Microsoft Agent 365 Just Went GA at $15/User. Here's What That Means If Your 'Fleet of Agents' Is Three Python Scripts.
Microsoft Agent 365 Just Went GA at $15/User. Here's What That Means If Your 'Fleet of Agents' Is Three Python Scripts.
On May 1, Microsoft Agent 365 moved from preview to general availability. The product is positioned as a control plane for AI agents inside the enterprise — observe what your agents are doing, govern who can run them, secure the actions they take. List price is $15 per user per month, or bundled into the new Microsoft 365 E7 "Frontier Suite" at $99 per seat.
Every enterprise sales conversation you take in the next twelve months will reference this product. Every "AI governance" SKU shipped by Microsoft's competitors over the next six months will be priced against it. Most of the indie operators reading this have a "fleet of agents" that consists of two or three Python scripts written on a Sunday. Here's the honest read on what this product actually means at indie scale, and the one paragraph you should add to your security one-pager this month.
What Agent 365 actually does
Strip the marketing and Agent 365 is three things stacked together.
The first layer is observation. The product discovers AI agents running inside an organization — Microsoft's own (Copilot, Agent Framework), third-party agents that integrate with M365, and via the multicloud sync, agents running on AWS Bedrock and Google Cloud. Every action an agent takes can be logged, attributed to the user it runs on behalf of, and exported to security tooling. That's the "do you have visibility into what your agents are doing" answer.
The second layer is governance. Admins set policies about which agents can run, which users can invoke them, what tools each agent can call, and what data they can access. The policies live in Intune and Defender, the same admin surfaces enterprise IT teams already use. Coming in June: runtime blocking and policy-based controls, plus alerts when an agent tries to do something policy-prohibited.
The third layer is security. Identity-based access controls, sandboxed execution environments, audit logs designed for compliance reviews, and integration with Microsoft's broader Zero Trust posture. The framing is enterprise-grade, with the language and pricing to match.
Stack the three together and you get the product Microsoft is selling: a single control plane for the agent layer of an enterprise's stack, designed for IT and security teams that need to manage 100+ agents across hundreds of users.
Why the $15 number matters even if you'll never pay it
I am not going to be an Agent 365 customer. Neither are you. The product is priced and packaged for enterprises, not solo operators.
The reason the $15 number matters anyway is that it sets the market floor for "how should AI agent governance be priced." Every Microsoft competitor pricing a similar SKU in the next six months will benchmark against $15/user. Anthropic, OpenAI, Google Workspace, and the dedicated agent-governance startups (CalypsoAI, Lakera, the new entrants) are all going to land in roughly the same per-seat range, plus or minus 30%.
Indie operators don't pay these prices. But the customers indie operators sell to do, and the customers will start asking "is your product compatible with our agent governance tooling" within the next six to twelve months. The first time that question shows up in a sales call, you want to have a one-paragraph answer ready, not be hearing the term for the first time.
The bit nobody's talking about — multicloud agent sync
The most underrated detail in the announcement is the multicloud preview. Agent 365 is in public preview for syncing agent inventories from AWS Bedrock and Google Cloud. Microsoft is openly indexing other clouds' agents into a single registry.
For an indie operator running an agent that gets adopted inside an enterprise customer's M365 tenant, that registry is going to inventory you eventually, whether you opt in or not. The customer's IT team is going to ask whether your agent is "Agent 365 visible." The answer they want is yes, with a clean discovery story.
That doesn't actually require integration. The Agent 365 discovery model relies on standard agent registry conventions — the kind of thing that's becoming an OpenAPI-like spec for agents. Your agent doesn't need to be Microsoft-specific to be discoverable; it needs to expose a standard manifest. If your agent product doesn't have a manifest endpoint, that's the gap to close before the multicloud sync goes GA later this year.
What you should actually do this month
Two concrete actions, both of them small.
First, add one paragraph to your security one-pager. Something like: "We are aware of Microsoft Agent 365 and the broader trend toward enterprise agent governance. Our agents are designed to be discoverable by standard agent registry conventions, and our action logs are exportable in formats compatible with common SIEM and governance tooling." That's not a lie if you're running observability at all; it's a positioning statement that puts you on the right side of the conversation. The exact phrasing matters less than having something written down that you can paste into RFP responses.
Second, audit your agent's logging. If your agent doesn't currently log every action it takes with timestamps, the user it ran on behalf of, and the result — add that. The logging itself is straightforward. The reason to do it now is that it'll be table stakes in a year, and the audit log you can show a customer's IT team is the difference between "yes, we have governance" and "let me get back to you on that." Roughly four hours of work for most indie agents. Worth doing this weekend.
That's it. No SDK to integrate. No certification to pursue. Just a paragraph and an audit log.
The June rollout to watch
Microsoft is shipping runtime blocking via Intune and Defender public preview in June. That's the layer where an enterprise admin can prevent your agent from running inside their tenant if it doesn't meet their policy.
If you're shipping an agent that runs inside a customer's M365 environment — even indirectly, through a Microsoft Graph integration — June is when that agent could be hard-blocked by a customer's IT team. The mitigation is to make sure your agent is registered with the customer's tenant, signed with whatever attestation the customer requires, and not doing anything that triggers default-deny policies (excessive scope, untracked data access, anomalous network calls).
Most indie operators won't be affected because most indie agents don't run inside customer M365 tenants. But if you have one customer who's an enterprise, this is the timeline that matters for them.
The honest counter-take
This is an enterprise product. Most of the writing about it should not be on an indie blog. The reason this post exists is that the second-order effects are real even when the first-order product isn't relevant: pricing pressure on competitors, RFP language change, multicloud agent registry standardization, and the June runtime-blocking rollout all reach indie operators eventually.
The right amount of attention to spend on this is roughly: read the announcement once, write the security-one-pager paragraph, audit your agent logging this weekend, and then stop thinking about it. Don't over-rotate. Don't try to integrate with Agent 365 until a customer specifically asks for it. Don't write a roadmap item called "Agent 365 compatibility" because you read about it on a blog.
The other counter-take: enterprise AI governance is going to look very different in three years than it looks today. The Agent 365 product will iterate, the competitors will iterate, the standards will move. Anything you build to Agent 365 specifically is likely to be redone within 18 months. Building to standards that Agent 365 happens to support — manifest endpoints, structured logging, identity-based access — is the bet that survives the iteration. That's the durable move and it's the only thing in this post worth doing without a customer ask.