Microsoft makes agents real with 365 Premium and Security Store

In three days, Microsoft turned AI agents into governed software with identity, pricing, and audit. Here is what launched across 365 Premium, Agent Mode, Office Agent, Security Store, and Entra Agent ID, plus the playbook to adopt them safely.

ByTalosTalos
Artificial Inteligence
GRC 20 TX0x0272…51f0
IPFSbafkre…amju
Microsoft makes agents real with 365 Premium and Security Store

The week agents became enterprise software

This week did not just add another feature to your Office ribbon. From October 1 to 3, 2025, Microsoft turned the idea of AI agents into something identity-bound, governed, and purchasable. The headliner was Microsoft 365 Premium, a new subscription that bundles Copilot into the core productivity suite for individuals and sets the tone for how work will run in organizations. On October 1, Microsoft introduced 365 Premium and expanded access to experimental features like Office Agent and Agent Mode in Word and Excel through the Frontier program, a signal that agentic workflows will move from novelty to normal very quickly. You can see the company’s positioning in its own announcement of Microsoft 365 Premium.

The other half of the story landed in security. A new Security Store appeared inside Microsoft Security Copilot, where security teams can browse, buy, and deploy agents that triage alerts, tune access policies, and automate response playbooks. Microsoft describes how the storefront connects procurement and operations in its documentation for the Security Store inside Security Copilot. Put together, these launches mark an inflection point. Agents are no longer toy apps tied to a browser tab. They have identities, entitlements, price tags, and audit trails, just like people and traditional software.

From assistants to agents: what changed

For the last two years, Copilot behaved like a very smart assistant. You asked for a summary and got one. You requested a chart and received a chart. The shift to agents is about continuity and accountability over time. An agent takes a goal, plans multi-step work, runs tools, checks its own output, and reports back with what it did. Instead of a one-off answer, you get a working partner that can keep context, follow rules, and log its actions. That progression pairs naturally with an agent observability control plane so teams can review steps and outcomes.

This matters because enterprise work is rarely a single prompt. A financial analyst needs to clean messy data, test three scenarios, document assumptions, and build a deck for the executive review. In the new Agent Mode, you can state the goal in Excel, nudge the agent toward the right structure, and inspect how it validated formulas and charts. The point is not magic. It is supervision. You steer; the agent does the heavy lifting while showing its steps so you can accept, amend, or reject.

Office Agent adds a chat-first path for creating documents and presentations. Instead of clicking through templates and styles, you describe the audience, tone, and constraints. Office Agent asks clarifying questions and produces a draft that already follows corporate format norms. For most teams, this speeds up the first 60 percent of the job. The remaining 40 percent still benefits from human review, voice, and judgment.

365 Premium makes Copilot the default

Microsoft 365 Premium bundles the apps people already use with Copilot features that used to sit behind separate paywalls. It also extends the Frontier program to more users, which is Microsoft’s way of getting agentic features like Agent Mode into daily use. The strategic move is simple. If Copilot is there by default, people will try agents in real work and not just in demos.

There is a subtle enterprise angle even though this plan targets individuals. Many employees use Microsoft 365 at home and at work. The Premium plan is designed to let people bring Copilot skills into work in a governed way when they open files stored in OneDrive or SharePoint under their employer’s tenant. That aligns with a broader pattern organizations have faced for years with personal devices and shadow software. The difference now is that data loss, identity, and compliance controls can follow the person into the app. In practice, an employee can use Premium to analyze a work spreadsheet, but the organization’s file permissions, audit logging, and data classification still apply.

Agent Mode and Office Agent in the flow of work

Agent Mode in Excel and Word is not just text prediction draped over a spreadsheet or a document. It understands artifacts like tables, formulas, styles, and references. You can ask the agent to build a model with a cash forecast, sensitivity analysis, and a variance report, and it will decompose the task, create supporting sheets, check formula ranges, and surface issues it found. Because it documents what it did, you can review each step like a colleague walking you through their work.

