Agents can now have their own identity, email, OneDrive and Teams accounts, and collaborate just like coworkers.

Microsoft Agent 365 lets you onboard agents, give them the policies and knowledge they need, and let them work in parallel with you to handle tasks like procurement, approvals, research, and updates using the same Microsoft 365 tools you already rely on. 

As your use of agents grows, keep full visibility and control. See what they've worked on and understand their impact across your organization as an agent manager.

If you're in IT, you have full visibility and control over access permissions and agent relationships. You can manage all agents from a single unified control plane with the same tools you use now to manage users.

Jeremy Chapman, Microsoft 365 Director, shares how you can adopt autonomous agents at scale across your organization.

Agents that work alongside you. 

Assign tasks and get full visibility into what they have worked on using Microsoft 365 tools like Teams and OneDrive. See it here with Microsoft Agent 365.

Automate workflows. 

Agents access your data and tools to execute complex tasks. Take a look at Microsoft Agent 365.

Understand agent impact. 

Map their actions, connections, and interactions in Microsoft 365 workflows. Get started using Agent 365.

QUICK LINKS:

00:00 — Microsoft Agent 365 

01:04 — Agent capabilities 

02:48 — Visualize the agent’s impact 

03:23 — How it works 

04:48 — Agent 365 control plane 

07:31 — Zero in on risks 

08:18 — Agent map 

09:10 — Wrap up

Unfamiliar with Microsoft Mechanics? 

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. 

• Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
• Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
• Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social: 

• Follow us on Twitter: https://twitter.com/MSFTMechanics 
• Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
• Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
• Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

---

Video Transcript:

-What if an AI agent was truly autonomous, working independently alongside you, with its own email and OneDrive account, capable of joining Teams meetings and conversations to get work done? It means, as a user, you can onboard and manage agents with a unique identity, the right information access, and skills to work on your behalf. These agents can perform the tasks that you define, working autonomously and work with you using the same managed apps and services in Microsoft 365 that you use. And as an IT admin, you have granular control over what agents can do, and knowledge sources they can access. Along with end-to-end visibility into agents in your environment, no matter where they’re created. In fact, with the Agent 365 control plane, we’re extending the same familiar administrative surfaces that you use now to manage people for full visibility, control, and management of agents, while introducing new capabilities. 

-So, first, let’s start by looking at what Agent 365 can do from a business user’s perspective. In this case, a coworker has created a procurement agent. And our IT team has approved it, and made it available in our company’s agent store. Now, as a procurement manager, I can find the agent and also set it up with just a couple of clicks. Then once it’s up and running, it contacts me in Teams and asks what I’d like it to do and which tasks to perform. As a procurement agent, it recommends that I give it supplier policies, approved supplier lists, and a procurement playbook. So I’ll do that here with my Teams policy guidelines and just type, use this policy guide for your actions. And then / reference my Zava procurement file. 

-Now the agent has what it needs to start working. For interoperability with me, other people, and other agents, it has its own suite of Microsoft 365 apps and a unique account to work on its own. In fact, as an order request comes in from a customer for new laptops, the agent reasons over that request using the instructions I provided. And it can also use contextual business information across Microsoft 365 with Work IQ to find these suppliers, their SLAs, pricing from recent orders, and related documents. Based on the fulfillment time, it even recommends a supplier and asks me if it should proceed. Once I confirm, it creates the purchase order for the laptops and logs that into our purchasing tracker Excel spreadsheet in SharePoint. And right from the comments, like I would at mention any coworker, here I’ve at mentioned the procurement agent for status updates. Agent 365 also makes it easier to visualize the agent’s connections, activities, and impact. 

-As a business user, you can see details about the agent, who it’s managed by, its skills, and what it works on in the agent card. You can also see where it fits in the organization, and who it frequently interacts with. Then in the agent activity view, you’ll find its recent sessions with details on actions performed. And clicking into any session activity expands on what was done, the information that was used, and the steps performed to complete its tasks. This is a fully autonomous agent with everything it needs to be effective. In fact, let’s break down the mechanics of how the agent was able to do what it did when it used the Agent 365 control plane. 

