In-Depth

AI Agents Taking Over the World?

At Ignite 2025, Microsoft laid out an aggressive vision for AI agents across productivity, identity, security, and device management. This deep dive examines what that shift means in practice, from new agent governance in Entra and Purview to real-world cost, control, and dependency concerns for IT teams.

• By Paul Schnackenburg
• 01/08/2026

Microsoft's Ignite conference was held recently and it's clear that Microsoft is betting big on AI agents "taking over the (business) world." In this article I'll look at the highlights and lowlights, from my perspective as an IT Consultant who has SMB clients that rely on Microsoft services for productivity and cybersecurity protection. These are things that stood out to me -- your mileage may vary.

Agents & AI Is the New Shiny
Having missed the internet, and the smartphone tech waves, I think Microsoft is desperate not to miss the next "big thing." And they're taking it really seriously, not only rolling out feature after feature to help you deploy AI chat and agents everywhere, but also making sure that the visibility, governance and guard rails that businesses crave are right there when you need them. A prediction from Gartner mentioned frequently was that there will be 1.3 billion AI agents by 2028.

It starts with Agent 365, an umbrella term for several different services in existing parts of Microsoft's stack. First is support for agents in Entra ID through a new type of account. We've had user accounts, groups and devices, along with applications since day one. Now agents get their own type of account because none of the others match what agents need. This covers all three variations of AI agents: those that assist you to do work, those who do it for you, and those agents that work autonomously with other agents and tools. When you create an agent in Copilot Studio or Microsoft Foundry, they automatically get an agent ID, and you can programmatically assign an ID to any agent you have, but there will be more work to do for Microsoft to get other agent providers onboard.

There's also a new agent registry in Entra, today you can register any agent with it, but if it doesn't have an agent ID it can't query information about other agents, something I suspect will be crucial for autonomous agents to be able to function and discover other agents that it can ask for help. Agent IDs are based on Blueprints, like templates for a particular type of agent, which you can assign permissions to, which all the agents based on that blueprint inherits. You can also disable all instances of an agent if it's found to be misbehaving, through its blueprint. Each blueprint can have 250 instances, and an application that can create blueprints can also create a maximum of 250 blueprints in a tenant.

Furthermore, agents can be governed using Conditional Access policies, the same tool we use to manage user, device and application access. You can create a CA policy targeting all agents, or specific ones, select a risk level, and block access. Licensing required hasn't been revealed yet, I hope it'll be part of Entra ID P2, and not a separate license add-on like Conditional Access for applications is.

The second part of Agent 365 is in the M365 admin center, with a new section that includes All agents: a list of all agents from Microsoft and third parties that you could deploy to Copilot, Teams, Office or Outlook. There's a graphical map of the agents as well, and a Catalog to see the details of each agent. With the right policies in place, your users can request access to agents which you can also allow or block here.

The third part of Agent 365 is in Purview, where you can gain visibility, apply governance, and data loss prevention for AI and agent interactions.

Finally, Defender XDR also has a new blade for AI agents under Assets which brings the ability to see all AI agents and spot risky or misconfigured ones and collects data from Copilot Studio which can be used in Advanced Hunting. There's some setup required.

Note that many of these features are in preview and you light them up by joining your tenant to the Frontier program.

On the developer side, in what was Azure AI Foundry, now Microsoft Foundry, has added a Control Panel to gain visibility, apply quality, safety and security controls to your custom-built agents.

New Agents Everywhere
OK, that's how to secure and govern agents, are there any new ones? Sure, here's a list of the ones revealed at Ignite:

• Conditional Access Optimization Agent, (not new, we've had it for a while, but it's been improved with staged rollout of new policies, and ingestion of custom policy guidance).
• Access Review Agent. Managers might be tasked with evaluating whether particular users should still have access to applications / Teams or SharePoint sites -- now they can do it in Teams, with guidance from an agent, using natural language.
• Identity Risk Management Agent. Built on top of Identity Protection (part of Entra ID P2 licensing) this agent identifies risks around user identities and gives a set of recommendations.
• Application Lifecycle Management Agent. Apps registered in Entra carry a lot of potential risk and this agent helps you manage these, from discovery and risk remediation to decommissioning.

