Yesterday, Microsoft announced Agent 365 — a centralized control plane for deploying, organizing, and governing AI agents at enterprise scale. Built on Entra identity and backed by Defender's security stack, it's a serious product from a company that has earned the right to build enterprise infrastructure. If you're a CIO running a Microsoft-native environment, you should absolutely be paying attention to it.
But here's the problem most enterprise architects will recognize immediately: you are almost certainly not running a Microsoft-native environment.
According to recent enterprise surveys, 98% of organizations are actively deploying AI agents. Of those, the overwhelming majority are running agents across at least three distinct platforms — Azure AI Foundry, AWS Bedrock, GCP Vertex AI, Salesforce AgentForce, and custom-built frameworks like CrewAI and LangChain. Agent 365 was built to govern the agents Microsoft can see. Your governance problem is the agents it can't.
This post is a straightforward technical and strategic analysis of what Agent 365 does well, where it stops, and what a genuine cross-platform AI agent governance capability actually looks like in 2026.
What Microsoft Agent 365 Actually Does Well
Centralized agent inventory for Microsoft-native agents. Agent 365 gives enterprise administrators a single pane of glass for all agents built and deployed through Copilot Studio and Azure AI Foundry.
Identity integration through Entra. By anchoring agent identities in Entra ID, Microsoft is solving a real problem: agents need to be treated as first-class identity principals, not just service accounts with elevated privileges. The 82:1 machine-to-human identity ratio is an identity governance problem at its core.
Security monitoring through Defender. Suspicious agent behavior, anomalous tool invocations, and potential prompt injection events surface through existing SOC workflows.
Policy enforcement for Copilot Studio agents. Data loss prevention, access controls, and usage policies govern what Copilot Studio agents can access, process, and do.
ServiceNow integration for unified oversight. Agent governance events surface in ITSM workflows.
None of this is small. Agent 365 is a serious enterprise governance product for organizations operating within Microsoft's ecosystem. The operative phrase is "within Microsoft's ecosystem."
The Cross-Platform Gap: What Agent 365 Cannot See
AWS Bedrock Agents
Bedrock agents operate through their own identity system (IAM), logging stack (CloudTrail, CloudWatch), and orchestration layer. None of this surfaces in Agent 365's inventory. A Bedrock agent with access to sensitive customer data is completely invisible to Agent 365.
Google Cloud Vertex AI Agents
Vertex agents authenticate through Google IAM, log to Cloud Logging and Cloud Trace, and have no native integration surface with Agent 365. From Microsoft's control plane, they do not exist.
Salesforce AgentForce
These are agents operating inside CRM and customer-facing workflows — potentially handling sensitive customer PII, making commitments on behalf of the business. Agent 365 has no visibility into AgentForce agents.
Open-Source Frameworks: CrewAI, LangChain, and Derivatives
This is where the governance gap becomes most acute. These frameworks resist centralized control almost by design. A typical enterprise engineering team building a CrewAI-based agent system produces zero governance artifacts that appear in any enterprise control plane.
Custom MCP Servers
Custom MCP servers — built to expose internal APIs, databases, or business logic as agent-accessible tools — are proliferating with little visibility or control. Agent 365 does not currently provide governance coverage for MCP tool invocations at the protocol level.
A Real Enterprise Scenario: The 500-Agent Problem
A Fortune 500 financial services firm has approximately 500 agents:
- 150 agents on Microsoft Copilot Studio and Azure AI Foundry
- 120 agents running on AWS Bedrock
- 80 agents on GCP Vertex AI
- 90 agents built with CrewAI and LangChain
- 60 agents on Salesforce AgentForce
When this organization deploys Agent 365, it gets governance coverage for approximately 150 agents — 30% of its agent population. The remaining 350 agents — 70% — are invisible.
The EU AI Act's enforcement provisions become applicable to new high-risk systems on August 2, 2026. Audit trails that only cover 30% of the agent population are not audit trails. They are selected documentation with the most problematic gaps undocumented.
The Five Governance Capabilities No Single Vendor Provides
1. Cross-Platform Agent Inventory
You cannot govern what you cannot see. A genuine cross-platform inventory must discover agents deployed through vendor-managed platforms, open-source frameworks, API gateways, MCP servers, and SaaS platforms.
2. Unified Policy Enforcement
Policy fragmentation is one of the most persistent failure modes. Unified policy enforcement means defining policies once and applying them everywhere, regardless of the underlying platform.
3. Vendor-Neutral Audit Trail
Audit trails stored entirely within one vendor's infrastructure cannot be used to audit that vendor's agents with the same credibility as an independent audit trail.
4. Cross-Platform Lifecycle Management
Agents change: capabilities expand, data access scope drifts, owning teams change, business purposes evolve. Lifecycle management tracks and governs these changes across the full agent population.
5. Compliance Mapping for the EU AI Act
The EU AI Act compliance deadline of August 2, 2026 is less than five months away. If 70% of your agents are invisible to your governance tooling, your compliance mapping is correspondingly incomplete.
How to Evaluate Cross-Platform Governance Solutions
On agent discovery: Which platforms does this solution discover natively? How does it handle open-source frameworks?
On policy enforcement: Can policies be defined once and enforced across multiple platforms?
On audit trail: Is the audit trail stored independently of any vendor platform being audited?
On lifecycle management: Does it support provisioning workflows that require governance review?
On compliance: Does it map findings to EU AI Act requirements?
On vendor neutrality: Is the solution itself vendor-neutral?
FAQ
Q: If we're primarily a Microsoft shop, do we still need cross-platform governance?
Almost certainly yes. "Primarily Microsoft" in practice almost never means "exclusively Microsoft." Even organizations with strong Microsoft alignment have agent populations in Salesforce, open-source frameworks, and AWS or GCP.
Q: How does Agent 365's ServiceNow integration affect the cross-platform picture?
The ServiceNow integration is an operational integration, not a discovery or governance integration for external platforms. It does not extend Agent 365's visibility to non-Microsoft agents.
Q: Does agent governance require replacing our existing platform investments?
No. Cross-platform governance is an additive layer, not a replacement. Think of it as analogous to a SIEM: it aggregates and correlates across platform-native controls.
What Comes Next
Microsoft Agent 365 is a milestone. It represents the maturation of AI agent governance from a theoretical concern to a mainstream enterprise product category.
The challenge for enterprise architects, CISOs, and compliance officers is to avoid assuming that a credible product from a trusted vendor solves the whole problem. Agent 365 solves a significant portion of the problem for Microsoft platforms. For most enterprises, that is a minority of the risk surface.
Governance for agents Microsoft can see is a good start. Governance for agents Microsoft cannot see is the actual problem that enterprise risk teams need to solve.
That is the cross-platform AI agent governance gap. And as of March 23, 2026, closing it is not optional.
Need cross-platform AI agent governance?
iEnable gives you visibility and control over your entire AI workforce — regardless of platform.
Learn More About iEnable →Related reading: