The thing IT departments feared about SaaS sprawl in 2015 just showed up again, except now the rogue apps write code and take actions without asking permission first.
The Summary
- Microsoft moved Agent 365 out of preview to general availability, a management platform designed to discover and govern AI agents across Microsoft, AWS, Google Cloud, and employee devices
- The product focuses on "shadow AI" — autonomous agents employees install locally without IT approval, creating a new category of enterprise security risk
- Microsoft's AI Security VP describes the current state as enterprises stuck between "YOLO" (anything goes) and "oh no" (nothing works)
The Signal
Microsoft just shipped a product that solves a problem most companies don't know they have yet. Agent 365 is a control plane for AI agents, which sounds like standard enterprise software until you realize what it's actually detecting: autonomous code running on employee laptops that can invoke tools, access data, and take actions across company systems without asking IT for permission.
This isn't about whether companies should deploy AI agents. They already did. The deployment happened bottom-up, device by device, as employees downloaded coding assistants, personal productivity tools, and workflow automation that runs locally. Microsoft is positioning this as "shadow AI", a direct parallel to the shadow IT crisis of the 2010s when employees adopted Dropbox and Slack faster than IT could evaluate them.
"Most enterprises are trying to find a balance between YOLO — just let anything run — and 'oh no,' where nothing works at all."
Except shadow AI is worse than shadow IT in one critical way: SaaS apps were static. You could audit what data they touched, what permissions they had, and what actions they took. AI agents are dynamic. They make decisions. A coding assistant doesn't just read your codebase, it suggests commits. A productivity agent doesn't just view your calendar, it drafts emails and schedules meetings based on context it infers from other tools.
The real tell here is that Agent 365 works across Microsoft's ecosystem AND competitor clouds. That's not Microsoft being generous. That's Microsoft acknowledging the agent layer is already multi-cloud and multi-vendor, and if they don't provide unified visibility, enterprises will either lock down everything or lose control entirely. The product discovers agents running on AWS Bedrock and Google Cloud alongside Microsoft's own Azure OpenAI deployments. It tracks what data those agents access, what permissions they request, and what actions they take.
Key capabilities Microsoft is emphasizing:
- Discovery of local agents running on employee endpoints
- Cross-cloud visibility across Azure, AWS, and Google Cloud
- Governance controls for agent permissions and data access
- Security monitoring for autonomous actions agents take
The timing matters. Microsoft announced Agent 365 at Ignite in November 2024 and moved it to general availability five months later. That's fast for enterprise software, especially security infrastructure. The speed suggests Microsoft sees urgent demand, which means their enterprise customers are already dealing with agent sprawl and don't have tools to manage it.
The Implication
If you run IT or security at a company with more than 500 employees, assume shadow AI is already running in your environment. The employees using coding assistants or personal automation tools aren't asking for permission because they don't think they need it. These feel like personal productivity tools, not enterprise software.
Start with discovery before governance. You can't manage what you can't see, and you can't see what's running locally on employee machines without detection infrastructure. Agent 365 is one option. Others will follow. The companies that figure out lightweight governance early will attract the best builders. The ones that lock everything down will lose them.