Microsoft Ignite 2025: Agent 365, the IQ family, and the Frontier Firm gets an operating manual

21. November 2025

  • Home
  • Blog
  • Microsoft Ignite 2025: Agent 365, the IQ family, and the Frontier Firm gets an operating manual
Microsoft Ignite 2025: Agent 365, the IQ family, and the Frontier Firm gets an operating manual

18–21 November 2025, Moscone Center, San Francisco (hybrid). This was the first Ignite held in San Francisco rather than Chicago or Seattle, and the first in living memory where Satya Nadella did not deliver the opening keynote. That job went to Judson Althoff, the new CEO of Microsoft's Commercial Business, and his framing set the tone for the whole week: stop bolting AI features onto how you already work, and start rebuilding the organisation around agents. He called the result a "Frontier Firm." Microsoft says it had more than 20,000 people in the building and north of 200,000 watching online — and for the first time, almost none of the headline announcements were about a model. They were about how you run the things the models make possible.

The Moscone Center in San Francisco, venue for Microsoft Ignite 2025

We watch Ignite differently than we watch Build. Build is where we find out what we'll be building with next year. Ignite is where we find out what we'll be operating — the governance, identity, security and licensing reality that lands on every customer tenant we look after. And on that axis, Ignite 2025 was one of the most consequential in years, because Microsoft finally stopped talking about agents as a demo and started shipping the unglamorous machinery you need to put thousands of them into a real company without losing the plot.

From "look what an agent can do" to "who authorised that agent?"

A year ago the agent conversation was all upside. Every customer wanted to know what a Copilot agent could automate. By late 2025 the question every IT lead in EMEA was actually asking us had flipped: how many agents are already running in my tenant that nobody approved, what data can they touch, and who is accountable when one of them does something dumb? The polite name for this is shadow AI, and it is the governance headache of the moment.

Ignite 2025 was Microsoft's answer to that question, delivered as a stack rather than a single product. The throughline of the week — and the thing we'll be implementing for customers first — is Agent 365.

Agent 365: a control plane for the agents you didn't know you had

Agent 365 is pitched as the control plane for agents — the same role the Microsoft 365 admin centre plays for users and devices, but for the autonomous software now acting on their behalf. It is available through Microsoft's Frontier early-access program, and it organises around five capabilities Microsoft kept repeating:

  • A registry — a single source of truth for every agent in the organisation, regardless of whether it was built in Copilot Studio, Microsoft Foundry, an open-source framework, or bought from a partner.
  • Access control — scoping each agent to only the resources it needs for its job, rather than letting it inherit a human's full permissions.
  • Visualization — a dashboard showing the connections between agents, people and data, with real-time monitoring of agent behaviour.
  • Interoperability so agents from different builders can work together.
  • Security, woven in through the rest of the Microsoft stack.

The piece that makes this real, and the one we care about most, is identity. Microsoft Entra Agent ID gives each agent a first-class identity in Entra — not a shared service account, not an API key in a config file, but a governed identity with Conditional Access, lifecycle and audit. That is exactly the right primitive. The moment an agent has its own identity, every existing Entra control we already configure for humans — who it is, what it may access, when that access expires, what it did and when — applies to it too. We have spent fifteen years teaching customers that every actor needs an identity. Microsoft just extended that rule to software that thinks for itself.

We'll be honest about the catch, because the analysts at the event were too: the licensing and pricing for Agent 365, and for the new metered Agent Factory plan that bundles Copilot Studio and Foundry consumption, were left genuinely unclear at Ignite. For an MSP that has to quote a customer a number, "available in the Frontier program" is not a price list. We'll be watching that closely before we promise anyone a budget.

A mission-control room lined with screens — a fitting metaphor for an agent control plane

Microsoft Foundry, and the "IQ" family

The platform formerly known as Azure AI Foundry is now just Microsoft Foundry. Renames are usually noise, but this one signals something: Foundry is no longer positioned as an Azure feature for ML engineers, it's the company-wide place you build, govern and scale agents. The most useful change for us is that an agent built in Foundry can now be published to Microsoft 365 and Teams chat with a single click — the gap between "we prototyped an agent" and "it's in front of the people who need it" just got dramatically smaller.

Underneath Foundry sits a Model Router that automatically picks a model — across OpenAI, Anthropic, Llama, Mistral and others — based on cost and performance, and a new Foundry Control Plane for governance. And then there's the naming theme Microsoft leaned on all week: a family of "IQ" layers meant to give agents real grounding instead of confident guesses.

  • Work IQ is the intelligence layer for Microsoft 365 — it connects Copilot and custom agents to your files, emails, meetings and chats, and builds memory of how a person actually works. Crucially for builders, Work IQ is now reachable via API, so an agent we write can be grounded in a user's real working context rather than starting cold every time.
  • Foundry IQ is built on Azure AI Search and billed as the next generation of retrieval-augmented generation — a single governed knowledge base agents draw on, designed to cut down hallucination.
  • Fabric IQ extends the semantic model that's lived in Power BI for years out across business operations, so an agent can reason about what your data means — what a "customer" or an "order" is in your business — and not just what's in a table.

We like this framing more than we expected to. The hard part of a useful enterprise agent was never the model; it was grounding the model in messy, permissioned, real-company data without it either hallucinating or quietly reading something it shouldn't. The IQ layers are Microsoft's attempt to make that grounding a platform capability rather than something every integrator rebuilds by hand. All three were in preview at Ignite, so we're cautiously optimistic, not sold — preview is preview.

