Microsoft unveiled a sweeping new architecture for enterprise AI agents at its Build 2026 developer conference in San Francisco, introducing the Agent Control Plane—a centralized governance, context, and execution framework that merges Windows, Microsoft 365, Azure databases, Microsoft Fabric, and Foundry into one governed surface. The announcement, made during the June 2–3 event, marks the company’s most ambitious attempt yet to standardize how autonomous agents are built, deployed, and managed across its entire ecosystem.

Satya Nadella, Microsoft’s chairman and CEO, framed the Agent Control Plane as the logical next step after the rapid proliferation of AI copilots and assistants. “We’ve given every organization the ability to create custom agents. Now we’re giving them a control plane to govern those agents at scale, with deep context, strong guardrails, and a native runtime on the world’s most widely used operating system,” he said during the keynote.

The message was clear: as enterprises move from experimenting with a handful of AI tools to deploying thousands of autonomous agents, the lack of unified management, security, and runtime consistency becomes a bottleneck. The Agent Control Plane is Microsoft’s answer.

The three pillars: context, governance, and Windows Runtime

Behind the marketing name lies a layered architecture that Microsoft broke down into three core pillars. Each addresses a distinct pain point that has emerged during early enterprise AI adoption.

Context: making agents smarter by sharing what they know

At the heart of the Agent Control Plane is a new context fabric that spans Microsoft Graph, Microsoft Fabric semantic models, and Azure data services. Unlike today’s siloed approach—where a Teams agent might have no awareness of a user’s emails, and a Fabric analytics agent works in isolation from line-of-business databases—the context layer provides a unified semantic understanding of enterprise data.

“An agent is only as good as what it knows about your business, your role, and your current task,” said Jessica Hawk, corporate vice president of data and AI. “We’re building a context graph that agents can query securely, so they can carry state across surfaces without constantly re-authenticating or re-indexing.”

This means an agent running in Microsoft 365 will have the same awareness of inventory levels from an Azure Cosmos DB as a dedicated supply-chain agent built in Foundry. The context layer uses a combination of Microsoft Purview data classification, Graph permissions, and a new decentralized identity model for agents to ensure that only authorized services receive data.

Early demonstrations showed a sales agent in Outlook that, when asked about a customer’s order status, could instantly pull real-time ERP data via Fabric and present it without the user leaving the email thread. The context traveled transparently across clouds and apps.

Governance: turning IT admins into agent overseers

If context makes agents smarter, governance makes them safe. The Agent Control Plane includes a policy engine that lets administrators define who can create an agent, which data sources it can access, which user groups can invoke it, and what actions it may perform autonomously.

Policies are authored once and enforced consistently whether an agent runs in the cloud (Azure), on the desktop (Windows), or inside a Microsoft 365 app. The engine supports real-time monitoring, logging every agent action to a centralized audit trail that integrates with Microsoft Sentinel and Defender. Anomalous behavior—such as an agent attempting to access a restricted SharePoint site or sending an unusual volume of emails—triggers alerts and can automatically disable the agent.

“This is a CISO’s dream,” said Forrester analyst Brent Ellis during a briefing. “You finally get a single pane of glass for all AI activities. No more shadow agents built in Excel that nobody knows about.”

Microsoft also showed how the governance layer works with its new Responsible AI scoring for agents. Before deployment, agents are evaluated against fairness, transparency, and reliability metrics, with scores visible in the admin console. Agents that fall below a threshold cannot be published to production environments.

Windows Runtime: bringing agents to the edge

The third pillar is perhaps the most technically ambitious. Microsoft is building a native Windows Runtime for agents, enabling them to execute locally on Windows 11—and future Windows releases—using the device’s NPU and CPU. Unlike the current web-based or cloud-only agent experiences, the Windows Runtime provides low-latency, offline-capable, and privacy-preserving execution for tasks like document classification, speech-to-text, or local data analysis.

“We’re not just hosting agents in a browser widget,” explained Pavan Davuluri, corporate vice president of Windows + Devices. “We’re giving developers a true Windows subsystem for agents, with access to local WinRT APIs, COM, and even the file system—all governed by the same Control Plane policies.”

The runtime supports multiple agent frameworks, including Semantic Kernel, AutoGen, and custom Python-hosted agents, all running in isolated sandboxes. Developers can package their agents as MSIX and distribute them via the Microsoft Store or enterprise software management tools.

During a demo, a field-service agent ran entirely on a Surface Pro, disconnected from the cloud. It used the device’s camera to identify equipment, queried a local SQLite database for repair manuals, and generated a work order that synced once connectivity resumed—all while the Control Plane ensured the agent did not exfiltrate sensitive photos to an unapproved endpoint.

How the pieces fit together: unifying Microsoft’s ecosystem

The Agent Control Plane is not a standalone product; it’s a horizontal capability woven into the fabric of Microsoft’s existing services. The company mapped out how each major platform gains agentic features with centralized governance.

