Work IQ promises agent-first IT—at a price

Microsoft is pushing Work IQ as the foundation for an agent-first enterprise, built to let AI agents discover data structures at runtime and choose tools across systems. In interviews, Microsoft argues the design shrinks security and governance risk by keeping

A new “plumbing layer” is being proposed for enterprise IT, and Microsoft says the goal is simple: let AI agents pick the tools and move across systems in real time—without waiting for a human to wire everything together.

The pitch is built around Work IQ. a Microsoft offering positioned for an “agent-first world” where AI agents—not human developers—decide which tools to use across enterprise systems. The promise arrives with a very practical question hanging over it: if you can automate more work faster. what happens when the costs. governance load. and security exposure scale with that automation?.

Work IQ is tied to the idea that the enterprise software model is being redesigned from the ground up. For decades. enterprise “solutions” have typically operated as separate applications and data systems—linked through APIs or data transfer protocols. with engineers writing and maintaining the glue. Microsoft’s argument is that this approach struggles when AI agents proliferate. because every new integration becomes a coordination and engineering project.

Work IQ’s bet is that 2026 will mark a turning point between a human-driven enterprise world and an agent-driven one.

In one example Microsoft uses to illustrate the difference. the classic problem-solving path in business can be almost impossible to reproduce with traditional systems. Imagine a clothing manufacturer where retailers see a flood of returns for a previously successful product. The clothes show no obvious defects—no odd smells and nothing visibly wrong. Traditional enterprise software. the story goes. might not surface the answer through its established API linkages. even if a team is assigned to investigate.

Under an agent-first model, the company would instead ask an agent to solve the mystery. The agent would cross-reference a range of signals: SKU return rates. logistics routing maps. and customer service complaint keywords such as “itchy. ” “rash. ” or “sneezing.” The agent’s output points to a single common factor: every returned item spent at least 48 hours in Bay 4 of Warehouse A7. Then the investigation turns concrete—materials stored in Bay 5 for industrial adhesives left microscopic chemical residue that found its way into clothing fibers in Bay 4.

Microsoft frames this kind of capability as something traditional IT infrastructure can’t easily deliver. because agents have to query everything in the enterprise. sift through it. and aggregate it into an answer. The difference isn’t just that the work is automated—it’s that the integration method changes.

Work IQ spotlights two elements meant to make that possible.

The first is a capability called getSchema. Microsoft describes it as something that “allows agents to dynamically discover how data is structured at runtime.” Instead of relying on predefined models or integrations. agents can understand what data exists. how it’s organized. and how to interact with it as needed. In the same explanation. Microsoft presents it as an agent asking a data structure something like. “tell me about yourself. ” and the structure responding with details about itself.

The second element is designed around the reality of how AI systems work: context windows. Microsoft’s explanation ties agent design to the problem of limited short-term memory for AI models. If the context window grows too large. the AI forgets some of what’s there. which can lead to inaccuracies—what the industry has come to call “hallucination.” Work IQ is described as offering a compact. efficient interface that minimizes context while still adapting as requirements change.

Operationally, Microsoft says an agent might start with a table of resources, ask each resource to describe the information it holds, then follow the lead when a resource answers in a way the agent finds relevant.

To make that possible at enterprise scale. Work IQ is presented as collapsing “thousands of operations into just 10 generic tools.” Those tools provide access to Microsoft 365 data and mechanisms to work on that data. Microsoft says the functions are standardized across the organization—simple operations like fetch. create. and update—so an agent can construct a dynamic set of operations in real time.

In Microsoft’s wording, exposing structure on demand lets Work IQ “turn every data source into a self-describing interface,” enabling agents to adapt automatically to new data and evolving scenarios “without changes to the API surface.”

Copilot still matters here. Microsoft describes Copilot as the “living space in a house,” with Work IQ positioned as the plumbing. The analogy is meant to clarify that Work IQ isn’t replacing Copilot; it’s the part that lets data and action flow.

Microsoft is also adding “Ask APIs” designed to expose the full M365 Copilot Chat experience to external applications as a single. opaque service. Microsoft says internal systems handle reasoning. tool selection. and action execution for every query. delivering “the same depth. context. and intelligence as Copilot.”.

Work IQ is then tuned with custom instructions and saved memories so responses can match how users wish to be interacted with. Microsoft’s design also leans on persistence: over time, as memories build up, users can ask follow-up questions without repeating entire conversations.

For all the technical ambition, the hard questions arrive fast—governance, budgeting, security, and whether the promised benefits translate into something sustainable for enterprises.

In a set of pointed questions posed about Work IQ. Microsoft’s corporate vice president of Business Applications and Agents. Bryan Goode. defended the core idea that Work IQ APIs are optimized for agent use cases in the workplace. He argued that agents access data and tools differently than humans. so ordinary savings aren’t guaranteed by traditional automation. better search. or existing Microsoft 365 Copilot features.

