Microsoft shipped Agent 365 last Friday with something most people skipped past: cross-cloud registry sync with AWS Bedrock and Google Cloud's agent platform. IT teams can now discover, inventory, and lifecycle-manage agents running outside Azure from a single control plane.
That one bullet is the whole announcement. The implication is bigger than the launch deck.
We've been running agents at Upswing across three clouds for about a year. Pricing in one, IoT telemetry in another, guest-comm in a third. The thing nobody warned us about is that agents proliferate the same way SaaS subscriptions did in the 2010s. One team spins up an agent to summarize support tickets. Another adds one to run nightly reports. Six months later you have forty agents you can't enumerate, half with stale credentials, none with an owner. It's shadow IT, but the shadows write to your database.
What Agent 365 is actually shipping is Active Directory for agents. The same primitives — discovery, identity, lifecycle, audit — but applied to non-human actors that hold tokens, call APIs, and spend your budget. Once you've built that registry for users, you build it for agents. The shape is identical.
The cross-cloud bit matters because agents don't respect cloud boundaries. A Bedrock agent calling a Gemini-hosted tool that triggers an Azure workflow is just Tuesday now. Trying to govern that from inside any single vendor's console is the same losing fight as one-IdP-per-SaaS-app. We've already lived through that. We know who wins — the platform that sees everything.
By end of year, agent registry won't be a feature toggle. It'll be a job description. The teams that figured out user IAM in 2014 are about to quietly inherit this one. The rest will discover their agent count the same way every CFO discovered their SaaS spend — through a six-figure bill nobody approved.
Top comments (0)