Blank white background with no objects or features visible.

تعلن TrueFoundry عن استحواذها على Seldon AI، موسعة بذلك لوحة التحكم الخاصة بها للذكاء الاصطناعي للمؤسسات. البيان الصحفي الكامل →

Microsoft Agent 365 and TrueFoundry: comparing two approaches to the agent control plane.

By بويو وانغ

Published: July 6, 2026

For most of 2024, the agent conversation was about frameworks. By late 2025, it had shifted. Enterprises stopped asking how do we build an agent? and started asking how do we run a thousand of them safely? That shift made the agent control plane — the layer that sits between agents, the models they call, the tools they touch, and the humans accountable for them — the most consequential architectural decision of the year.

Two strong answers have emerged from opposite ends of the spectrum. Microsoft Agent 365, generally available since May 1, 2026, treats agents as first-class identities inside the Microsoft graph and extends Entra, Purview, and Defender to govern them. TrueFoundry’s platform — an AI Gateway, MCP Gateway, and Agent Gateway running on a single data plane — sits in your cloud, in front of your models and tools, and governs how any agent (any framework, any provider) actually executes.

This piece is the honest technical comparison. It is based on public vendor documentation and public launch coverage available as of June 2026; source links are listed at the end.

Microsoft Agent 365: an overview

Microsoft’s design centers on the idea that agents should be governed the same way users are governed — through identity, policy, and the same admin tools IT already operates. Microsoft describes Agent 365 as a unified control plane for overseeing AI-agent security across supported Microsoft and connected environments. In practice this surfaces as two distinct experiences: a no-code Agent Builder any knowledge worker can use, and an admin-grade registry that IT and security teams operate.

Microsoft 365 Copilot Agent Builder screen
Fig. 01 · The end-user surface. Any licensed user can launch the Agent Builder from inside M365 Copilot and create a custom agent from a natural-language prompt or a pre-built template. This is the broad-distribution model that the admin-side governance is designed to oversee.

That distribution model — every user can spin up an agent — is exactly why the registry on the other side of the platform matters so much. Agents created here, agents installed from the Agent Store, agents brought in by ecosystem partners, and shadow agents discovered by Defender all flow into a single inventory in the Microsoft 365 admin center, each identified by a Microsoft Entra Agent ID.

Agent 365 registry in the Microsoft 365 admin center
Fig. 02 · The admin surface. The Agent 365 registry. The column structure — publisher, platform, availability, security risks, active users, total sessions — reflects what Microsoft has optimized the registry to surface.

Underneath the UI, three pillars do the work — Observe, Govern, and Secure — each backed by a specific Microsoft product: identity via Microsoft Entra Agent ID; data security via Microsoft Purview (sensitivity labels, DLP, eDiscovery, retention); threat protection via Microsoft Defender (posture management, shadow-AI discovery, incident response). For developers, Microsoft publishes an Agent 365 SDK in Python, JavaScript, and .NET, with integrations for major agent frameworks and AI platforms.

Licensing Per Microsoft’s GA announcements, Agent 365 is licensed per user — $15 per user per month standalone, or included in the Microsoft 365 E7 bundle at $99 per user per month. At GA, the license covers agents acting on behalf of a licensed user; autonomous agents with their own identities remain in the Frontier preview program.

TrueFoundry’s platform: an overview

TrueFoundry started from the opposite direction. Where Microsoft asked how do we govern agents inside Microsoft 365?, TrueFoundry asked how do we run agents — any framework, any model, any cloud — with the security, observability, and cost control of a production system? The platform is three coordinated layers on a single data plane:

  • AI Gateway — a unified API in front of 1,000+ LLMs across OpenAI, Anthropic, Bedrock, Vertex, Gemini, Azure OpenAI, Mistral, Together, Groq, xAI, Cerebras, and self-hosted vLLM/TGI/Triton, with latency overhead typically under 5ms.
  • MCP Gateway — a centralized registry of Model Context Protocol servers with OAuth2, RBAC, per-tool policies, and pre- and post-call guardrails. Solves what TrueFoundry’s docs call the N×M integration problem.
  • Agent Gateway — the newest layer, and the one most relevant to this comparison. A dedicated control layer for AI agents in production.

