Microsoft Agent 365 Just Became the Most Powerful AI Security Control Plane – Here’s What’s New in June 2026 + Video

Listen to this Post

Featured Image

Introduction:

The enterprise AI landscape is undergoing a seismic shift as autonomous agents proliferate across organizations, creating unprecedented security, governance, and visibility challenges. Microsoft’s June 2026 updates to Agent 365 transform it from a simple management console into a comprehensive security control plane that brings local agents, ecosystem partners, and AI development workflows under unified enterprise governance. With local agent discovery, Microsoft Execution Containers (MXC), expanded Purview Audit coverage, and Entra ID Governance for partner agents, Microsoft is delivering the centralized control that security teams have urgently needed to tame the growing chaos of agent sprawl.

Learning Objectives:

  • Master the Agent 365 registry to discover, observe, and govern both cloud-based and local AI agents across your entire enterprise ecosystem
  • Implement Microsoft Execution Containers (MXC) for OS-level sandboxing and runtime containment of untrusted AI agent code
  • Configure Microsoft Purview Audit and Microsoft Defender to monitor, detect, and block malicious agent behavior in real time
  • Leverage Agent 365 Skills and the Model Context Protocol (MCP) to accelerate secure agent onboarding and development workflows
  • Deploy Entra ID Governance and Conditional Access policies to enforce Zero Trust principles on ecosystem partner agents

You Should Know:

  1. Agent 365 Registry and Local Agent Discovery – Bringing Shadow AI into the Light

The June 2026 update introduces local agents directly into the Agent 365 registry, marking a pivotal shift in how organizations discover and manage AI agents. Previously, security teams could only see agents deployed through Microsoft’s cloud services. Now, any local AI tool—whether it’s Claude Code, GitHub Copilot CLI, OpenAI Codex, or OpenClaw—running on an endpoint can be automatically discovered, registered, and governed through the Agent 365 control plane.

This capability addresses the critical challenge of “agent sprawl,” where hundreds or thousands of individual AI tool installations operate without oversight. When an agent is discovered, it receives a Microsoft Entra Agent ID—a first-class identity that inherits your organization’s authentication, authorization, and policy enforcement frameworks. Every agent action becomes auditable, traceable, and subject to the same governance controls as human users.

Step‑by‑Step: Discover and Register Local Agents

1. Install the Agent 365 CLI (cross-platform):

  • Linux/macOS:
    curl -L https://aka.ms/agent365-cli/install.sh | bash
    
  • Windows (PowerShell):
    irm https://aka.ms/agent365-cli/install.ps1 | iex
    

2. Authenticate to your Microsoft 365 tenant:

agent365 login --tenant <your-tenant-id>

3. Scan for local agents on the endpoint:

agent365 agent discover --local --scope endpoint

This command identifies all AI tools (Claude Code, GitHub Copilot CLI, OpenClaw, etc.) running locally and reports them to the Agent 365 registry.

  1. Register a discovered agent with Entra Agent ID:
    agent365 agent create --1ame "SalesReasoningAgent" \
    --description "Enterprise sales qualification assistant" \
    --identity-type EntraAgentID
    

    This provisions an Entra Agent ID, generates a client secret, and outputs the agent’s unique `agentId` and tenantId.

  2. Verify registration in the Microsoft 365 admin center:

– Navigate to Admin > Agent 365 > Agent Registry to view all registered agents in a unified dashboard.

  1. Microsoft Execution Containers (MXC) – OS-Level Sandboxing for AI Agents

Microsoft Execution Containers (MXC) is arguably the most significant security announcement in the June 2026 update. Now in Public Preview, MXC provides a cross-platform, policy-driven execution layer that enforces OS-level sandboxing for AI agents on Windows and Windows Subsystem for Linux (WSL). The core philosophy is powerful: instead of trying to make AI models “behave,” MXC ensures that even if an agent misbehaves, it cannot cause damage.

MXC uses a composable sandbox architecture with multiple isolation backends—process isolation for lightweight containment, VM isolation for hardware-backed separation, and micro-VM for high-risk workloads. GitHub Copilot CLI already uses MXC process isolation to limit what AI-generated code can access and execute. Every MXC session can be bound to an Entra identity, enabling organizations to enforce least-privilege access, audit all agent activity, and manage policies through Microsoft Intune.

Step‑by‑Step: Implement MXC for an AI Agent

1. Install the MXC SDK (TypeScript):

npm install @microsoft/[email protected]

2. Create an MXC policy file (`policy.json`):

{
"version": "1.0",
"containment": {
"intent": "process",
"restrictions": {
"filesystem": ["readonly:/tmp", "deny:/etc"],
"network": ["allow:.microsoft.com", "deny:"],
"process": ["deny:exec"]
}
},
"identity": {
"type": "EntraAgentID",
"agentId": "<your-agent-id>"
}
}

3. Run an agent within MXC containment:

mxc run --policy policy.json --command "node agent.js"

This executes the agent in a sandboxed environment with the defined restrictions.

