Microsoft’s Vasu Jakkal On Why AI Agents Need Human-Level Security Controls

As Microsoft expands its Agent 365 offering, Jakkal tells CRN that in ‘just the way we have been protecting humans for eons, we need to extend the same protection from a security standpoint to agents.’

Microsoft is doubling down on its efforts to uniquely provide comprehensive control for securing the adoption of AI agents with the expansion of its Agent 365 offering, top Microsoft security executive Vasu Jakkal told CRN.

In connection with Microsoft Build 2026, the tech giant announced Tuesday that it has expanded Agent 365—which provides observability, governance and security for agents—to now include local AI agents in addition to cloud-based agents. The capabilities for surfacing locally based agents, via Microsoft’s Agent Registry in Agent 365, are now in preview, Microsoft said.

It’s the latest move from Microsoft to enable partners and customers to avoid the potentially major security risks of using powerful AI agents without robust security and governance, according to Jakkal, corporate vice president for Microsoft Security.

“Our philosophy always has been that we want to comprehensively protect organizations, no matter what you do, what you’re using,” she said in an interview. “So that’s why we’re expanding this to local agents—because as agents really proliferate across environments, we believe gaining visibility and control over them becomes critical.”

Ultimately, in “just the way we have been protecting humans for eons, we need to extend the same protection from a security standpoint to agents,” Jakkal said. “And it starts with great observability, it starts with great security, and it starts with great governance.”

Jakkal also discussed why identity security is so critical when it comes to protecting agents, as well as the importance of Agent 365 for solution and service provider partners. Without a doubt, partners “have been joined to the hip with us on making sure we can deploy the solution to our customers,” she said.

What follows is more of CRN’s interview with Jakkal.

What has prompted Microsoft to focus so heavily on providing security for AI agents? And what are the major Build announcements around Agent 365?

Just at the highest level, what we’re seeing now is this incredible momentum on how organizations are building, deploying and using agents. Agents are moving from prototype to production. And as they do that, the challenge isn’t about using agents. Customers want to use agents. It’s not about building them. They want to build them. But the challenge really is about security, observability and governance. Just to give you a few stats, IDC had projected 1.3 billion agents by 2028. And while that’s theoretical, what we have seen in our own first-party research data is 80 percent of Fortune 500 are already using and deploying agents, especially as low-code, no-code tools become easily available to them. People are excited about it. They want to use it. And agents are becoming more and more autonomous—from assistive to autonomous. They’re no longer side projects. They’re part of just the operational fabric of many of these organizations. And as that happens, and as they become a part of our workforce, we have to think about security differently.

That was the reason behind Agent 365, which we first announced at Ignite last year. The philosophy and idea behind it was, just the way we have been protecting humans for eons, we need to extend the same protection from a security standpoint to agents. And it starts with great observability, it starts with great security, and it starts with great governance. Those are the three pillars behind Agent 365, where we are helping organizations start with discovering what agents they have.

Our registry brings that to life. You turn it on, and you can see all of the agents in your environment—whether they are on Microsoft platforms or they are on third-party platforms. It helps you bring the same tried-and-tested security controls of Microsoft Security that we have used for securing organizations and people and infrastructure to agents. Defender brings threat protection capabilities, protects agents from novel attacks so they don’t become “double agents.” With Entra, [we’re] giving every agent an agent ID and conditional access so that you can manage access [and use] very classical principles of zero trust on managing privileged access and verifying explicitly. Intune helps manage policies, especially as you have more local agents—which [are part] some of the new announcements we are making at Build—like OpenClaw. You can use Intune to manage those policies and block agents where you want to. And Purview helps you bring those data security controls [around] really understanding what’s the data that agents are accessing? How do you make sure you have the right sensitivity labeling, the right policies? That’s what Agent 365 does. It brings those security and governance principles right to the very beginning, preventing agent sprawl, reducing data oversharing, protecting against novel techniques and also helping you with compliance.

We had all these capabilities for cloud agents. We’re now expanding that to local agents because we’ve seen a proliferation of local agents. And you can now use Defender and Entra and Intune and Purview to help you protect those local agents on your machine or in your tenant. So that’s really the big theme. And then lastly, we also have Agent 365 SDK that we were building, so that now developers anywhere can use Agent 365 through the SDK—so as they develop agents, they have these controls.

Are you seeing a lot more usage of local agents?

Yes, we are, with OpenClaw and all of those agents that were introduced. So we are seeing [more] local agents. Our philosophy always has been that we want to comprehensively protect organizations, no matter what you do, what you’re using. So that’s why we’re expanding this to local agents—because as agents really proliferate across environments, we believe gaining visibility and control over them becomes critical. And that’s why our registry now supports more than 20 types of local agents, like coding agents, desktop agents, remote MCP servers. And we are also using policy, especially through Intune, to block common execution methods for the local agents, like OpenClaw.