-The first behind the scenes, once created, the IT approved agent is assigned its own identity in Microsoft Entra and granted access to specific knowledge sources. It’s provided with its own email, calendar, OneDrive, and Teams account, and other services in Microsoft 365. Importantly, it’s also connected to Work IQ, which provides the agent with additional context that’s specific to the jobs it’s performing and the activities by people and other agents around it. But has what it needs to interop with you in the tools that you use every day to get work done. 

-Importantly, because it runs on the Agent 365 control plane, it works according to your organization’s security and compliance requirements. For example, least privilege access control ensures that the agent can only access defined content, and nothing more. Also, access can be blocked in real-time based on Conditional Access policies that you have in place. Integrated data security prevents data loss, adhering to your protection policies as it works. And there are also safeguards to keep the agent resilient to targeted attacks. That’s how agents can be onboarded and how they work. Next, as an IT admin, Agent 365 gives you more visibility and control to manage the breadth of agents in your environment, let me show you. 

-The Agent 365 control plane in the Microsoft 365 admin center provides an overview of all agents in your organization, with a breakdown by publisher and platform. You can also see whether they were built internally using Copilot Studio, Microsoft Foundry, non-Microsoft platforms, and more. As well as how they’re being used. Below that are recommended top actions to take control, so that you can prioritize your time. Next, to see all of your agents in one place, there’s a complete registry, which pulls in details for security risks, activities, and agent performance into one view. Each agent has comprehensive details. In addition to configuration options, like the data and tools it can access. Information stores it can read from, provisioned compute, graph connectors, tools, and knowledge sources. Then security and compliance provides all of the details for enabled policies with that agent across Microsoft Purview, Microsoft Entra, and Defender. 

-Next, in permissions, it goes a step further to display which memberships it has across groups and teams, applications it can access, the SharePoint sites it can use. And detailed permissions across graph API calls. Finally, activity displays information about the agent usage, exceptions and active users. And before agents are available for people to use, as an admin, you’re in full control of validating and approving which agents will appear in your organization’s agent store, here’s how. 

-From requests, you can review agents submitted for approval. For example, drilling into this product backlog agent, you can check its configurations, the data it can access, security and compliance protections. And the detailed permissions requested. If everything checks out, you can approve and activate the agent. Then select the right users and groups to access it. In this case, I’ll just keep Mona Kane as the requester. From there, I can apply uniform guardrail policies using customizable templates, like this one, to restrict content sharing. These policy templates leverage Microsoft Entra for access controls, Microsoft Purview to secure data. As well as SharePoint policies, like this one, to enforce specific restrictions on external sharing at the agent level. 

-Then I can just review and accept the permissions for the agent, and finally confirm to grant access to its requester. Next, for your running agents, as we saw in the Agent 365 overview, the service automatically and continuously evaluates potential agent risk to alert you of any actions to take. Here, I can zero in on agents with risks. For example, I can see that this comms agent has two risks identified. And when I dig in to see why, it looks like this agent has abnormal sign-in frequency, and was accessed by a user flagged as risky. It’s possible that their account was compromised. And in these cases, Microsoft Entra Conditional Access will automatically block risky agents from accessing resources. And as an admin, you can also block the agent right from here. So it’ll be disabled immediately for current users, and won’t be discoverable for new users. 

-Those were single agent operations, but as more agents enter your agent ecosystem with connections to other agents, tools, and knowledge sources, you can see these relationships using the Agent Map. This helps you visually map all agents in your environment across platforms. Importantly, you can see agent connections and multi-agent workflows. Then quickly spot alerts, like this one, for high exception rates. Then drill into view its details, and also take necessary actions. And while today I focused on the experience in the Microsoft 365 admin center, the Agent 365 control plane extends to role-specific views for agents in Microsoft Entra for agent identity and access management, Microsoft Purview for data security protections. And Microsoft Defender for threat detection, investigation, and response. 

-And that’s how the new Agent 365 gives you a single control plane to manage agents within the same familiar admin experiences that you’re using today. To get started, from the Microsoft 365 admin center, make sure the Frontier Program is enabled for early access to new AI capabilities. Keep watching Microsoft Mechanics for the latest updates, and thanks for watching.

