Microsoft agents audited

Microsoft has updated its open-source Agent Governance Toolkit to plug AI agents into stronger audit and control systems as the company pushes more customers toward production deployments. (github.com) (learn.microsoft.com) The toolkit’s GitHub repository describes it as a package for policy enforcement, zero-trust identity, execution sandboxing and reliability engineering for autonomous agents, with coverage for all 10 risks in the OWASP Agentic Top 10. A Microsoft Community Hub post published April 13, 2026 said the toolkit adds runtime security features such as audit logging and policy enforcement for agents running on Azure App Service. (github.com) (techcommunity.microsoft.com) Microsoft paired that governance push with a production release of Agent Framework 1.0 on April 3, 2026. In that post, Principal Group Product Manager Shawn Henry said version 1.0 shipped for both.NET and Python with stable application programming interfaces, long-term support, multi-agent orchestration, multi-provider model support, and interoperability through Agent-to-Agent and Model Context Protocol. (devblogs.microsoft.com) An AI agent is software that can call tools, read data and take actions with delegated authority, not just answer questions in a chat box. Microsoft’s Cloud Adoption Framework says that creates governance problems around inventory, ownership, access limits, visibility and shutdown controls, and recommends a centralized control plane for agents across an organization. (learn.microsoft.com) Microsoft’s own guidance now frames agent governance in four layers: data governance and compliance, observability, security, and development. In that stack, the company lists Agent Framework, Model Context Protocol and Agent-to-Agent Protocol at the development layer, while observability includes products such as Microsoft Agent 365, Defender for Cloud, Log Analytics and Application Insights. (learn.microsoft.com 1) (learn.microsoft.com 2) The company has also put training behind the code. Microsoft Learn hosts a Copilot Studio Agent Academy series with 11 episodes dated October 13, 2025, and a separate “Agent in a Day” workshop that Microsoft describes as instructor-led hands-on training for building agents. (learn.microsoft.com 1) (learn.microsoft.com 2) Microsoft’s April 13 App Service post tied the toolkit to a broader compliance timetable, citing the OWASP agentic risk taxonomy published in December 2025, the Colorado AI Act becoming enforceable in June 2026, and high-risk obligations under the European Union AI Act taking effect in August 2026. (techcommunity.microsoft.com) The through line in Microsoft’s recent agent releases is straightforward: if customers are going to let software act on their behalf, Microsoft wants the build tools, the logging layer and the training materials to arrive at the same time. (devblogs.microsoft.com) (github.com) (learn.microsoft.com)