Microsoft Agent 365 went generally available yesterday, May 1, 2026. So did Microsoft 365 E7 — the first new Microsoft enterprise license tier since E5 launched in 2015. Eleven years between SKU additions is a long time for a company that ships 10,000 product changes a year. When Microsoft adds a top-of-stack tier and prices it at $99 per user per month, that is not a packaging exercise. It is a pricing reset.
Here is what actually shipped, what did not ship, and the cost trap that will eat your AI budget if you sign the E7 paperwork without reading the second invoice.
What Microsoft Actually Released
Two SKUs went live yesterday.
Agent 365 standalone: $15 per user per month. A governance and observability control plane for AI agents — registry, identity, lifecycle, security signals, and compliance integration. Not an agent builder. Not a runtime. Governance only.
Microsoft 365 E7: $99 per user per month. Bundles M365 E5, Microsoft 365 Copilot, Microsoft Entra Suite, and Agent 365 into one SKU. List-price math: roughly a 15% saving over buying the four components separately. E7 sits above E5 ($57/user/month) and is positioned as "secure, governed AI at scale." Microsoft's own framing is the progression: E3 is productivity, E5 is secure productivity, E7 is governed AI.
Two things are notable about how this was packaged.
First, Agent 365 is not exclusive to E7. You can buy it standalone for $15 per seat and bolt it onto your existing E5 estate. That matters for enterprises that already paid for Entra Suite separately and don't want to pay for it again inside E7.
Second, the Entra Agent ID feature — the foundational primitive that gives every AI agent its own identity, credentials, and lifecycle — ships in GA only for the on-behalf-of (OBO) flow. That is, agents that act as the licensed human user. Fully autonomous agents with their own independent identity, mailbox, and credentials remain in "Frontier preview" with no public GA timeline.
For most enterprises this is fine. The agents you have in production today are largely OBO agents — copilots, document summarizers, deal-room assistants, support-ticket triagers. The autonomous agents that need their own identity, their own inbox, their own service principal, are still mostly in pilot. By the time you have ten of them in production, Microsoft will probably have shipped that capability. Probably.
The Two-Invoice Trap
This is the single most important thing to understand before you sign for E7 or Agent 365.
Microsoft has split AI cost into two invoices that hit two different budgets, two different management teams, and two different procurement cycles.
Invoice one: Per-seat governance. Predictable. Lands on the M365 invoice. Goes through your existing enterprise agreement renewal, modeled per headcount, owned by IT procurement and the CFO's office. This is the $99 number.
Invoice two: Consumption-based execution. Variable. Lands on the Azure invoice. Tracks how much Copilot Studio capacity, Microsoft Foundry consumption, and Azure OpenAI compute your agents actually burn. Owned by cloud FinOps, often a different team, often a different budget code.
Agent 365 governs. It does not run. The agents themselves run on Copilot Studio (capacity packs at $200/month for 25,000 credits, or pay-as-you-go at $0.01 per credit) or Microsoft Foundry (Azure consumption-based) or direct Azure OpenAI calls. None of that is included in the $15 or the $99.
Three predictable failure modes when this two-invoice structure is not understood at the executive level:
Failure mode one: the M365 number gets locked in, the Azure number gets discovered. Procurement signs a three-year E7 commitment based on the $99 per seat. Six months later, the cloud FinOps team flags that Foundry consumption is up 4x, no one budgeted for it, and the agent population has grown faster than headcount. The E7 commitment is now a sunk cost. The Azure overrun is the problem.
Failure mode two: governance gets bought, building gets unbudgeted. The E7 SKU lights up Agent 365 as a control plane. The teams who would actually build agents — the line-of-business automation teams, the engineering platform team, the customer service ops team — were never told there is a separate budget for execution. They build prototypes on free tiers, hit limits, escalate, and the central FinOps team plays catch-up.
Failure mode three: the consumption math is opaque. Copilot Studio credits are not a clean 1:1 with model tokens. Foundry consumption depends on which model you route to. Microsoft has not published clean cost-per-outcome guidance for agents at GA. Several Defender-for-agent capabilities ship in public preview and will move to consumption-based billing later in the year. Your three-year E7 commit is fixed; the variable side of the bill is not.
The fix is not to avoid Agent 365. The control plane is genuinely valuable, and the $15-per-seat number is competitive against Okta-style identity-only governance plays for agents. The fix is to model both invoices together, before you sign anything, and to put one accountable owner across the M365 line item and the Azure line item.
What Actually Works on Day One
For all the gaps, several things work well at GA and are worth deploying now.
Agent registry and inventory. If you have agents already running across Copilot Studio, third-party Workspace plug-ins, custom code on Azure OpenAI, and a smattering of dev experiments — Agent 365 will discover and inventory them centrally. For most enterprises that have not done a formal agent census yet, this is the killer feature. You cannot govern what you cannot see. Most security teams I talk to estimate they know about half the agents actually running in their environment. The discovery feature alone is worth running.
Entra Agent ID for OBO flows. Every OBO agent now gets an Entra-managed identity, with conditional access, lifecycle, and revocation. This is the right primitive. It maps cleanly onto how human identity is managed today. It eliminates the worst pattern in production agent deployments — using a service account with a static API key that no one rotates because no one knows who owns it.
Defender and Purview signals. Defender now includes an agent-specific detection plane: prompt injection alerts, anomalous tool-use patterns, data exfiltration signals when an agent moves data outside an authorized scope. Purview extends data loss prevention policies to apply at the agent action layer, not just at the user action layer. Several of these capabilities are public preview; the GA capabilities are useful baseline coverage.
Observability dashboards in the M365 admin center. IT now has a single pane that shows: which agents exist, who owns them, what data they touch, what tools they call, what they cost. This is table stakes for anyone running agents in production at scale.