Our dynamic four-part webinar series, Agentic AI + Copilot Partner Skilling Accelerator, empowers you to harness the Microsoft AI ecosystem to unlock new revenue streams and enhance customer success. Across the four sessions, Microsoft partners can expect to learn how to apply AI tools in no-code, low-code, and pro-code scenarios to build intelligent chat and workflow solutions, extend and customize capabilities, and create advanced, custom AI functionality.

Don't miss the final session in the series, Building Agents with Microsoft Foundry and Microsoft Foundry Agent Service, where you'll learn how to design and deploy intelligent agents with Microsoft Foundry and Microsoft Foundry Agent Service, including multi-agent architectures and key protocols such as A2A and MCP.

The live virtual event is scheduled for December 15, 2025.

Register today to reserve your spot!

Be sure to follow this Partner news blog for all partner related announcements by clicking follow above!

Microsoft 365 Copilot brings a new way of working to your organization, but unlocking its full potential takes more than just turning it on. Most users have worked a certain way without AI their entire career, so they have adopted non-AI habits and routines for how their work gets done. With Copilot, you are asking them to essentially unlearn those non-AI habits and build new ones with Copilot.

That’s where The Great Copilot Journey comes in. This program is designed to help organizations and individuals build lasting Copilot habits through simple, daily nudges that show what’s possible with Copilot in a low-lift, easy-to-follow way.

What is the Great Copilot Journey?

The Great Copilot Journey is a structured, habit-building program that delivers daily or weekly prompts to help users practice and explore Copilot in real-world scenarios. It’s available for both Microsoft 365 Copilot and Copilot Chat, making it easy for teams to learn how Copilot can streamline tasks, spark creativity, and boost productivity.

Here’s how it works:

• Daily or weekly prompts: Users receive currently 30, soon 50 bite-sized and fun prompts that encourage users to try Copilot in their flow of work every day.
• Value- and benefit-based: All prompts and notifications focus on the value and benefits users can get out of using Copilot in a fun, low-lift way. The daily nudges take less than 2 minutes to read and understand.
• Quick delivery: The program is designed to be quickly set up and anyone can implement it, from business users to enablement teams.
• Built for scale: Whether you’re a small team or a global enterprise, the program is available in various formats to give you the flexibility you need.

Read more about how the Great Copilot Journey works for Microsoft 365 Copilot and for Copilot Chat, and learn how the program has driven real Copilot usage impact for teams across Microsoft.

How to bring the Great Copilot Journey to your organization

There’s no one-size-fits-all approach, so we have developed various ways for you to execute the Great Copilot Journey in a way that works best for your organization:

A) Download the email templates

Download the ready-to-use OFT files, and then simply open the email templates in Outlook, add your recipients and schedule the emails. That’s it. Setup takes about 20 minutes. And the best part? Anyone with access to Outlook can do this. Whether you’re a champion, a business user or an enablement lead, these email templates are for you.

• Download the templates for Microsoft 365 Copilot in English, Chinese (China), Chinese (Taiwan), French, German, Italian, Japanese, Korean, Portuguese
• Download the templates for Copilot Chat in English, Chinese (China), Chinese (Taiwan), French, German, Italian, Japanese, Korean, Portuguese

B) Automate with the Power Automate flow

If you have access to Power Automate, you can automate the delivery of the daily prompts with this pre-built flow and SharePoint. Simply follow the setup instructions for Microsoft 365 Copilot or Copilot Chat, and start sending the daily notifications through Teams. Read more about how it works in this blog.

C) Send organizational messages

Organizational messages let you quickly send the Great Copilot Journey to selected user groups via email, Windows Spotlight, Task Bar, Notification Center, and Teams Popovers. You can roll it out company-wide or target only teams in specific departments or locations.

Through the Microsoft 365 admin center, six pre-made messages are available for Microsoft 365 Copilot, allowing you to send weekly notifications designed to enhance users' in-product experience. Dismissed or missed prompts can be resent to ensure all users receive the notifications.

Simply go to the Copilot Onboarding Hub in the Microsoft 365 admin center, click on the “Kickoff the Great Copilot Journey” tile, select the template you want to use and customize it as needed, then set your recipients and schedule the message. Your messages are now ready to be sent.