The Agent Gateway warrants a closer look, because it is the layer that distinguishes a model gateway from a broader agent control plane. TrueFoundry frames the distinction precisely: an AI gateway manages stateless prompts and tokens; an agent gateway is the data plane for agentic AI — stateful sessions, multi-step execution, and the data movement between agents and the tools they call. Think of it as a service mesh purpose-built for agentic systems.

It ships six control pillars: unified agent execution through a single governed layer; step-level observability and tracing; policy and RBAC enforcement; reliable task execution with retries, fallbacks, and timeouts; automatic scaling under load; and framework-agnostic compatibility (LangChain, CrewAI, AutoGen, or fully custom). Notably, the underlying agent gateway project is a Linux Foundation open-source project — meaning the control layer isn’t a proprietary black box, and you aren’t locked to a single vendor’s framework.

Agent Harness — the managed runtime above the gateways

If the three gateways are the foundation, the Agent Harness is the managed runtime that sits on top of them. A harness is the runtime layer around an LLM — the orchestration loop that plans, calls tools, manages context, gates sensitive actions through approvals, and records the full trace. It is what turns a model call into a reliable, long-running agent. TrueFoundry’s Agent Harness brings this together as a managed service: pick a model, connect MCP servers, add governed skills from a registry, write instructions, and ship.

TrueFoundry’s platform: an overview

TrueFoundry started from the opposite direction. Where Microsoft asked how do we govern agents inside Microsoft 365?, TrueFoundry asked how do we run agents — any framework, any model, any cloud — with the security, observability, and cost control of a production system? The platform is three coordinated layers on a single data plane:

  • AI Gateway — a unified API in front of 1,000+ LLMs across OpenAI, Anthropic, Bedrock, Vertex, Gemini, Azure OpenAI, Mistral, Together, Groq, xAI, Cerebras, and self-hosted vLLM/TGI/Triton, with latency overhead typically under 5ms.
  • MCP Gateway — a centralized registry of Model Context Protocol servers with OAuth2, RBAC, per-tool policies, and pre- and post-call guardrails. Solves what TrueFoundry’s docs call the N×M integration problem.
  • Agent Gateway — the newest layer, and the one most relevant to this comparison. A dedicated control layer for AI agents in production.

The Agent Gateway warrants a closer look, because it is the layer that distinguishes a model gateway from a broader agent control plane. TrueFoundry frames the distinction precisely: an AI gateway manages stateless prompts and tokens; an agent gateway is the data plane for agentic AI — stateful sessions, multi-step execution, and the data movement between agents and the tools they call. Think of it as a service mesh purpose-built for agentic systems.

It ships six control pillars: unified agent execution through a single governed layer; step-level observability and tracing; policy and RBAC enforcement; reliable task execution with retries, fallbacks, and timeouts; automatic scaling under load; and framework-agnostic compatibility (LangChain, CrewAI, AutoGen, or fully custom). Notably, the underlying agent gateway project is a Linux Foundation open-source project — meaning the control layer isn’t a proprietary black box, and you aren’t locked to a single vendor’s framework.

Agent Harness — the managed runtime above the gateways

If the three gateways are the foundation, the Agent Harness is the managed runtime that sits on top of them. A harness is the runtime layer around an LLM — the orchestration loop that plans, calls tools, manages context, gates sensitive actions through approvals, and records the full trace. It is what turns a model call into a reliable, long-running agent. TrueFoundry’s Agent Harness brings this together as a managed service: pick a model, connect MCP servers, add governed skills from a registry, write instructions, and ship.

TrueFoundry Agent Platform architecture showing foundation, harness, build-and-run, integration, and observability layers
Fig. 03 · The full TrueFoundry Agent Platform stack. Foundation registries (Model, MCP, Skills) at the base; Agent Harness above them with sandbox, subagents, memory, and context management; build-and-run primitives (tool approval, generative UI, interactive and background execution) layered on top; SDK and React library for integration; observability and governance spanning the entire stack.

