Ten days ago, Microsoft open-sourced the Agent Governance Toolkit — a seven-package framework for securing autonomous AI agents at runtime. It covers all ten OWASP Agentic AI risks, delivers sub-millisecond policy enforcement, and supports LangChain, AutoGen, OpenAI Agents SDK, and more.
We built native integration the same week.
This post explains why that matters for CISOs, how the two platforms complement each other, and what the integration actually does.
The Problem Neither Solves Alone
Microsoft's toolkit is exceptional at governing how agents behave — runtime policy enforcement, cryptographic identity, execution sandboxing, compliance attestation. If you're building agents on Azure or using Microsoft's agent frameworks, it's the right foundation.
But enterprise security agents don't just talk to Microsoft services. They talk to CrowdStrike. Splunk. Okta. Palo Alto. ServiceNow. The agent that triages detections pulls from CrowdStrike, creates tickets in Jira, sends alerts to Slack, and might isolate a host through Palo Alto — all in one workflow.
Microsoft's toolkit governs the agent runtime. ARXsec governs what the agent touches.
Together, they answer every question a CISO will ask:
| Question | Microsoft AGT | ARXsec |
|---|---|---|
| Is the agent's identity verified? | Yes — Agent Trust | — |
| Is the agent sandboxed at runtime? | Yes — Agent Supervisor | — |
| What security tools can this agent call? | — | Yes — Declared Intent |
| Can this agent read CrowdStrike but not write? | — | Yes — Policy Engine |
| Did anyone approve the containment action? | — | Yes — Human-in-the-Loop |
| Can I get a SOC 2 report for this agent? | Partial — Agent Compliance | Yes — Compliance Package |
| Is the agent drifting from its declared scope? | — | Yes — Drift Detection |
Neither platform alone covers the full governance story. Combined, they do.
What the Integration Does
ARXsec's Microsoft Governance connector enables bidirectional data flow between the two platforms:
1. Policy Sync
Import Microsoft governance policies into ARXsec. Export ARXsec's per-connector permission rules to Microsoft's policy format. An agent governed by both systems gets the strictest enforcement from either side.
# Import Microsoft policies into ARXsec
ms_policies = await arx.microsoft_governance().import_policies()
# Evaluate an action against Microsoft's policy engine
result = await arx.microsoft_governance().evaluate_action(
agent_id="triage-agent",
tool="crowdstrike",
action="hosts:write",
params={"ids": ["PROD-DB-01"]}
)
# result: {"decision": "deny", "reason": "high_risk_action", "score": 0.94}2. Unified Audit Trail
Microsoft's toolkit logs agent runtime events. ARXsec logs every connector call, policy verdict, and approval decision. The integration pushes ARXsec audit entries to Microsoft's compliance trail — so the CISO sees one unified audit across both systems.
# Push ARXsec audit event to Microsoft compliance
await arx.microsoft_governance().push_audit_event({
"agent_id": "triage-agent",
"action": "connector.called",
"connector": "crowdstrike",
"operation": "detections:read",
"verdict": "PERMIT",
"risk_score": 15,
"timestamp": "2026-04-12T00:00:00Z"
})3. Agent Inventory Sync
Microsoft-managed agents appear in ARXsec's Agent Registry alongside non-Microsoft agents. The CISO sees everything from one screen — which agents exist, what they can access, who owns them, when they last ran.
4. Trust Score Integration
Microsoft's Agent Trust package provides cryptographic identity verification and trust scoring. ARXsec can read these scores and factor them into risk calculations — a low-trust agent gets higher risk scores and stricter policy enforcement.
5. Compliance Data Exchange
Microsoft's Agent Compliance package maps agent behavior to EU AI Act, HIPAA, and SOC 2. ARXsec's Compliance Package Generator produces SOC 2 evidence, data flow diagrams, and vendor security questionnaires. The integration merges both — Microsoft provides runtime attestation, ARXsec provides connector-level evidence.
How It Works Architecturally
Microsoft governs the agent runtime. ARXsec governs the tool access layer. The integration syncs policies, audit, and compliance between them.
Why This Matters for CISOs
The Question the Board Is About to Ask
"What AI agents are running in our security environment, what can they access, and can you prove they followed the rules?"
With ARXsec + Microsoft Agent Governance Toolkit, the answer is:
- What's running: Agent Registry shows every agent — Microsoft-managed and custom-built
- What they access: ARXsec tracks every connector call across 101+ security tools
- The rules: Microsoft AGT enforces runtime policies; ARXsec enforces tool-access policies
- Proof: Unified audit trail spanning both platforms, exportable to any SIEM
- Compliance: SOC 2 evidence generated from actual runtime behavior, not documentation
No Custom Integration Work
The Microsoft Governance connector is native to ARXsec — same pattern as every other connector. Configure it in the dashboard, enter your AGT endpoint URL, and the sync starts. No code. No middleware. No consulting engagement.
Getting Started
- Deploy Microsoft AGT —
pip install agent-governance[full]or deploy via Azure Container Apps - Configure in ARXsec — Dashboard > Connectors > Microsoft Agent Governance Toolkit > Enter AGT URL
- Sync policies — Import Microsoft policies, merge with ARXsec rules
- Enable audit push — ARXsec audit events flow to Microsoft compliance
- View unified registry — All agents visible in one dashboard
What's Next
We're working on deeper integration with specific AGT packages:
- Agent Mesh integration — govern multi-agent communication across ARXsec-managed connectors
- Agent Compliance bidirectional — feed ARXsec compliance data into Microsoft's EU AI Act mapping
- Agent Trust as risk signal — low-trust agents automatically get stricter ARXsec policies
The goal is simple: no matter where your agents run or what they touch, one governance layer covers everything.
— Mershard J.B. Frierson, Founder · ARX · mershard@arxsec.io