An agent monitoring competitor pricing across 50 regional hotel sites starts failing. Not crashing—failing quietly. It's still running, consuming resources, writing data to dashboards. But the data's three days stale because authentication broke on a German property site that changed its login flow. The agent kept trying, kept logging errors no one monitored, kept producing output that looked valid until someone made a business decision based on outdated pricing.

Governance becomes necessary when agents fail in ways that look like success. Microsoft's Agent 365 launch this week matters more than the announcement suggests. When 230,000 organizations use Copilot Studio to build custom agents, and 42% of enterprises plan to build over 100 agent prototypes, tracking what's running becomes table stakes. Understanding why agents fail while appearing to succeed—that's the harder problem.

Microsoft's platform provides a registry, access control, and monitoring across agents from Adobe, Cognition, Databricks, Glean, ServiceNow, and Workday. Every agent gets a unique identity. IT can see what's running, who built it, what permissions it has. The system even uses AI to discover "shadow agents"—the ones employees spin up without approval—and identify "orphaned agents" that keep running after their creator moves on.

Centralized tracking assumes agent behavior is knowable through monitoring. That works for agents operating within controlled environments: internal systems with APIs, documented authentication, predictable responses. Then you hit agents operating on the open web, where each platform Microsoft monitors has fundamentally different failure modes. A ServiceNow agent breaks differently than an agent scraping regional e-commerce sites. ServiceNow has APIs, structured responses, predictable authentication. Web scraping agents face bot detection that varies by geography, session management that breaks across regional domains, site structures that change without notice, A/B tests that show different layouts to different users.

Operating web agents at scale means learning that visibility and understanding aren't the same thing. You can track that an agent is running. You can log that it's making requests. You can monitor resource consumption. Knowing why it's producing stale data requires understanding the specific ways web automation breaks:

• Authentication flows that redirect differently by region
• Rate limits that trigger after unpredictable thresholds
• CAPTCHAs that appear based on behavior patterns you can't fully control

The environment is adversarial by design. Sites don't want to be automated. They change specifically to break automation. They deploy bot detection that adapts to patterns.

62% of practitioners cite security as their top challenge, and 49% struggle with data governance. Governance is clearly necessary. Whether centralized tracking can handle the complexity of what agents actually do in production—that's where the architecture gets tested.

When Microsoft projects 1.3 billion agents by 2028 (from Microsoft-sponsored research, so treat as planning assumption), even automated governance faces infrastructure depth requirements most platforms aren't acknowledging. How do you monitor millions of agents without the monitoring system becoming a bottleneck? How do you store and query that activity data? How do you alert on anomalies when normal behavior varies wildly, not just across agent types, but across the thousands of sites each agent might interact with?

The platform Microsoft built uses agents to govern agents. Not ironic—the only architecture that scales. But it reveals a dependency chain: you need reliable agents to govern unreliable agents. You need observable infrastructure to make agent behavior visible. You need error handling sophisticated enough to catch when governance agents themselves fail.

The governance conversation tends to focus on agent proliferation. Agents proliferate, yes. But web complexity multiplies faster than governance infrastructure can track. Every site an agent touches is a potential failure point with its own authentication requirements, its own rate limits, its own ways of detecting and blocking automation.

Agent 365 represents Microsoft's recognition that governance can't be manual. The platform's architecture assumes the hard part is tracking agents centrally. Operating web agents at scale suggests something different: the hard part is understanding what's actually happening when agents interact with thousands of sites that don't want to be automated. Governance that doesn't account for web-specific complexity can track agents perfectly while missing why they're failing in ways that look like success.