Microsoft Build 2026 Recap: Agents Get Identity, Governance and Consumption Pricing

Most Build keynotes are a parade of features. You skim the recap, note the one or two things that touch your world, and move on.

Last week was different, and not because of the gadgets.

Yes, there were new models, new chips, a wearable badge and a quantum announcement. But underneath the spectacle, Microsoft said something far more consequential to anyone running a business on its stack.

The argument about whether AI agents work is finished. What Build 2026 was really about is the next problem, the one that decides whether agents ever make it past the pilot: how do you run them across an enterprise without losing control of your data, your security or your budget?

Three answers ran through almost everything announced. Agents got a real identity. They got a rulebook they have to operate inside. And they got a clear, metered bill. Here’s what each of those means if you’re in financial services in Australia or New Zealand.

Key Takeaways

  • Build 2026 was about control, not capability. The headline work went into making agents governable, attributable and affordable at scale
  • Microsoft IQ, led by Work IQ, grounds agents in your business data while keeping it inside your tenant trust boundary
  • Every agent now runs under its own governed Entra identity, so its actions trace back to a known actor rather than an anonymous service account
  • Microsoft Execution Containers, Agent 365 and the MDASH security system give agents a containment and oversight layer enforced by the platform itself
  • Pricing is consumption-based, and Microsoft is shipping admin-level spend controls alongside it so finance teams can govern the cost
  • Seven new in-house MAI models, led by Microsoft’s first reasoning model, signal a deliberate move to a multi-model future
  • Microsoft Scout shows where Copilot is heading: an always-on agent that acts more like a colleague than a chatbot
  • For regulated industries, the governance stack is the announcement that matters

 

The Argument Has Moved On

A year ago the question was whether agents could do real work. Microsoft’s own Q3 numbers put that to bed, with close to 90% of the Fortune 500 already running agents in production.

Build 2026 picked up the harder question that follows. Once agents are doing the work, what does it take to trust them in a business where a mistake has consequences? Three things, as it turns out. You need to ground an agent in how your business operates. You need to prove what it did when someone asks. And you need to know what it will cost before the invoice arrives.

Read the announcements through those three needs and the picture sharpens quickly.

 

An Identity: Grounding Agents in Your Business

A model trained on the open internet knows a great deal about the world and nothing about you. It doesn’t know your products, your policies, or the difference between how two of your teams use the same word. Microsoft’s answer is Microsoft IQ, a shared context layer now generally available across GitHub Copilot, Foundry and Copilot Studio.

It draws on a few sources. Work IQ builds a live picture of how work moves through Microsoft 365, across emails, documents, meetings and the people connecting them. Fabric IQ models your structured business data. Foundry IQ handles retrieval across knowledge sources. And Web IQ, new at Build, grounds agents in current information from the open web. Together they turn a generic model into one that reasons over your organisation.

What this looks like in practice

A lender notices early-stage arrears climbing on one loan product and can’t see why. The conventional route is to pull a team off other work, have them extract reports from origination, servicing, hardship and complaints systems, and hope the pattern reveals itself.

An agent grounded in Work IQ and your operational data takes the question head on. It cross-references those systems and surfaces the common thread, perhaps that every affected account came through one broker channel inside a particular fortnight. That is the kind of cross-system reasoning that takes days by hand and minutes when the context is already wired in.

Why this reassures a regulated business

The detail that matters here is where the data sits. With Work IQ, context and insights stay inside your Microsoft 365 tenant trust boundary. Every call is authenticated through Entra and trimmed to what the signed-in user is already permitted to see, and every action is auditable in Purview. The agent never sees more than the person it acts for, and you can reconstruct what it did afterwards. That is a stronger starting point than connecting an external AI tool to your data and trusting the governance to hold.

 

A Rulebook: Governance Built Into the Platform

This was a subtle part of the keynote and the most important if you answer to APRA or ASIC. Microsoft spent real time on containment, identity and attribution. It echoes a point we’ve made repeatedly: the risk was never AI, it was ungoverned AI. Build 2026 is Microsoft building the governance the argument always required.

