Microsoft adds security controls for AI agents inside Microsoft 365
Microsoft made three tools generally available on 2 June. Agent 365 SDK gives developers observability, access controls, and compliance hooks. Windows 365 for Agents runs agents inside isolated Cloud PCs. The Agent Registry now supports over 20 local agent types with Intune policies. Purview runtime data-loss prevention for agent prompts moved into preview. Advanced hunting features for agents remain in preview and need extra licensing. The changes target companies that want to run agents against company data without building separate security layers.
Before these releases, any team wanting to run an agent against Outlook, SharePoint, or Teams data had to decide between weak controls or no controls at all. Most chose the second option and kept using ChatGPT or Claude outside the tenant. Now the controls exist inside the Microsoft 365 boundary, but they still require an admin to switch them on and a clear rule on which tasks justify the setup. Without that rule, the new tools change nothing for day-to-day users who already hesitate over prompt safety.
Analysis
Treat the new controls as a gate, not an invitation. Choose one repeatable task your team already does in Microsoft 365, list the files and mailboxes it touches, then ask your admin to enable the matching Purview and Intune policies before any agent is allowed near it.
Pulse published by Collab365 Spaces. Cite as "Microsoft adds security controls for AI agents inside Microsoft 365", Collab365 Spaces. 1 source referenced.