Works for any Microsoft Entra tenant. We use your identity to read agents from Teams, Power Platform, Azure AI Foundry, SharePoint and Entra. Token forwarding only — nothing is stored server-side.
ReadWrite
scopes have to be added and admin-consented. Inventory + risk
analysis work entirely from the read scopes.
Create one manually in the Entra portal:
https://this-app-origin
(the URL you're reading this page from).
Agent365Free is delegated-only: it acts as you, never as an app. The App Registration can be single-tenant or multi-tenant — multi-tenant is only needed if accounts from other tenants will sign in to the same app registration. The scopes below are admin-consented in your tenant once: the first sign-in triggers a standard Microsoft consent prompt, a Global Administrator approves once, and every user in that tenant can then sign in normally.
Read-only by default. Inventory, risk analysis,
every export, every drill-through — all run on the
.Read.* scopes below. The two
ReadWrite scopes that unlock the
per-agent Delete buttons live in a separate
section at the end of this list and are not
included in the default admin-consent flow. Opt-in only.
| Scope | Used for |
|---|---|
User.Read | Sign-in / profile |
User.ReadBasic.All | Resolve agent owners → name / email |
Group.Read.All | Teams app catalog group membership |
AppCatalog.Read.All | Teams agent inventory |
AuditLogsQuery.Read.All | Audit view + per-agent activity |
AuditLog.Read.All | Service-principal sign-in → dormant detection |
Directory.Read.All | SP type, privileged roles, federated creds |
Policy.Read.All | Conditional Access coverage map |
AgentIdentity.Read.All preview | Entra Agent identities source |
Files.Read.All | SharePoint Agents — read .agent files |
Sites.Read.All | SharePoint deep-scan beyond search index |
InformationProtectionPolicy.Read | Real Purview sensitivity-label names |
Read-only inventory + risk analysis runs entirely on the
scopes above. To unlock the per-agent Delete
buttons in the side panel (Teams catalog removal, SharePoint
agent removal), two additional ReadWrite
scopes have to be added to the app reg and consented. These
are NOT part of the default admin-consent flow
— you opt in by running the provisioning script with
-IncludeDeleteScopes (PowerShell) /
--include-delete-scopes (Bash) and
re-consenting. Tenant-wide write across the Teams catalog and
all files is a heavy grant; only add it if you truly need the
delete actions.
| Scope | Used for |
|---|---|
AppCatalog.ReadWrite.All governance | Delete Teams agent from the org catalog |
Files.ReadWrite.All governance | Delete SharePoint .agent file |
user_impersonation | Azure AI Foundry project enumeration |
user_impersonation | Azure AI Foundry data-plane — agent instructions / tools / runs |
ResourceQuery.Resources.Read | PP Inventory — primary Copilot Studio agent fetch |
EnvironmentManagement.Environments.Read | Enumerate Power Platform environments |
CopilotStudio.MinimalBot.Read | Per-env Copilot Studio bot list |
CopilotStudio.MakerOperations.Read | Maker-context bot / agent metadata |
user_impersonation | Per-env Dataverse: bot, appmodule, systemusers tables |
OAuth scopes alone aren't enough — these are role assignments. The app degrades gracefully per source: missing a role only hides one source / one signal, never breaks sign-in.
| Role | Required for |
|---|---|
| Agent ID Administrator OR Agent ID Developer (Entra) | Entra Agent identities source |
| System Administrator OR System Customizer (Dataverse, per env) | Copilot Studio bots + Model-driven apps |
| Azure AI Developer (Foundry — at subscription scope covers all projects) | Foundry agents + tools + instructions |
| Power Platform Administrator | Cross-environment PP Inventory results |
| Global Administrator OR Application Administrator | Admin-consent the app the first time |
Something not working? Email us at agent365registry@syskit.com
AI agent governance at a glance across every source.
Every agent registered across Teams, Power Platform and Azure AI Foundry in this tenant.
Microsoft Entra ID directory records for AI agents. Each identity is the security root; linked workload agents (Copilot Studio, Foundry, …) appear as children.
No data yet — open All agents to load the inventory, then come back.
Cross-source Copilot activity from the unified audit log (CopilotInteraction record type, Copilot service).
Built by the community, for the community.
Backed & sponsored by Syskit. Agent365Free is funded by Syskit and runs on Syskit infrastructure — the same team behind Syskit Point, the Microsoft 365 governance & security platform.
This tool grew out of the research behind the Dawn of the Agent 365 whitepaper, written by six Microsoft MVPs — Gokan Ozcifci, Vlad Catrinescu, Frane Borozan, Isabelle Van Campenhoudt, Mike Maadarani, and Antonio Maio. Building the inventory to back the paper's findings is how Agent365Free came to be.
Something not working? Email us at agent365registry@syskit.com
"MVP" denotes the Microsoft Most Valuable Professional award; "RD" the Microsoft Regional Director program. Marks belong to Microsoft.