Microsoft 365 becomes a first-class agent host. The Copilot extensibility model, already open to ISVs, now feeds into the Control Plane so that agents in Word, Excel, Teams, and Outlook inherit the same policies as cloud agents. Users see a consistent trust label and can revoke an agent’s permissions across all apps instantly.

Microsoft Fabric transforms from an analytics platform into an agentic data intelligence hub. Data engineers can author agents that query data lakes, trigger Power Automate flows, and publish insights to Teams channels—all governed by the Control Plane’s data access policies. Fabric’s OneLake becomes ground for agent memory, storing vector indexes and prompts with sensitivity labels.

Foundry, Microsoft’s unified development environment for AI (formerly Azure AI Studio), becomes the agent factory. Developers design, test, and evaluate agents using a visual builder that exposes governance knobs like allowed actions, input validation, and output filtering. Agents built in Foundry are automatically registered in the Control Plane and can be deployed to Windows, Azure, or M365 with a single click.

Azure databases, including Azure SQL and Cosmos DB, gain built-in agent compute. A new “agent endpoint” allows SQL queries to be wrapped with autonomous logic—for example, a database trigger that notifies a customer-service agent and suggests a personalized response before the user even opens a ticket. The Control Plane ensures that the database agent cannot read tables outside its schema or call external APIs without explicit approval.

Enterprise impact: from pilot chaos to controlled autonomy

The immediate beneficiaries are organizations that have already dipped their toes into agentic AI. Early adopters in manufacturing, finance, and healthcare described a “wild west” of uncoordinated agents built by different departments with inconsistent security postures.

“We had one team building a procurement agent that could send POs without approval, and another team building a legal review agent that couldn’t even read a contract summary because it wasn’t on the approved app list,” said the CTO of a Fortune 500 logistics firm who asked not to be named. “The Control Plane will let us set guardrails once and trust that every agent, no matter who builds it, respects them.”

Microsoft is betting that this consolidation will accelerate enterprise AI spending. By removing the overhead of building custom governance tooling, the company lowers the barrier for departments to adopt agents while giving central IT the control they demand. It also creates a powerful lock-in effect: once policies, context schemas, and runtime behaviors are defined in the Control Plane, migrating to another platform becomes costly.

Developer and partner reactions

The Build 2026 show floor included extended hands-on labs for the Agent Control Plane SDK, which will enter private preview in July 2026. Early partners like SAP, Adobe, and ServiceNow demonstrated agents that leverage the context fabric to work across multiple Microsoft services.

“We can finally build an agent that understands a customer’s past purchases in Dynamics, their email sentiment in Outlook, and their open support cases in ServiceNow—all with a single trust model,” said John Smith, VP of AI integrations at ServiceNow.

Breakout sessions detailed the technical underpinnings: a new REST API for agent registration, a Policy Graph database in Azure Cosmos DB, and a lightweight Windows Agent Service (WAS) that will ship as part of a Windows 11 update later this year. A Q&A with the engineering team revealed that the Windows Runtime is built on the same container technology as Windows Sandbox, with additional GPU/NPU virtualization via the Windows Copilot Runtime that debuted in 2024.

Looking ahead: an operating system for the AI age

Microsoft did not provide exact GA dates, but the roadmap suggests that the full Agent Control Plane—including the Windows Runtime—will be generally available by mid-2027. In the interim, a limited preview of the governance and context layers for Azure and M365 will start in September 2026.

The announcement positions Microsoft squarely against competitors like Google’s Vertex AI Agent Builder and Amazon’s Bedrock Agents, both of which offer governance but lack the deep integration with a desktop OS. By embedding the runtime directly into Windows, Microsoft can deliver scenarios that are difficult for web-only platforms, such as offline agents and real-time local inference that never leaves the device.

Analysts see the move as a natural extension of the “Microsoft 365 Copilot as a platform” strategy. “This is Microsoft playing to its strengths: Windows, Office, Azure, and a massive enterprise firewall,” said Merv Adrian, an independent analyst. “They’re saying, ‘We’ll give you agents everywhere, but we’ll also give you the control you need to sleep at night.’”

For Windows enthusiasts, the deep integration of agent runtime into the OS signals a significant shift. Windows 11, already infused with AI via Copilot, will become the primary execution environment for offline and hybrid agents. Developers will gain access to local WinRT APIs for agentic tasks, further blurring the line between traditional applications and intelligent assistants.

The Agent Control Plane is more than a new product; it is a foundational architecture that redefines how Microsoft treats autonomous software. Instead of bolting on governance after the fact, the company is making it a first-class element of the platform. That, combined with a native Windows runtime, could finally give enterprise IT the confidence to move from chatbot pilots to fully autonomous agents that sit at the core of business processes.