Hightouch's $150M Raise Signals the End of Human-Run Marketing Campaigns

On May 1, 2026, Microsoft made Microsoft 365 Copilot and Agent 365 generally available for enterprise customers worldwide. The governance layer for AI agents — tools that let IT administrators inventory, monitor, and enforce policies on AI agents running inside the enterprise — shipped as part of the GA release, included in existing Microsoft 365 E3 and E5 plans.

The launch was covered primarily as a Microsoft 365 feature release. That framing misses the strategic significance. Microsoft is not shipping an AI assistant upgrade. It is shipping the control plane for the enterprise AI agent ecosystem — a system designed to govern not just Microsoft's own agents but agents from any vendor running in the enterprise environment.

This is the same move Microsoft made with Active Directory in the late 1990s: build the identity and authorization infrastructure that every application in the enterprise has to integrate with, and then own the governance layer for everything that runs on top of it.

What Agent 365 Actually Does

The Agent 365 dashboard, accessible through Microsoft Admin Center, provides four core capabilities that address the immediate enterprise AI governance gap.

Agent inventory automatically discovers AI agents registered in the Microsoft ecosystem, including third-party agents connected via the Microsoft Graph API. When an employee signs up for a third-party AI tool that integrates with Microsoft 365, it appears in the inventory. This is the shadow AI detection feature that enterprise CISOs have been asking for since ChatGPT launched in late 2022. For the first time, IT has a systematic answer to the question: what AI tools are running in our environment, and what data can they access?

Policy enforcement lets administrators set granular policies at the agent level — which users can access which agents, what data sources agents can read, whether agent outputs can be exported outside the tenant, and whether specific agents are allowed at all. Policies are enforced at the Microsoft Entra ID (formerly Azure Active Directory) identity layer, which means they apply regardless of what endpoint the agent is accessed from. An employee accessing a sanctioned AI agent from a personal device still gets the same policy enforcement as from a corporate device.

Usage analytics provide aggregate data on agent utilization, including which departments are using which agents, usage frequency, and where the agent supports it, outcome tracking. This feeds the ROI conversation that IT departments need to have with executive leadership when justifying AI spend — and increasingly, when justifying AI governance infrastructure spend.

Audit logging creates a tamper-resistant log of all agent actions within the tenant, including which user triggered the agent, what data the agent accessed, and what the agent output was. This is the compliance feature that makes Agent 365 viable for regulated industries operating under the EU AI Act, HIPAA, and SOC 2 requirements. Without auditable agent logs, regulated companies effectively cannot deploy AI agents in their core workflows.

The Control Plane Problem Nobody Was Solving

Before Agent 365, enterprise IT had no systematic answer to the agent sprawl problem. The typical large enterprise in 2025 had between 15 and 40 distinct AI tools in active use across the organization — most of them adopted bottoms-up by individual teams without formal IT review. Security teams could block access to specific domains at the network level, but this was a game of whack-a-mole: block Cursor and the engineering team finds a workaround; block Jasper and the marketing team switches to a different AI writing tool.

The fundamental problem with network-layer blocking is that it addresses symptoms instead of root causes. The enterprise does not actually want to prevent employees from using AI tools — it wants to ensure that AI tools accessing sensitive data are reviewed, that their behavior is auditable, and that access can be revoked quickly when a security incident occurs. Network blocking cannot achieve any of those three goals.

Agent 365's integration with Microsoft identity is the structural fix. Rather than blocking tools at the network edge, it manages access at the identity layer. If an agent is not registered in Agent 365's inventory with approved scopes, it still runs — but it cannot access Microsoft Graph data, which means no calendar, no email, no Teams, no SharePoint. For knowledge work agents that need organizational context to be useful, that is a hard constraint that makes the governance incentive self-enforcing.

Agent Sprawl: The Numbers

The AI agent sprawl problem is worse than most CIOs publicly acknowledge. Microsoft's enterprise customer telemetry data, shared at Ignite 2025, showed that the average Microsoft 365 enterprise tenant had 31 distinct AI tools making API calls to Microsoft Graph — a figure that had grown from 8 tools eighteen months earlier. Only 11 of those 31 tools had been formally reviewed and approved by IT.

The time-to-revoke metric is the one that matters most for incident response. When an AI agent is compromised — either through a malicious actor obtaining the agent's credentials or through the agent vendor suffering a security breach — the enterprise needs to be able to cut off that agent's access to internal data immediately. Waiting hours to manually remove a service account is not acceptable for an agent that has calendar, email, and document access for 50,000 employees.

