Microsoft Build 2026 Puts Agent Controls Into Policy Files
Microsoft's Build 2026 agent stack centers on ASSERT, Agent Control Specification, and Agent 365 controls for safer production agents.
Microsoft used Build 2026 to frame agent safety as a policy and runtime-control problem, not only a prompt-writing problem. The primary pieces are ASSERT, an open-source policy-driven evaluation framework, and Agent Control Specification, a portable standard for applying controls at checkpoints in an agent workflow. The practical target is production AI agents that can be evaluated, constrained, observed, and audited across different frameworks.
Key takeaways
- Microsoft announced ASSERT for policy-driven agent evaluation across frameworks.
- Agent Control Specification defines portable runtime controls for agent inputs, model calls, state, tools, and outputs.
- Microsoft says ACS is designed for broad adoption rather than a single framework.
- TechCrunch reports that ACS policies can define allowed actions, blocked actions, human approval points, and evidence logging.
- Microsoft Security's Build post adds the enterprise layer: Agent 365 SDK, local-agent registry, Purview controls, and model scanning.
Practical LinkLoot angle
The useful shift is that agent governance is becoming file-based and reviewable. Instead of burying every rule in system prompts or custom middleware, teams can start describing controls in versioned policy artifacts, then test whether the agent actually obeys them.
| Component | Best use | Limitation to check | Source |
|---|---|---|---|
| ASSERT | Generate policy-specific eval cases | Confirm framework support and local artifact output | Microsoft Foundry Blog |
| ACS | Place controls around agent workflow checkpoints | Validate SDK/plugin maturity for your stack | Microsoft Foundry Blog |
| Agent 365 SDK | Tie agent development to enterprise controls | Requires Microsoft ecosystem fit | Microsoft Security Blog |
| Purview agent controls | Reduce sensitive data exposure in agent prompts | Preview and licensing details need confirmation | Microsoft Security Blog |
For LinkLoot readers building workflows, the immediate test is small: write one risky automation policy, run an eval against it, then add a control before the agent calls tools or returns output. That pattern pairs well with the broader AI agent tools guide.
What to verify before you act
Check whether ASSERT and ACS support your actual framework, not only your target architecture. Verify which parts are open source today, which are in preview, and which require Microsoft Foundry, Agent 365, Purview, Defender, Entra, or Intune. For regulated workflows, also confirm where policy decisions, human approvals, traces, and blocked actions are logged.
Source check
Microsoft's Foundry post confirms ASSERT, ACS, workflow checkpoints, partner support, and the evaluation-to-control loop. TechCrunch independently describes ACS as a way to define granular agent behavior controls through policy files and multiple interception points. Microsoft Security's Build post corroborates the wider secure-agent stack, including Agent 365 SDK, local-agent registry, Purview controls, and model-scanning announcements.
It is Microsoft's open standard for applying portable safety and security controls at checkpoints in agent workflows.