I'm feeling a bit lost with the M365 Agent management portal. I currently have 170 agents, with some being created today, and they're all set to 'available.' I thought agents like this would be set to 'blocked' by default? Isn't it kind of risky to allow anyone with access to install them? Has anyone else navigated this situation and can share their experiences?
3 Answers
As long as you've got admin consent requirements in place, it shouldn't be a big deal since these agents won't have any permissions in your environment. But yeah, you can just go ahead and disable them for peace of mind.
I think this situation arises when users are allowed to install certain apps, but I can't say for sure. It's frustrating because you can’t track who installs what. I started cleaning up my list about a year ago, and I'm up to 207 now, so I totally understand where you're coming from. Personally, I believe they should just be disabled by default, but that’s just my take on it.
Actually, this setup is pretty standard. Microsoft wants to encourage adoption, so they leave all agents enabled across multiple customer tenants. It’s a strategy to get people comfortable using their services.
Absolutely! It kind of resembles how they handle trial licenses for M365 products—once users start using them, they suddenly need to keep them, which forces IT to purchase. I'd recommend disabling those settings promptly.
Thanks for your input! It’s interesting; in my test tenant with no users, I'm seeing the same issue. I'm unable to change the Allowed Agent Types under Agent Settings without getting an error. It seems like a broader issue across different tenants.