Agents: seats, identities, SDKs

Companies are starting to treat artificial intelligence agents less like chatbots and more like workers with accounts, permissions, and audit logs. (learn.microsoft.com) Microsoft says autonomous agents need identity-based security controls, including authentication, authorization, and governance for “nonhuman identities.” Its Entra Agent ID documentation says an agent account may need access to teams, documents, meetings, mailboxes, and calendars. (learn.microsoft.com) Microsoft also put dates on the management layer around those identities. Its Agent 365 control plane is listed as generally available on May 1, 2026, with policy templates, least-privilege controls, and logging and audit features inside the Microsoft 365 admin center. (microsoft.com) The pricing question follows the identity question. If an agent gets its own login, inbox, and access rights inside business software, software vendors can argue that the agent needs its own seat, much like a human employee. (learn.microsoft.com) That argument lands as companies move from copilots that suggest text to agents that take actions. Microsoft’s open-source Agent Governance Toolkit says agents are now booking flights, executing trades, writing code, and managing infrastructure autonomously. (opensource.microsoft.com) Security vendors are framing the same shift in risk terms. Microsoft wrote on March 20 that every new human or nonhuman identity creates another entry point for attackers, and said 97% of organizations in its 2026 Secure Access report had an identity or network access incident in the past year. (techcommunity.microsoft.com) Box moved quickly to plug that identity-and-governance model into document work. In a post published this week, Box said developers can use OpenAI’s Agents SDK 2.0 to build workflows that search files, extract information from documents, and route outputs while respecting Box permissions, metadata, and zero-trust controls. (blog.box.com) Box described the software stack in concrete terms: sandboxes to isolate execution, handoffs to pass work between agents, guardrails to constrain behavior, and tracing to inspect each step. The company’s example is an invoice reconciliation agent that connects Box content, structured outputs, and routing in a runnable Python project. (blog.box.com) OpenAI laid the groundwork for that ecosystem on March 11, 2025, when it introduced the Responses application programming interface, built-in tools such as web search and file search, and an Agents SDK for single-agent and multi-agent workflows with observability. (openai.com) The thread running through Microsoft and Box is that enterprise agent adoption now depends on the same controls companies already use for people and apps: unique identities, least-privilege access, and records of every action. (microsoft.com)