When asked what evidence exists that Work IQ-powered agents will produce durable savings or revenue gains rather than another layer of licensing. integration. monitoring. and support. Microsoft’s response focused on how Work IQ APIs handle agent interactions. Microsoft said the APIs are optimized to provide fewer round trips—reducing latency and improving token efficiency. It also cited “higher scale data access and throughput,” plus processing that stays within the tenant boundary. The conclusion was that these design choices add up to agents that are higher quality. faster. more secure. and less expensive.

On a separate question—what specific business result Work IQ expects that cannot be achieved through ordinary automation. better search. better reporting. or existing Microsoft 365 Copilot features—Microsoft argued again that agent access is fundamentally different. Relying on traditional APIs and connectors, Microsoft said, causes agents to produce lower-quality results, slower performance, and higher costs. Microsoft also warned that moving data outside the tenant boundary could introduce security and compliance risks.

That led to the central security concern: whether Work IQ creates a centralized intelligence layer that attackers, insiders, compromised accounts, or misconfigured agents could exploit, and whether a runtime “choke point” reduces risk—or becomes a high-value target.

Microsoft’s reply was blunt: any concentrated capability is a target, but the alternative is worse. The company argued that without Work IQ. each agent would stand up its own data store. move data separately. manage authentication separately. and create its own audit gaps. With Work IQ, Microsoft said it centralizes capability in a way that shrinks the surface area. It also said data, context, and insights stay inside the tenant trust boundary.

Microsoft added several governance and audit mechanisms as part of its security picture. It said every call is authenticated through Microsoft Entra, including the new Entra Agent ID for non-human identities. It also said access is trimmed to what the signed-in user is already allowed to see. For auditability. Microsoft said every action is auditable and discoverable in Purview and Agent 365 alongside the rest of the Microsoft 365 estate.

The cost issue came next, and it wasn’t answered with hand-waving.

Work IQ’s pricing model is described as consumption-based and tied to tool calls, orchestration, and reasoning. The concern was what prevents a badly designed agent, a runaway workflow, or ordinary enterprise scale from producing unpredictable cost.

Microsoft’s response pointed to FinOps capabilities. Since consumption pricing means customers pay only for what they use. Microsoft said it has to deliver FinOps tools that help customers manage that spend. It also said that with the general availability of the Work IQ APIs. new consumption management capabilities will be introduced in the Microsoft 365 Admin Center. Those controls include setting tenant, group, and user-level cost controls; creating notification triggers; and monitoring usage.

Then there was the question of whether organizations would need to redesign workflows, permissions, approvals, and operational controls around agents. Microsoft said Work IQ is designed to extend the enterprise controls already used in Microsoft 365 rather than introduce an entirely separate operating model for agents.

Microsoft said existing permissions. identity. compliance. retention. DLP. auditing. and approval structures continue to apply because agents operate within the same tenant trust boundary and act in the context of authenticated users or managed agent identities. Microsoft’s description was that what changes is scale and speed: organizations become capable of taking more autonomous. cross-system actions. and operational practices evolve over time.

Finally, Microsoft was asked what happens to user memory under existing policies—especially around discoverability, auditability, removability, and governance.

Microsoft’s answer placed memory inside the customer’s tenant, governed the same way as the rest of their data. Microsoft said users can see what’s been remembered about them, edit it, and delete it. Admins set retention and deletion policy. It also said memory is subject to Purview controls including eDiscovery, audit, DLP, and sensitivity labels. Microsoft repeated that it never leaves the tenant trust boundary. so data subject rights already in place under GDPR. HIPAA. and sector-specific regimes carry over.

Microsoft added a specific assurance: it said it deliberately avoided creating a new governance silo for AI.

None of that changes the emotional undertone of the pitch. Microsoft is selling a future where enterprise operations move faster. cross systems more autonomously. and reduce the glue work that humans traditionally built. But the story also reads like a challenge: can enterprises absorb the economics. the unpredictability. and the security and governance work that come with letting agents operate at scale?.

Even the strongest version of the argument can’t ignore the economics of agentic automation. If every IT operation carries a token consumption cost on top of already expensive investments. the productivity gains may not look as attractive. And because AI operations can be non-deterministic, the downstream security and governance burden could expand as well.

The more plausible outcome. at least from the skeptical stance in this reporting. is not a clean switch to agent-first operations. The expectation is a hybrid approach—some AI alongside traditional processes—because the switching process is enormous and the downsides could be catastrophic if organizations go all-in before the cost and operational gray areas are resolved.

Until then. Work IQ sits in an uncomfortable space between promise and preparedness: it may make agentic systems more workable for enterprise teams. but the question is whether organizations will commit to an agent-first world before they can fully trust that the costs won’t quietly outrun the value.

Microsoft Work IQ agent-first enterprise AI agents getSchema Microsoft 365 Copilot Ask APIs Microsoft Entra Purview Agent 365 FinOps consumption-based pricing cybersecurity governance tenant boundary