BlueVoyant launches Microsoft Agent 365 security service
Fri, 3rd Jul 2026 (Today)
BlueVoyant has launched its Microsoft Agent 365 Security Deployment Service, aimed at organisations using AI agents across Microsoft environments.
Available immediately, the professional services programme is designed for enterprises seeking to discover, govern and secure AI agents operating within Microsoft systems.
The launch comes as businesses expand their use of tools such as Microsoft 365 Copilot, Copilot Studio, Azure AI Foundry and other third-party agents in day-to-day workflows. BlueVoyant argues that these systems create a new category of non-human identity because they can access sensitive data, call external tools and act on behalf of users and organisations.
That shift has created a governance problem for many security teams. BlueVoyant says many enterprises do not have a full inventory of the agents already deployed, lack identity and access policies for them, and have limited means to detect or respond to threats linked to their use.
"AI agents are the fastest-growing attack surface that most security teams aren't watching," said John Hernandez, CEO of BlueVoyant.
He added: "The question isn't whether enterprises are running agents. They are. The question is whether those agents are governed. Right now, for most organisations, the answer is no."
Service scope
The engagement runs for about 90 days and involves BlueVoyant staff working within a client's Microsoft tenant. The work is intended to establish Microsoft Agent 365 as a central point for governing AI agents alongside Microsoft Entra, Microsoft Defender for AI and Microsoft Purview.
The service includes creating an inventory of agents and a registry showing ownership, data access and the tools they can invoke. It also includes detecting so-called shadow AI agents deployed without the knowledge of internal IT teams.
Another part of the engagement focuses on identity and access controls. BlueVoyant configures Conditional Access and Identity Protection policies in Microsoft Entra so that agent authentication is subject to controls similar to those applied to human users.
It also enables Microsoft Defender Security for AI and integrates it with Defender XDR to support detection and response for threats tied to AI agents. In addition, it extends Microsoft Purview Data Loss Prevention and Insider Risk Management policies to those agents to reduce data oversharing and unauthorised access.
All configuration remains in the client's Microsoft tenant at the end of the engagement. BlueVoyant provides the deployment work and framework, while the customer retains ownership of the resulting setup.
Market focus
The service is designed for organisations with Microsoft 365 E7 and Agent 365 deployments. Clients need Microsoft E5 or E7 licensing with the Agent 365 add-on to qualify. The offer also aligns with Microsoft's AI Cloud Partner Program incentives.
That positioning reflects a wider effort by cybersecurity providers to define services around AI governance rather than focusing only on model security or data protection. As companies move from experimenting with generative AI assistants to embedding autonomous or semi-autonomous agents in business processes, questions about identity, access control and monitoring are becoming more central.
In Microsoft environments, those issues can span multiple layers of infrastructure and policy. Agents may draw on email, documents, collaboration tools, internal applications and external services, making it harder for security teams to maintain a clear record of what has been deployed and what permissions have been granted.
BlueVoyant's approach centres on using existing Microsoft security tools to bring those deployments into formal governance processes. By framing AI agents as identities that require the same scrutiny as employees, contractors or service accounts, the company is seeking to place agent oversight within established identity and security operations practices.
"At the conclusion of the engagement, clients will have clear answers to the foundational questions every security leader should be asking today: What AI agents do we have? Who owns them? How are they governed? And what happens when one is compromised?" said Sebastian Sobolev, Chief Product Officer of BlueVoyant.