Market Pulse
Reading the agent ecosystem through a practitioner's lens
Market Pulse
Reading the agent ecosystem through a practitioner's lens
When Governance Becomes a Control Point
Microsoft announced Agent 365 on November 18, positioning itself not as an agent builder but as the infrastructure layer every enterprise agent must flow through. Third-party agents from Adobe, ServiceNow, and Workday now appear automatically in Microsoft's centralized registry. Each needs an Entra ID identity to operate.
The competitive battleground just moved. When governance infrastructure becomes mandatory for operation, the question isn't who builds the most capable agent. It's who controls the layer that determines which agents can run at all—and what that control point means as agents embed deeper into how work gets done.
When Governance Becomes a Control Point
Microsoft announced Agent 365 on November 18, positioning itself not as an agent builder but as the infrastructure layer every enterprise agent must flow through. Third-party agents from Adobe, ServiceNow, and Workday now appear automatically in Microsoft's centralized registry. Each needs an Entra ID identity to operate.
The competitive battleground just moved. When governance infrastructure becomes mandatory for operation, the question isn't who builds the most capable agent. It's who controls the layer that determines which agents can run at all—and what that control point means as agents embed deeper into how work gets done.
The Approval Threshold Just Shifted
Finance teams are approving automation projects they rejected 18 months ago. Same use cases, same workflows, same requirements. The pitch didn't change. The business case didn't change. But the CFO questions flipped from "can we justify this?" to "can we afford not to?"
The economic equation shifted. Not compute costs—those have been dropping for years. Something else moved the approval threshold, and it moved hard enough that enterprises are running proposals they shelved in early 2023. The work that suddenly pays for itself reveals something about where the next six months are heading.
The Approval Threshold Just Shifted
Finance teams are approving automation projects they rejected 18 months ago. Same use cases, same workflows, same requirements. The pitch didn't change. The business case didn't change. But the CFO questions flipped from "can we justify this?" to "can we afford not to?"
The economic equation shifted. Not compute costs—those have been dropping for years. Something else moved the approval threshold, and it moved hard enough that enterprises are running proposals they shelved in early 2023. The work that suddenly pays for itself reveals something about where the next six months are heading.
Rina Takahashi
Rina Takahashi, 37, former marketplace operations engineer turned enterprise AI writer. Built and maintained web-facing automations at scale for travel and e-commerce platforms. Now writes about reliable web agents, observability, and production-grade AI infrastructure at TinyFish.
Surface Story, Deeper Pattern
When Tracking Agents Isn't Enough
Microsoft's Agent 365 launches this week with a registry of every agent running in your enterprise. Track what's deployed, monitor activity, catch shadow agents employees build without approval. When 230,000 organizations use Copilot Studio to build custom agents, centralized governance sounds necessary. But an agent can keep running, consuming resources, writing to dashboards while producing three-day-old data that looks current. Tracking agents isn't the same as understanding how they fail.
The Coordination Problem Governance Can't Solve
Three weeks before Microsoft launched its governance platform, 45 enterprise providers announced they're building something else entirely. The MACH Alliance isn't tracking agents centrally. They're creating protocols so agents from different vendors can coordinate across systems. Distributed collaboration instead of centralized control. But when agents from five vendors need to work together, and something breaks three steps into a workflow, the coordination layer can't tell you why. The web resists automation in ways protocols don't address.
When Tracking Agents Isn't Enough
Microsoft's Agent 365 launches this week with a registry of every agent running in your enterprise. Track what's deployed, monitor activity, catch shadow agents employees build without approval. When 230,000 organizations use Copilot Studio to build custom agents, centralized governance sounds necessary. But an agent can keep running, consuming resources, writing to dashboards while producing three-day-old data that looks current. Tracking agents isn't the same as understanding how they fail.
The Coordination Problem Governance Can't Solve
Three weeks before Microsoft launched its governance platform, 45 enterprise providers announced they're building something else entirely. The MACH Alliance isn't tracking agents centrally. They're creating protocols so agents from different vendors can coordinate across systems. Distributed collaboration instead of centralized control. But when agents from five vendors need to work together, and something breaks three steps into a workflow, the coordination layer can't tell you why. The web resists automation in ways protocols don't address.
