/HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg)
/2025%20-%20MSP%20and%20Partner/HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg?length=1000&name=HubSpot%20-%20eBook%20-%20Proof%20Card%20Mockup%20001-min.jpg)
If you only watched the Ignite keynotes, you could come away thinking this year was about spectacle: agents everywhere, Copilot doing more, and a wave of “IQ” layers on top of your data.
From a Microsoft 365 admin point of view, the story is sharper than that. Ignite quietly made AI agents first-class citizens inside your tenant, and it made it much easier for those agents to find and act on the content you already have.
At the same time, most of the admins we spoke with in San Francisco were still wrestling with the classics: SharePoint storage limits, OneDrive and Teams sprawl, and permissions that are hard to unwind once they've spread.
If your governance is strong, this is the start of a powerful new phase. If you're still fighting oversharing, ownerless workspaces, ROT, and storage growth, the risk curve just bent upward.
Here are our takeaways after an exciting week at Ignite 2025.
1. Agents are a new governance surface, not just a dev toy
Microsoft introduced Agent 365 as a control plane for AI agents. In their words, it is a way to deploy, organize, and govern agents securely, regardless of whether they are built on Microsoft platforms, open-source frameworks, or third-party tools. It brings together a registry, access control, observability, interoperability, and security in one place.
At the same time, Microsoft is rolling out native agent infrastructure, including agent connectors, an agent workspace, and new ways for agents to run in contained, policy-controlled environments. These pieces let agents connect to apps through Model Context Protocol, operate under clear guardrails, and act on your behalf with built-in governance hooks.
For admins, this means:
- Agents are now real identities with their own IDs, access policies, and logs.
- There will be many of them, not one, and they will be able to call each other.
- They will touch files, sites, and systems at a speed and scale no human can match.
That’s a new governance surface. It’s no longer enough to know who your users are and which workspaces they own. You also need to know which agents exist in your tenant, what they can see, and who is accountable for them.
If you don’t have a clean handle on registry, permissions, and lifecycle for human-owned workspaces, adding agents on top will create an agent-shaped version of shadow IT.
2. Work IQ, Fabric IQ, and Foundry IQ raise the stakes on hygiene
Ignite also introduced or expanded a stack of “IQ” layers that give Copilot and agents better context over your data.
Work IQ extends the intelligence behind Microsoft 365 Copilot so it can understand how users work, who they work with, and what content they use. Fabric IQ and Foundry IQ push this idea across analytics and line of business data, tying multiple sources into a unified semantic model and retrieval layer.
In plain terms, these layers make it easier for AI to:
- Find the right content across more systems,
- Understand how that content fits into business processes, and
- Use that context to reason and take actions.
That’s only helpful if the content and access model are in good shape. If your SharePoint and Teams estates are full of overshared sites, stale projects, and sensitive data that should have been archived, you’re giving Copilot and agents a lot of bad inputs.
Better context doesn’t distinguish between “useful and safe” and “risky and unnecessary.” It simply gets you to whatever exists, faster.
This is where basic hygiene work matters more than ever:
- Clear ownership for sites and teams
- Least privilege permissions and strong defaults
- A predictable lifecycle that includes archiving and deletion, not just creation
- Labels that travel with content when it moves
If you want to use these new IQ layers confidently, you need to know the data they see is the data you actually want in play.
3. Security Copilot will move faster than collaboration governance
Microsoft also announced that Security Copilot is now included for Microsoft 365 E5 customers at no additional charge. This is a clear signal that AI-assisted security operations are moving from pilot to mainstream in larger tenants.
Security teams with E5 will be able to adopt AI quickly. They will get richer threat analysis, faster investigation, and better recommendations across Defender, Entra, and Purview.