Anthropic's Claude lands on Azure, next to GPT

The announcement that made us sit up: Anthropic's Claude models are now available in Microsoft Foundry — specifically Claude Sonnet 4.5, Claude Opus 4.1 and Claude Haiku 4.5. Microsoft's claim is that Azure is now the only cloud offering access to both the frontier Claude models and OpenAI's GPT models in one place.

This sits inside a much bigger, eye-watering deal announced alongside it: a three-way arrangement between Microsoft, Anthropic and NVIDIA in which Anthropic commits to roughly $30 billion of Azure compute, with Microsoft and NVIDIA investing $5 billion and $10 billion respectively into Anthropic. We'd treat the strategic dependencies there with clear eyes — these are competitors-and-partners all at once. But the practical effect for our customers is the one that matters: model optionality on the platform they already trust. Being able to route a task to Claude or to GPT inside the same Foundry control plane, governed by the same identity and compliance plumbing, is worth more to a German mid-market customer than any single model being a few points higher on a benchmark. We've never wanted to bet a client's platform on one lab's roadmap, and now we don't have to.

Security: Copilot agents, and a licensing shift that actually moves money

Security is always the part of Ignite that lands hardest in DACH, where the buying conversation starts with compliance, not capability. Two things stood out:

  • Security Copilot is now included in Microsoft 365 E5 — reported as roughly 400 security compute units per 1,000 users per month. For MSPs reselling E5 tenants across DACH, that's not a feature note, it's a line item that changes the economics of an offer. A capability that used to be a separate consumption bill is now part of a SKU a lot of our customers already buy.
  • A wave of Security Copilot agents embedded in the Defender portal — threat hunting, threat-intelligence briefing, dynamic threat detection — plus the Microsoft Sentinel data lake going GA and Sentinel graph with an MCP server, so agents can reason over security data through a standard protocol. And, fittingly given the rest of the week, Defender for AI Agents: posture management and runtime protection for the agents themselves.

That last point is the quiet theme of the whole conference. Microsoft spent four days telling everyone to deploy agents everywhere — and the same four days building the tools to watch those agents like a hawk. That is the correct order of operations, and frankly it's reassuring to see the security story shipped with the capability story rather than two years behind it.

A datacenter server hall with rows of racks — the kind of Azure infrastructure powering Foundry and the agent platform

The infrastructure under all of it

Most of the silicon and datacenter news is "interesting, not actionable" for a shop our size, but it's worth a paragraph because it's the foundation the rest stands on. Microsoft announced Azure Cobalt 200, its next-gen in-house Arm CPU, claiming about 50% better performance than the previous generation, alongside Azure Boost networking improvements. And it lit up its second Fairwater datacenter, in Atlanta, knitting geographically separate Fairwater sites into what it's calling an AI "superfactory" — distributed campuses wired together over a dedicated low-latency network to train frontier models as one virtual supercomputer. The headline benchmark figures here are Microsoft's own, so we'll file them under "promising" until someone independent measures them. But the direction — Microsoft owning more of its own silicon and power — is the same optionality story playing out one layer down.

Why it mattered for us

Strip away the spectacle and Ignite 2025 was, for a Microsoft-stack shop like ThreeBIT, a manual for the next two years of operating customer environments.

Agent 365 plus Entra Agent ID change how we operate, not just what we build. The era where every team quietly spins up an agent and nobody knows what's authorised is ending — and it's ending in exactly the right place, with identity as the control point. That's good news for serious MSPs and bad news for anyone running "agent governance" out of a spreadsheet. We will be standing up the registry, the access scoping and the Entra identities for our managed customers regardless of whether they think of themselves as a "Frontier Firm" or not.

Model optionality on Azure protects our customers' bets. Claude and GPT in one governed control plane means we don't have to wed a client's platform to a single vendor's roadmap — the same instinct that's always drawn us to the open, foundation-governed parts of the .NET world.

The IQ layers, if they live up to preview, solve the unglamorous half of every agent project — grounding the thing in real, permissioned company data without it hallucinating or oversharing.

And there's a thread that connects straight to where Microsoft took the story six months later at Build 2026: if Ignite 2025 was the year Microsoft shipped the governance and identity to make enterprise agents safe to deploy, Build 2026 was the year it shipped the production framework — Agent Framework 1.0 with first-class .NET support, OS-level sandboxing, orchestration — to actually build them at scale. Ignite gave us the operating manual; Build gave us the SDK. Read together, they're the same message: the experimental phase of enterprise agents is over, and the boring, important phase — governed, identified, audited, in production — has begun.

"AI is no longer a tool that helps you work smarter; it's becoming a collaborator in how work gets done." — Satya Nadella, Microsoft Ignite 2025

We'll let our customers decide whether they're a Frontier Firm or a comfortable rear one. Either way, we'll have the controls set up before the first agent logs in.

Sources & further reading

Single-source or vendor-stated items — the Cobalt 200 performance figure, the Anthropic/NVIDIA investment numbers, and the exact Agent 365 / Agent Factory licensing — are reported here with appropriate caution; treat the benchmark and pricing specifics as provisional until independently confirmed.

Image credits

All photos are used under their respective Creative Commons licences; we are grateful to the photographers.

  • Moscone Center, San Francisco (2013) — © Another Believer, CC BY-SA 3.0, via Wikimedia Commons (source).
  • 1970 Mission Control Apollo 13 — NASA, public domain, via Wikimedia Commons (source).
  • Datacenter Server Racks (22370909788) — © Carl Lender from Sunrise, USA, CC BY 2.0, via Wikimedia Commons (source).
Microsoft Ignite Microsoft Foundry Agent 365 Work IQ Entra Agent ID Anthropic Claude AI Agents Security Copilot
BACK TO BLOG