4. Apply MXC constraints via Intune:

  • Navigate to Microsoft Intune > Devices > Configuration profiles
  • Create a new profile for Windows 10 and later
  • Under Administrative Templates > Windows Components > Microsoft Execution Containers, configure the MXC policy
  • Assign the profile to devices running AI agents

5. Monitor MXC activity in Microsoft Defender:

  • Enable Security for AI agents in the Defender portal
  • Navigate to AI real-time protection & investigation to view MXC-contained agent activity
  1. Microsoft Purview Audit for AI Agents – Full Visibility into Agent Actions

The June 2026 update expands Microsoft Purview Audit coverage to include GitHub Copilot CLI, Claude Code, OpenAI Codex, and OpenClaw. This means every interaction—from user prompts to tool invocations to data access—is now captured, correlated with identity, and made auditable. Security teams can trace activity from the original user request through agent execution and subsequent actions, providing complete forensic visibility.

Purview integration also applies sensitivity labels, data loss prevention (DLP) rules, and compliance workflows to every agent action. This ensures that agents handling sensitive business data are subject to the same protections as human users.

Step‑by‑Step: Enable Purview Audit for AI Agents

  1. Ensure Agent 365 is connected to Microsoft Purview:

– Navigate to Microsoft Purview compliance portal > Solutions > Audit
– Verify that Agent 365 appears under Connected sources

2. Enable audit logging for specific agent platforms:

 PowerShell - Enable audit for GitHub Copilot CLI
Set-ComplianceSearch -Identity "GitHubCopilotCLI" -Enabled $true

3. Search audit logs for agent activity:

Search-UnifiedAuditLog -StartDate (Get-Date).AddDays(-7) -EndDate (Get-Date) -Operations "AgentAction"

4. Create a DLP policy for agents:

  • Navigate to Purview > Data Loss Prevention > Policies
  • Create a new policy targeting Agent 365
  • Define rules for sensitive data types (e.g., credit card numbers, PII)
  • Set actions: Block or Alert when agents attempt to exfiltrate sensitive data
  1. Agent 365 Skills and MCP – Accelerating Secure Agent Development

Agent 365 Skills, now available to accelerate agent onboarding, embed enterprise-grade controls directly into developer workflows. Developers using Claude Code, GitHub Copilot CLI, or VS Code agent mode can now build agents that automatically inherit identity, observability, access controls, and compliance enforcement.

The Model Context Protocol (MCP) server wraps the Microsoft Graph API, providing access to thousands of Microsoft 365 endpoints through a standardized interface. This enables agents to securely interact with calendars, mail, Teams, SharePoint, and other Microsoft 365 services with proper authentication and authorization.

Step‑by‑Step: Onboard a Custom Agent Using Agent 365 Skills

1. Install the Agent 365 Skills SDK:

npm install @microsoft/agent365-skills

2. Create a skill definition (`skill.json`):

{
"name": "CalendarSkill",
"version": "1.0.0",
"capabilities": ["graph.calendar.read", "graph.calendar.create"],
"mcp_servers": ["calendar", "mail", "user"],
"observability": {
"enabled": true,
"otel_endpoint": "https://otel.monitor.azure.com"
}
}

3. Register the skill with Agent 365:

agent365 skill register --file skill.json

4. Integrate the skill into your agent code:

import { Agent365Skill } from '@microsoft/agent365-skills';

const skill = new Agent365Skill('CalendarSkill');
await skill.initialize();
const events = await skill.invoke('graph.calendar.read', { 
startDate: '2026-07-10', 
endDate: '2026-07-17' 
});

5. Test locally using AgentsPlayground:

agent365 playground --skill CalendarSkill
  1. Microsoft Entra ID Governance for Ecosystem Partner Agents

The June 2026 update brings Entra ID Governance to ecosystem partner agents, enabling organizations to discover, deploy, and manage third-party agents with the same rigor as internal ones. Partners including Adobe, Box, Canva, Celonis, Figma, and many others are now integrated into the Agent 365 ecosystem.

Every agent created through partner platforms automatically receives a governed Microsoft Entra Agent ID, appears in the admin center, and inherits identity, compliance, and observability controls. Organizations can now enforce Conditional Access policies, integrate with Privileged Identity Management (PIM), and apply the same security controls to partner agents as they do to internal agents.