D) Opt users into emails from Microsoft

If you’re new to Copilot and are looking for a more hands-off approach, opt your new users in to receive the Great Copilot Journey emails directly from Microsoft. This will automatically send your users five weekly emails: The first email welcomes users with an introduction to Copilot, and emails 2 through 5 dive straight into the prompts of the Great Copilot Journey.

Admins can enable this experience in the Microsoft 365 Admin Center. Go to Settings > Org settings > Services > Microsoft communications to users. Check the checkbox to allow users in your organization to receive emails from Microsoft and click ‘save changes.’

Don’t worry, your users remain in control and can opt out of receiving these emails at anytime through the unsubscribe link in any of the emails.

E) Set up through Viva Amplify

Viva Amplify is a great way to execute the Great Copilot Journey across various channels, like Teams, emails, SharePoint and Viva Engage, all in one fell swoop. Simply go to Viva Amplify, click “create a campaign,” select “pre-built campaign” and open the Copilot deployment kit. Customize your settings and start your campaign. This may take a moment as the system loads all the templates, but once ready, open the campaign brief and follow the instructions to set up your daily notifications.

Ready to start your journey?

Whether you choose email templates, automation, or Microsoft-managed delivery, the goal is the same: help your people build Copilot habits that stick. Start your journey today!

November was an exciting month for Microsoft Entra customers, with news of significant enhancements to strengthen your security posture in the AI era. Our announcements included:

• New capabilities for managing, governing, and protecting agents with the public preview of Microsoft Entra Agent ID, part of the new Agent 365 control plane for agents;
• Security Copilot inclusion in Microsoft 365 E5 subscription, which ensures more admins can utilize Copilot in Entra and the four new Microsoft Entra agents;
• The Microsoft Entra Suite public preview of Prompt Shield, enabling you to protect enterprise GenAI apps against prompt injection attacks; and
• The public preview of synced passkeys and self-service account recovery for all authentication methods in Microsoft Entra, making it easier for end users to embrace phishing-resistant authentication.

For more details, check out Joy Chik’s blog post and watch the recordings of our breakout sessions from Microsoft Ignite. 

This article shares security improvements and innovations across Microsoft Entra from October and November 2025, organized by product.

Microsoft Entra ID

New releases

• Granular, Least-Privileged Permissions for UserAuthenticationMethod APIs

Change announcements

Security improvements

Jailbreak Detection in Authenticator App

[Action may be required]

What is changing?

 Starting February 2026, we'll introduce Jailbreak/Root detection for Microsoft Entra credentials in the Authenticator app. This update boosts security by disabling Microsoft Entra credentials on jail-broken or rooted devices, wiping any existing credentials automatically. It applies to both iOS and Android, requires no admin setup, and does not affect personal or third-party accounts.

Action required

Notify end users about this upcoming change. Authenticator will become unusable for Microsoft Entra accounts on jail-broken or rooted devices. For more information, read About Microsoft Authenticator.

Block External Script Injection in Microsoft Entra ID Sign-in

[Action may be required]

 What is changing?

 In November 2025, Microsoft Entra ID rolled out a stricter Content Security Policy (CSP) for browser-based sign-ins on login.microsoftonline.com. This update blocks unauthorized scripts and only allows scripts from trusted Microsoft domains, enhancing protection against cross-site scripting (XSS) attacks.

Action required

Admins should ensure that no browser extensions or tools inject scripts into the sign-in experience. Any existing tools that do so must be replaced, and sign-in flows should be tested to identify and fix violations.

Update to Revoke Multifactor Authentication Sessions

[Action may be required]

What is changing?

 Starting February 2026, we are replacing the current Revoke multifactor authentication sessions button with the Revoke sessions button in the Microsoft Entra portal. The legacy Revoke MFA sessions action only applies to per-user MFA enforcement, which has led to confusion. To simplify and ensure consistent behavior, the new Revoke sessions button will invalidate all user sessions, including MFA, regardless of whether MFA is enforced via Conditional Access or per-user policies.

Action required

Admins should update workflows and guidance to use Revoke sessions instead of Revoke MFA sessions. The Revoke MFA sessions option will be removed from the portal after this change.

