Microsoft released a whitepaper that names the real constraint blocking enterprise AI agents from moving beyond pilots to production: control. Not model quality. Not speed. Not data availability. The constraint is your ability to control what each agent sees, who authorized that access, and whether your security and compliance teams can audit every decision the agent made.
Most AI agent vendors sell you agents as isolated applications. You bolt an agent onto your customer service system, another onto your sales system, another onto your supply chain. Each one works fine in isolation. But deploy agents across ten business domains and you face a problem no vendor wants to talk about: your security team cannot answer basic questions. What data is agent number seven actually accessing right now? Did anyone authorize it? When compliance policy changes, how do you enforce it across all ten agents without rebuilding each one from scratch?
Microsoft's answer is Microsoft IQ—a three-layer architecture built to solve this. Work IQ pulls context from Microsoft 365 so agents understand who you are and what you care about. Fabric IQ translates your raw data into business language so agents reason like your executives do, not like search engines. Foundry IQ handles the mechanics of safe retrieval and knowledge engineering. The critical insight: governance cannot be bolted on after you deploy agents. It has to be built into your data infrastructure from the start. That is the Clawconomy trade-off at work—infrastructure lock-in, but operational confidence in return.
The Real Problem: Control at Scale
In February, Microsoft announced Copilot Tasks—agents that work autonomously across your inbox, calendar, documents, and web. The announcement included a single sentence that mattered: "Poorly governed data access today becomes an agentic AI risk tomorrow." That was not marketing. That was Microsoft telling CIOs that if you cannot control what your agents access, you have a compliance and security liability.
The IQ whitepaper builds on that warning. Here is what breaks when you deploy agents at scale without control built in.
You have an agent accessing your customer database. Another agent accessing your supply chain system. A third accessing your financial records. Each one works correctly. But six months in, compliance rules change. Now you need to prevent agents from accessing certain fields, or ensure they log every access, or restrict them based on geography. You have three options: rewrite each agent individually, build custom logic into each system to enforce the rules, or rebuild your entire data infrastructure to enforce those rules centrally.
Microsoft is saying: choose option three. And do it before you deploy agents, not after.
The way you do that is by building control into your data layer. Not in your agent code. Not in your applications. In the infrastructure that sits between your agents and your data. That infrastructure is Microsoft IQ.
Three Layers That Fix the Control Problem
Work IQ is Microsoft's answer to a simple problem: agents need to know who you are and what matters to you. Right now, if you ask Copilot to help you draft a proposal, it has no idea that you usually present to this particular customer, or that your last interaction was a pricing negotiation, or that the deal is in legal review. So it generates something generic. Work IQ fixes that by giving agents access to your actual work history—your emails, meetings, documents, and who you collaborate with most. Not through manual configuration. Through learning your actual patterns. If you talk to a customer five times a week, agents learn they matter to you. If you reference a document in every pitch meeting, agents learn to include it. Work IQ is essentially agents learning your business by watching how you actually work.
Fabric IQ is how you teach agents to speak your business language instead of database language. Right now, most data is stored in tables and schemas that make sense to database administrators. A customer record might be stored as fields like "cust_id," "billing_addr," "credit_limit," "ytd_revenue." Agents can technically read all that, but it does not tell them what matters. Is a credit limit of 50K high or low? Does a customer with 2M in year-to-date revenue get special treatment? Is there a reason this customer's billing address is different from their shipping address?
Fabric IQ solves this by translating your data into business concepts. Instead of agents reasoning over database fields, they reason over business entities. A "customer" is not a row in a table. A customer is an entity with relationships (connected to which contracts, which accounts), properties (credit rating, industry, geography), rules (how much credit they get, what discounts apply), and actions (what can you do with a customer record). When an agent understands your data this way, it makes decisions that reflect your business logic, not just database logic.
Foundry IQ handles the practical problem of agents finding the right information fast. When an agent needs to answer a customer question or make a decision, it needs to search your documents, policies, and knowledge base. But standard search engines are slow and often return irrelevant results. Foundry IQ uses AI-driven search that understands what you are actually looking for, not just keyword matches. It also enforces permissions automatically: if you ask an agent a question, it only retrieves documents you are authorized to see. The agent does not have to know your permission level. The search engine handles it.
The pattern across all three: control is not something you add later. It is built into every layer from the start.
Why This Matters for Infrastructure Economics
There is a pattern emerging in how AI is reshaping enterprise software costs. Some companies are paying more for frontier AI models (like OpenAI's latest). Some are paying more for specialized compute (like GPU cloud platforms). Microsoft is betting that the biggest cost and lock-in will come from security and governance infrastructure—the systems that let you deploy agents safely at scale.
That is DefenseClaw: the infrastructure that sits between your agents and your data, ensuring agents behave correctly and your compliance team can prove it.
The reason this matters is simple: that infrastructure is impossible to build in isolation. You cannot add DefenseClaw on top of a disconnected data estate. You have to rebuild your data infrastructure to support it. OneLake, Fabric, Dataverse—these are not optional add-ons. They are the foundation that makes control possible.
Which means Microsoft IQ is not really about agents at all. It is about getting you to consolidate your data infrastructure around Microsoft, because that is the only way to get the control you need at scale.
The Trade-Off Is Binary
The choice in front of CIOs is stark. Do you want to manage agent governance through your data platform or through your applications?
Option one: consolidate around Microsoft. Build OneLake as your unified data layer. Use Fabric to model your data semantically. Deploy agents against that infrastructure. Result: governance is automatic. When compliance rules change, you change them once, at the platform layer. Every agent immediately respects the new rules. Your security team can audit agent behavior from a single control panel. You have given up flexibility on your data stack, but you have bought operational certainty.
Option two: stay distributed. Keep your data spread across Azure, AWS, on-premises systems, and third-party platforms. Deploy agents against each one independently. Result: each agent becomes its own governance problem. You manage access control in the agent code. You build compliance logic into each application. When policy changes, you patch agents individually. You have kept flexibility, but you have created a compliance and security nightmare that grows worse with every agent you deploy.
Microsoft is betting you will choose option one. And not because Microsoft is good at marketing. Because option two becomes untenable at scale.
Ask your infrastructure team this question: If we deploy ten agents across our organization, can we enforce access control once at the data layer, or will we need to rebuild each agent when policy changes? If the answer is the latter, you are already committed to managing agent governance manually at scale. Microsoft IQ assumes the former. That assumption determines whether you consolidate around Microsoft or accept the cost of distributed agent governance.
Sources
Microsoft. "Microsoft IQ and the Agent Data Platform.https://msft.it/6044vDT86" White Paper, Apr. 2026, microsoft.com.
—. "Microsoft Copilot Tasks: AI That Works, Not Just Talks." Announcement, Feb. 2026, microsoft.com.
