Microsoft Copilot (Microsoft 365): [Copilot Extensibility] Admins can deploy and govern agents with MCP in the M365 admin center

🚨 The Signal: Admins can now deploy and manage Copilot agents built with the Model Context Protocol (MCP) directly within the M365 admin center. This centralises governance for autonomous AI agents, improving security posture and control over agent identities and data access.

The Impact

Security teams and M365 admins are affected, gaining new capabilities to manage AI agents, which reduces the risk of uncontrolled agent proliferation and data access.

• Security teams: Reduced risk from unmanaged AI agents accessing sensitive data.
• M365 admins: New responsibilities for deploying and monitoring AI agent identities.
• Compliance officers: Improved auditability of AI agent activities and data interactions.
• AI developers: Standardised deployment path for MCP-based agents.

The Action

1. Review Microsoft documentation on Model Context Protocol (MCP) and agent governance.
2. Identify existing or planned AI agents for deployment via M365 admin center.
3. Define internal policies for AI agent deployment, monitoring, and lifecycle management.
4. Assign appropriate administrative roles for AI agent management in Entra ID.
5. Implement monitoring and auditing for agent activities and data access.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Restrict Administrative Privileges · ISM: ISM-0445, ISM-1175, ISM-1380, ISM-1507, ISM-1508, ISM-1509, ISM-1647, ISM-1648, ISM-1650, ISM-1686, ISM-1688, ISM-1689, ISM-1883, ISM-1897, ISM-1898