What exactly does Microsoft Agent 365 do that existing Copilot Studio controls do not?

Copilot Studio gives you a build-and-deploy environment for creating agents, but its governance controls operate per-agent and have limited cross-stack visibility. Agent 365 is a dedicated security and governance control plane that sits above individual agents and surfaces a unified policy layer across Copilot Studio agents, Foundry-hosted agents, and third-party agents registered with the platform. You get centralised audit logs, cross-agent access policy, data-loss prevention rules, and anomaly alerts from a single console — none of which Copilot Studio provides out of the box.

Does Agent 365 cover third-party agents not built on Microsoft tooling?

Yes, provided you register those agents with the Agent 365 control plane. Microsoft has published a connector specification that allows agents built on non-Microsoft infrastructure — including Anthropic Claude agents, OpenAI Assistants API agents, and custom frameworks — to report telemetry and receive policy enforcement from Agent 365. The caveat is that third-party connector support is in preview at launch and the feature set is narrower than native Copilot Studio or Foundry integration.

How does Agent 365 help with UK GDPR and India DPDP compliance?

Agent 365 provides audit logging, data-residency controls (tied to your existing Microsoft 365 geo settings), and data-loss prevention policies that can restrict what categories of data agents are permitted to process or transmit. For UK organisations, this aligns with ICO guidance on automated decision-making accountability. For Indian enterprises, it provides the consent and access controls required under the Digital Personal Data Protection Act 2023, particularly for agents that handle personal data of Indian citizens. However, Agent 365 is an enabling layer, not a compliance guarantee — you still need to conduct a Data Protection Impact Assessment and configure policies appropriately.

Is Agent 365 worth the $15/user/month cost for small teams building on Copilot Studio?

For teams with fewer than twenty agent users in a non-regulated environment, the cost-benefit case is weak at launch. The core value of Agent 365 is cross-agent policy enforcement and audit trails at scale — which matters most for organisations with dozens of agents running across multiple departments. Small teams should evaluate Agent 365 when their agent deployment grows beyond a handful of production agents, when they operate in a regulated sector (financial services, healthcare, legal), or when their enterprise security team requires demonstrable governance controls as a condition of production approval.

How does Agent 365 compare to building your own governance layer using Azure Monitor and Policy?

A DIY governance stack using Azure Monitor, Azure Policy, Microsoft Defender for Cloud, and custom Logic Apps can replicate most of what Agent 365 offers — but the build-and-maintain cost is significant. Realistic estimates for a competent team are four to eight weeks of engineering time to reach parity on audit logging, alerting, and DLP rules, plus ongoing maintenance as agent capabilities evolve. At $15/user/month, Agent 365 breaks even against DIY at roughly two to three months for a team of ten — faster if your engineers' time is expensive or your compliance requirements are strict. The break-even shifts further in Agent 365's favour as Microsoft adds features to the platform.

Microsoft Agent 365: Enterprise Governance Layer for AI Teams

What Agent 365 actually does

When enterprises began deploying AI agents in earnest through 2025, a pattern emerged quickly: governance and security tooling that worked well for human users in Microsoft 365 had limited applicability to agents. Copilot Studio gave product and IT teams a way to build and deploy agents, but the controls — access scoping, audit logging, data-loss prevention — operated at the individual agent level, with no unified view across an organisation's growing fleet of agents. For a bank in London or an IT-services firm in Bengaluru running dozens of agents across sales, legal, HR, and finance functions, this was a meaningful gap.

Agent 365 closes that gap. It is not an agent builder — you still use Copilot Studio, Microsoft Foundry, or your own frameworks for that. It is a control plane that sits above agents and enforces policy uniformly across them. The platform provides:

Centralised audit logging — every action taken by every registered agent is written to a tamper-evident log, searchable by agent, user, data category, or time range from a single console.
Cross-agent access policy — administrators define what data sources, APIs, and SharePoint sites each agent class may access. Policies propagate automatically to new agent instances matching the classification.
Data-loss prevention (DLP) rules — the same DLP engine used for human Microsoft 365 users now applies to agents. Agents attempting to exfiltrate content matching a sensitive-data classifier (PII, financial data, health records) are blocked and the event is logged.
Anomaly detection and alerting — Microsoft Defender integration surfaces unusual agent behaviour: a Copilot Studio agent that suddenly begins querying SharePoint libraries it has never accessed, or one that sends an unusually large number of external HTTP requests in a short window.
Third-party agent connectors — agents built outside the Microsoft stack can register with Agent 365 and report telemetry via a published connector specification. Coverage is narrower than for native agents, but the capability exists at launch.

