At its last two flagship events, Microsoft spent its keynote time on a single idea: an AI agent is not a feature. It’s a workforce member that needs an identity, permissions, a policy it must obey, an audit trail behind every action, and a central place where someone can see what it’s doing and what it costs.
If that sounds familiar, it’s because we’ve been building exactly this for years. We don’t say that to claim we were first — we say it because when the largest enterprise software vendor on earth dedicates its main stage to your thesis, the argument is over. The question is no longer whether agents need governance. It’s who you trust to provide it, and on whose terms.
What Microsoft actually announced
Microsoft’s positioning is clean and correct. Every agent needs identity, access control, policy, observability, and traceability — managed centrally, the way you already manage employees and devices. Their answer is a control plane that gives each agent a first-class identity, a registry that inventories every agent in the organization (including the shadow ones nobody registered), policy templates applied at onboarding, telemetry for behavior, and an audit log for compliance. Identity, data governance, and threat protection sit underneath as the three pillars.
This is the right architecture. We know, because it’s the same architecture we arrived at independently: agent profiles with their own identity, role-based access down to the row and field level, a policy and SOP layer agents must operate within, evals, and audit-ready logs for every action. Two teams, starting from different places, converging on the same primitives — that’s the strongest signal a market can give you that the primitives are real.
The part the validation narrative hides
Here’s what we won’t pretend: a vendor building a control plane for your agents is validation and competition at the same time. So the honest question for any organization is not “is this category real” — Microsoft just answered that — but “what am I locking myself into?”
A control plane is most powerful when every agent, every model, and every piece of data already lives inside one vendor’s estate. That’s a reasonable trade if you’re an all-in Microsoft shop and intend to stay one. It’s a worse trade if you run on more than one cloud, if you want to choose the best model for each task rather than the one your governance vendor prefers, or if your data has to stay inside the EU for reasons that aren’t negotiable.
That’s the layer we occupy, and it’s the layer a single-stack vendor is structurally unable to lead on.
Where we’re different — and why it’s structural
LLM-agnostic by design, not by permission. We route across providers — OpenAI, Anthropic, Google, open models — choosing the right model for each task and switching without a rebuild. A vendor whose commercial gravity points at its own models will always make its own models the path of least resistance. Neutrality you depend on a competitor to grant isn’t neutrality.
Cross-cloud and sovereign. We don’t require you to standardize on one hyperscaler’s identity, licensing, and admin surface to govern your agents. For regulated European buyers, we can keep agents, data, and audit logs inside EU infrastructure — a hard requirement, not a feature toggle.
An orchestration runtime, not a governance overlay. A control plane governs agents. It doesn’t run them or coordinate the work between them. We do both: agents talk to each other, follow SOPs, roll back failed multi-step workflows, and integrate with your systems through our integration platform — governed end to end, in one layer instead of three invoices across three teams.
What we’d tell a CISO or CTO reading this
Take the validation. The category is real, the urgency is real, and you no longer have to make the case internally that agents need governance — Microsoft made it for you. Then ask the harder question: do you want that governance to come with a dependency on one vendor’s cloud, one vendor’s models, and one vendor’s licensing, or do you want a control plane and orchestration layer that stays neutral as your stack evolves?
We built Copyl for the second answer. If a major player going the same direction makes you more confident the direction is right — good. We think so too. We just don’t think you should have to pick a single cloud to get there.
Curious how an LLM-agnostic, sovereign agent control plane compares to what you’re being offered inside a single stack? Tell us about your setup using the form below — we’ll show you the difference on your own use case.