How Agent 365 Works: The Architecture

Agent 365 operates at the Microsoft Entra ID layer. Understanding the enforcement architecture clarifies both its strengths and its limits.

1. Agent registration Any AI agent that requests Microsoft 365 permissions must be registered as an application in Entra ID. This was technically required before — Microsoft Graph API access requires OAuth consent — but enforcement was inconsistent and individual users could consent to broad permissions without IT review. Agent 365 adds a mandatory governance overlay: IT administrators can require that all agents go through formal review before consent is granted, rather than individual users consenting autonomously with full tenant data access.

2. Scope-limited tokens When an agent is approved, IT defines the exact Microsoft Graph scopes it is permitted to request. An AI email assistant gets mail read/write access. A scheduling agent gets calendar access only. An agent that requests broader permissions than its approved scope has the token request denied at the Entra layer — the enforcement is automatic and does not require a human to review individual API calls.

3. Conditional access for agents Using the same conditional access policies that govern human user access, IT can require that agents only run from approved networks, approved devices, or during business hours. An AI agent that has been granted access to financial data should not be querying it from a personal laptop at 2am from an unrecognized location — the same conditional access logic that would block a human user in that scenario now applies to agents.

4. Cross-cloud governance via connector The Agent 365 connector framework extends governance to non-Microsoft agents. AWS Bedrock agents, Google Vertex AI agents, and OpenAI-based agents can be registered in the Agent 365 inventory if they implement the Microsoft connector specification. Governance policies then apply at the connector boundary — the agent can only access Microsoft data through the connector, which enforces the approved scopes.

5. Real-time policy enforcement Unlike batch-processed compliance tools that surface violations in reports, Agent 365 enforces policies in real time at the API call level. When a user's employment is terminated, their agents immediately lose access — not at the next batch sync. When an agent is suspended pending a security review, its tokens are revoked within seconds. This is the operational requirement that makes governance meaningful rather than theoretical.

Enterprise Deployment Playbook

For enterprise IT teams deploying Agent 365, the implementation sequence that minimizes disruption while maximizing governance coverage:

1. Run discovery mode for 30 days before enforcing anything Agent 365's inventory feature has no enforcement component by default — it observes and catalogs without blocking. Run it in this mode for 30 days before activating any enforcement policies. The inventory will surface every agent making Graph API calls. Map them to owning teams and use cases before restricting anything. Blocking an agent that a finance team has built a month-end workflow around the week before enforcement goes live is an incident that sets back the entire governance program.

2. Risk-tier your agent inventory Categorize discovered agents by data access scope. Agents with read access to email and calendar are higher risk than agents that only access public SharePoint content. Agents with write access — that can send email, create calendar events, or modify files — are highest risk. Prioritize formal review for high-scope agents first and move sequentially down the risk tiers.

3. Communicate before restricting The most common Agent 365 deployment failure mode is IT surprise-restricting agents that business units have built workflows around. Agent 365's primary value is visibility and policy management, not prohibition. Most agents can be approved quickly once IT understands the use case and data access pattern. Frame the governance program as "we are making your AI tools official and protected" rather than "we are auditing your AI usage."

4. Build the approval workflow into your change management process Agent 365 has a built-in request-and-approval workflow that users can trigger when they want to adopt a new agent. Wire this into your existing IT service management system (ServiceNow, Jira Service Management) so requests do not fall into an unmonitored queue. Establish a published SLA: 5 business days for standard-scope agents, 15 business days for agents requesting elevated access. Missing that SLA drives shadow adoption.

5. Enforce MFA at the consent point for high-privilege agents Agents with write access to email, calendar, or SharePoint should require an additional MFA step at the consent grant. This prevents phishing-based consent attacks, where a user is tricked into granting a malicious agent access to their Microsoft 365 data through a spoofed consent screen.

The Competitive Threat to Adjacent Vendors

Agent 365's general availability creates a genuine strategic problem for several categories of enterprise software vendors that have been building in the AI governance space.

Identity and access management vendors (Okta, CyberArk, SailPoint) have been building AI agent governance capabilities as extensions of their identity platforms. Agent 365's deep native integration with Microsoft Entra gives it an inherent advantage in Microsoft-heavy enterprises that no third-party IAM vendor can easily replicate without the same identity layer integration. Okta will remain relevant for multi-cloud identity management, but the default choice for AI agent governance in the Microsoft stack is Agent 365.

