent, the four things it does, and how it governs agents built on any platform.
-
Article 8 · Level 200
Agent, User, and App Identities Compared
The anatomy of an agent identity — identifier, no credentials of its own, display name, sponsor, blueprint, and an optional paired user account — lined up against user accounts and app registrations, so you can tell any identity apart.
-
Article 9 · Level 200
Agent Identity Blueprints
The template that makes agents scale: how one blueprint stamps out many consistent agent identities in a parent-child model, why the blueprint holds the tokens, and how that makes least privilege enforceable across thousands of agents.
-
Article 10 · Level 200
The Agent Registry
The single authoritative catalogue of every agent: what metadata it stores, how secure agent discovery works, what security collections are, how it exposes shadow agents, and why it is the backbone every other capability leans on.
-
Article 11 · Level 200
Agent Registry Convergence
Why Agent 365 discovers agents and Entra Agent ID manages them — a deliberate split of breadth and depth — and how the hand-off that turns a discovered agent into a governed identity closes the gap shadow agents hide in.
-
Article 12 · Level 200
Governing Agent Access: Least Privilege by Design
Keeping an agent’s reach narrow, time-bound, owned, and watched — why the platform itself blocks over-granting, the owner/sponsor/manager roles, and how Conditional Access, Identity Protection, and Global Secure Access guard every action.
Level 300
Governance, Security & Data Protection
Enforcing access decisions in practice, protecting the data agents touch, catching threats in real time, prioritising the riskiest agents, making governance the default at onboarding, and proving what happened afterward.
-
Article 13 · Level 300
Access Control for Agents
Conditional Access and Identity Protection extended to agents, delegated access, network traffic controls, sponsor-driven lifecycle policies, and access packages that make onboarding governed by default.
-
Article 14 · Level 300
Data Protection with Microsoft Purview for Agents
Sensitivity labels and the encryption usage-rights gap, why agent-generated content does not auto-inherit labels, data loss prevention, data security posture management, insider risk, and compliance manager for agents.
-
Article 15 · Level 300
Threat Protection with Microsoft Defender for Agents
Runtime blocking of unsafe actions, relationship mapping across devices and tools, syncing shadow agents from endpoints, blocking one misused tool invocation, and investigating agents as first-class security principals.
-
Article 16 · Level 300
The Agents-at-Risk Model
The three Critical risk types — shadow agent, no owner assigned, excessive permissions — and how aggregated signals from Entra, Purview, and Defender turn thousands of agents into a short, prioritised list.
-
Article 17 · Level 300
Policy Templates: Governance by Default
Access packages as the concrete example of a policy template, applying them at onboarding, and why enforcing compliance from the very first moment beats correcting it during a later review.
-
Article 18 · Level 300
Audit, Compliance, and Data Residency for Agents
Audit logs and eDiscovery, how observability data actually flows, why third-party agents need explicit integration, and precisely when agent activity data collection begins.
Level 400
Build & Extend
The two ways to build an agent, the tools to build with, the two software development kits for reaching many channels versus adding enterprise capabilities, governed access to real data, and wiring up observability yourself.
-
Article 19 · Level 400
Declarative vs Custom Engine Agents
Describing an agent and letting a shared, governed engine run it, versus bringing your own orchestration and AI model — the fork every builder faces, and how to choose.
-
Article 20 · Level 400
Choosing Your Build Tool
Agent Builder, Copilot Studio, and the Microsoft 365 Agents Toolkit compared — from a one-sentence natural-language description to a full pro-code, CI/CD-backed developer workflow.
-
Article 21 · Level 400
The Microsoft 365 Agents SDK
Building full-stack, multi-channel agents that follow a person across the tools they already use, and the choice between breadth with the Agents SDK and depth with the Teams SDK.
-
Article 22 · Level 400
The Agent 365 SDK
It does not build or host agents — it layers Entra-backed identity, notifications, OpenTelemetry observability, and governed data access on top of an agent already built on any stack.
-
Article 23 · Level 400
Work IQ and Governed MCP Servers
One secure, centralised gateway, built on the Model Context Protocol, through which every agent reaches Microsoft 365 data under a single set of admin-controlled rules.
-
Article 24 · Level 400
OpenTelemetry Observability for Builders
Auto-instrumentation, manual instrumentation, and direct OTLP integration with no SDK dependency — how a builder actually wires up tracing, and logging sub-agent calls in a super agent.
Level 500
Architect & Operate at Scale
The final level of the journey: managing agents programmatically, applying Zero Trust to non-human identities, a governed execution environment, a practical rollout playbook, observability and compliance at scale, and proof that the control plane really does reach any agent, from any source.
-
Article 25 · Level 500
The Graph API for Agent Management at Scale
Bulk agent management, streamlined onboarding, and governance folded into existing workflows — retrieving a full inventory and drilling into any single agent, programmatically.
-
Article 26 · Level 500
Zero Trust for Non-Human Identities
Interactive versus autonomous agent identity patterns, the sponsor-versus-owner distinction, tagging agents at provisioning, and network-level Zero Trust controls extended to agent traffic.
-
Article 27 · Level 500
Windows 365 for Agents: A Governed Execution Environment
Pooled, stateless, programmatic Cloud PCs built for agent workloads instead of people — an identity-first, Zero Trust execution environment governed end to end.
-
Article 28 · Level 500
Governing Agents Without Slowing Innovation
A practical two-step way to actually start: build an agent registry first, then assign clear ownership — and why governance accelerates innovation rather than slowing it down.
-
Article 29 · Level 500
Observability and Compliance at Scale
Why agents expand the data risk surface, the same security model extended rather than a separate one, the four benefits of required observability, and data protection commitments.
-
Article 30 · Level 500
Any Agent, Any Source: The Series Closes
Vertex AI and Bedrock agents register with zero development work — the strongest possible proof of the opening promise, and the whole Zero-to-Hero journey tied together.