If you talk to a CISO, they’re worried. What we know is that 29 percent of organizations that we talked to and surveyed said that their employees are using unsanctioned AI tools. So that creates a lot of risk for them. And so they want to make sure they understand what [agents are being used]. And now the Agent 365 Registry surfaces unmanaged local agents discovered by Defender, Entra and Intune, all working together. So it gives them that scanning [capability] and helps them understand and manage that risk.

Is this a unique approach from Microsoft, given that you have such a broad security platform with tools such as Defender, Entra, Intune and Purview?

Absolutely. Our basic principle has been that security practitioners want to manage their tool fragmentation. There’s so much tool fragmentation. They’re not looking for another thing. And so we used our [existing] tools that they use. We have 1.6 million customers who use Microsoft Security today, and 1 million of those customers use four or more of our tools. So we just want to expand those tools so that they can now protect agents the same way they have been doing. And that’s why Agent 365 uses all the familiar names—Defender, Purview, Entra, Intune. And we’re expanding the capabilities—first to cloud agents, now to local agents. So I think it brings that simplicity, that easy button to the organizations, as well. And so our philosophy has been that we want to give unified solutions to our security organizations that can protect them comprehensively, to secure agents, to secure people, to secure foundations and we want to use agentic security. So it’s really that paradigm of security for AI and AI for security. Agent 365 is security for AI, along with the rest of our portfolio, which also brings those agentic capabilities.

What are the major partner opportunities with Agent 365?

We have 20,000 partners in our ecosystem. We are partner-first. We always have been. We need our partners to scale. With Agent 365, our GSIs and other partners have been joined at the hip with us on making sure we can deploy the solution to our customers. Agent 365 is also part of [Microsoft 365] E7, which is now our overall frontier transformation solution. And organizations will continue to use that. And we look forward to scaling that with our partners.

No company can do this alone. Security has always been a team sport, and our partners are so important to us. They are really our co-creators on so many of these technologies, from the get-go, of helping understand the customer problems and helping understand how to manage change. How do you deploy and how do you use [the technology]? They bring that scale. And I’m excited about what we can do with them.

You’ve touched on Entra and identity here—why is that so pivotal to securing AI agents?

It’s the first step toward securing agents. And it’s even the first step in Agent 365 because it starts with a registry and it starts with an Agent ID. When you and I come to work, we log in and the system recognizes [us]—we have a unique identifier, which then gives us the permissions that we need to access the things we need. If we didn’t have that, it would be chaos. And for agents as well, with Agent ID, that is what we’re trying to solve—how do you manage an agent if it doesn’t have an identifier? Whose permissions does the agent take? If you have an agent that you’re sharing with me, does it have your permissions? And do I automatically get them? And what if you have more privileges than I need to have? And that becomes really complicated as agents start generating agents themselves. That’s why agent identity is such a critical part of that. And not only just Agent ID. For us it’s the first step—assign an agent ID so you know who the agent is. Second step, make sure that you check and audit the permissions that they have, and you’re very thoughtful about that. Third step, use policies like conditional access—which is what we have extended, so that automatically you can say, ‘This agent has this access.’ And it’s role-based and it’s real time. So when you finish doing something, verifying explicitly [is key]—you don’t get access forever. So Entra helps us extend all of this to the agent world, and it really helps us enforce that zero trust for AI. And identity is going to be even more critical, and data security with Purview, because this notion of ‘double agents’ has really come into the [picture] now.

Do you have any sense about whether customers are focusing more on security before allowing agents to be used in their environments, perhaps as compared to prior technology shifts?

Yes, and that’s the heartening part for me. Because the question organizations are not asking is whether I should use AI. What they are asking is, ‘How do I use AI securely’” And the secure-by-design and the secure-by-default principles that we’ve talked about are coming to bear even more. That’s why capabilities like Agent 365, where you can bring those controls right in the beginning of the development cycle, are super important.

We’re definitely seeing that conversation shift, where security is not a bolt-on anymore. It’s built in. And it’s not a source of friction, but they are turning it into a catalyst for innovation.

A few years back, even getting organizations to adopt [multifactor authentication] felt like it was a big mountain to climb. The great news is that people are using AI and frontier transformation as the moment to drive security transformation. And they’re not just saying, ‘Hey, how do I secure my AI?’ But they’re going and asking, ‘How do I secure my foundation and address all the hygiene? How do I make sure that my data and my identity, and the things I need for threat protection, are all updated?’

So this moment is creating an opportunity for organizations to do security the right way—not just for AI, but [for] all the foundations that they’ve needed to put in place. And because AI brings this unprecedented speed, scale and sophistication, there is an urgency to do that. And that’s why we’re seeing this high interest in technologies like Agent 365. The organizations are so open now to try different things to secure themselves. It’s really exciting.