Penthara-Logo-Dark
For Organizations

Azure Foundry Control Plane is not Governance. It's a CIO Lie Detector.

Unified governance for AI agents - Azure Foundry Control Plane gives CIOs full visibility, compliance, and control to expose risks and ensure reliable operations.

Table of Content:

Share the Blog

Walked into 3 tenants this month.

Asked one question. "How many agents are running in your environment right now?"

Got 3 different answers from 3 different people in the same room. None of them was right.

That is the gap Foundry Control Plane is about to expose.

What it actually is

Foundry Control Plane is not a new product. It is a control surface sitting underneath everything you already deployed in Microsoft Foundry.

In plain language, it does four things on day one.

  • Discovers every agent across every subscription connected to your tenant.
  • Inventories model usage, tool usage, and data access for each one.
  • Surfaces Hosted Agent Tracing (Preview) so you can see execution paths, not just outputs.
  • Ties every agent back to an owner, a workload, and a lifecycle state.

If you have been building inside Foundry, none of this is added on top. It is just turned on.

Why "control plane" not "governance"

Governance is what you decide.

Control plane is what you see.

Foundry Control Plane will not write your policy. It will tell you whether your policy is real.

That distinction matters. Most enterprises already have an AI policy on paper. Very few have a way to test it against what is actually running in production. This closes that gap.

What it surfaces on day one

Four categories show up in the first inventory. They are not theoretical. They exist in almost every tenant I have looked at this year.

1. Shadow agents. Built in Copilot Studio. Never registered with IT. No central visibility.

2. Ownerless agents. The builder moved teams or left the company. The agent kept running. Nobody is accountable.

3. Over-permissioned agents. Tokens scoped wider than the user behind them. Least privilege exists in policy, not in practice.

4. Lifecycle-free agents. No expiry. No review. No retirement path. Agents accumulate. Drift accumulates with them.

Where it falls short today

It is worth being honest about what this release does not solve.

  • Cross-tenant visibility is thin if you operate across multiple Microsoft Entra tenants.
  • Retirement actions are inventory-first, not policy-first. You see the agent. You still decide what to do with it.
  • Hosted Agent Tracing is in preview, not GA. Treat it as visibility, not a control.

None of this is a reason to wait. It is a reason to know what you are turning on.

The executive reality

This is not a feature launch. It is a mirror.

Most CIOs already know the gap exists. They just have not been forced to look at the number yet.

The first inventory report is uncomfortable. The second one is useful. The third one starts to look like governance.

Pick one before June 1

A. We know our agent inventory. We are ready.

B. We are guessing. Control Plane will be uncomfortable.

C. We do not know what an agent inventory should even look like.

Most leadership teams are quietly somewhere between B and C.

If that is where you are, the next 60 days are the cheapest time to fix it. After June 1, the report writes itself.

Let's connect

I work with CIOs and CISOs to get ahead of Foundry Control Plane before it surfaces things they did not want to find out from a board meeting.

If your team is somewhere between B and C, send me a message. A 30 minute conversation usually tells you which one you are.

Written & Reviewed by

Jasjit Chopra

Chief Executive Officer
Comment Now

Leave a Reply

Your email address will not be published. Required fields are marked *

 
footer logo
Microsoft solution partners Data & Azure
Insights
Services
crossmenuchevron-down