The problem is that most organizations don’t have collaboration governance at the same maturity level. They still have:
- Ownerless Teams and SharePoint sites
- Long-lived guest access and broad sharing links
- Redundant, outdated, and trivial (ROT) content that nobody has had time to classify or clean up
The result is a gap: sophisticated AI-driven security on top of a collaboration estate that is still noisy, loosely governed, and growing in all the wrong places. Security Copilot may highlight risks faster, but it cannot invent ownership, labels, lifecycle, or sane storage policies where none exist.
Closing that gap means aligning security and collaboration work. Security can’t be an E5-only AI project while Teams, SharePoint, and OneDrive hygiene remain an afterthought.
4. Copilot’s “instant sites” will create instant content debt
Microsoft showed Copilot generating complete SharePoint pages from a single prompt. The demos included layouts, text, charts, and live components.
From a productivity perspective, this is great. It kills a lot of blank page time and lets teams get to “something reasonable” very quickly.
From a governance and storage point of view, it looks like a rerun of an old movie, just at a faster speed:
- New sites and pages can appear much more quickly.
- People will experiment without always thinking about lifecycle and ownership.
- Content volume will spike, and storage growth will follow, especially in tenants that already feel like they’re hitting the limits.
If you don’t have clear templates, approvals, and lifecycle rules, you'll see the classic SharePoint mess recreated in a fraction of the time. Copilot will help people publish more, but it won’t decide when something should be archived or deleted.
This is exactly where provisioning guardrails and lifecycle automation pay off. You want Copilot to plug into a model where every new workspace has:
- A defined purpose and owner
- The right template and labels
- A lifecycle path that includes review and closure
Otherwise, every “instant site” is a future cleanup task.
What Microsoft 365 admins should do in the next 90 days
If you’re an admin or platform owner, you can’t control Microsoft’s product roadmap, but you can control the state of the tenant these agents and Copilots will live in.
Orchestry Health Checks help you monitor workspace provisioning, archivals, storage savings, and more.
Over the next quarter, focus on:
- Ownership and registry
Make sure you have a clean list of workspaces, owners, and contact paths. Eliminate ownerless sites. Capture why each workspace exists and who is responsible for it. - Permissions and sharing
Lock down “anyone with the link” sharing, tighten guest access, and push towards group-based permissions across Teams, SharePoint, and OneDrive. Treat this as a precondition for any broad Copilot or agent rollout. - Lifecycle and archive
Decide when workspaces and sites are archived, when they are deleted, and how Microsoft 365 Archive fits into that picture and your storage strategy. Stale content should either be properly archived or removed, not left to clutter active areas. - Health checks and trends
Run regular health checks on your tenant so you can see growth, storage, security posture, and ROT trends over time, not just as a one-off snapshot. Use that to decide where to intervene first. - Pilot Copilot and agents where hygiene is strongest
Start with departments or business units that have clearer ownership and better hygiene. Prove value in a controlled part of the tenant before opening the doors everywhere.
-1.jpeg?width=454&height=603&name=Media%20(3)-1.jpeg)
Thanks to everyone who stopped by booth 5352 to talk tenant hygiene and storage.
At Orchestry, this is exactly where we’re focused. Our platform already surfaces ownerless and overshared workspaces, highlights risky links, and supports archive workflows for Teams and SharePoint. Our Health Checks and Recommendations features are designed to give you the same kind of “IQ layer” for your governance work, so you can see tenant health and act on it with less guesswork.
Ignite 2025 didn’t change the basics: you still need clear ownership, least privilege, and a lifecycle that includes more than creation. It did change the stakes. AI agents will sit on top of whatever you have today, and they’ll move faster than any human ever could.
Now’s the time to make sure the tenant your agents inherit is one you actually want them to learn from.
Prepare your tenant for AI agents
You can’t prepare for AI adoption without preparing your governance. When permissions are clean, Copilot and agents become a productivity multiplier. When they’re not, they act as a mirror, showing exactly where your risks live.
See how Orchestry helps organizations restore control and prepare for AI-driven collaboration. Start a 28-day trial to uncover hidden risks in your tenant.