← All writing
AI Jun 1, 2026 6 min read

Microsoft just made “shadow AI” the new shadow IT. Your agent has a new gatekeeper.

Christopher Dorsey

Christopher Dorsey

AI & MadTech Advisor · Enterprise Sales Leader

TL;DR

Microsoft Agent 365 is GA, treating unmanaged AI agents as the new shadow IT — it discovers and governs agents (including Claude Code) across clouds at $15/user/month. For anyone selling AI agents into the enterprise, security and governance just became a gate on every deal. Bring the IT/security answer to the first meeting, not the security review.

The easiest enterprise AI deals of the last two years had a quiet thing in common: nobody in IT knew they were happening. That era just ended.

Microsoft took Agent 365 generally available and pointed it directly at what it's calling “shadow AI” — the unmanaged agents employees are running without IT's knowledge. Defender and Intune can now detect agents like Claude Code running on a Windows device, and the control plane governs agents across Microsoft, AWS, and Google Cloud. It's $15 per user per month, bundled into the new E7 suite. Microsoft is doing to AI agents exactly what it did to SaaS sprawl a decade ago: turning a chaotic, bottoms-up adoption wave into a governed, top-down line item it controls.

Why this matters more than another product launch

For two years, the dominant enterprise AI sales motion has been bottoms-up. A team adopts an agent, it works, usage spreads, and procurement formalizes a deal that already has momentum. That motion worked precisely becauseit flew under IT's radar. The champion didn't need permission — they needed a credit card and a result.

Agent 365 is built to end exactly that. The whole pitch to a CIO is: you have agents running in your environment right now that you can't see, can't audit, and can't shut off. Here's the dashboard that surfaces all of them. The moment that dashboard exists, every unsanctioned agent in the building becomes a flagged risk, and the bottoms-up motion that got you in the door becomes the thing that gets you escorted out.

I learned this distinction selling to engineers at Fastly. The people who could say yes and the people who could say no were different humans, and the person who could say no— security, compliance, platform ownership — almost always had the longer memory and the louder veto. AI agent selling is about to rediscover that lesson all at once.

What changes for anyone selling agents

The gatekeeper changed. It used to be the budget holder. Now it's whoever owns the governance dashboard. If your agent shows up as an unmanaged red flag in someone's Agent 365 console, you are no longer a productivity win — you are an incident. That means three things move to the front of your motion.

First, bring the governance answer to the first meeting, not the security review.“Here's how we register inside your control plane, here's the identity model, here's the audit log” needs to be in your opening deck. Treating it as a late-stage procurement hurdle is how deals now die in month four.

Second, get interoperable or get blocked.Microsoft built cross-cloud registry sync with AWS Bedrock and Google Cloud. The agents that survive enterprise governance are the ones that register cleanly into these control planes. “Ungovernable” is becoming a synonym for “banned.”

Third, sell to security as a champion, not an obstacle.The CISO who was a blocker last year is the economic buyer this year. There's a real budget forming around agent governance — Microsoft just priced it at $15 a seat. If you can make a security leader look good in front of the board for having visibility and control over the agent sprawl, you've found your new champion.

The takeaway

Shadow AI becoming a governed asset class is good for the category — it's what every technology has to survive to become real infrastructure. SaaS went through it. Cloud went through it. But the transition is brutal for any seller still running the permissionless, bottoms-up playbook that worked in 2024.

Audit your own motion this week. If your deals depend on staying invisible to IT, you're selling against the single biggest enterprise software company on earth and its new favorite dashboard. Get governable, get in front of security early, and turn the gatekeeper into the champion before someone else's agent does.

Share this post

About the author

Christopher Dorsey

Christopher Dorsey

Enterprise Sales Leader · AI Go-To-Market · Startup Advisor · Denver, CO

Fifteen years selling technology to Fortune 500 brands across AI, advertising, and data infrastructure — most recently at Zeta Global, Oracle, and Fastly. Currently advising founders and sales leaders on AI go-to-market and Generative Engine Optimization.

Questions, pushback, or just want to compare notes?