Every agent has a name

Each agent now runs under its own governed Entra identity rather than a shared, anonymous service account. So the work an agent does is attributable to a known actor your directory already recognises. When someone asks who made a decision, the answer is no longer a shrug. You can identify the agent, see what it was permitted to do, and follow its actions.

Boundaries the operating system enforces

Microsoft Execution Containers, now in preview, let teams declare what an agent can reach, which files, which networks, and have Windows enforce those limits at runtime. Agent 365 adds Entra and Intune policy on top so security teams govern agents centrally. The enforcement sits with the platform, not with the agent’s good behaviour. An agent simply cannot step outside the boundary it was given.

Catching exploitable flaws at scale

Microsoft also brought its agentic security system, MDASH, into a wider platform spanning Defender, GitHub Code Security, Agent 365 and Purview. It runs more than 100 specialised agents to find genuinely exploitable vulnerabilities and prioritise them, rather than drowning teams in low-value alerts. For an in-house engineering team, that is the difference between a security backlog nobody can triage and a short list of things that actually matter.

 

A Bill: Pricing You Can Govern

Agents run on consumption pricing. You pay for what they do, the reasoning, the tool calls, the orchestration. That’s the same move away from per-seat licensing we flagged after Microsoft’s Q3 results, now reaching across the agent stack. Handled well, it’s the fairer model, because you pay for value used instead of seats sitting idle.

Microsoft has clearly anticipated the obvious concern, which is runaway spend, and built for it. Alongside the general availability of the Work IQ APIs, new consumption-management controls arrive in the Microsoft 365 Admin Center. Admins can set cost limits at tenant, group and user level, create notification triggers when usage climbs, and monitor consumption in one place. The cost controls arrive at the same time as the agents, not months later.

Our advice as a partner is straightforward: turn those controls on from day one and treat agent spend the way you treat cloud spend, as something you actively govern rather than something you reconcile later. Used that way, consumption pricing rewards good design. A well-scoped agent doing valuable work is cheap to run. The organisations that get the most out of this will be the ones that build deliberately and watch the meter, not the ones that switch everything on at once and hope. That’s where having a partner who has done this before earns its keep.

 

Where the Value Is First

Not every announcement deserves equal attention, and the temptation with a Build this size is to chase the most exciting thing rather than the most useful one. A few practical reads depending on where you are.

Already invested in Microsoft? The platform you’re on just gained a serious context and governance upgrade. The move that pays off now is picking one or two high-value, lower-risk processes and piloting a grounded agent with identity and cost controls switched on from the start. The pieces you need to experiment safely are already arriving.

Weighing Microsoft up? For a regulated business the case got harder to argue against. Data inside the tenant boundary, agent identity through Entra, auditability through Purview, containment enforced by the operating system. Assembling that from separate tools is difficult and expensive, and it’s precisely the control environment a regulator expects you to be able to show.

Still finding your feet? Choose a process you can measure and a question you can audit, put a clear cost ceiling around it, and learn the governance and spend mechanics somewhere low-stakes before you scale. The teams that move fastest later are the ones that learn the controls early.

 

A Few Other Things Worth Knowing

Microsoft built its own family of models

The Microsoft AI Superintelligence Team released seven in-house MAI models, headed by MAI-Thinking-1, its first reasoning model. Microsoft describes it as mid-sized, trained on clean and commercially licensed data, and cheap to run per token. The company reports it was preferred to Claude Sonnet 4.6 by independent raters in a blind test and matches Claude Opus 4.6 on a coding benchmark. New image, voice, transcription and coding models came alongside it. The strategy is unmistakable: Microsoft is building first-party capability and steering toward a multi-model world rather than a single-supplier one.

Microsoft Scout is a look at the next Copilot

Scout is Microsoft’s first Autopilot agent, an always-on assistant built on open-source OpenClaw technology with Work IQ as its context engine. It works inside Teams, Outlook, OneDrive and SharePoint, handling meeting prep, scheduling and inbox triage without waiting to be asked. It’s limited to Frontier customers in an early release for now, but it marks the shift from agents that respond to agents that act.

