Microsoft Agent 365 and TrueFoundry: comparing two approaches to the agent control plane.

Conçu pour la vitesse : latence d'environ 10 ms, même en cas de charge
Une méthode incroyablement rapide pour créer, suivre et déployer vos modèles !
- Gère plus de 350 RPS sur un seul processeur virtuel, aucun réglage n'est nécessaire
- Prêt pour la production avec un support complet pour les entreprises
For most of 2024, the agent conversation was about frameworks. By late 2025, it had shifted. Enterprises stopped asking how do we build an agent? and started asking how do we run a thousand of them safely? That shift made the agent control plane — the layer that sits between agents, the models they call, the tools they touch, and the humans accountable for them — the most consequential architectural decision of the year.
Two strong answers have emerged from opposite ends of the spectrum. Microsoft Agent 365, generally available since May 1, 2026, treats agents as first-class identities inside the Microsoft graph and extends Entra, Purview, and Defender to govern them. TrueFoundry’s platform — an AI Gateway, MCP Gateway, and Agent Gateway running on a single data plane — sits in your cloud, in front of your models and tools, and governs how any agent (any framework, any provider) actually executes.
This piece is the honest technical comparison. It is based on public vendor documentation and public launch coverage available as of June 2026; source links are listed at the end.
Microsoft Agent 365: an overview
Microsoft’s design centers on the idea that agents should be governed the same way users are governed — through identity, policy, and the same admin tools IT already operates. Microsoft describes Agent 365 as a unified control plane for overseeing AI-agent security across supported Microsoft and connected environments. In practice this surfaces as two distinct experiences: a no-code Agent Builder any knowledge worker can use, and an admin-grade registry that IT and security teams operate.

That distribution model — every user can spin up an agent — is exactly why the registry on the other side of the platform matters so much. Agents created here, agents installed from the Agent Store, agents brought in by ecosystem partners, and shadow agents discovered by Defender all flow into a single inventory in the Microsoft 365 admin center, each identified by a Microsoft Entra Agent ID.

Underneath the UI, three pillars do the work — Observe, Govern, and Secure — each backed by a specific Microsoft product: identity via Microsoft Entra Agent ID; data security via Microsoft Purview (sensitivity labels, DLP, eDiscovery, retention); threat protection via Microsoft Defender (posture management, shadow-AI discovery, incident response). For developers, Microsoft publishes an Agent 365 SDK in Python, JavaScript, and .NET, with integrations for major agent frameworks and AI platforms.
TrueFoundry’s platform: an overview
TrueFoundry started from the opposite direction. Where Microsoft asked how do we govern agents inside Microsoft 365?, TrueFoundry asked how do we run agents — any framework, any model, any cloud — with the security, observability, and cost control of a production system? The platform is three coordinated layers on a single data plane:
- AI Gateway — a unified API in front of 1,000+ LLMs across OpenAI, Anthropic, Bedrock, Vertex, Gemini, Azure OpenAI, Mistral, Together, Groq, xAI, Cerebras, and self-hosted vLLM/TGI/Triton, with latency overhead typically under 5ms.
- MCP Gateway — a centralized registry of Model Context Protocol servers with OAuth2, RBAC, per-tool policies, and pre- and post-call guardrails. Solves what TrueFoundry’s docs call the N×M integration problem.
- Agent Gateway — the newest layer, and the one most relevant to this comparison. A dedicated control layer for AI agents in production.
The Agent Gateway warrants a closer look, because it is the layer that distinguishes a model gateway from a broader agent control plane. TrueFoundry frames the distinction precisely: an AI gateway manages stateless prompts and tokens; an agent gateway is the data plane for agentic AI — stateful sessions, multi-step execution, and the data movement between agents and the tools they call. Think of it as a service mesh purpose-built for agentic systems.
It ships six control pillars: unified agent execution through a single governed layer; step-level observability and tracing; policy and RBAC enforcement; reliable task execution with retries, fallbacks, and timeouts; automatic scaling under load; and framework-agnostic compatibility (LangChain, CrewAI, AutoGen, or fully custom). Notably, the underlying agent gateway project is a Linux Foundation open-source project — meaning the control layer isn’t a proprietary black box, and you aren’t locked to a single vendor’s framework.
Agent Harness — the managed runtime above the gateways
If the three gateways are the foundation, the Agent Harness is the managed runtime that sits on top of them. A harness is the runtime layer around an LLM — the orchestration loop that plans, calls tools, manages context, gates sensitive actions through approvals, and records the full trace. It is what turns a model call into a reliable, long-running agent. TrueFoundry’s Agent Harness brings this together as a managed service: pick a model, connect MCP servers, add governed skills from a registry, write instructions, and ship.
TrueFoundry’s platform: an overview
TrueFoundry started from the opposite direction. Where Microsoft asked how do we govern agents inside Microsoft 365?, TrueFoundry asked how do we run agents — any framework, any model, any cloud — with the security, observability, and cost control of a production system? The platform is three coordinated layers on a single data plane:
- AI Gateway — a unified API in front of 1,000+ LLMs across OpenAI, Anthropic, Bedrock, Vertex, Gemini, Azure OpenAI, Mistral, Together, Groq, xAI, Cerebras, and self-hosted vLLM/TGI/Triton, with latency overhead typically under 5ms.
- MCP Gateway — a centralized registry of Model Context Protocol servers with OAuth2, RBAC, per-tool policies, and pre- and post-call guardrails. Solves what TrueFoundry’s docs call the N×M integration problem.
- Agent Gateway — the newest layer, and the one most relevant to this comparison. A dedicated control layer for AI agents in production.
The Agent Gateway warrants a closer look, because it is the layer that distinguishes a model gateway from a broader agent control plane. TrueFoundry frames the distinction precisely: an AI gateway manages stateless prompts and tokens; an agent gateway is the data plane for agentic AI — stateful sessions, multi-step execution, and the data movement between agents and the tools they call. Think of it as a service mesh purpose-built for agentic systems.
It ships six control pillars: unified agent execution through a single governed layer; step-level observability and tracing; policy and RBAC enforcement; reliable task execution with retries, fallbacks, and timeouts; automatic scaling under load; and framework-agnostic compatibility (LangChain, CrewAI, AutoGen, or fully custom). Notably, the underlying agent gateway project is a Linux Foundation open-source project — meaning the control layer isn’t a proprietary black box, and you aren’t locked to a single vendor’s framework.
Agent Harness — the managed runtime above the gateways
If the three gateways are the foundation, the Agent Harness is the managed runtime that sits on top of them. A harness is the runtime layer around an LLM — the orchestration loop that plans, calls tools, manages context, gates sensitive actions through approvals, and records the full trace. It is what turns a model call into a reliable, long-running agent. TrueFoundry’s Agent Harness brings this together as a managed service: pick a model, connect MCP servers, add governed skills from a registry, write instructions, and ship.

