Configure Agent 365 Access and Sharing Policies
Implementation Effort: Low – These are tenant-level toggle settings within a single page of the Microsoft 365 admin center that require minimal coordination but should be deliberately decided before agents are published.
User Impact: Medium – Determines which agent types users can discover and install, who can share agents broadly, and which users or groups can interact with agents at all.
Overview
The Agent settings page in the Microsoft 365 admin center provides three foundational controls that define the organizational boundary for AI agent usage: allowed agent types, sharing permissions, and user access. These settings operate as the outermost governance layer—they determine what kinds of agents can exist in the tenant, how they spread between users, and who can use them at all.
Together, these three controls implement Use least privilege access by ensuring that only authorized user populations can access only sanctioned agent types, with sharing restricted to prevent uncontrolled distribution. They support Verify explicitly by requiring that each agent type category is deliberately enabled and that user access is explicitly scoped rather than left at the default of "everyone." They support Assume breach because restricting external publisher agents and limiting sharing reduces the attack surface available to a threat actor who compromises a user account—a compromised account in a restricted group cannot install external agents or share malicious agents broadly.
Organizations that skip this configuration operate with default-open settings: all agent types allowed, all users can share, all users have access. This is the equivalent of leaving the front door open and hoping only good agents walk in. Threat actors who gain access to even a single user account can install external agents, create agents that access enterprise data, and share them across the organization without any administrative checkpoint.