New hardware for local AI

With NVIDIA, Microsoft unveiled the Surface RTX Spark Dev Box and Surface Laptop Ultra, both built to run large models locally rather than leaning entirely on the cloud. The performance impressed reviewers; the pricing is premium and aimed at Apple’s high end. Worth knowing about, not a broad rollout decision for most businesses.

Project Solara and a post-app idea

Microsoft showed early Project Solara concepts, a desk companion and a wearable badge, designed for a world where you interact with an agent rather than open an app. It’s a long-range bet rather than something arriving next quarter, but it signals how seriously Microsoft takes the agent-first direction.

Majorana 2 keeps the quantum story moving

Microsoft announced Majorana 2, claiming it’s 1,000 times more reliable than the previous generation and a step toward a commercially useful quantum computer by 2029. The work hasn’t been fully peer reviewed and some experts want more detail, so the timeline is best read as ambition. Exciting, and still some distance off.

 

Trust Is the Product Now

There’s a reading of Build where it’s a list of things Microsoft made. The more useful reading is what Microsoft chose to spend its time on. Not convincing anyone that agents are clever, that’s settled, but doing the unglamorous work of making them safe to run: giving them names, putting walls around them, recording what they do, and handing you the dial that controls the cost.

That’s the work that turns an agent from an impressive demo into something you’d actually let near a customer’s loan file. And it’s the same work that lets you answer cleanly when a regulator asks how the thing works, who’s accountable, and what happens when it gets something wrong.

The agents showed up a while ago. Last week was about whether you can put your name to what they do. Increasingly, you can.

If you want to work out what any of this means for your business, your AI roadmap or your Microsoft investment, get in touch with the 365 Mechanix team. We help organisations across Australia and New Zealand turn announcements like this into things that actually run.

 

FAQs

What was the main theme of Microsoft Build 2026?

Control rather than capability. With the question of whether agents work largely settled, Build focused on the identity, governance, security and cost controls that let organisations deploy them seriously.

What is Microsoft IQ?

A shared context layer that grounds agents in your organisation. It combines Work IQ (how work happens across Microsoft 365), Fabric IQ (structured business data), Foundry IQ (knowledge retrieval) and Web IQ (current web information), so agents reason over your business rather than generic training data.

Does our data leave our environment when we use Work IQ?

Microsoft states that context and insights stay inside your Microsoft 365 tenant trust boundary, with calls authenticated through Entra, limited to what the signed-in user can already see, and auditable in Purview. As always, validate this against your own compliance requirements before deploying.

How does this connect to CPS 230 and agent governance?

Agent identity, containment and auditability map directly onto the operational resilience and accountability themes in CPS 230. They give you stronger tools to govern AI. They don’t, on their own, make you compliant. Accountability stays with the regulated entity.

How does the consumption pricing work, and how do we keep it under control?

You pay for what your agents do rather than per seat. Microsoft is shipping spend controls in the Microsoft 365 Admin Center, letting admins set cost limits by tenant, group and user, trigger alerts and monitor usage. Switch them on early and govern agent spend like cloud spend, and well-designed agents stay inexpensive to run.

Are the new MAI models replacing OpenAI inside Microsoft’s products?

Not replacing, but clearly reducing dependence on any single provider. Microsoft launched seven in-house MAI models at Build, including its first reasoning model, while continuing to support a multi-model approach. The direction is more first-party capability and more choice.

Should we be buying the new Surface devices?

For most businesses, not urgently. The Surface RTX Spark Dev Box and Surface Laptop Ultra target developers and local AI workloads and carry premium pricing. Worth tracking, but a specialist purchase rather than a fleet decision.

How does 365 Mechanix help?

We turn Microsoft’s announcements into working implementations across Dynamics 365, Power Platform, Copilot, agents and the governance around them, for organisations across ANZ. If any of this is on your radar, get in touch.