Microsoft Entra ID Governance

New releases

• Conversion of external users to internal members
• Ability to convert Source of Authority of synced on-premises AD groups to cloud groups
• New SCIM 2.0 SAP CIS connector available, with support for group provisioning
• Support for eligible group memberships and ownerships in Entitlement Management access packages
• Reprocess failed users and workflows in Lifecycle Workflows
• Groups Purview sensitivity label support in Lifecycle Workflows
• Trigger workflows for inactive employees and guests in Lifecycle Workflows

Change announcements

Identity Modernization

Retirement of Iteration 2 (beta) Privileged Identity Management (PIM) API  

[Action may be required]

What is changing?

Iteration 2 (beta) PIM API for Azure resources and Microsoft Entra roles is deprecated and will stop returning data on October 28, 2026.

Action required

Migrate to the Iteration 3 (GA) APIs:  

• Begin migration planning and testing as soon as possible.
• Halt any new development using Iteration 2 APIs.
• Review documentation for Iteration 3 APIs to ensure compatibility.

Learn more: 

• Migrate from PIM iteration 2 APIs to PIM iteration 3 APIs
• API concepts in Privileged Identity management - Microsoft Entra ID Governance | Microsoft Learn
• Privileged Identity Management iteration 2 APIs

Microsoft Entra External ID

New releases

• External ID regional expansion to Australia and Japan
• Seamless setup experience for Azure Monitor/Sentinel with external tenants
• Sign up Fraud Protection with Arkose Labs and HUMAN Security for Microsoft Entra External ID
• Edge protection using Cloudflare and Akamai WAF for Microsoft Entra External ID

Global Secure Access

New releases

• GSA + Netskope ATP & DLP integration
• Microsoft Entra Internet Access TLS Inspection

 

-Shobhit Sahay

 

Learn more about Microsoft Entra

Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.

• ⁠Microsoft Entra News and Insights | Microsoft Security Blog
• ⁠⁠Microsoft Entra blog | Tech Community
• ⁠Microsoft Entra documentation | Microsoft Learn
• Microsoft Entra discussions | Microsoft Community 

 

Why This Partnership Matters 

You’re not just working on a project, you’re building a product with real potential. 
GitHub and Replit give you the tools to iterate quickly, refine your build, and act on the customer insights and market guidance you’ll get from Imagine Cup mentors and industry experts.: 

GitHub: Build With Confidence 

• Tap into the world’s largest open-source community (180M+ developers) 

• Write and refine code with GitHub Copilot 

• Access the Student Developer Pack: GitHub Pro, partner tools, and more 

• Work on a platform trusted by top engineering teams 

Replit: Build With Speed 

• An AI-powered, in-browser workspace 

• Prototype, test, and publish instantly 

• Chat naturally with AI to generate and improve your code 

• Infrastructure ready to scale as you grow 

GitHub gives you collaboration and clarity. 
Replit gives you speed. 
Imagine Cup gives you purpose, mentorship, and a global stage. 

What Participants Receive 

Semifinals Advantage: Technical Depth + Meaningful Visibility 

Teams that move into the Semifinals unlock support designed to help them strengthen their product, refine their build, and move closer to product–market fit: 

• Technical clinics that go deeper into GitHub and Replit, helping teams sharpen their architecture, unlock advanced capabilities, and elevate their solution. 

• Global visibility through GitHub’s social channels, amplifying semifinalists’ work to a worldwide community of developers and innovators. 

Continued Replit Support Beyond Semifinals 

Replit extends its support as teams advance, ensuring momentum doesn’t stop after one round: 

• Top Launch winner: An additional 3 months of Replit Teams + $1,000 in credits to keep building. 

• Top 3 Scale startups: 6 more months of Replit Teams + $5,000 in credits per team to support growth. 

• Imagine Cup World Champion: Another 6 months of Replit Teams + $5,000 in credits, enabling the winning team to push their product even further. 

What This Means for Student Founders 

You’ll build with tools used by the best. 
You’ll move faster than ever. 
You’ll learn from people who’ve already done it. 
And you’ll get visibility across massive global communities. 

This is what happens when speed meets support, and when ambition meets opportunity. 

Ready to take your build further? 
Register for Imagine Cup and start creating something the world needs next. 

 

In this post I share how the Lead Essentials Main Composition module helped me connect architecture, testing, modularization, and CI/CD into a more practical way of building scalable iOS apps.