Sonnet Code
← Volver a todos los artículos
AI & Machine Learning13 de mayo de 2026·8 min read

Microsoft Agent 365 Went GA on May 1 — Agent Governance Is Now a $15/User/Month Line Item

Sonnet Code Editorial Team

The release, in one paragraph

On May 1, 2026, Microsoft moved Agent 365 to general availability and shipped the new Microsoft 365 E7 Frontier Suite alongside it. Agent 365 is positioned as the control plane for an enterprise's entire agent fleet — discover, observe, govern, and secure agents across Microsoft surfaces plus AWS Bedrock and Google Cloud through registry sync, with lifecycle controls (start, stop, delete), policy-based runtime controls, and audit visibility into every agent's tool calls and connector activity. Pricing is $15 per user per month standalone, or bundled into E7 at $99 per user per month with Microsoft 365 Copilot, Agent 365, Microsoft Entra Suite, and Microsoft 365 E5 with advanced Defender, Entra, Intune, and Purview capabilities.

The headline framing is "agent governance, now generally available." The substance is one tier deeper: Microsoft just made "agent governance" a procurement category, drew the cross-cloud line first, and reframed the buying conversation from "which agent runtime do we standardize on" to "who owns the policy plane that sits above all of them." Every enterprise running agents on more than one vendor — which is to say, every enterprise running agents — is now in that conversation whether they wanted to be or not.

Why "agent governance" is a real category now (it wasn't six months ago)

For most of the agent era so far, "governance" was an item on the procurement checklist that mostly got handled by the agent runtime itself. Anthropic ships some admin views inside Claude Managed Agents. OpenAI ships some admin views inside Workspace Agents. Cursor ships some admin views inside Cursor Teams/Enterprise. Each runtime had its own dashboard, its own access controls, its own audit posture. The CISO got a dashboard per vendor, and "governance" meant "open each dashboard quarterly and hope the picture composites."

That doesn't scale, and three things forced the issue:

Agent count exploded. The same survey data showing that 57% of enterprises have agents in production also shows that the median enterprise has 12 to 40 agents running across teams. A control plane that requires opening four vendor dashboards to inventory those agents isn't a control plane — it's a part-time job.

Cross-vendor became the default, not the exception. Workspace Agents for the Codex-native workflows, Claude Managed Agents for the long-context reasoning workflows, Coder Agents for the self-hosted regulated workflows, Bedrock-hosted internal agents for the AWS-native workflows, Google Cloud agents for the Google-native workflows. Even a single team usually ends up with two or three agent runtimes by the time the year is out. A governance plane that only sees one vendor's agents misses most of the surface.

The compliance ask got specific. "Show me every agent that has access to PII" is a question that, until this year, no enterprise could answer in less than a week of spreadsheet work. Auditors started asking it anyway. Regulators in financial services and healthcare started writing the question into the next round of guidance. The answer requires a unified agent registry across every runtime in the org, and that is the thing Agent 365 is trying to be.

What Agent 365 actually solves (and what it doesn't)

Three capabilities worth naming, and three caveats to balance them.

The cross-cloud registry sync is the part nobody else shipped first. Connecting to AWS Bedrock and Google Cloud agent platforms, pulling their agent inventories into the same registry as the Microsoft-native agents, and giving the IT/security team one view across the whole fleet is the load-bearing capability. Every other agent governance pitch in the last six months has been single-vendor; Microsoft drew the cross-cloud line first, and that's the move competitors will have to match or work around.

Policy-based runtime controls with Intune + Defender integration. Microsoft is wiring agent runtime policy into the same control plane that already governs the workforce's devices and identities. For an enterprise that already runs Intune for device management and Defender for endpoint security, this means "agent policy" doesn't need a new admin tool, a new on-call rotation, or a new SOC playbook — it lives where the rest of the org's policy already lives. That's a real adoption advantage Microsoft has that the standalone-startup category cannot match.

Lifecycle governance, including stop/delete. The ability for a central IT team to inventory every agent across the fleet and kill any one of them without negotiating with the team that built it is the operational primitive every CISO has been asking for. Agents that go dormant, agents that drift, agents whose owners left the company, agents that were never supposed to make it past a pilot — the kill-switch primitive is what turns the agent fleet from a sprawl into a managed asset.

