Agents need an HR department too

Chatting with AI was yesterday. Today, you let it work alongside you. People already speak of the agentic age: humans and AI working closely together within organisations. The agent takes over routine jobs - for example automatically responding to customer enquiries - while the human contributes their creativity and their understanding of the customer and their needs. But we are not quite there yet:

«For agents to operate within a secure framework from the very start, humans need control and oversight», says Renato Petrillo, CEO of Baggenstos. «That is exactly what Agent 365 has delivered since the beginning of May.»

HR for AI agents

It does not work without rules. That is true for a human team; and it applies equally to human-AI teams. «Agent 365» is the central tool for managing and controlling all Copilot agents across the entire workspace.

Agent 365 integrates seamlessly into the Microsoft ecosystem and is far more than just a dashboard for agents. The system is connected to Microsoft Defender, Intune, Entra and Purview. This ensures protection for identities, access rights and data. As a result, the agents operate in line with applicable policies and follow security and governance rules. Unlike other AI systems, which are often misconfigured and granted too many permissions, Agent 365 ensures that no data overreach takes place.

Agent 365 for oversight, governance and security

Agent 365 is available on its own or as part of the new Microsoft 365 E7 plan. The system manages and controls AI agents across all of an organisation’s environments. It follows the human-in-the-loop approach, which gives humans full control and can prevent networked AI agents from developing a «life of their own».

«IT governance is generally put to the test with AI systems», says Renato Petrillo. «In addition to user access, the permissions of autonomous entities operating in the Microsoft 365 graph must also be controlled.»

With Agent 365, a complete overview of all agents is possible. Every agent published via Microsoft 365 channels and registered with an Entra Agent ID automatically appears in the Agent 365 inventory. Functions beyond integration via security policy templates and overviews are managed in the administration centres of Entra, Intune, Purview and Defender.

Performance, quality, speed and business value are visible at a glance; one click ends the collaboration. Control can be role-based - for example from the perspective of management or the security officer.

The governance functions ensure secure onboarding of the agent, enforce the principle of least privilege and simplify lifecycle management. Agent actions are logged in detail. Particularly important: unauthorised agent interactions can be detected, blocked and traced. The security risks posed by agents can be minimised through access control, functions to strengthen data security and the analysis of current threats.

Careful implementation

«Agentic systems require a precise knowledge of the processes and the legal framework», says Renato Petrillo.

To this end, the Baggenstos specialists run workshops and design secure onboarding processes for the new «AI employees».

Bringing AI agents into the company involves a lot of preparation. Clear use cases need to be defined, data quality has to be checked and the legal basis has to be clarified.

«We recommend a test phase and the gradual expansion of the new agent team», says Renato Petrillo. «After that, regular checks of output quality, performance and security are needed - and of course the training data must be continuously updated.»

The effort pays off, because unlike pure automation, networked AI agents complete tasks independently, allowing companies to truly focus on their core business: on their research, on their customers, on people.

Further information: Microsoft Agent 365