The architectural model is deliberately familiar for enterprise IT teams. If you have already rolled out Microsoft Purview or Defender for Cloud, Agent 365 integrates with both. The governance console lives inside the Microsoft 365 admin centre under a new "AI Agents" section, which reduces the learning curve for administrators who manage the existing Microsoft 365 compliance estate.

Pricing breakdown

Agent 365 is priced at $15 per user per month, billed per seat in the same model as Microsoft 365 licences. The "user" in this context refers to each employee or administrator who operates, monitors, or is affected by agents within the governance perimeter — not the agents themselves. An organisation with 200 employees where all employees interact with agents would pay $3,000 per month, or $36,000 per year, for Agent 365 coverage.

Microsoft has not published a free tier for Agent 365 at launch. The pricing is additive — it does not replace existing Copilot Studio, Microsoft 365, or Azure costs. The table below summarises how Agent 365 fits into a typical enterprise Microsoft AI stack.

Layer	Product	What it covers	Approximate cost
Agent build and deploy	Copilot Studio	Low-code agent builder, Microsoft Graph integration, Teams deployment	From $200/month (tenant)
Agent build and deploy (advanced)	Microsoft Foundry	Code-first agent development, Azure AI model hosting, custom orchestration	Azure consumption-based
Governance and security	Agent 365	Cross-agent audit logs, DLP, access policy, anomaly detection	$15/user/month
Data governance	Microsoft Purview	Data catalogue, sensitivity labels, compliance manager	From $7/user/month
Threat detection	Microsoft Defender for Cloud	Workload protection, CSPM, third-party integrations	From $15/resource/month

For organisations already paying for Microsoft 365 E5, which bundles advanced compliance and security features, the Agent 365 increment is relatively modest. For those on E3 or lower tiers who are also evaluating Copilot Studio and Foundry, the total AI governance cost can reach $30–50 per user per month once all layers are stacked — a budget line that enterprise procurement teams need to plan for explicitly.

Pro tip

Before signing an Agent 365 agreement, audit how many employees will genuinely interact with or be governed by agents in your first year of deployment. Microsoft's per-seat model means you pay for breadth of coverage, not depth of agent usage. A focused rollout to a pilot department of 30 users costs $450/month — a much easier budget conversation than an organisation-wide licence.

Compliance angle: UK GDPR and India DPDP

The enterprise agent governance wave is not happening in a regulatory vacuum. In the UK, organisations deploying automated systems that make or materially influence decisions affecting individuals must demonstrate accountability under UK GDPR — specifically Articles 13–15 (transparency and right of access) and Article 22 (automated decision-making). In India, the Digital Personal Data Protection Act 2023 (DPDP) is entering its Phase 2 implementation, bringing fresh obligations around consent management, data-fiduciary accountability, and the rights of data principals whose personal data is processed by automated systems.

Agent 365 addresses these obligations in several concrete ways:

Audit trails for GDPR subject-access requests (SARs) — when an individual submits a SAR asking what automated processes have accessed or acted on their data, the Agent 365 audit log provides a structured record. This is significantly easier to produce than parsing application logs from a custom agent deployment.
Data-residency controls — Agent 365 inherits your existing Microsoft 365 data-residency settings. For UK organisations, this means agent audit data is stored in UK data centres by default, consistent with UK GDPR data-transfer requirements. For Indian organisations, this alignment with Microsoft's India data-centre regions (Pune and Chennai) supports DPDP compliance for agents processing personal data of Indian citizens.
DLP as a consent-enforcement mechanism — DPDP requires that personal data collected for a specific purpose is not repurposed without fresh consent. Agent 365 DLP rules can enforce purpose-limitation by blocking agents from passing personal data outside the data source where it was originally collected.
Accountability documentation — the Agent 365 policy configuration itself — what agents exist, what data they may access, what DLP rules apply — constitutes part of the Records of Processing Activities (RoPA) documentation required under UK GDPR Article 30 and the equivalent accountability obligations under DPDP.

Watch out

Agent 365 is a governance enabling layer, not a compliance guarantee. Purchasing and activating Agent 365 does not mean your agent deployments are automatically GDPR- or DPDP-compliant. You still need to conduct a Data Protection Impact Assessment (DPIA) for any high-risk agent use case, configure DLP rules to match your specific data categories, and ensure your agents' system prompts and tool configurations do not inadvertently circumvent the controls Agent 365 enforces. Treat the platform as a foundation, not a finish line.

