How to build a governance framework for AI agents in Microsoft 365

AI agents are quickly becoming the next wave of automation inside Microsoft 365, answering questions, automating workflows, and helping teams move faster.

For IT, that power comes with a new challenge. Without the proper guardrails, agents can expose sensitive data, automate the wrong things, carry out business actions or make decisions without oversight, and turn audits into a significant challenge.

In a ShareGate webinar, Microsoft MVP Antonio Maio walked through how organizations can secure, manage, and govern AI agents across Microsoft 365—from identity and data controls to lifecycle management and visibility.

Here’s what you need to know before AI agents start multiplying across your tenant.

But first, what is an AI agent in Microsoft 365?

As Antonio puts it:

“The word ‘agent’ has almost become a synonym for app. But what we're really talking about is an application that serves some business purpose and which uses some form of AI to perform its tasks.”

In Microsoft 365, those “tasks” can look different depending on the agent. Some agents act like chatbots answering questions. Others automate business workflows. Some work as personal productivity assistants—triggered manually, scheduled to run, or even operating on their own. In some cases, they can even help make business decisions.

That range of use cases is exactly what makes agents powerful. But it also means they need the proper governance, security, and management controls so organizations can benefit from AI without introducing new risks.

‍

👉TIP: M365’s governance tooling for AI agents is still evolving. Even with Microsoft’s built-in controls, IT teams should expect to combine monitoring, manual processes, and third-party solutions. A strong governance strategy is key.

‍

What counts as an AI agent in Microsoft 365?

In the Microsoft ecosystem, the term covers several types of agents that can be created across different tools. Here are the four main types of agents you might come across:

1. SharePoint agents
2. Agent Builder agents (previously called Copilot Studio Lite)
3. Copilot Studio agents
4. Microsoft AI Foundry agents

Some are easy enough for anyone to build. Others are meant for more advanced use cases. For example, SharePoint agents and Agent Builder agents are easier for business users to create, while Copilot Studio and AI Foundry agents are more on the advanced side.

‍

AI agents are powerful, but they introduce new governance risks

For years, IT teams have been managing app governance, Power Platform governance, SharePoint governance, and other controls across Microsoft 365. Policies, permissions, lifecycle processes—it’s mostly familiar territory, right?

But AI agents are different. They might look like just another type of application, but according to Antonio, orgs need to think about things like:

• Agent identities: Agents can have their own identities, making identity management and hygiene even more important.
• Reasoning over data: Agents can analyze information and generate new outputs or insights.
• Agent lifecycle: Like traditional apps, agents should follow a lifecycle, including design, approval, publishing, monitoring, and retirement.
• Access to sensitive data: Agents can pull information from the data sources they’re connected to, based on the permissions available to them.
• Autonomous actions: Agents can operate with minimal human supervision, which calls for more rigorous oversight to test, validate, and monitor those autonomous actions.
• Business decisions: In some scenarios, agents can make business decisions on behalf of users or teams, which raises the need for stronger testing and governance.

Every AI agent needs a lifecycle (even the simple ones)

AI agents should be governed like any other application in your Microsoft 365 environment. That means thinking about the full lifecycle of the agent, from the moment it’s designed to the point it’s retired.

The key lifecycle stages to plan for:

• Design
• Approval
• Publishing
• Operation and monitoring
• Retirement

‍

Governance decisions can be applied to each stage. For example:

• Who is allowed to create agents?
• Do agents need approval before publishing? If so, who approves them, especially for more advanced agents?
• What environments should they run in?
• Who manages connector access or credentials to specialized connectors?
• How will agents be shared across the organization?

‍

Another factor to consider is where agents come from. In Microsoft 365 environments, you might work with agents from a few different sources, and each one should be reviewed and tested before rollout:

• First-party agents built and published by Microsoft
• Second-party agents built internally
• Third-party agents built by external publishers

‍

‍

Who should be allowed to build AI agents?

Once organizations start experimenting with agents, one of the first governance questions is: who should be allowed to build them?

The answer isn’t always “only IT.” In many cases, organizations will want to encourage innovation by letting business users create simple productivity agents.

