Microsoft’s next act in enterprise AI is no longer a distant thought experiment — it’s arriving as a packaged runtime, identity model, and marketplace for software entities that behave like employees, and the implications for IT, security, and licensing are profound and immediate. The company’s new Microsoft Agent Framework and the roadmap item for “Agentic Users” signal a shift from AI as a helper to AI as a first-class member of the workforce: agents with identities, calendars, mailboxes, and the ability to act autonomously inside Teams and Microsoft 365.
Background / Overview
Microsoft’s October 2025 reveal of the Microsoft Agent Framework publicly formalizes what the industry has been calling “agentic AI”: autonomous, goal-driven software entities that use language models as reasoning engines and call out to tools and services to complete tasks. The company positioned this framework inside Azure AI Foundry as an open-source SDK and runtime to build, observe, and govern fleets of cooperating agents at scale. The blog announcement lists public preview availability and describes standards support (Model Context Protocol, Agent-to-Agent), governance hooks, and integration points with Azure services. Concurrently, Microsoft’s product roadmap includes an entry titled “Microsoft Teams: Discovery and Creation of Agentic Users from Teams and M365 Agent Store,” slated for rollout in November 2025. That item describes a new category —
Agentic Users — that will appear like users in an organization’s directory, have dedicated access to systems, and be discoverable through an in-product Agent Store. The roadmap language explicitly says these agents “can attend meetings, edit documents, communicate via email and chat, and perform tasks autonomously.” Independent reporting and community posts have already flagged admin flows for approving agent templates, assignment of a potential agent license (appearing in some internal documents as “A365” or “Agent 365”), and tenant-level governance controls.
What exactly is the Microsoft Agent Framework?
A developer-grade runtime for multi-agent systems
The Agent Framework is described as a unified, open-source engine that merges orchestration, observability, and governance for multi-agent workflows. It aims to let developers:
- Build agents that use LLMs and other models as their reasoning kernels.
- Wire agents to tools and APIs (OpenAPI connectors, Microsoft Graph, enterprise data stores).
- Coordinate multi-agent interactions using Agent-to-Agent (A2A) patterns and the Model Context Protocol (MCP).
- Deploy and monitor agents from local development into Azure AI Foundry production runtimes.
Microsoft frames this as the missing “production fabric” for agentic applications: not just research orchestration but enterprise-grade lifecycle tooling (observability, logging, tracing, governance UI) so organizations can scale from prototypes to hundreds or thousands of agents.
Key technical capabilities (verified)
According to the public documentation and related Microsoft posts, the framework includes:
- An SDK and runtime to author agents and agent compositions.
- Integration with standards like MCP and A2A (so agents and tools from different vendors can interoperate).
- Observability and tracing primitives tailored to model-invoked actions (for audit trails and human-in-the-loop review).
- Paths to publish agents to a marketplace (the M365 Agent Store) and to bring Foundry agents into Microsoft 365 products with permissive admin approval flows.
These items are documented in Microsoft’s Azure AI Foundry blog and corroborated by independent reporting on the Agent Framework launch.
Agentic Users: Agents that look like people
Identity, presence, and productivity surfaces
What distinguishes Microsoft’s “Agentic Users” from prior bots is the decision to provision them as
user-like objects in tenant directories. According to roadmap entries and reporting, an Agentic User may receive:
- A directory entry in Entra ID / Azure AD.
- An email address and Teams account.
- The ability to join meetings, send messages, and appear on org charts.
- Managed lifecycle via the Microsoft 365 admin center and Copilot Control System.
That design makes agents much easier to adopt from an application standpoint: they can reuse existing permissions, group memberships, and application consent flows rather than requiring bespoke APIs or ephemeral tokens. Roadmap notes also indicate Entra-based authentication for agents and updated group-chat Entra workflows to allow apps and agents to authenticate inside Teams.
How they’ll be discovered and provisioned
Microsoft’s roadmap references an in-product
M365 Agent Store and Teams UX actions like “Add agents and bots” from the roster menu. Admin approval and tenant policies are front-and-center: previews of the admin experience show tenant owners approving agent templates and assigning required agent licenses before agents can be created or published internally. That governance model mirrors typical app-store flows but adds an IT-managed gate to agent creation.
Why this could matter to your company
1) Automation beyond scripts — agents that execute across systems
Agentic AI is more than content generation: an agent can set goals, call an ERP API to create a PO, email a vendor, log the action in a ticketing system, and retry if it fails — all in a fully orchestrated flow. That multiplatform capability is a game-changer for knowledge-work automation, where the bottleneck is often cross-system orchestration, not raw text generation.
2) Lower barrier to integration
Because agents will be able to take identity and standard enterprise permissions, IT teams can leverage existing access controls instead of building bespoke connectors for every bot. That both speeds deployment and imposes familiar lifecycle controls (access reviews, conditional access policies, audit logs).
3) Productivity and role redefinition
Microsoft and early partner case studies suggest large efficiency gains on repetitive tasks (meeting summarization, report generation, ticket triage). The notion of agents as “team members” reframes job design: leaders may hire fewer people for certain tasks and instead curate agent fleets, while humans focus on judgment, oversight, and domain expertise.
The strengths of Microsoft’s approach
- End-to-end platform: Microsoft combines Azure compute, GitHub developer workflow, Copilot Studio, and Microsoft 365 surfaces, reducing friction between prototype and production. This integrated stack is a real advantage for enterprise clients already invested in the ecosystem.
- Standards-first interoperability: Support for MCP and A2A reduces vendor lock-in and makes it feasible to combine agents from multiple vendors.
- Governance baked into tooling: Admin approval flows, tenant-level reporting, and agent usage analytics suggest Microsoft understands the governance and compliance challenges that come with autonomous software.