In Defender XDR we now have:

• Threat Intelligence Briefing Agent, available both stand-alone and embedded in Defender XDR this agent helps you prepare TI briefs for different audiences.
• Dynamic Threat Detection Agent, deals with the issue of false negatives, signs of malicious activity in your logs that didn't trip an alert by analyzing this data in the background and raising an alert if a threat is identified.
• Phishing Triage Agent, analyzes a user submitted phish email to determine if it's a false positive or really a threat, learns and adapts to your environment.
• Threat Hunting Agent, provides a "vibe hunting" experience -- describe what your hypothesis is, it generates the KQL and runs the queries that you can then continue to narrow down using natural language. I tested this during private preview, and it's extremely useful for us non-KQL experts.

Intune has:

• Vulnerability Remediation Agent, uses data from Defender Vulnerability management to prioritize patching across your fleet based on business risk.
• Change Review Agent, you can use this agent to evaluate the impact of requests before approval.
• Policy Configuration Agent, helps you import a reference baseline or policy document and convert them to Intune configuration policies.
• Device Offboarding Agent, finds device accounts that were removed from Intune but are still present in Entra ID.

And Purview offers:

• Data Security Triage Agent, can be used across both DLP and Insider Risk Management to analyze and prioritize alerts, helping analysts focus on the most important ones first.
• Data Security Posture Agent, helps you find sensitive data across your estate using natural language.

There are also 57+ third party agents in the new Security Store, and you can build your own agents using natural language, or code if desired. A small improvement (that doesn't rely on an agent), but which will have a huge impact is Analyst Notes where Security Copilot automatically shadows analysts as they investigate an incident, and when it comes time to document what you did -- it's all there and ready to go.

All of these agents rely on Security Copilot being configured and supplied with Secure Compute Units (SCUs). One big improvement is the inclusion of SCUs in Microsoft 365 E5 (not A5 or G5) licensing to open up usage of these agents to more businesses. The inclusion is the number of licenses you have, divided by 2.5, so a tenant with 1000 E5 licenses will get 400 SCUs per month. Apart from this being a good inclusion (and a great sales tool for more SCUs), it also moves SCU provisioning from a "per hour" to a per month usage model, which is probably even more significant. I hope that Microsoft extends this so that you can buy "packs" of SCUs per month -- I can definitely sell my SMB clients on say 15 SCUs per month ($ 60), as opposed to 720 SCUs (1 per hour for 30 days) at $2,880.

Windows
Hardware accelerated BitLocker encryption offloads the encryption / decryption to modern CPUs increasing performance and lowering the risk. Coming in 2026 Sysmon from Mark Russinovich's Sysinternals suite of tools will be built into Windows 11 / Windows Server 2025 out of the box, alleviating the need to deploy it and keeping it up to date. Sysmon has an interesting history, Mark originally created it years ago when Microsoft was investigating advanced attacks by Russia and weren't able to collect the information they needed from their endpoints. Sysmon can collect all telemetry log data from a Windows endpoint that you want.

Windows will soon support Passkey managers such as 1Password and bitwarden on top of the built in one, and Entra ID will support synced passkeys to password managers. Taking a step back -- Passkeys are the future of both consumer and business authentication, combining the phishing resistance of FIDO keys, and the convenience of smartphones. Up until now however, you could only use Passkeys when authenticating to Entra using the Microsoft Authenticator app, and the Passkey was bound to that device. If a user lost it, or bought a new phone, a new registration was required. Now you can apply policies in Entra to continue that high level of security for administrative accounts, while allowing ordinary users to store their Passkeys in Apple's password manager, Google's equivalent, or third-party password managers. The result is that a new phone will automatically sync the users Passkeys and they can seamlessly sign in.

Hotpatching is easy to set up and will patch your eligible Windows devices two months out of three, without requiring a restart, providing an improved end user experience.

Windows 365 Reserve lets you set up Cloud PCs that are ready for users to connect to when their own device(s) are unavailable for some reason (up to 10 days), provided they have some other device that they can connect to it with.