Now the caveats:

"Discover" is conditional on the connector working, and the connector is conditional on the vendor playing along. Microsoft can pull from AWS Bedrock and Google Cloud because those vendors expose the right APIs. The next agent runtime that gains traction — a startup that ships a popular self-hosted product, or a vendor that disagrees with Microsoft about the governance posture — may not. Coverage is a moving target, and any team that bets the entire governance posture on Agent 365's registry needs a fallback plan for the agents it doesn't see.

The runtime policy enforcement runs through the vendors' tool surfaces, not above them. When Agent 365 says "this agent cannot call tool X," the enforcement happens at the agent's runtime, which has to honor the policy. Most vendor runtimes will; some won't, and some will support partial enforcement that's invisible from the outside. Treat the policy enforcement as a defense-in-depth signal, not a load-bearing guarantee.

E7 at $99/user/month is a real budget decision. Bundling Agent 365 into the E7 Frontier Suite means the buying decision isn't a $15-per-seat add-on; it's a decision about whether to move the whole knowledge-worker tier onto a $99/user/month SKU. For a 5,000-person enterprise, that's a $5M/year line item, and the discussion is going to be much more deliberate than the launch keynote framed it.

The multi-vendor question Agent 365 forces

For a CTO who has already made agent runtime decisions at the team level — Workspace Agents for marketing, Claude Managed Agents for engineering, Bedrock-resident agents for the data team, an internal SDK-based custom agent for customer support — the question Agent 365 raises is the one the org probably hadn't formalized yet: who, structurally, owns the policy plane that sits above all of these runtimes?

Three plausible answers, each with tradeoffs:

1. Microsoft owns it, via Agent 365. Lowest operational overhead. Best integration with existing Microsoft tooling (Intune, Defender, Purview, Entra). Single-vendor risk and single-vendor opinions about what governance should look like. Best fit for orgs already deeply on the Microsoft stack.

2. A third-party governance plane owns it. Several startups are building this category — agent observability + policy enforcement that's vendor-neutral by design. Lower lock-in. Higher integration cost. Best fit for orgs that are deliberately multi-cloud and don't want to deepen a Microsoft commitment.

3. The enterprise builds its own. Highest cost, highest control. Best fit for the largest enterprises with mature platform teams and unusual governance requirements (financial services, healthcare, defense). Often the right long-term answer; almost always the wrong short-term answer.

The honest read is that for most enterprises in the $1B-$10B revenue band, option 1 is the rational default for the next 12-18 months — not because Agent 365 is finished, but because the cost of waiting is now an audit liability and the cost of building is genuinely a year of platform work. The orgs that should resist option 1 are the ones with specific reasons to: heavy AWS or GCP commitments, regulated workflows that need a deeper governance posture than Microsoft's product currently supports, or a strategic stance against further Microsoft consolidation.

Where we'd push back on the launch narrative

"Agent 365 + E7" is a Microsoft-stack bet, not an agnostic governance bet. The cross-cloud connectors are real and useful; the deepest integration is still with Microsoft's own runtime, identity, and policy surfaces. An enterprise running 70% non-Microsoft agents will get less value per dollar than an enterprise running 70% Microsoft agents, and the procurement conversation should reflect that.

The launch keynote framed governance as a feature; in practice it's a workflow. Inventorying agents, classifying them, assigning owners, writing policies, reviewing audit trails, dispositioning runtime alerts — none of that is software. It's process and headcount. The team that buys Agent 365 and assumes governance now "exists" without staffing the workflow is the team that finds out, six months in, that the dashboards are green because nobody is reading them.

Bundling is a procurement move, not a technical one. E7 at $99/user/month is priced to be the obvious upgrade for orgs already on E5. Whether the additional capabilities (Agent 365 + Copilot + Entra Suite vs E5) justify the per-seat jump for your org is a math problem your CFO should run, not a question the bundle answers for you.

