As more organizations move AI agents from pilots into real business workflows, a bigger question is starting to matter: how do you keep those agents safe, secure, and under control as they scale? Microsoft’s answer is not a single tool or a last-minute security review. It is a blueprint. In its Agent Factory series, Microsoft says enterprises need a layered trust model that combines identity, built-in guardrails, evaluations, adversarial testing, data protection, monitoring, and governance from the start.
Microsoft frames this as the final post in its six-part Agent Factory series, focused on trust as the next frontier for enterprise AI. The company argues that as agents become part of core business systems, trust becomes the factor that determines whether they stay experimental or move into production.
Microsoft says enterprises across industries are facing the same set of pressures. CISOs worry about agent sprawl and unclear ownership. Security teams want guardrails that connect to their existing workflows. Developers want safety built in from day one instead of added at the end. This is part of a broader shift-left pattern, where security, safety, and governance have to move earlier into the developer workflow.
That matters because the biggest blockers to AI adoption are still trust-related. Microsoft specifically points to data leakage, prompt injection, and regulatory uncertainty as major reasons agents fail to move from pilot to production. In other words, organizations are no longer just asking whether agents are useful. They are asking whether they are manageable, governable, and safe enough to deploy at scale.
Microsoft highlights five qualities that stand out in enterprise-grade agents. First, every agent should have a unique identity so it can be tracked across its lifecycle. Second, data protection should be built in by design so sensitive information is classified and governed. Third, agents need built-in controls such as harm and risk filters, threat mitigations, and groundedness checks. Fourth, they should be evaluated against threats using automated safety testing and adversarial prompts. Fifth, they need continuous oversight through telemetry that connects into enterprise security and compliance workflows.
Microsoft is careful not to present these qualities as a guarantee of absolute safety. Instead, it describes them as essential layers for building trustworthy agents that can meet enterprise standards as they evolve. That layered model is what makes the article useful. It shifts the conversation away from one-off controls and toward a full operating blueprint.
Microsoft says Azure AI Foundry brings together the security, safety, and governance capabilities needed to follow this blueprint in practice. One of the clearest examples is identity. The company says every agent created in Foundry will soon receive a unique Entra Agent ID, giving organizations visibility into active agents across the tenant and helping reduce shadow agents.
Foundry also includes built-in agent controls. Microsoft says it offers an industry-first cross-prompt injection classifier that scans not only prompt documents, but also tool responses, email triggers, and other untrusted sources to flag, block, and neutralize malicious instructions. The platform also provides protections against misaligned tool calls, risky actions, sensitive data loss, and unsafe outputs through harm filters, groundedness checks, and protected material detection.
Evaluations are another major part of the blueprint. Microsoft says teams can run harm and risk checks, groundedness scoring, and protected material scans both before deployment and in production. It also points to the Azure AI Red Teaming Agent and the PyRIT toolkit as ways to simulate adversarial prompts at scale, surface vulnerabilities, and improve resilience before incidents reach production.
Microsoft also emphasizes that trust depends on where the data lives and how it is controlled. In Azure AI Foundry Agent Service, enterprises can bring their own Azure resources for file storage, search, and conversation history. Microsoft says this keeps agent data inside the organization’s tenant boundary under its own security, compliance, and governance controls. Foundry Agent Service also supports private network isolation with custom virtual networks and subnet delegation so agents can operate inside tightly scoped network boundaries.
Governance does not stop there. Microsoft says agents in Foundry can honor Microsoft Purview sensitivity labels and DLP policies so protections applied to data carry into agent outputs. It also says Foundry surfaces alerts and recommendations from Microsoft Defender, while sending telemetry into Microsoft Defender XDR so security teams can investigate prompt injection attempts, risky tool calls, and unusual behavior within their existing workflows. On top of that, governance collaborators such as Credo AI and Saidot can map evaluation data to frameworks like the EU AI Act and the NIST AI Risk Management Framework.
Microsoft reduces the approach into a clear sequence. Start with identity using Entra Agent IDs. Add built-in controls like Prompt Shields, harm and risk filters, groundedness checks, and protected material detection. Continuously evaluate with automated checks and adversarial testing. Protect sensitive data with Purview labels and DLP. Monitor with enterprise tools like Defender XDR. Then connect governance to real regulatory frameworks.
The article also includes early proof points. Microsoft says EY is using Azure AI Foundry leaderboards and evaluations to compare models by quality, cost, and safety. It also says Accenture is testing the Microsoft AI Red Teaming Agent to simulate adversarial prompts across full multi-agent workflows before going live. Those examples matter because they show this blueprint is not just theoretical.
The core message of Agent Factory is simple: safe and secure AI agents do not happen by accident. They require identity, controls, evaluations, data protection, monitoring, and governance working together as one layered system. Microsoft is positioning Azure AI Foundry as the place where that system comes together, helping organizations build agents that are not only useful, but trustworthy enough to scale.
Join Our Newsletter
