At Build 2026 Microsoft moved AI agents from preview to product: Microsoft 365 E7 and Agent 365 are now generally available, with Purview controls layered underneath for agentic risk detection, runtime protection against risky prompts, and audit logging of every agent action. The pitch is a unified foundation for deploying agents “across people, apps and workflows.”
The governance problem is the same one Copilot created, scaled up. An agent reads what its identity can read and acts on what its identity can do. Point one at a SharePoint estate with years of permission sprawl and you’ve automated oversharing. The controls now exist — sensitivity labels, DLP for prompts, agent activity in Purview Audit — but they are opt-in, and the default posture is not safe.
The order of operations hasn’t changed since we wrote “Purview before Copilot”: fix permissions, label sensitive data, turn on audit, then deploy. An agent is just a faster, less forgiving Copilot. Deploy one onto an ungoverned tenant and you find out where the data problems were.