For UK AI builders working with financial-services clients, Agent 365's integration with Microsoft Purview Compliance Manager is particularly useful. Compliance Manager includes assessment templates for UK GDPR and the FCA's Consumer Duty — both of which have implications for AI-assisted processes. Agent 365 audit data feeds directly into these assessments, reducing the manual evidence-gathering work that compliance teams previously had to do by hand.

Indian enterprises should note that DPDP Phase 2 obligations — including the appointment of a Consent Manager for organisations processing personal data above specified thresholds — are expected to come into force in late 2026. Agent 365's data-classification and consent-enforcement capabilities position it as part of a compliant DPDP stack, but builders should review the DPDP Phase 2 checklist for a full picture of what else is required.

Deploying agents in a regulated environment?

AI Tech Connect connects you with verified Builders who've navigated GDPR, DPDP, and enterprise compliance in production.

Browse Builders →

Agent 365 vs. building governance yourself

The most common alternative to Agent 365, for organisations already invested in Azure, is a DIY governance stack. This typically involves Azure Monitor for log aggregation, Azure Policy for resource-level guardrails, Microsoft Sentinel for threat detection, and custom Logic Apps or Azure Functions to handle agent-specific alerting and DLP enforcement. The components exist; the question is whether it is worth assembling them.

For teams with strong Azure engineering capability, a DIY stack can reach rough parity with Agent 365 on audit logging and alerting in four to eight weeks of focused work. What is harder to replicate is the native integration with Copilot Studio's agent runtime — Agent 365 receives structured telemetry events from Copilot Studio agents at the platform level, whereas a DIY stack must instrument agents individually, which creates coverage gaps when new agents are deployed without the instrumentation boilerplate.

The total cost of ownership comparison is instructive. A team of 100 users paying $15/month for Agent 365 spends $1,500/month, or $18,000/year. If an Azure engineering team spends six weeks building a comparable DIY stack at a loaded cost of £800/day for two engineers, the build alone costs roughly £48,000 — plus ongoing maintenance. The break-even is well under a year even at modest team sizes, and it shortens further as compliance requirements grow more demanding.

That said, there are legitimate reasons to DIY:

Your agent stack is primarily non-Microsoft (Anthropic, OpenAI, open-source frameworks) and Agent 365's third-party connector coverage does not yet meet your needs.
Your organisation has specific audit-log formats or SIEM integrations that Agent 365 does not support natively.
You need governance controls that operate below the Microsoft 365 identity layer — for example, governing agents deployed in isolated Azure subscriptions without Microsoft 365 user accounts.

For most enterprise teams deploying agents primarily on Copilot Studio and Foundry, the buy-vs-build calculus strongly favours Agent 365. For mixed-stack organisations — which is most of the serious enterprise AI builders we speak to across India and the UK — the answer is more nuanced and worth a proper evaluation sprint.

From a verified Builder

"We spent three months building an audit and DLP layer for our Copilot Studio agents using Azure Monitor and Sentinel. It worked, but every time Microsoft updated the Copilot Studio runtime, we had to go back and patch our instrumentation. Agent 365 essentially replaced that entire maintenance burden for less than we were spending on engineering time. For a governance-heavy financial-services deployment in London, the decision was straightforward."

— Senior AI Engineer · London, UK

Practical setup checklist

If you are evaluating or rolling out Agent 365, the following checklist covers the steps most teams overlook. This is not a replacement for Microsoft's official documentation, but it reflects the practical sequence that enterprise teams in India and the UK have found most effective.

