Securing and governing AI agents across Microsoft 365 and the Power Platform is now a CISO-level concern. Agents read your SharePoint, traverse your Graph, use various tools and – increasingly – talk to each other.

The agentic risk surface spans identities, data, endpoints, and communications, yet many organizations still approach agent governance and security as simply one more ticket for the Power Platform admins to solve. This is a dangerous oversight – and one we will correct, together! This full-day tutorial takes a risk-based, end-to-end view of agent governance, built around the Microsoft security stack that sits underneath the agent platforms: Defender XDR, Entra (including Global Secure Access), and Purview.

We’ll show where Agent 365 stitches these capabilities together, where the $15 license earns its keep, and what you can achieve without it if you already own the underlying E5 workloads.

During the day, we’ll cover:
Framing the risk – shadow AI, agent sprawl across Microsoft and non-Microsoft platforms and why proper security and governance are the key enablers for AI-assisted work. We look governance both from the business and IT perspectives.
Agent ID & traffic filtering with Entra – agent identities, Conditional Access and protecting agent traffic with Global Secure Access
Real-time protection with Defender XDR – detections, investigation, and response for risky agent-driven activities
Data security & forensics with Purview – DLP, Information Protection, Audit, eDiscovery, Insider Risk Management, and Communication Compliance applied to agentic scenarios
Agent 365 in context – what it adds, what it replaces, and a candid with/without comparison so you can make an informed licensing call
Power Platform governance foundations & processes – tenant and environment posture, connector and knowledge controls, lifecycle management, and operating model responsibilities
Advanced scenarios – agent-to-agent, MCP and other emerging patterns you’ll need to consider next

Three seasoned practitioners will guide you through discussions about patterns, trade-offs, and field-tested practices – peppered with concrete examples and stories from the field.

This full-day tutorial is built for security architects, CISOs, compliance & risk leaders and Microsoft security pros who need a defensible, end-to-end view of agent governance.

Assumed Knowledge:

We assume participants have a working understanding of Microsoft 365 and Power Platform from an administrative or security perspective, including basic concepts of identity (Entra ID), access control, and monitoring.

Practical Takeaways:

Out of Session Scope:

Production rollout strategies, extended deep dives into Power Platform governance and ALM practices, Power BI & Fabric considerations