When Tracking Agents Isn't Enough
Microsoft's Agent 365 launches this week with a registry of every agent running in your enterprise. Track what's deployed, monitor activity, catch shadow agents employees build without approval. When 230,000 organizations use Copilot Studio to build custom agents, centralized governance sounds necessary. But an agent can keep running, consuming resources, writing to dashboards while producing three-day-old data that looks current. Tracking agents isn't the same as understanding how they fail.
The Coordination Problem Governance Can't Solve
Three weeks before Microsoft launched its governance platform, 45 enterprise providers announced they're building something else entirely. The MACH Alliance isn't tracking agents centrally. They're creating protocols so agents from different vendors can coordinate across systems. Distributed collaboration instead of centralized control. But when agents from five vendors need to work together, and something breaks three steps into a workflow, the coordination layer can't tell you why. The web resists automation in ways protocols don't address.
Production Gap Reality Check
Microsoft announced Agent 365 last month, positioning it as the control plane for managing agents at enterprise scale. The pitch is elegant: extend your existing M365 infrastructure to agents. Use Entra for identity, Defender for security, Purview for compliance. No rebuilding required.
Except there's rebuilding required.
The platform is real, and the architectural thinking is solid. But "managing agents like users" glosses over what that actually means. You're not just flipping switches in your existing admin console. You're building governance infrastructure for entities that make decisions, access data, and take actions without human oversight.
Microsoft's own documentation lists the work: authentication models, conditional access policies, threat modeling, compliance frameworks, measurement systems. Their internal team admits they're "only at the beginning" of figuring out how to measure agent impact.
The control plane exists. The "just plug it in" part needs an asterisk.
Microsoft announced Agent 365 last month, positioning it as the control plane for managing agents at enterprise scale. The pitch is elegant: extend your existing M365 infrastructure to agents. Use Entra for identity, Defender for security, Purview for compliance. No rebuilding required.
Except there's rebuilding required.
The platform is real, and the architectural thinking is solid. But "managing agents like users" glosses over what that actually means. You're not just flipping switches in your existing admin console. You're building governance infrastructure for entities that make decisions, access data, and take actions without human oversight.
Microsoft's own documentation lists the work: authentication models, conditional access policies, threat modeling, compliance frameworks, measurement systems. Their internal team admits they're "only at the beginning" of figuring out how to measure agent impact.
The control plane exists. The "just plug it in" part needs an asterisk.
Manage agents using your existing M365 infrastructure. Entra handles identity, Defender monitors threats, Purview enforces compliance. No new systems to learn or deploy.
Early access only. You get architectural patterns and integration points, but significant configuration work remains. Authentication, access policies, and telemetry require custom implementation.
Documentation acknowledges "significant challenges" including tenant boundary respect, governed tool calls, and comprehensive monitoring. The turnkey experience requires substantial governance infrastructure you'll build yourself.
Raiffeisen Bank reports reduced complexity but needed multi-tenant governance architecture. Expect authentication models, threat assessments, compliance reviews, measurement frameworks, and change management across creator personas.
Real architectural progress on agent governance. Microsoft's extending proven enterprise patterns to a new problem. Just don't mistake "leverage existing infrastructure" for "no new work required."
Quiet Tech That Compounds
Foundation model releases generate headlines. Capability demos generate buzz. Meanwhile, the infrastructure that determines whether your agent runs reliably at 3am on a Tuesday gets built quietly.
Threading architectures that reduce CPU overhead. State management that survives session boundaries. Failover mechanisms that handle provider outages without application logic. The gap between demo and deployment lives here, in the boring optimizations that don't make good launch posts.
These developments compound over time. They're foundational work that lets you stop thinking about infrastructure and start shipping features. Not exciting. Just necessary.
Foundation model releases generate headlines. Capability demos generate buzz. Meanwhile, the infrastructure that determines whether your agent runs reliably at 3am on a Tuesday gets built quietly.
Threading architectures that reduce CPU overhead. State management that survives session boundaries. Failover mechanisms that handle provider outages without application logic. The gap between demo and deployment lives here, in the boring optimizations that don't make good launch posts.
These developments compound over time. They're foundational work that lets you stop thinking about infrastructure and start shipping features. Not exciting. Just necessary.