Licence and provision — purchase Agent 365 licences via your Microsoft admin centre or volume-licensing agreement. Assign licences to administrators and the initial pilot user group before enabling any agent governance policies.
Inventory existing agents — before configuring policies, enumerate every agent your organisation currently runs: Copilot Studio agents, Foundry-hosted agents, and any third-party agents accessing Microsoft 365 data via Graph API. Agent 365 cannot govern agents it does not know about.
Classify agents by data sensitivity — assign each agent a data-sensitivity tier (for example: public, internal, confidential, restricted). This classification drives the default DLP policies and access scopes Agent 365 will apply.
Configure DLP rules for personal data — create DLP rules that block agents from transmitting content matching Microsoft Purview's built-in sensitive-information types: UK National Insurance numbers, Indian Aadhaar numbers, financial account numbers, and health record identifiers. Validate each rule against test content before enabling in production.
Enable audit logging and set retention — configure the audit log retention period to meet your compliance obligations: 12 months for UK GDPR (standard), up to 7 years for regulated-sector obligations. Ensure logs are exported to a separate storage account or SIEM if your compliance team requires log immutability guarantees beyond Microsoft's defaults.
Register third-party agents — for agents built on non-Microsoft infrastructure, follow the Agent 365 connector specification to register them with the platform. Accept that telemetry coverage will be partial at launch and plan a review cycle as the connector feature set matures.
Set up anomaly alerts — configure Defender integration alerts for: agents accessing data sources outside their permitted scope, agents making more than a defined threshold of external API calls per hour, and agents that are inactive for more than 30 days (potential orphan agents that should be decommissioned).
Run a tabletop exercise — before go-live, simulate a governance incident: an agent accesses a restricted SharePoint library it should not have access to. Walk through the alert-to-investigation-to-remediation workflow to confirm your team understands the Agent 365 console and can respond within the timelines your compliance obligations require.

Pro tip

Agent 365's DLP engine uses the same sensitive-information type library as Microsoft Purview. If your organisation has already created custom sensitive-information types in Purview — for example, custom identifiers specific to your industry or geography — those types are automatically available in Agent 365 DLP rules without any additional configuration. Check your Purview catalogue before building rules from scratch.

The broader enterprise agent governance wave

Agent 365 did not arrive in isolation. The same week that Microsoft launched Agent 365 on 1 May 2026, IBM announced Watsonx Orchestrate at IBM Think 2026 on 5 May — a multi-agent workflow orchestration platform targeting the same enterprise segment. The timing is not coincidental. The enterprise AI agent market is accelerating rapidly: Anthropic has publicly disclosed reaching $30 billion in annualised recurring revenue, with the growth driven overwhelmingly by enterprise agent deployments rather than individual API usage.

This acceleration is producing a genuine market for governance tooling. Enterprise IT and security teams that could tolerate a handful of experimental agents with light-touch oversight are now managing fleets of production agents operating on sensitive data across core business processes. The gap between the power of those agents and the maturity of governance tooling has been a real blocker for procurement approvals in regulated industries — financial services, healthcare, legal, and government — in both the UK and India.

Microsoft's $50 billion commitment to Global South AI infrastructure through the end of the decade is worth noting in this context. For Indian enterprise teams, that commitment signals that Microsoft intends to be a major infrastructure player in India's AI market, not just a software vendor. Agent 365 is part of a coherent enterprise AI stack — Foundry for development, Copilot Studio for deployment, Agent 365 for governance — that Microsoft is positioning as the default choice for regulated enterprises who want to move fast on AI without abandoning their existing compliance posture.

For builders working on agent platforms in India and the UK, the competitive implication is clear. Enterprise buyers are increasingly evaluating agent platforms not just on capability, but on their governance story. The ServiceNow autonomous workforce platform unveiled at Knowledge 2026 made the same bet — governance and accountability as first-class features, not afterthoughts. The teams building enterprise agent infrastructure who invest early in demonstrable governance capability will find it easier to win enterprise procurement approvals.

Builders working outside the Microsoft stack — building on Anthropic's API, for instance — should consider what the Agent 365 launch signals about buyer expectations. Enterprise buyers at organisations running Microsoft 365 will increasingly ask whether your agent platform integrates with Agent 365 for governance. The answer to that question may determine whether your agent reaches production or stalls in security review. See the Claude Managed Agents guide for how Anthropic's own governance features are evolving to meet the same enterprise demand.

The forward trajectory is towards governance as a commodity layer, not a differentiator. Just as SSL certificates went from a competitive advantage to a baseline expectation for any web service, enterprise AI governance controls are moving from "nice to have" to "required before production". Agent 365 is Microsoft's bet on capturing that governance layer in its ecosystem. Whether or not your team builds on Microsoft tooling, understanding how Agent 365 works will help you speak the language that enterprise security teams are now using when evaluating AI agent deployments.

For the AI Builders across India and the UK who are navigating enterprise procurement processes, the practical advice is this: get familiar with Agent 365's capabilities and terminology, even if you are not building on Microsoft's stack. Your enterprise clients are likely running it or evaluating it. Builders who can articulate how their agent platform complements or integrates with Agent 365 will have a materially easier time clearing enterprise security review than those who treat it as irrelevant to their work.

Microsoft Agent 365: The Enterprise Governance Layer for AI Teams