{"id":131936,"date":"2025-07-31T08:00:00","date_gmt":"2025-07-31T15:00:00","guid":{"rendered":""},"modified":"2025-08-06T19:47:11","modified_gmt":"2025-08-07T02:47:11","slug":"evolving-power-platform-governance-for-ai-agents","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/power-platform\/blog\/2025\/07\/31\/evolving-power-platform-governance-for-ai-agents\/","title":{"rendered":"Evolving Power Platform Governance for AI Agents"},"content":{"rendered":"\n

As AI agents evolve from on-demand assistants to autonomous agents, CIOs are entering a new era of governance<\/strong>. Traditional governance models designed for low-code apps and automation can be reused and evolved to meet increasing demands from more capable agents, with growing industry regulations. This expanded power brings both new opportunities and risks.<\/p>\n\n\n\n

Microsoft Power Platform<\/a> enables organizations to build low-code apps and automation within your established governance, controls, and operational models. This framework can be applied to AI agents as well. Microsoft Copilot Studio<\/a> is built upon the developments and experiences from Power Platform, allowing organizations to utilize their existing resources.<\/p>\n\n\n\n

Copilot Studio plays a leading role in the agent shift. According to Microsoft\u2019s FY25 Q3 earnings release, Copilot Studio has been used by over 230,000 organizations, including 90% of the Fortune 5001<\/sup>. IDC project 1.3 billion AI agents by 20282<\/sup>. The scale and speed of adoption make one thing clear: governance is emerging as a critical priority.<\/p>\n\n\n\n

CIOs should consider these five key areas:<\/p>\n\n\n\n

    \n
  1. A Governance Mindset Is Essential for Agents<\/li>\n\n\n\n
  2. Low-code Lessons Apply Directly to Agents<\/li>\n\n\n\n
  3. Driving Visibility, Cost Control, and Business Value<\/li>\n\n\n\n
  4. Empower Innovation with Guardrails<\/li>\n\n\n\n
  5. Community, Training, and Experimentation Drive Adoption<\/li>\n<\/ol>\n\n\n\n
    \n

    Want the full breakdown? <\/strong>
    Explore each section in detail by clicking the button below.<\/strong><\/p>\n<\/div>\n\n\n\n

    \n
    View the e-book here<\/a><\/div>\n<\/div>\n\n\n\n
    \n\n\n\n

    1. A Governance Mindset Is Essential for Agents<\/strong><\/h2>\n\n\n\n

    Agents don\u2019t just respond to prompts. They initiate actions and operate across disparate systems. That means governance can\u2019t be static. It must evolve to cover the growing agent behaviors and industry requirements.<\/p>\n\n\n\n

    Begin by considering agents as digital labor.<\/strong> Assign them trackable identities, define their roles and permissions, and continuously monitor their behaviour and performance.<\/p>\n\n\n\n

    According to Microsoft\u2019s 2025 Work Trend Index<\/a>, Frontier Firms\u2014organizations powered by intelligence on tap and human-agent teams\u2014are emerging through three phases of AI evolution: from assistants to digital colleagues running entire businesses processes. This progression is redefining collaboration, as humans shift from users to orchestrators of digital labor.<\/p>\n\n\n

    \"\"<\/figure>\n\n\n\n

    Not every agent should have the same level of autonomy<\/strong>. Some might only perform low risk activities like answering questions. Others, like a sales development agent, might handle RFPs and pricing proposals autonomously. CIOs should define tiers of autonomy and enforce them with technical guardrails. Just like you wouldn\u2019t give a new hire full system access on day one, agents also need scoped permission and supervision. Consider the agent supervision across review, monitor and protect depending on the agent complexity.<\/p>\n\n\n\n

    Reviewers<\/strong> are responsible for identifying and reviewing AI-generated output and content to verify accuracy. Monitors<\/strong> observe and track the actions of AI and agents, enabling human or AI-based follow-up as necessary. Protectors<\/strong> have the ability to adjust or restrict AI and agent actions and permissions.<\/p>\n\n\n\n

    \n\n\n\n

    2. Low-code Lessons Apply Directly to Agents<\/strong><\/h2>\n\n\n\n

    If you have experience with Power Platform, you’re already familiar with this process. You can apply the same playbook: establishing a center of excellence, enforcing security measures like Data Loss Prevention policies, managed environments, and role-based access controls to agents as well.<\/p>\n\n\n\n

    Maintain consistency by applying your existing compliance, security, and audit frameworks to agents, updating them for new behaviors as needed. In addition to using Power Platform Admin Center, leverage other Microsoft tools like Purview and Entra ID, and ensure your governance framework supports safe innovation.<\/p>\n\n\n\n

    Additional IT guidance content can be found on the adoption site<\/a>.<\/p>\n\n\n

    \"\"<\/figure>\n\n\n\n
    \n\n\n\n

    3. Driving Visibility, Cost Control, and Business Value<\/strong><\/h2>\n\n\n\n

    Visibility is the foundation of effective agent governance<\/strong>. Without it, agents can proliferate unchecked, leading to redundancy, security gaps, and unnecessary costs. This is why CIOs must establish reliable telemetry that offers deep insight into who created an agent, what data it accesses, how often it\u2019s used, and the resulting impact on the organization\u2019s resources.<\/p>\n\n\n\n

    Fortunately, tools like Copilot Studio\u2019s built-in analytics and Power Platform Admin Center offer the transparency and insights to manage agent usage and costs effectively. By tracking consumption and reviewing performance regularly, teams can identify underused or redundant agents, forecast expenses with tools like the cost calculator<\/a>, and ensure agents stay aligned with strategic goals.<\/p>\n\n\n\n

    Read the agents cost management E-book here<\/a><\/p>\n\n\n\n

    While managing costs helps keep investments in check, it\u2019s the business value that ultimately justifies them<\/strong>. CIOs should look beyond usage limits and budget forecasts to ask a more strategic question: what outcomes are agents actually driving? This shifts the focus from spend to impact.<\/p>\n\n\n\n

    Ultimately, governance without visibility is just guesswork. Robust telemetry ensures that every agent is accounted for, managed wisely, and contributing to safe, scalable innovation.<\/p>\n\n\n

    \"\"<\/figure>\n\n\n\n
    \n\n\n\n

    4. Empower Innovation with Guardrails<\/strong><\/h2>\n\n\n\n

    The people closest to the work often have the best ideas for how agents can help them. Empowering business teams to build their own agents can accelerate innovation and speed.<\/p>\n\n\n\n

    But empowerment without guardrails is a risk.<\/strong> All agents must operate within strict security and compliance boundaries. Enforce permission models so agents only access authorized data sources. Use environment strategies and connector policies to keep sensitive data safe and audit each key step.<\/p>\n\n\n\n

    A zoned governance model<\/strong>, with centralized policy and progressive autonomy, gives CIOs a scalable way to manage agents. IT sets boundaries allowing business units to innovate safely within these zones:<\/p>\n\n\n\n