In Word, Agent Mode turns writing into a conversation. You set the brief. The agent proposes structure, writes sections, and asks questions that expose ambiguous requirements. Rather than replacing writing, it accelerates the messy middle where people move from outline to clarity.

Office Agent moves this pattern into chat. It conducts research, assembles drafts, and then hands off to the desktop apps for refinement. Think of it as an intake desk that turns a rough request into a first draft that respects your brand and formatting standards. The value is not just time saved, but consistency. A team that once produced wildly different documents can converge on quality faster.

The Security Store makes agents purchasable

Security teams have been building scripts and workflows for years. What changes with the Security Store is packaging and procurement. The store lives inside Security Copilot, so discovery, trial, and purchase all happen in the same place where analysts already triage incidents. Microsoft sells its own agents and highlights partner-built agents that plug into Defender, Sentinel, Entra, Purview, and Intune. Billing for subscriptions happens in the store, while runtime usage is metered separately as Security Compute Units. This separation mirrors how cloud services have been billed for a decade and will feel familiar to security leaders who track both licenses and consumption.

Think of the Security Store as an app store for the security operations center. A phishing triage agent can be evaluated in a lab tenant on Friday and purchased on Monday. A Conditional Access optimization agent can propose policy changes, but only apply them after an approval step. The net effect is faster adoption of automation with clearer guardrails.

For procurement, this simplifies vendor onboarding. Agents are listed with publisher identity, integration points, and pricing. Contracts can be standardized, and the internal security review can focus on data flows and permissions rather than the mechanics of installation. For finance, the cost is visible and forecastable. You can decide whether a team should own the subscription or whether a central security budget should cover it and cross-charge by usage.

Identity grows up: Entra Agent ID

An agent without an identity is a ghost in your systems. Microsoft Entra Agent ID closes that gap by assigning identities to agents built in Copilot Studio or Azure AI Foundry. The analogy Microsoft uses is helpful. It is like etching a vehicle identification number into every new car before it leaves the factory and registering it with the department of motor vehicles. With an identity, you can provision access, enforce conditional access, rotate secrets, record sign-ins, and decommission the agent when it is retired.

This is more than housekeeping. Identity turns agents into first-class subjects for policy and audit. You can require multifactor for high-risk actions, constrain agents with least privilege, and separate duties between agents that read sensitive data and agents that write changes to systems. If an agent causes an incident, you can follow the audit trail back to its identity, see what it accessed, and who approved its actions.

Agent ID also bridges security and development. When an application team ships a marketing analytics agent, the identity platform can automatically assign its role, register its secrets in a vault, and publish its capabilities in a catalog. That removes hidden work that often stalls pilots and ensures that agents do not sprawl across tenants without accountability. These identity moves pair with a new data layer for autonomy so agents can keep context safely and predictably.

The controls that make this viable

Identity is necessary, but not sufficient. Data and compliance controls must keep pace with agent behavior. This is where Microsoft is extending its existing governance stack into the agent era. Purview data security and compliance controls now cover agent-built apps so that labeling, retention, eDiscovery, and access insights follow the content agents create and touch. Defender integrates with Azure AI Foundry to surface security posture recommendations in the same environment where agents are developed.

Together, these controls allow organizations to answer basic questions that regulators and boards will ask. Who can this agent impersonate. What data can it read and where can it write. How do we detect and respond if it does the wrong thing. How do we archive its outputs and show chain-of-custody for critical decisions. The value of this week’s announcements is that these questions now have practical answers using tools many enterprises already own.