What ships with the harness is what teams typically have to build themselves: a sandboxed execution environment for code and long-running tasks, human-in-the-loop approval gates for sensitive operations, a versioned Skills Registry with RBAC, context engineering primitives (subagents, large-result offloading, automatic compaction), and generative UI streaming for clients to render structured blocks. End-to-end traces flow into the same observability surface as the rest of the platform — one pane of glass across model, MCP, and agent traffic.

The most consequential governance property of the harness is its credential model. No API keys, OAuth tokens, or bearer headers ever live in agent definitions. Model credentials live in the AI Gateway; MCP credentials live in the MCP Gateway with per-user OAuth and automatic refresh; skills are pulled from a governed registry. Platform teams configure access once; agent builders never handle secrets. This is the structural fix to the per-tool credential sprawl that tends to plague multi-agent environments.

Production posture TrueFoundry reports 99.99% uptime, 10B+ requests processed per month, and roughly 30% average cost optimization through smart routing and budget controls — with the entire data plane deployable in your own VPC, on-prem, or air-gapped. No data leaves your domain. Compliance posture: SOC 2, HIPAA, GDPR.

How the two control planes overlap — and where they don’t

The clearest way to see the relationship is structurally. Both products sit between agents and the world, but they govern different surfaces. Microsoft Agent 365 governs the M365-facing surface: identity, data, and distribution. TrueFoundry governs the execution layer: model routing, tool calls, and the agent runtime itself.

Architectural surface area diagram comparing Agent 365 and TrueFoundry
Fig. 04 · Architectural surface area. Agent 365 governs identity, data, and distribution on the M365 surface. TrueFoundry governs model access, tool access, and agent runtime on the execution layer. They complement, not replace.

Where the two products differ — with citations

The table below draws on vendor documentation for both products; sources are listed at the bottom.

DimensionMicrosoft Agent 365TrueFoundry
Primary frameAgents are users — govern them like usersAgents are services — govern them like services
Where it runsMicrosoft cloud, SaaSSaaS, customer VPC, on-prem, air-gapped, or hybrid
Identity modelEntra Agent ID (tenant-scoped, per agent)Gateway-issued principals + federated SSO (Okta, Entra, OIDC)
Credential modelPer-agent Entra Agent ID; credentials managed via Microsoft identity stackNo keys in agent definitions; credentials live in gateways with per-user OAuth and central rotation
LLM accessMicrosoft AI platforms primary (Copilot Studio, Foundry)1,000+ LLMs across OpenAI, Anthropic, Bedrock, Vertex, Gemini, Azure, Mistral, etc.
Tool / MCP modelGoverned MCP for M365 workloads (Mail, Calendar, SharePoint, Teams)Centralized MCP registry, OAuth2 + RBAC per tool, pre/post-call guardrails
Agent runtimeGoverned via SDK; execution inside M365 / partner platformsAgent Gateway + managed Agent Harness: sandbox, HITL approvals, skills registry, subagents, generative UI
Framework supportAny framework via Agent 365 SDKFramework-agnostic; LangChain, CrewAI, AutoGen, custom, A2A
Cross-cloud agentsRegistry Sync (GA) imports agents from AWS Bedrock and Google Gemini Enterprise; Salesforce Agentforce and ServiceNow AI Agents are not in the syncNative multi-cloud; remote agents from any source register into one registry
ObservabilityM365 admin dashboards + OpenTelemetry via SDKStep-level traces, OTel export, token/cost attribution by agent/team/env
CompliancePurview-native: DLP, labels, eDiscovery, retentionSOC 2, HIPAA, GDPR; gateway-enforced PII filtering and custom guardrails
Sandboxed executionNot a separate primitive; execution happens within M365 surfacesManaged sandbox in Agent Harness for code, files, and long-running tasks
Latency overheadNot publishedTypically under 5ms per official docs
Governance modelMicrosoft cloud-nativeAgent Gateway built on a Linux Foundation open-source project
Pricing model$15/user/month standalone or in M365 E7 bundle at $99/user/month; agents OBO a licensed user coveredTiered by deployment mode
Typical fitM365-heavy orgs adopting agents inside the Microsoft ecosystemEngineering-led orgs building and operating agents across their stack

Pros and cons by persona

The same product can be a clear win or a clear miss depending on who is asking.