What ships with the harness is what teams typically have to build themselves: a sandboxed execution environment for code and long-running tasks, human-in-the-loop approval gates for sensitive operations, a versioned Skills Registry with RBAC, context engineering primitives (subagents, large-result offloading, automatic compaction), and generative UI streaming for clients to render structured blocks. End-to-end traces flow into the same observability surface as the rest of the platform — one pane of glass across model, MCP, and agent traffic.
The most consequential governance property of the harness is its credential model. No API keys, OAuth tokens, or bearer headers ever live in agent definitions. Model credentials live in the AI Gateway; MCP credentials live in the MCP Gateway with per-user OAuth and automatic refresh; skills are pulled from a governed registry. Platform teams configure access once; agent builders never handle secrets. This is the structural fix to the per-tool credential sprawl that tends to plague multi-agent environments.
How the two control planes overlap — and where they don’t
The clearest way to see the relationship is structurally. Both products sit between agents and the world, but they govern different surfaces. Microsoft Agent 365 governs the M365-facing surface: identity, data, and distribution. TrueFoundry governs the execution layer: model routing, tool calls, and the agent runtime itself.

Where the two products differ — with citations
The table below draws on vendor documentation for both products; sources are listed at the bottom.
Pros and cons by persona
The same product can be a clear win or a clear miss depending on who is asking.
When to pick which — and when to use both
The honest answer to “Agent 365 or TrueFoundry?” is that for many enterprises the answer is both, with a clear division of responsibility.
Pick Microsoft Agent 365 when…
- Most of your sensitive data lives in M365 and Purview already governs it
- Agents are mostly Copilot Studio, M365 Copilot, or Agent Store partner agents
- Security investment is already deep in Entra + Defender + Purview
- Per-user licensing fits how value gets delivered (knowledge-worker agents)
Pick TrueFoundry when…
- Infrastructure is heterogeneous — multi-cloud, on-prem, hybrid
- Data residency, sovereignty, or VPC-only deployment is mandatory
- You need broad model access with budgets, fallbacks, and load-balancing
- You’re building custom agents with LangGraph, CrewAI, AutoGen, or in-house code
- You need step-level traces and cost attribution feeding your existing observability stack
Use both, layered, when…
- M365 is one of several environments your agents touch
- Agent 365 governs the M365 surface — identity, data, Agent Store discovery
- TrueFoundry governs the execution layer — model routing, MCP tool calls, internal-API access, agent-to-agent traffic
The bottom line
Microsoft Agent 365 is a strong fit for the question “how do I govern agents inside Microsoft 365?” For organizations whose center of gravity is M365, it is often the natural default.
TrueFoundry is well-suited to a different question: “how do I run agents — any framework, any model, any cloud — with the security, observability, and cost control of a production system?” For engineering-led, multi-cloud, regulated organizations, TrueFoundry tends to be the more direct fit.
Microsoft governs what users can do with agents; TrueFoundry governs what agents can do with infrastructure. Many enterprises in 2026 will likely use both.
TrueFoundry AI Gateway offre une latence d'environ 3 à 4 ms, gère plus de 350 RPS sur 1 processeur virtuel, évolue horizontalement facilement et est prête pour la production, tandis que LiteLM souffre d'une latence élevée, peine à dépasser un RPS modéré, ne dispose pas d'une mise à l'échelle intégrée et convient parfaitement aux charges de travail légères ou aux prototypes.
Le moyen le plus rapide de créer, de gérer et de faire évoluer votre IA












.webp)

.png)
.webp)
.webp)


.webp)
.webp)
.webp)
.png)