Defender XDR & Sentinel
Defender for Endpoint (MDE) is getting a unified installer that'll work on all platforms, and the list of supported platforms now include Windows 7 and Windows Server 2008 R2 (yes, that's correct, OSs that haven't been supported by Microsoft for many years are still hanging around in enterprises apparently). Advanced MDE shops can now pick custom data to collect from endpoints.

My favorite feature in Defender XDR is automatic attack disruption which stops ransomware, Business Email Compromise, Attacker in the Middle, and other attack types automatically. They revealed that it protected over 450,000 user accounts and 270,000 device accounts in 480,000 attacks in the last six months and that the average time to disrupt ransomware is 3 minutes. Apart from adding more types of attacks it handles, and being able to take automated attack disruption action in AWS, the big evolution here is predictive shielding. Using the underlying graph database that powers Exposure Management in Defender XDR once an attack is identified and blocked, it then looks at the most likely pivot point the attacker will take next and proactively hardens those paths, for example by disabling "boot to safe mode" on those devices (it's a popular way for attackers to install malware / compromise systems by restarting them in less protected safe mode) or blocking Group Policy abuse.

Sentinel now comes with an MCP server and a built-in data lake for exploration of data through semantic search, and it offers a set of custom tools, you can also use Jupyter notebooks on top of the data lake.

Baseline Security Mode is another quiet reveal that I suspect will have a positive impact for IT and cybersecurity, a built in way to apply policies and check current tenant configuration against best practices across Entra ID, Exchange Online, M365 Apps, SharePoint and Teams. This will allow MSPs and businesses to apply configuration across workloads from a single console, without having to rely on third party products to do it.

Licensing -- Good News / Bad News

Features from Intune suite are now included in Microsoft 365 E3 and E5 licensing at no extra cost. On the other hand, that cost is going up across the board for M365 licensing from the 1st of July 2026.

Technology? Nah -- It's All Marketing Bro

I'm not alone in this insight, but as a long-time attendee of various Microsoft TechEd (the predecessor to the Ignite name) and Ignite conferences, the last decade has seen a huge shift from technical to marketing content. I'm sure many presenters from Microsoft at Ignite wouldn't agree but that's because they've all got "marketing" in their titles.

The origins of these conferences were to spread the technical know-how to deploy, configure and maintain complex technology solutions, evidenced by the number of non-Microsoft presenters, some of them part of the Microsoft Valuable Professional (MVP) program. Presenters were often deeply technical, sharing insights from the field that were extremely valuable to IT Pros in the trenches. The Ignite 2025 speaker directory lists 1468 people, with 47 mentioning MVP in their bios (but not working for Microsoft), that's 3.2%.

That deep technical content is gone. I've watched 35+ sessions so far and they've all been delivered by Microsoft's own marketing people, over half of them augmented by bringing in a few people from enterprise companies at the end, who rave about the new tech and what it's done for their company (social proof). It's all very slick, but the technical depth is not there.

Don't get me wrong -- of course Microsoft can do whatever they want at their conference, but don't shell out the conference fee, travel and accommodation costs and expect deep technical knowledge sharing. At its core I think this is because of the marketing function taking over at Microsoft, and ultimately, I suspect it's going to come back and bite them, because either the tech is good enough or not in the real world, and no amount of polishing it up to look prettier than it is will cover that up.

The only type of conferences that don't have this sheen nowadays seem to be cybersecurity ones -- after all you can't put a marketing sheen on a compromised root shell.

Conclusion
There's no doubt that Microsoft is going all in on agents, both for user productivity in Copilot across Office 365 and for IT administration and security. Time will tell what the uptake is, but I can't help but think that everyone is going to become reliant on these agents in Intune, Entra, Purview and Defender to the point where the tools won't be as useful if you can't afford Security Copilot.

I barely scratched the surface of the governance tools here, but Microsoft are serious about building features into Purview, Defender etc. to enable enterprises to adopt AI and agents with the control they require.

Oh, and pour out one for "Contoso" -- for as long as I can remember Microsoft's fictitious company in demos and training material, which has been replaced by "Zava" -- RIP Contoso.