Cyber Security
Microsoft Agent 365: Bringing AI Agents Under Control
Updated 17 June 2026
AI has stopped being something your staff visit in a browser. It now lives on their machines. Coding assistants like Claude Code and GitHub Copilot, desktop apps like ChatGPT and Claude Desktop, and AI-powered tools built into everyday software are quietly becoming part of how work gets done in UK businesses, often without IT ever being asked.
That creates a new question for business owners and managers: what AI is actually running in your organisation, what can it reach, and who is keeping an eye on it?
Microsoft's answer is Agent 365, which became generally available in May 2026. Here is what it is, why it matters for a business of your size, and how we are putting it to work.
What is Microsoft Agent 365?
Agent 365 is Microsoft's control plane for AI agents. An "agent" in this context is any AI tool that can act on its own: reading files, calling other systems, running commands, or completing tasks a person has delegated to it. That includes agents your business builds deliberately, agents bundled into software you already use, and agents individual employees install for themselves.
Agent 365 extends the Microsoft security tools many businesses already rely on, Microsoft Entra for identity, Microsoft Defender for threat protection, and Microsoft Purview for data protection, so they cover AI agents as well as people and devices.
In practical terms it delivers three things:
An inventory. Agent 365 automatically discovers AI agents across your organisation, including those running directly on staff laptops and desktops. Coding assistants, AI desktop apps, AI-enabled development tools, and the connections those agents have configured to other systems all appear in a single register. You cannot govern what you cannot see, and for most businesses this inventory is the first honest picture of their AI footprint.
Identity and access control. Agents get their own managed identities, so the same rules that govern staff access, such as conditional access and least-privilege permissions, apply to AI too. An agent only reaches the data and systems it has been granted, and that access is visible and reviewable.
Runtime protection. This is the piece we find most significant. AI agents act on text: prompts, file contents, web pages, and the output of other tools. Attackers have learned to hide malicious instructions inside that text, a technique known as prompt injection, effectively hijacking an agent to leak data or run harmful commands. Agent 365 lets Microsoft Defender inspect what agents are being asked to do and block dangerous actions before they run, with alerts your IT partner can investigate.
Why this matters for SMEs
It is tempting to file this under "enterprise problem". We would argue the opposite. Larger organisations have security teams watching for unusual behaviour. In a 20-person law firm or a 60-person construction business, an AI coding tool with access to client files, or a desktop assistant an employee has connected to company email, can operate for months with nobody looking.
Three risks stand out for the businesses we work with:
- Data leakage. Staff pasting client or commercially sensitive information into AI tools, or agents reading files they should never have been given access to.
- Unaccountable access. Agents connected to line-of-business systems with broad permissions and no review, which matters for UK GDPR and increasingly for professional regulators.
- Manipulation. Prompt injection is not theoretical. Any agent that reads documents, emails, or web content can be targeted, and the agent then acts with the permissions of the person running it.
For our legal clients in particular, the question "which AI tools have touched client matter files" is one you want to be able to answer before a regulator, an insurer, or a client asks it.
Licensing and pricing, in plain terms
Agent 365 is licensed per user and sits alongside your existing Microsoft 365 subscription. As a guide, Microsoft's list price is around £13.80 per user per month on a monthly plan, or £12.08 per user per month on an annual commitment, which works out at £138.00 per user, per year (prices exclude VAT).
The device-level agent discovery and runtime protection capabilities require a suitable Microsoft Defender foundation beneath the licence. From 1 July 2026, Microsoft is consolidating its AI agent security features under Agent 365 licensing, so businesses that want this visibility will need the licence in place. Microsoft offers a 30-day trial, which is a sensible way to see your own AI inventory before committing.
We can advise on the right combination for your current Microsoft plan, and supply the licensing through our Microsoft partnership.
How TheLogic is using it
We do not recommend tools we have not run ourselves. Agent 365 is live in our own environment now, discovering the AI agents and integrations our team uses daily, and it forms part of our AI Visibility service alongside Microsoft Purview's AI monitoring and network-level shadow AI discovery.
For clients, that service answers four questions on an ongoing basis: which AI tools are in use across your business, what data they are touching, whether sensitive information is being exposed, and what controls are actively preventing misuse. Agent 365 closes the gap that browser-based monitoring alone cannot see: the AI running directly on your devices.
Where to start
If you are unsure what AI is already in use across your business, that uncertainty is the finding. A short discovery exercise gives you the inventory, and from there the decisions about policy, licensing, and controls become straightforward.
Talk to us about an AI visibility assessment for your organisation.
