Microsoft Agent 365 went generally available on May 1, 2026. Fifteen dollars per user per month, or bundled with Microsoft 365 E7. It finds every AI agent running across your organization, shows you which devices they are on, and can block them through Intune policy the moment you decide they should not be there.

The product is notable. What it tells you about where enterprise AI actually is right now is more important.

The Problem It Is Solving

Agent 365 exists because companies have AI agents running that their IT and security teams did not approve and often do not know about. Microsoft calls this shadow AI. By June 2026, Agent 365 will discover 18 different agent types running across an organization, including GitHub Copilot CLI and Claude Code.

Read that again. Enterprise IT teams need a dedicated control plane to find out whether their employees are running AI agents. Not to manage the agents. Not to optimize them. To find out they exist.

This is the operations gap in its most visible form. The technology moved faster than the governance. Now the governance is catching up, and it is catching up by building a kill switch.

What This Tells You About Where Most Companies Are

Six out of ten companies have started deploying agentic AI. One in ten has built anything autonomous. The rest are running tools, not systems. And inside that gap, employees are not waiting for permission.

They are using Claude Code to write production scripts. They are running Copilot CLI against internal repositories. They are connecting third-party agents to company data through APIs that legal has never reviewed. They are doing this because the work gets done faster, and nobody told them not to, and nobody was watching.

Shadow AI is not a compliance failure. It is the natural outcome of deploying AI without ownership structure. When a team adopts a model with no defined scope, no designated owner, and no feedback loop, the technology expands to fill whatever space it can find. That is not a prediction. It is what has already happened.

The Governance Layer Is Now Real Infrastructure

Three things happened in the same week that Agent 365 went GA. Cognizant launched Secure AI Services, a set of integrated tools for governing and scaling agentic systems across enterprise operations. Microsoft announced cross-cloud agent registry sync with AWS Bedrock and Google Cloud, so IT teams can discover and govern agents across platforms they do not own. And Microsoft and Google were both described in the same Computerworld article as pushing AI agent governance into the enterprise IT mainstream.

That is not three separate product launches. That is a category forming.

A year ago, AI governance was a compliance checkbox. Something legal asked about in the context of model procurement. Today it is infrastructure. Microsoft is selling it at $15 per user per month. Cognizant is wrapping it in professional services. Google is building it into Cloud.

The companies that do not have this layer yet are not behind on a feature. They are missing a capability that is already table stakes at the companies ahead of them.

What The Kill Switch Question Actually Asks

The way you know a company has a real AI operations problem is simple: ask them who can shut it down.

Not “who manages the AI strategy.” Not “who owns the AI roadmap.” Ask who can halt a specific agent that is producing wrong outputs, touching production data, or acting outside its defined scope. Ask how long that would take.

At most organizations, the honest answer is some version of “we would have to find the person who set it up.” That person may have left. The configuration may be undocumented. The agent may be running on infrastructure that nobody is actively monitoring.

Microsoft built Agent 365 because enough of its enterprise customers had reached this state at scale. That is the signal.

The Operations Work That Comes Before The Kill Switch

A kill switch is better than nothing. It is not a substitute for the ownership structure that should have been in place from the start.

Every AI agent in production should have three things defined before it touches real data: who owns it, what it is allowed to do, and what triggers a human review. Not as policy documents that live in a shared drive. As operational facts that the team responsible for it can state without looking anything up.

Agent 365 can tell you that an agent exists and let you block it. It cannot tell you whether the agent should exist, what it is supposed to accomplish, or whether the outputs it has been producing are correct. That work is not a product. It is not something Microsoft can sell you. It is the organizational work that most teams have avoided because it is slower and harder than deploying the tool.

The governance infrastructure is ready. The governance work is not done.