- Developer productivity: Copilot Studio and GitHub integrations aim to let non-expert teams build agents with prompt-first workflows, lowering the bar for business units to ship agent-based automations.
The major risks and practical concerns
1) Licensing and cost predictability (unverified details)
Multiple reports and community posts reference an
A365 or “Agent 365” license block and warn that Microsoft may charge per-agent licenses or apply consumption-based Copilot credits to agent actions. Those claims are still partially speculative: Microsoft’s official public docs confirm agent objects and admin controls, but the final licensing model, pricing, and accounting for “agent consumption” have not been fully published in public pricing pages. Enterprises should treat the current A365 claims as
tentative until Microsoft publishes consolidated licensing and billing guidance. Caution: vendor and community leaks indicate possible consumption-based scenarios that will make forecasting costs difficult when agents act autonomously and at scale. Until Microsoft publishes concrete pricing, FinOps teams must plan for surges and validate pilot metrics carefully.
2) Agent sprawl and governance overhead
If agents are as easy to create as Microsoft intends, organizations may rapidly accumulate dozens or hundreds of specialized agents — each with entitlements, API keys, and audit traces. Without strict naming policies, lifecycle management, and cost governance, agent sprawl can create security exposure and ballooning spend. Analysts already warn that controlling this “agent inventory” will require new SAM (Software Asset Management) and FinOps practices.
3) Data governance and compliance
Agents acting autonomously will access and propogate tenant data across services. While Microsoft emphasizes tenant-bound data policies and Copilot Controls, organizations must still design data-handling, retention, and human-approval checkpoints for agents that handle regulated data (healthcare, finance, government). Existing compliance controls will need agent-aware extensions: consent, least privilege, and logging policies tailored to non-human actors.
4) Trust, accuracy, and operational risk
Autonomous agents inherit the classic LLM problems: hallucination, contextual drift, and brittle integrations. When agents make decisions or perform actions — sending emails, creating contracts, or changing ledgers — the cost of a mistake is high. Organizations must embed validation layers, robust test harnesses, and human-in-the-loop signoffs for high-risk operations. Microsoft’s framework offers observability tooling, but operational processes are still the customer’s responsibility.
Practical steps for IT leaders and architects
- Inventory your use cases and classify risk.
- Identify low-risk, high-value pilot candidates (meeting summarization, file triage, simple ticket routing).
- Start a controlled pilot with explicit guardrails.
- Use Copilot Studio / Foundry to build a single purpose agent, bound to a test tenant and monitored closely.
- Implement agent lifecycle governance from day one.
- Define owner, naming conventions, access reviews, and automated deprovisioning.
- Prepare FinOps for usage variability.
- Model consumption at multiple scales and agree internal budgets for agent run-time before wide rollout.
- Extend your SIEM and audit posture for “non-human” actors.
- Ensure agent actions are logged coherently and tie back to directory identities for audit and remediation.
Licensing, the elephant in the room (what we know and what we don’t)
- What we know: Microsoft has announced agent objects, admin approval flows, and reporting for agent usage inside the Microsoft 365 admin center; Entra authentication support for agents and bot authentication in group chats has been added to roadmap items. These are documented in Microsoft’s roadmap and admin-center feature notes.
- What we don’t have confirmed publicly: definitive price lists and the final mechanics for billing agent actions. Community reporting and licensing specialists have flagged possible “A365” or “Agent 365” license markers in internal screenshots, but Microsoft’s public pricing pages do not yet publish a final A365 SKU or a complete Copilot-credit mapping for agent consumption. Enterprises must treat these as reports and community findings rather than confirmed product terms. Budget conservatively and ask Microsoft Sales for explicit contractual terms before scaling.
How vendors and partners fit into the picture
Microsoft’s Agent Framework is explicitly designed to be open and interoperable. Partners like GitHub, ISVs, and systems integrators are positioning to offer:
- Pre-built industry agents (finance reconciliation, claims processing).
- Agent templates in partner catalogs, available via the M365 Agent Store.
- Managed agent operations (AgentOps) services that handle lifecycle, compliance, and cost optimization.
This partner ecosystem will be crucial for organizations that lack internal AI engineering capacity. But it also raises supply-chain questions: who is responsible when a partner-built agent takes an action that causes loss or regulatory breach? Contractual clarity and robust SLAs will become central to procurement.
A measured conclusion: opportunity without complacency
Microsoft’s Agent Framework and the “Agentic Users” roadmap entry usher in a new operational model for enterprise IT: fleets of autonomous software colleagues that behave like users. This is an enormous productivity opportunity — agents can compress workflows, automate cross-system orchestration, and deliver measurable time savings — but it’s also an operational and financial inflection point that requires disciplined governance.
- Opportunity: Rapid automation of routine work, lower integration friction via directory-backed agents, and a unified developer-to-production pipeline in Azure AI Foundry.
- Risk: Unclear final licensing/pricing, potential for agent sprawl, compliance exposures, and the operational hazards of autonomous actions. Treat current A365 / Agent-licensing discussions as provisional until Microsoft’s official commercial terms are published.
For IT leaders, the practical path is straightforward: experiment with tightly scoped pilots, build governance into the pipeline, and involve procurement and legal early to clarify licensing and liability. When agents are first-class identities inside your tenant, the controls you already use for humans must be extended to them — quickly and deliberately.
The agent era is arriving with both an engineering foundation and a business model. Organizations that prepare for lifecycle governance, cost visibility, and human oversight will gain the advantage; those that treat agents as toys risk unexpected spend and operational surprises. Microsoft has given enterprises the tools to build a new kind of workforce — the remaining work is organizational.
Source: Softonic
Microsoft wants to launch new AI agents that could change everything in your company - Softonic