may 1 - microsoft agent 365 hit ga at $15/user/month. it observes, governs, and secures agents inside microsoft 365. for any team standardized on microsoft, it's a sensible default.
it is also not an eu ai act article 12 audit.
what agent 365 does well
- discovery (which agents are running where)
- policy enforcement (this agent can read mailbox, that one can't)
- runtime telemetry (latency, errors, token spend)
- conditional access (entra id-scoped tool calls)
what an article 12 audit needs that agent 365 doesn't ship
- hash-chained immutable log per inference
- prompt + output retention with tamper evidence
- conformity assessment artifacts (technical documentation, intended purpose, risk classification)
- procurement-ready report a buyer's gc can read in 20 minutes
agent 365 is the control plane. an audit is the evidence file the regulator (or the procurement team at the buyer) actually opens.
the bizsuite stack on top of agent 365
- wrap each agent invocation with a structured audit log
- emit a daily merkle root for tamper evidence
- generate the conformity assessment from the agent's intended-purpose declaration
- compile a procurement-ready pdf
4 hours. $997 per agent. deliverable to the auditor.
why this matters
buying agent 365 doesn't mean you've audited your agents. it means you can see them. that's a different problem than the one the eu ai act asks about.
Top comments (0)