What this means for procurement and compliance

The purchasing motion changes when the product is an agent that runs inside your tenant. Here is a concrete checklist to adopt now:

  • Create an agent bill of materials. For every agent, capture the publisher, models used, plugins and data connectors, required scopes, and environments where it can run. This becomes the artifact for security review and change management.
  • Define identity patterns. Decide when an agent uses Entra Agent ID, when it uses a workload identity, and how you separate duties between read-only and write-capable agents. Document rotation schedules for secrets or keys.
  • Add agent questions to your vendor due diligence. Ask about evaluation data handling, model update cadence, prompt injection defenses, and how the agent logs its actions and tool usage.
  • Treat runtime metering as a budget line. Licenses from the Security Store and consumption meters like Security Compute Units should be visible in your cost dashboards so teams can see the total cost of automation.
  • Align retention and eDiscovery. If agents generate reports or decisions that influence customers, apply labels and retention policies at creation so the artifacts are discoverable later.
  • Stage approvals. Let teams trial agents in a sandbox with production-like data controls. Require approvals before an agent is allowed to touch live systems or customer data.

These steps are specific and measurable. They also scale. Once you establish them for security, the same patterns apply to procurement agents, finance agents, and support agents as your catalog grows.

The coming agent store race

Microsoft’s Security Store plants a flag in a valuable corner of the map. Security teams have an urgent need for automation and already live in Microsoft’s tools. Expect the idea to spread. OpenAI has a store for customized assistants and has been courting enterprises through governance features and private distribution. Google is bundling agent capabilities into Workspace and Vertex AI, giving it a path to curate and charge for agents that act on documents and calendar flows. Apple has been rebuilding Siri and the app intent system for precise task routing, which could become a distribution channel for agent skills tied to managed Apple IDs.

The likely shape of competition will not be just who has the best model. It will be who owns identity, data, and distribution. Microsoft’s strength is Entra for identity, Purview for data governance, and the installed base of Office and Defender. Google’s strength is Workspace identity at cloud scale and Android distribution. Apple’s strength is secure device identity and private local inference. OpenAI has developer mindshare and a head start on the idea of packaged assistants, but it will need deeper ties into enterprise identity and device management to compete for regulated workloads. Standardization pressures will grow, echoing the USB-C moment for AI agents.

For customers, this will look like multiple agent stores. One in security, one in productivity, and possibly one in line-of-business domains. That is healthy as long as you corral them with identity and data governance that is consistent across clouds. The key is not to pick a single store and hope. It is to pick a standard for identity, logging, and policy so agents from different vendors can coexist without surprises.

Build or buy: a decision tree that saves time

Here is a practical way to decide how to get your next agent:

  • Buy off the shelf when the task is standard and the agent runs where your analysts already work. Phishing triage, endpoint vulnerability remediation, and access policy hygiene are good candidates.
  • Customize in Copilot Studio when you have repeatable work that follows company-specific rules. A finance close checklist, a marketing approval workflow, or a help desk runbook can be turned into a governed agent quickly with data and prompts you control.
  • Build in Azure AI Foundry when the work is strategic and touches core systems. Here you want deeper evaluation harnesses, security posture checks, and multi-agent orchestration that crosses business boundaries. You will also need close coordination with security so the agent gets the right identity, secrets management, and monitoring from the start.

Make the path explicit. Define the review gates and artifacts for each route and publish them in your developer portal so teams do not guess.

What to do Monday

  • Appoint an Agent Owner in your security and productivity teams. This person curates the agent catalog, oversees reviews, and coordinates with identity and compliance.
  • Inventory every pilot agent. Record where it lives, which connectors it uses, and which data domains it touches. Map each one to an Entra identity.
  • Turn on conditional access policies for agent identities. Require multifactor for risky operations and disallow sign-ins from untrusted networks or device states.
  • Add an agent section to your procurement checklist. Include the bill of materials, data flow diagrams, and logging commitments.
  • Set cost guardrails. Create budgets for Security Store subscriptions and define alerting thresholds for Security Compute Unit consumption.
  • Run a tabletop exercise. Pick a realistic scenario where an agent writes the wrong data. Practice detection, containment, and post-incident review using the agent’s logs.

None of this is theoretical. The products to do it are in market and the gaps are clear enough to plan for.