CISO / Head of Security

Agent 365 fits well when your security stack is already Entra + Purview + Defender. One policy language, one incident pipeline, one attestation.

TrueFoundry tends to fit better when you need cross-cloud or on-prem residency, can’t put sensitive prompts on a SaaS control plane, or want a single audit trail spanning agents outside Microsoft’s ecosystem.

Platform / ML Engineer

TrueFoundry is generally the closer fit. Framework-agnostic gateway, 1,000+ models, step-level tracing, cost attribution, dedicated agent runtime with retries and fallbacks, deployable on your own Kubernetes.

Agent 365 is a useful complement here — adopting the SDK can be worthwhile when agents need to be discoverable in M365.

Business / Line-of-Business User

Agent 365 is the natural choice. This persona shouldn’t have to think about gateways — they want to ask Copilot and have an agent answer. Microsoft’s distribution is what matters here.

Regulated Industry · Finance, Healthcare, Defense

Both, layered. Agent 365 for the M365-facing surface where most knowledge-worker data lives; TrueFoundry for the model layer, tool calls, and audit trail — running in your own VPC for data sovereignty.

When to pick which — and when to use both

The honest answer to “Agent 365 or TrueFoundry?” is that for many enterprises the answer is both, with a clear division of responsibility.

Pick Microsoft Agent 365 when…

  • Most of your sensitive data lives in M365 and Purview already governs it
  • Agents are mostly Copilot Studio, M365 Copilot, or Agent Store partner agents
  • Security investment is already deep in Entra + Defender + Purview
  • Per-user licensing fits how value gets delivered (knowledge-worker agents)

Pick TrueFoundry when…

  • Infrastructure is heterogeneous — multi-cloud, on-prem, hybrid
  • Data residency, sovereignty, or VPC-only deployment is mandatory
  • You need broad model access with budgets, fallbacks, and load-balancing
  • You’re building custom agents with LangGraph, CrewAI, AutoGen, or in-house code
  • You need step-level traces and cost attribution feeding your existing observability stack

Use both, layered, when…

  • M365 is one of several environments your agents touch
  • Agent 365 governs the M365 surface — identity, data, Agent Store discovery
  • TrueFoundry governs the execution layer — model routing, MCP tool calls, internal-API access, agent-to-agent traffic

The bottom line

Microsoft Agent 365 is a strong fit for the question “how do I govern agents inside Microsoft 365?” For organizations whose center of gravity is M365, it is often the natural default.

TrueFoundry is well-suited to a different question: “how do I run agents — any framework, any model, any cloud — with the security, observability, and cost control of a production system?” For engineering-led, multi-cloud, regulated organizations, TrueFoundry tends to be the more direct fit.

Microsoft governs what users can do with agents; TrueFoundry governs what agents can do with infrastructure. Many enterprises in 2026 will likely use both.

See the Agent Gateway in your own environment

Deploy in your VPC, route real agent traffic, and measure the overhead yourself.

Explore the Agent Gateway →

The fastest way to build, govern and scale your AI

Sign Up
Table of Contents

One Gateway for Every LLM, Agent and MCP Server

Book a 30-min with our AI expert

Book a Demo

The fastest way to build, govern and scale your AI

Book Demo
Summarize with
ChatGPT logo by OpenAI
Perplexity AI logo
Blurry red snowflake on white background, symmetrical frosty design with soft edges and abstract shape.

Discover More

No items found.
July 6, 2026
|
5 min read

Microsoft Agent 365 and TrueFoundry: comparing two approaches to the agent control plane.

No items found.
July 6, 2026
|
5 min read

LLM model comparison: MiniMax M3 matched Claude Opus 4.8 on every task. It cost 16x less.

LLMs & GenAI
July 4, 2026
|
5 min read

تكاملات منصة التعلم الآلي #1: Weights & Biases

Use Cases
Engineering and Product
July 4, 2026
|
5 min read

تكامل Pillar Security مع TrueFoundry

No items found.
No items found.

Recent Blogs

Black left pointing arrow symbol on white background, directional indicator.
Black left pointing arrow symbol on white background, directional indicator.
Take a quick product tour
Start Product Tour
Product Tour