# Visibility Is Not Governance
KPMG just deployed Microsoft Agent 365 to all 276,000 professionals across 138 countries. The product registers, maps, and audits every AI agent in the organisation. It costs $15 per user per month and became generally available on 1 May 2026. KPMG plans to turn the governance stack into a service offering through its “Trusted AI” framework.
That is a control plane. It answers the question: what are our agents doing?
It does not answer the question most organisations actually need answered: what should our agents be doing?
The gap between watching and directing
A control plane sees everything. Which agents are running, which data they access, which users launched them. Microsoft Agent 365 can register agents across AWS, Google Cloud, and Microsoft platforms. It can detect shadow agents — unregistered AI running without IT knowledge. It can expire inactive agents, flag orphaned ones, block high-risk behaviour.
None of that tells an agent how to behave in the first place.
When a customer-facing chatbot encounters a complaint it cannot resolve, what should it do? Escalate? To whom? With what context? Under what conditions? When a procurement agent evaluates a supplier, which criteria matter and which are negotiable? When a compliance agent reviews a contract clause, what is the threshold for flagging it versus accepting it?
These are not visibility questions. They are judgment questions. And right now, most organisations answer them by hoping the agent figures it out — or by locking the agent down until someone can supervise every decision.
Gartner predicts over 40% of agentic AI projects will be cancelled by the end of 2027. The root causes they name: escalating costs, unclear business value, inadequate risk controls. Across a poll of over 3,400 respondents, the pattern is consistent — enterprises deploy agents without encoding the rules that should govern their behaviour, then shut them down when the lack of rules produces unpredictable results.
Monitoring tells you what happened. Rules tell agents what to do.
The distinction matters because organisations are spending on the monitoring layer as though it solves the governance problem. It does not. The monitoring layer is necessary infrastructure — you cannot govern what you cannot see. But visibility without encoded rules is surveillance without direction. You know the agent made a decision. You do not know whether it was the right one, because nobody wrote down what “right” means for that specific workflow.
KPMG’s move is significant precisely because it reveals the gap. A Big Four firm with 276,000 professionals and a dedicated “Trusted AI” framework is deploying the control plane first. The rules — the specific, machine-readable judgments about how agents should behave in each workflow — come second. Or third. Or never, if the organisation assumes the control plane is the governance.
Microsoft’s own documentation for Agent 365 confirms the boundary. The product manages agent lifecycles: register, monitor, audit, expire. It enforces policies about which agents can run and which data they can access. But the business rules — the workflow-specific decisions about escalation thresholds, approval gates, quality criteria, judgment calls — live outside the control plane. They live in the heads of the people who do the work. Until someone encodes them.
The encoding is the hard part
Every organisation deploying AI agents eventually arrives at the same question: who encodes the judgment? Not the monitoring — the judgment. The specific, contextual rules that determine how an agent should behave in a particular workflow with particular constraints and particular stakeholders.
This is not a technology problem. Agent 365 is good infrastructure. The platforms that compete with it — Camunda ProcessOS, ServiceNow — are building similar capabilities. The infrastructure market is well served.
The unsolved problem is upstream. Before you monitor agent behaviour, you need to decide what the behaviour should be. Before you audit compliance, you need to encode what compliance means for each specific workflow. Before you build the control plane, you need the rules it enforces.
That encoding requires the people who currently do the work — the ones with the institutional knowledge, the edge-case judgment, the context that no platform can infer. Their knowledge has to be externalised, structured, and made machine-readable. One workflow at a time, with the people who hold the judgment in the room.
The control plane is the infrastructure layer. The encoded judgment is the governance layer. KPMG has the first one. The question — for KPMG and every organisation watching — is who provides the second.
Sources: Microsoft announcement, 9 June 2026; Microsoft Agent 365 GA, 1 May 2026; Futurum analysis; Gartner prediction, 40% cancellation rate; Microsoft Agent 365 overview; Agent 365 limitations analysis.