Understand key roles and responsibilities

In an AI agent governance framework, different roles are responsible for building, approving, and overseeing agents across the organization.

Some agents could be simple tools created by individual users, while others are more complex solutions that need oversight from IT or security teams. Because of that range, Antonio recommends defining clear roles so organizations know who manages the lifecycle of each agent and who is responsible for governance decisions.

‍

Roles involved in managing AI agents

‍

These roles form the foundation of a governance framework. Without clearly defined responsibilities, it becomes challenging to manage agents consistently as adoption grows.

‍

👉TIP: Not every AI agent needs the same level of oversight. Governance should match the risk level of the agent, not just the fact that it’s AI.

‍

For example, a simple productivity agent used by one employee might not need the same approval process as an enterprise agent that accesses sensitive data or automates business workflows.

To help organizations manage this, Microsoft recommends a zoned governance model. This model groups agents based on their complexity, risk level, and business impact.

The zone governance model for AI agents

‍

Build guardrails for identity, data, and security

Defining roles and lifecycle processes is a good start. But governance frameworks can’t live on process alone. AI agents also need guardrails.

Antonio highlighted several controls that help organizations reduce risk while still allowing employees to experiment with agents.

^{Microsoft MVP Antonio Maio walks through how to block anonymous agents in the Power Platform admin center. Check out more tips by watching the full webinar on demand.}

‍

• Blocking anonymous agents. A recommended first policy is blocking the connector “Chat without Microsoft Entra ID authentication in Copilot Studio.” This prevents agents from being used without authentication.
• Power Platform DLP policies. Used to control which connectors agents are allowed to use. Connectors can be categorized as business, non-business, or blocked, helping define which data sources agents can access.
• Runtime protection for agents. Copilot Studio monitors agents for policy compliance, authentication issues, threats, and content moderation concerns. Agents may appear with statuses such as Protected, Needs review, or Unknown.
• Sensitivity labels and data protection. Microsoft Purview sensitivity labels help protect sensitive content. Copilot and agents respect these labels, and generated content inherits the highest sensitivity label from the data used to create it.
• Auditing and logging. Microsoft 365 audit logs capture both maker activities (like creating or modifying agents) and user interactions with agents, supporting security monitoring and investigations.

‍

^{Microsoft MVP Antonio Maio on how to turn on auditing and logging for agents in the Power Platform admin center. Check out more tips by watching the full webinar on demand.}

‍

Putting a governance framework into practice

To recap, building a governance framework for AI agents doesn’t rely on a single tool or policy. Instead, it combines several components that work together.

A practical framework usually includes:

‍

Your AI agents questions, answered

The webinar sparked a lot of questions about how to govern AI agents in real environments. With a topic this new and evolving so quickly, it’s impossible to cover everything in a single 1-hour session!

So to keep the conversation going, we’ve gathered a few of the questions attendees raised during the webinar, along with Antonio’s answers—to help clarify some of the governance considerations organizations are starting to face as AI agents become more common.

‍

How can I measure the value of AI agents?

Measuring value is still an evolving area. Today, organizations can look at usage metrics such as how often an agent is used, the number of prompts submitted, and response trends over time.

Another approach is simply asking users. Surveys, feedback loops, and adoption programs can help organizations understand which agents people actually find useful in their day-to-day work.

What’s the best way to manage environments for building agents?

Environment management can become complex, especially in Power Platform where many different artifacts are created.

While every user can have their own development environment, Antonio recommends managing environments more deliberately. For example, organizations can create dedicated environments for agents that need specialized data access and use Power Platform capabilities like environment routing to organize and control them.

If an agent uses my SharePoint data and I share it, does it run with my permissions?

No. Agents don’t impersonate the person who created them. Instead, they run using the identity of the person interacting with the agent. If someone doesn’t have permission to access the data the agent relies on, the agent won’t be able to access that content either.

Should agents be allowed to make business decisions automatically?

It depends on how the agent is designed, but Antonio recommends keeping humans involved in those decisions.

While an agent could technically make a decision and act on it, introducing a human approval step helps reduce risk. Especially for critical business processes.

‍

‍

‍