Microsoft Copilot (Microsoft 365): Work IQ APIs: Pay‑As‑You‑Go usage

🚨 The Signal: Microsoft Copilot Work IQ APIs now offer pay-as-you-go access for developers to invoke agents and capabilities without pre-assigned licenses. This shifts billing to consumption, potentially increasing shadow IT and unmanaged AI agent use.

The Impact

Developers and security teams are affected by new billing models for AI agents, creating potential for unmanaged AI sprawl and increased security risk.

• Developers: Can deploy AI agents more easily, but may bypass existing governance.
• Security Teams: Increased risk of unapproved AI agent deployment and data exposure.
• Financial Teams: New consumption-based billing models for AI services.
• Compliance Teams: Harder to track and audit AI agent usage for regulatory adherence.

The Action

1. Review existing Copilot governance policies for agent deployment and usage.
2. Implement Azure Policy or Microsoft Purview Data Loss Prevention (DLP) to monitor Work IQ API calls.
3. Establish a clear approval process for all AI agent development and deployment.
4. Educate developers on secure AI development practices and approved API usage.
5. Monitor Azure billing for unexpected Work IQ API consumption.

Domain: Agentic-AI · Impact: high · Workload: Other · Essential Eight: Application Control, Restrict Administrative Privileges · ISM: ISM-0445, ISM-0843, ISM-1175, ISM-1380, ISM-1490, ISM-1507, ISM-1508, ISM-1509, ISM-1544, ISM-1582, ISM-1647, ISM-1648, ISM-1650, ISM-1656, ISM-1657, ISM-1658, ISM-1659, ISM-1660, ISM-1686, ISM-1688, ISM-1689, ISM-1870, ISM-1871, ISM-1883, ISM-1897, ISM-1898