Enterprise AI platform vendors (Salesforce Agentforce, ServiceNow AI Agent Orchestrator) now compete with a governance layer that is already included in every Microsoft 365 E3 and E5 tenant. The value proposition of "buy our AI platform and our governance layer together" is harder to sell when governance is bundled into infrastructure the customer already pays for. These vendors will differentiate on capability depth, workflow integration, and use-case specificity rather than governance coverage.

Shadow AI detection startups — the category of tools that emerged in 2024 to help IT teams discover unauthorized AI usage — face a difficult strategic position. The problem they were solving is being addressed at the platform layer by a vendor with near-universal enterprise deployment. The standalone shadow AI detection category does not disappear (enterprises with large non-Microsoft footprints still need multi-cloud solutions), but it gets compressed significantly.

The SAP-Anthropic MCP distribution deal illustrates the same dynamic playing out in enterprise software broadly: the platforms that own the enterprise relationship are capturing the AI distribution layer, and independent AI vendors are choosing between deep platform integration and direct enterprise sales. Microsoft is running the most aggressive version of this playbook — using Agent 365 to become the governance infrastructure for the entire enterprise AI ecosystem, regardless of which AI vendor's models are doing the actual work.

What CIOs Should Do Right Now

The window to establish AI agent governance policy before sprawl creates an audit problem is narrowing. Enterprise AI activation challenges consistently show that governance retrofits are more expensive and more disruptive than governance-first deployment.

If you are on Microsoft 365 E3 or E5, Agent 365 inventory is available in your tenant today at no incremental cost. Activating discovery mode requires a single toggle in Microsoft Admin Center. There is no rational argument for not turning it on immediately. The agent inventory data you collect over the next 30 days will inform every governance decision you make in 2026 and 2027.

If you have a significant non-Microsoft footprint, evaluate the connector framework before committing to a Microsoft-centric governance architecture. An organization that runs primarily on Google Workspace may find Google Agentspace — currently in preview — a more natural governance foundation. The key question is not which governance product is technically superior; it is which one integrates most naturally with your primary identity provider.

If you are building an enterprise AI strategy for 2026, governance infrastructure should come before broad capability deployment. The outcome-based AI pricing models now proliferating across enterprise AI vendors make this especially important: when you are paying per successful outcome rather than per token, knowing what your agents are actually doing — and whether the outcomes they claim are accurate — requires audit capability at the agent action level. Agent 365's logging infrastructure provides exactly that foundation.

The pattern of AI sprawl followed by governance retrofit has played out at every large enterprise that moved fast on cloud adoption in the 2010s. The companies that built governance infrastructure before their AWS footprint exploded avoided years of expensive remediation. Agent 365 gives enterprise IT the same opportunity with AI agents — and this time, the governance tool ships before the sprawl problem becomes unmanageable.

The Bigger Picture

Microsoft's long-term play with Agent 365 is not the incremental per-user revenue. It is the same strategic move Azure made with enterprise computing in the 2010s: become the infrastructure layer that every AI agent runs on or integrates with, and extract value through data, compute, and governance services that become more valuable as adoption scales.

The company that owns the control plane for enterprise AI agents will have the structural position in the 2030s that the company owning the enterprise identity layer had in the 2010s. Microsoft built Active Directory into the foundation of enterprise IT and turned that position into decades of platform lock-in that persists today. Agent 365 applies the identical playbook to AI agent governance — and it is shipping at a moment when the enterprise AI landscape is still early enough for the infrastructure choice to matter.

For enterprise IT, the strategic question is not whether to use Agent 365. For Microsoft-heavy organizations, it is effectively the default choice. The strategic question is whether to build your organization's AI governance philosophy around the Microsoft identity stack, or to maintain architectural flexibility with a multi-vendor approach at the identity layer. That decision will shape your AI infrastructure posture for the next decade.

Takeaway: Microsoft Agent 365 is not a feature release — it is the enterprise control plane for the AI agent era. IT teams that activate discovery mode today will have the inventory data they need to build governance policy before an incident forces their hand. Organizations that establish governance infrastructure before AI capability sprawl will have a structural compliance and operational trust advantage that compounds as agentic AI becomes the default mode of knowledge work.