What Did Not Ship
Three gaps to plan around.
Autonomous agent identity is not GA. Agents acting as themselves — with their own mailbox, their own service principal, their own audit trail independent of any human user — are in Frontier preview. If your agent strategy depends on this (think: a 24/7 SOC analyst agent that triages alerts and creates tickets without a human in the loop), you are running on preview SLAs.
Cross-platform governance for non-Microsoft agents is nascent. Agent 365 governs Microsoft-ecosystem agents and a growing list of third-party agents that have integrated with the registry. But if your agent stack is heavy on Anthropic's MCP servers, custom LangGraph deployments, or open-source agent frameworks running outside Azure, the governance coverage is partial and depends on vendor-by-vendor integration work that is still happening.
No published cost guidance for agent execution. Microsoft has not given enterprises a clear "1,000 OBO interactions per agent per day costs you roughly X" benchmark. Without that, your three-year E7 commitment is a leap of faith on the per-seat side, with the variable side completely unmodeled.
How This Compares to Google and AWS
Microsoft is not the only hyperscaler shipping an agent control plane this quarter, and the comparative math matters when you are choosing where to anchor governance.
Google's Gemini Enterprise Agent Platform shipped a similar control plane at Cloud Next 2026, with Agent Identity, a registry, and the Agent2Agent protocol. Pricing for the governance layer is bundled into Gemini Enterprise SKUs rather than broken out per seat — which makes per-agent cost comparisons harder, not easier. AWS, through Bedrock Agent Identity and the recent IAM extensions for agentic workloads, is following the AWS pattern of granular per-call pricing on top of existing IAM. No equivalent of the $15-per-seat governance SKU exists on AWS today.
The right way to think about this: Microsoft is selling agent governance the way it sells everything else — as a per-seat bundle inside a maturing enterprise stack. Google is selling it as a platform tier. AWS is selling it as a metered service. If your enterprise standardizes on per-seat M365 commercials already, Agent 365 is the path of least friction. If you run multi-cloud, you will end up with three governance planes by year-end and the gateway layer becomes the only place to enforce a common policy across all of them.
What Enterprise Leaders Should Do This Week
For CIOs, CISOs, and the procurement teams looking at E7 right now:
Do not sign a three-year E7 EA without modeling Azure consumption alongside it. Build a 24-month forecast that includes Copilot Studio capacity, Foundry consumption, and Azure OpenAI direct usage. If your finance team cannot get to a defensible number, ask Microsoft for a structured pilot with consumption commits before locking in the per-seat number.
If you already have Entra Suite, price out Agent 365 standalone. $15 per user is meaningfully cheaper than re-buying Entra inside E7. The bundle math only wins if Entra is incremental.
Run a 60-day agent census starting now. Agent 365's discovery feature is the cheapest way to find every shadow agent in your environment. Set a baseline number this month. Re-measure monthly. The growth rate of unmanaged agents is your real risk indicator.
Negotiate consumption commits with Defender-for-agent in scope. Several Defender agent-detection capabilities will move from public preview to consumption-based billing later this year. Get pricing protection now while Microsoft is in launch mode and willing to discount.
What AI Engineering Teams Should Build
For my fellow AI engineering leaders, the work shows up in your roadmap:
Stop using static API keys and service accounts for agents. Migrate every OBO agent in production to an Entra Agent ID this quarter. Conditional access, lifecycle management, and revocation become free once you do. The migration is mostly mechanical and is the single biggest reduction in agent-blast-radius you can ship in 60 days.
Push observability into the agent runtime, not just the M365 admin pane. Agent 365's dashboards are good for IT and security. Your engineering team needs deeper telemetry: per-tool latency, per-prompt failure modes, per-step token costs, retry behavior, conversation state size. Build that in your runtime layer and emit to your existing observability stack. The M365 dashboard is the executive view, not the engineering view.
Wrap your guardrails so they survive a model swap. Defender-for-agent is tightly integrated with Microsoft-hosted models. If half your agents call Claude through MCP or run on a non-Azure model endpoint, your guardrails need to live in your gateway layer, not the model layer. We are building this exact pattern internally — model-agnostic policy enforcement that survives a routing change.
Treat the autonomous-agent preview as a research milestone, not a production target. If you have a roadmap commitment that depends on autonomous Entra Agent ID being GA, build a fallback plan that uses OBO with a service account proxy. Move only when the GA SLA is published.
Instrument cost per outcome from day one. The two-invoice trap is solvable only if engineering surfaces dollars-per-resolved-ticket, dollars-per-qualified-lead, dollars-per-closed-deal in real time. The teams that ship outcome-cost dashboards alongside their first agent deployment are the teams that survive their first FinOps review with budget intact.
The Bottom Line
Microsoft just shipped the most consequential piece of enterprise AI governance plumbing of the year, and packaged it inside the first new enterprise SKU in eleven years. The $99 number will dominate the headlines. The Azure consumption number will dominate your actual bill.
Buy Agent 365 — the standalone version if you already have Entra. Run the discovery scan. Migrate your OBO agents to Entra Agent ID. Push your guardrails into your gateway layer. Instrument cost per outcome.
Do not sign a three-year E7 commitment without a defensible consumption forecast for Copilot Studio, Foundry, and Azure OpenAI sitting next to it on the same page. The companies that come out of 2026 with sane AI cost discipline will not be the ones who picked the right governance platform. They will be the ones who modeled both invoices together before they signed either of them.
The control plane just got real. Make sure your bill does not.
Want to calculate your own AI ROI? Try our AI ROI Calculator — takes 60 seconds and shows projected savings, payback period, and 3-year ROI.