What we'd build differently this week

  • Inventory the agents already running across the org, regardless of runtime. Microsoft, AWS, Google, custom internal builds, third-party SaaS with embedded agents. This is the artifact every governance conversation starts from, and most orgs don't have it. Build it now, even by hand, even before the procurement decision.
  • Decide who owns the agent governance workflow at the leadership level. CISO? CTO? A joint role? An "Agent Center of Excellence" reporting up to the COO? The org chart decision matters more than the tooling decision, and waiting until after the platform is bought is too late.
  • Pilot Agent 365 against the existing agent fleet for one quarter before org-wide rollout. Measure coverage (what percent of agents does it actually see), enforcement (does the policy plane do what you configured it to do), and integration cost (how much engineering work is required to onboard non-Microsoft agents). The numbers inform whether the bundle is worth the per-seat jump.
  • Author the agent policy taxonomy now, vendor-independently. What classes of agents exist (read-only research, write-capable workflow, customer-facing, internal-only, PII-exposed, regulated-data-exposed)? What policies apply to each class? Once that taxonomy exists in writing, configuring it inside Agent 365 (or Bedrock, or a third-party plane) is mechanical. Without it, the configuration is improvisation.
  • Stand up cross-vendor eval and audit trails as code in your repo. Whatever the governance plane is, the trajectory traces, audit logs, and eval data should live in your infrastructure under your retention policy. Vendor dashboards are convenient; vendor dashboards going dark, getting deprecated, or being repriced is a category of risk that's worth engineering around in advance.

Sonnet Code's take

Microsoft Agent 365 going GA on May 1 is the moment "agent governance" stopped being a feature checkbox inside individual runtimes and started being a procurement category in its own right. The teams that win this cycle are the ones who decide deliberately who owns the policy plane, who treat governance as a staffed workflow rather than a purchased dashboard, and who keep the audit-trail data under their own retention policy regardless of which vendor's UI they're using to look at it this quarter. We staff that work directly: AI development at Sonnet Code is the engineering that builds the cross-vendor agent registry, wires the audit trail and trajectory traces into your own infrastructure (so they outlive any vendor's dashboard), integrates the runtime policy with your existing Intune/Defender/Entra posture, and stands up the per-class agent taxonomy that governance is actually applied against. We pair it with AI training engagements where senior practitioners — security engineers, compliance specialists, domain experts — author the policy classes, grade the audit trails, and build the rubric your governance plane is configured to enforce. If your team is staring at the E7 price tag this week and trying to decide whether Agent 365 is the right bet for your stack, the next conversation isn't about the SKU. It's about the agent inventory you don't have yet and the workflow owner you haven't named.

Sigue leyendo.

Coder Agents Hits Beta: Self-Hosted, Model-Agnostic Coding Agents and the Regulated-Industry Door Just Opened
AI & Machine Learning7 min read

Coder Agents Hits Beta: Self-Hosted, Model-Agnostic Coding Agents and the Regulated-Industry Door Just Opened

Coder went to beta on May 6 with Coder Agents — a native agent architecture that runs entirely inside the customer's network perimeter (cloud VPC, on-prem, or fully air-gapped), with control plane, orchestration, and execution all on customer infrastructure, and bring-your-own model support including self-hosted weights. Source code, prompts, and model traffic never leave the network. For every regulated enterprise that's been telling its engineers "no Cursor on production code," the answer changed this week.

Sonnet Code Editorial Team · 12 de mayo de 2026
Snyk Embedded Claude and Shipped Evo: AI-Generated Code Just Got Its Own Security Stack
AI & Machine Learning8 min read

Snyk Embedded Claude and Shipped Evo: AI-Generated Code Just Got Its Own Security Stack

On May 7 Snyk announced it had integrated Anthropic's Claude across its AI Security Platform and brought Evo — the first agentic security orchestration system with red-team agents that continuously probe running AI applications for prompt injection and data exfiltration — to general availability. The framing in the press release is "AI-native AppSec." The framing that matters for buyers: 65–70% of production code is now AI-generated, nearly half of it contains vulnerabilities, and the agents shipping that code operate almost entirely outside traditional AppSec tooling.

Sonnet Code Editorial Team · 11 de mayo de 2026