Always-on agents need more than identity. They need economic authority.

Microsoft's Scout announcement is worth paying attention to, but not because every company suddenly needs a Microsoft-flavored personal assistant.

The important part is quieter than that.

Microsoft is treating an AI agent as a real enterprise actor. Scout is always on. It has its own identity. It works in the background. It can operate across Teams, Outlook, OneDrive, SharePoint, email, calendar, contacts, the browser, local resources, and MCP servers. It is governed through Entra, Purview, Intune policy, approvals, and Microsoft 365 controls.

That is the shift.

We are moving from assistants that answer questions to agents that keep working after the conversation ends. Once an agent can act without being prompted every time, the governance problem changes completely.

It is no longer enough to ask, "Who is this agent?"

You also have to ask, "What is it allowed to do? What can that action cost? Who is paying for it? Who approved the authority? Can the agent delegate that authority? And what proof exists after the fact?"

Identity is necessary. It is not the whole job.

Scout gets one big thing right: agents need identity.

Shared service accounts were already a bad habit for software. They are worse for autonomous agents. If an agent schedules a meeting, sends a file, updates a system, calls an API, or triggers a workflow, the enterprise needs to know which agent acted, on whose behalf, and under which policy.

That matters.

But identity and access control mostly answer one class of questions:

• Who is acting?
• What data can they reach?
• Which internal resources are they allowed to touch?

Those are Microsoft 365 questions. Entra and Purview are strong tools for that world.

The next problem starts when the agent crosses the boundary.

What happens when that same agent calls an external API? Uses a third-party MCP server? Consumes paid credits? Kicks off a SaaS admin action? Delegates a task to another agent? Buys data? Runs a model that costs real money? Opens a support workflow that commits the company to something?

Now the question is not just access. It is authority with economic consequences.

The missing layer is economic authority.

Economic authority is the right to cause value to move.

That value might be money. It might be API credits, cloud usage, paid data, inventory, compute, support obligations, contract changes, or anything else the business ultimately pays for.

Humans deal with this through messy but familiar systems: budgets, approvals, procurement rules, delegated signing authority, reimbursement policies, vendor contracts, audit records.

Agents need the same kind of boundary, but enforced at machine speed.

Before an agent acts, the system should be able to answer:

• Is this action allowed for this agent, this user, this tenant, and this task?
• Does the agent have authority to spend or consume this resource?
• What budget applies?
• Is there a per-call, per-route, or per-vendor limit?
• Can this authority be delegated to another agent?
• When does the grant expire?
• What happens if the action is denied?
• What receipt proves the decision later?

This is where a normal identity stack starts to run out of road.

Identity tells you who the agent is. Access control tells you what it can reach. Economic authority tells you what it is allowed to cause.

That last part is the new governance problem.

MCP makes this urgent.

MCP is useful because it gives agents a common way to discover and use tools. That is also what makes it risky.

A tool call is not just a technical event. It can be a business event.

One MCP call might read a document. Another might update a CRM record. Another might query a paid data source. Another might initiate a refund, provision infrastructure, send a message to a customer, or call a model that costs $20 in one shot.

From the agent's point of view, these are all just tools.

From the business's point of view, they are very different kinds of authority.

That difference needs to be enforced before execution, not reconstructed from logs after something expensive or embarrassing happens.

This is why MCP governance matters. The gateway between agents and tools is becoming the natural place to check policy, budget, tenant, delegation depth, and evidence requirements before the action goes out.

Logs are not proof.

A lot of agent governance will start with observability. That is fine. Teams need traces, logs, analytics, and dashboards.

But logs answer a weaker question: "What happened?"

The harder question is: "Was it allowed to happen?"

And after that: "Can we prove which policy allowed or denied it?"

For always-on agents, that distinction matters. A record of an action is useful. A record of the authority decision is more useful. A portable receipt that shows the agent, user, tenant, policy, budget, request, decision, and evidence is better still.

Where Microsoft ends and the wider agent economy begins.

Microsoft is going to be strongest inside the Microsoft 365 trust boundary. That is the obvious place for Scout, Work IQ, Entra, Purview, Teams, Outlook, SharePoint, and Copilot to come together.

Enterprises will still need something else for the messy world outside that boundary.

They will have agents calling external APIs, using third-party MCP servers, touching SaaS tools, consuming paid services, delegating work to other agents, and operating across hybrid environments. Some of those actions will be harmless. Some will move data. Some will cost money. Some will create obligations.

That is the space SatGate calls the Economic Firewall for agents.

Not a payment rail. Not another chatbot. Not a dashboard that notices problems after the fact.

An Economic Firewall sits at the point where an agent tries to act and asks a simple set of questions:

• Is this action allowed?
• Is this spend allowed?
• Is this delegation allowed?
• Is this route allowed?
• What proof should be produced?

If the answer is yes, the action proceeds with a receipt. If the answer is no, the action is denied with a receipt.

That sounds boring until you imagine thousands of agents running in the background across enterprise systems. Then it becomes basic plumbing.

The split is clean.

Scout handles identity, access, and data movement inside Microsoft 365.

The Economic Firewall handles economic authority across external APIs, MCP tools, SaaS actions, paid rails, and delegation chains.

One answers who can act and what data can move.

The other answers what actions are economically allowed, who pays, and what proof exists.

Both matter.

But the second problem is the one enterprises are about to feel as agents move from copilots to coworkers.

Microsoft Scout makes the agent actor real.

Now the question is whether that actor has authority before it acts.