Step‑by‑Step: Deploy and Govern an Ecosystem Partner Agent

  1. Discover partner agents in the Microsoft 365 admin center:

– Navigate to Admin > Agent 365 > Ecosystem Partners
– Browse available partner agents and agent factories

  1. Deploy a partner agent (e.g., Adobe Marketing Agent):

– Select the agent from the catalog
– Click Deploy and follow the configuration wizard
– The agent automatically receives an Entra Agent ID

3. Apply Conditional Access policies:

 PowerShell - Create Conditional Access policy for partner agents
New-AzureADMSConditionalAccessPolicy -1ame "BlockPartnerAgentsFromExternal" \
-Conditions @{Applications=@{IncludeApplications="All"}} \
-GrantControls @{BuiltInControls="Block"} \
-Assignments @{Users=@{IncludeUsers="All"}}

4. Review agent activity in the Agent Map:

  • Navigate to Admin > Agent 365 > Agent Map to visualize agent interactions across your ecosystem
  1. Expanded Microsoft Graph API Support for Agent Management

The expanded Graph API support enables programmatic control over agent lifecycle management. IT admins can now automate bulk agent management, streamline onboarding, and integrate governance into existing workflows. The Graph API endpoints allow organizations to query the agent registry, update agent properties, and monitor operational activity at scale.

Step‑by‑Step: Automate Agent Management with Graph API

1. Authenticate to Microsoft Graph:

 PowerShell - Get access token
$token = Get-AzAccessToken -ResourceUrl "https://graph.microsoft.com"

2. Query the agent registry:

 List all registered agents
Invoke-RestMethod -Uri "https://graph.microsoft.com/beta/agentRegistry/agents" `
-Headers @{Authorization = "Bearer $($token.Token)"}

3. Create a new agent programmatically:

$body = @{
displayName = "AutomatedSupportAgent"
description = "AI support agent for IT tickets"
identityType = "EntraAgentID"
} | ConvertTo-Json

Invoke-RestMethod -Method Post -Uri "https://graph.microsoft.com/beta/agentRegistry/agents" `
-Headers @{Authorization = "Bearer $($token.Token)"; "Content-Type" = "application/json"} `
-Body $body

What Undercode Say:

  • Agent sprawl is the new shadow IT. The June 2026 updates directly address the visibility gap that has plagued enterprise AI adoption. Local agent discovery and registry sync mean security teams can finally see every AI tool running in their environment, closing the detection gap that attackers could exploit.

  • Containment beats prevention. MXC represents a fundamental shift in AI security philosophy—instead of relying solely on model alignment and prompt filtering, Microsoft is building OS-level guardrails that limit damage even when agents behave unexpectedly. This defense-in-depth approach is essential for autonomous agents that generate code and take actions at runtime.

  • Governance is the gatekeeper for enterprise AI. By making Entra ID Governance and Purview Audit the foundation of Agent 365, Microsoft ensures that agents inherit the same security posture as users and applications. Organizations can now treat agents as first-class principals in their Zero Trust architecture.

  • The developer experience matters for security. Agent 365 Skills embed security controls directly into developer workflows, reducing the friction that often leads to security bypasses. When security is built into the development process rather than bolted on afterward, adoption increases and risks decrease.

Prediction:

  • +1 The June 2026 updates position Microsoft Agent 365 as the de facto standard for enterprise AI governance, creating a moat that will be difficult for competitors to overcome. Organizations already invested in Microsoft 365 will adopt Agent 365 rapidly, accelerating the consolidation of AI security tools.

  • +1 MXC will become the industry benchmark for AI agent containment, similar to how AppContainer and sandboxing became standard for web browsers. Other cloud providers will be forced to develop comparable OS-level isolation capabilities to remain competitive.

  • -1 The complexity of implementing MXC, Purview Audit, and Entra ID Governance across diverse agent ecosystems will create a significant skills gap. Security teams will need substantial training and upskilling to effectively manage the new control plane, potentially slowing adoption in the short term.

  • -1 As agent discovery becomes more comprehensive, organizations will uncover a staggering number of unmanaged AI tools—potentially thousands per enterprise. This “agent shock” will initially overwhelm security teams and require significant remediation efforts before the full benefits of Agent 365 can be realized.

  • +1 The ecosystem partner integrations will drive rapid innovation as third-party vendors build on the Agent 365 platform. This will create a virtuous cycle where more agents lead to better governance, which in turn enables more agent deployments—accelerating enterprise AI adoption while maintaining security and compliance.

▶️ Related Video (70% Match):

https://www.youtube.com/watch?v=_AbcvGfP-eI

🎯Let’s Practice For Free:

🎓 Live Courses & Certifications:

Join Undercode Academy for Verified Certifications

🚀 Request a Custom Project:

Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands

IT/Security Reporter URL:

Reported By: Markolauren Whats – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow UndercodeTesting & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin | 🦋BlueSky