Make any agent enterprise-ready with the Agent 365 SDK

One major challenge for businesses looking to adopt new agents is having insufficient centralized controls. Before a broad rollout, companies need clear guidelines: What can this agent do? What data is it allowed to access? How do we monitor it? What steps do we take if something goes awry?

Many developers currently combine identity management, runtime protection, and monitoring using various separate solutions and open-source tools. This can lead to fragmented policy management, disjointed monitoring, and increased operational overhead that complicates scaling within existing IT and security frameworks. What organisations really need is a unified control plane that consolidates these capabilities.

On May 1, Microsoft unveiled Agent 365, a control plane designed for enterprises to monitor, govern, and secure agents at scale. Agents built on Microsoft’s AI platform (including Agent Builder, Copilot Studio, and Microsoft Foundry) will automatically gain Agent 365 features with no extra development work needed.

For agents developed on external platforms or using open-source frameworks, the Agent 365 SDK offers a straightforward pathway. This SDK brings enterprise-level observability, governance, and security, while the Agent 365 CLI facilitates agent identity provisioning and registration right from the start.

For instance, a back-office agent created on Microsoft Foundry and a customer-facing agent developed using the OpenAI Agents SDK can both be efficiently managed through Agent 365, leveraging the same identity model, observability signals, and policy engine, regardless of the platform or framework.

Discover more about the Agent 365 SDK

Observability

• Centralised agent registry. Every agent registered through the SDK is visible in a central Agent 365 registry. This allows admins to oversee ownership, usage, connected tools, resources, and assigned permissions. Additional signals help identify unmanaged local agents within the same control environment.
• Visibility for Security Operations Centre (SOC) in Microsoft Defender. SOC teams can utilise Microsoft Defender data to track agent activity, pinpoint vulnerabilities, and assess potential risks across all agents.

Governance

• Agent lifecycle management. Implement rules-based policies to automatically deactivate inactive agents, highlight agents without an owner, and block agents deemed risky.
• Onboarding and oversight of agents. Assign agents to specific users or groups only after obtaining the necessary permissions, policies, and reviews. Agents can be blocked, unblocked, or removed as needed to manage accessibility.
• Policy templates. Combine existing policies from Entra, Purview, Defender, and SharePoint into reusable templates that apply automatically during agent approval or onboarding.
• Agent tool controls. Manage which tools agents can view, use, or block throughout the tenant, ensuring only approved tools are used without needing per-agent configurations.

Security

• Agent identity in Entra. The SDK creates an agent identity in Entra, allowing management and policy application similar to how it’s done for users. Explore our Entra Agent ID blog for more details.
• Access control. Agents can be secured using Entra Conditional Access and Identity Protection, adapting as agent behaviours evolve.
• Threat detection in Defender. Agent activities will be tracked in Microsoft Defender, alongside other estate elements, with alerts integrated into the existing incident management processes of the SOC.
• Tool invocation threat blocking. When tools are registered with Agent 365, Defender’s runtime protection safeguards calls and responses from these tools, blocking high-risk actions before they take place.

Numerous software companies have already incorporated the Agent 365 SDK into their developments, falling into three main categories. The first consists of AI-native software providers building customer-facing agents, like Genspark, Zensai, Egnyte, and Zendesk. The second includes agent platforms and “agent factories” allowing customers to build and manage their agents, such as Kore.ai, Kasisto, and n8n. Lastly, there are enterprises creating custom internal agents for their staff and processes.

All three categories leverage the Agent 365 SDK because it allows integration of agent deployment into enterprises, enabling immediate observation, governance, and security through Agent 365 with no additional work needed for the core functionalities. Further advanced features like data security and compliance can be incorporated later using Microsoft Purview APIs as needed.

Kore.ai, a leading platform for developing and managing AI agents, highlights the importance of Agent 365. Raj Koneru, CEO of Kore.ai, stated:

“Enterprises can easily build AI agents today, but scaling them with trust and governance is where many initiatives struggle. With our deep integration into Microsoft Agent 365, identity, security, and governance are embedded from the start, empowering companies to evolve from pilot projects to scalable AI solutions confidently.” — Raj Koneru, CEO, Kore.ai

Zensai, another key player, offers their Human Success Agent to businesses. Emma Taylor, Culture & Organizational Development Manager at Phoenix Software Solutions, shared her thoughts on Agent 365:

“Zensai has provided us with valuable insights into our team’s performance, allowing us to track key metrics effectively. The comprehensive reporting capabilities within the Human Success Platform have transformed our approach. We are thrilled with the Human Success Agent, as Agent 365 facilitates the governance and observability our administrators require to manage AI responsibly, while providing data and insights for informed decision-making across our operations.”— Emma Taylor, Culture & Organizational Development Manager, Phoenix Software Solutions

The message is clear: by integrating once with the Agent 365 SDK, every customer deploying your agent can easily get robust enterprise-grade controls.

The Agent 365 SDK is now available. If your agent is already operational, you can onboard it in just three simple steps:

1. Install the SDK in your agent project using Python, TypeScript, or .NET.
2. Register the agent with the Agent 365 CLI to set up its identity and automatically onboard it into Agent 365.
3. Wrap your agent’s entry point with the SDK to send activity and telemetry data to the Agent 365 control plane.

For comprehensive data security visibility and controls, consider integrating Microsoft Purview APIs to enable features like prompt-based Data Loss Prevention (DLP), Data Security Posture Management, Insider Risk Management, and essential compliance functionalities such as eDiscovery, Communication Compliance, Audit, and Data Lifecycle Management. Learn more in our Purview developer blog post.

Start your journey with Agent 365 development

Microsoft is continually refining the Agent 365 SDK based on feedback from developers. Here are some resources to explore and see the SDK in action:

• Watch OD840:  A Microsoft Build on-demand session diving into the Agent 365 SDK and its design choices.
• Watch BRK251: A hands-on breakout on building secure, enterprise-ready agents with the Agent 365 SDK and Microsoft Purview APIs, featuring practical examples. Available on Wed, Jun 3 at 11:30 AM – 12:15 PM PDT and on demand afterward.
• Check the docs: For quick-start guides, references, and a detailed toolkit overview.
• Learn more about Purview for agents: Begin with the Purview developer blog for insights, followed by the Microsoft Purview developer documentation for in-depth references.
• Get the lowdown on Entra Agent ID: Start with the Entra Agent ID developer blog, followed by the Microsoft Entra Agent ID documentation for full details.

Creating agents that IT and security teams can approve doesn’t have to involve assembling various solutions. With the Agent 365 SDK, you can build agents ready for enterprise deployment, allowing organisations to do so with confidence.

Co-Authored by Jeremiah Follis