The bottom line

In three days, agents stepped over the line from novelty to software you can buy, govern, and trust. Microsoft 365 Premium seeded the habit of using agents in daily work. Agent Mode and Office Agent put those habits in the apps people live in. The Security Store gave security teams a marketplace that connects automation to procurement. And Entra Agent ID gave agents the same accountability we expect from human users. The next phase will be competitive and fast. If you anchor on identity, data, and distribution, you can try more agents with less risk, and you will be ready when the app stores of the agent era come knocking.

Other articles you might like

Comet goes free and makes your browser the agent runtime

Comet goes free and makes your browser the agent runtime

Perplexity just unlocked Comet for everyone, signaling a shift from chat windows to the place work actually happens: your browser. Here is why the browser will beat chat apps as the agent runtime, how Comet stacks up against Gemini in Chrome, Arc’s Dia, and Opera’s Neon, and what builders should ship next.

Artificial Inteligence
·Read more
Agent Observability Arrives, Building the Control Plane for AI

Agent Observability Arrives, Building the Control Plane for AI

Agent observability just moved from slideware to shipped software. With OpenTelemetry traces, Model Context Protocol, and real-time dashboards, enterprises can turn experimental agents into governed, measurable systems and prove ROI through 2026.

Artificial Inteligence
·Read more
Facewear Rising: Smart Glasses Become Agent-Native Platform

Facewear Rising: Smart Glasses Become Agent-Native Platform

Meta’s Ray-Ban Display and Neural Band hit the market, and Reuters reports Apple is accelerating AI-first glasses. Together they signal the first agent-native consumer platform. Here is what changes, who wins, and what to build now.

Artificial Inteligence
·Read more
Sora 2’s invite app ignites the first AI video network

Sora 2’s invite app ignites the first AI video network

OpenAI’s Sora 2 lands with an invite-only, TikTok-style feed where every clip is born synthetic. Verified cameos, remix permissions, and native attribution signal a new playbook for creators and brands as Meta’s Vibes enters the race.

Artificial Inteligence
·Read more
Long-haul AI Agents Arrive with Claude Sonnet 4.5 and SDK

Long-haul AI Agents Arrive with Claude Sonnet 4.5 and SDK

Anthropic’s Claude Sonnet 4.5 and the new Agent SDK turn long-horizon, tool-using agents into a production reality. With 30-hour persistence, native computer use, and checkpointed memory, leaders can now ship governed, cost-aware automations that actually finish the job.

Artificial Inteligence
·Read more
UiPath turns RPA into agents with OpenAI, Snowflake, NVIDIA

UiPath turns RPA into agents with OpenAI, Snowflake, NVIDIA

On September 30, 2025, UiPath announced partnerships with OpenAI, Snowflake Cortex, and NVIDIA that reposition RPA as an enterprise agent platform. This breakdown explains what changed, why it matters, and a 90 day plan to ship your first production agent.

Artificial Inteligence
·Read more
Agentic Commerce Is Here: ChatGPT Checkout Meets Stripe

Agentic Commerce Is Here: ChatGPT Checkout Meets Stripe

OpenAI turned chat into checkout on September 29, 2025. ChatGPT’s Instant Checkout is live with Etsy and coming to Shopify, while Stripe’s shared tokens show how agents pay safely. Here is what changes, why it matters, and how to prepare now.

Artificial Inteligence
·Read more
Qwen3-Next and Max Flip the Cost Curve for Long-Context Agents

Qwen3-Next and Max Flip the Cost Curve for Long-Context Agents

Alibaba’s late September release of Qwen3-Next and the trillion-parameter Qwen3-Max brings sparse activation, multi-token prediction, and 128K to 256K context windows that reduce latency and cost for tool-using agents running on commodity GPUs.

Artificial Inteligence
·Read more
Microsoft's Security Store makes AI agents the new SOC

Microsoft's Security Store makes AI agents the new SOC

Microsoft’s new Security Store shifts security from point tools to autonomous workflows. With build-your-own and partner agents spanning Defender, Sentinel, Entra, and Purview, the SOC becomes a policy-governed marketplace of AI operations.

Artificial Inteligence
·Read more