Microsoft's Work IQ API Hits GA Today. The Policy Engine Underneath It Is the Real Product.

by TopClanker

Microsoft's Work IQ API is live with A2A and a redesigned MCP server, a 10-verb policy boundary, and Rego-based governance. The 54% recall and 80% token-reduction numbers are Microsoft's own claims, the $30/user/month seat floor is the lock-in math, and app-only auth is not in this release.

Microsoft’s Work IQ API went GA today. The headline is the API. The actual product is the policy engine running underneath it.

That is the framing nobody on the Microsoft 365 marketing team will say out loud, and it is the one platform engineers should walk away with. Work IQ is not a new data source. It is a governance surface that happens to expose an API.

What Shipped Today

The Microsoft 365 Developer Blog announcement (Jun 11) goes live in production today with two transport paths:

  • A2A (Agent-to-Agent) for synchronous agent-to-agent calls
  • A redesigned MCP server for tools that already speak the Model Context Protocol

REST support is listed as “coming soon.” For teams running agents on infrastructure that only does HTTP/REST — most enterprise middleware still does — that is an operational gap, not a footnote. A Jun 15 walkthrough at A Guide to Cloud & AI confirms the 10-verb design is the new contract surface.

The bigger structural change is the verb set. Work IQ collapses the hundreds of OAuth scopes that defined M365 API access into 10 generic verbs: fetch, create, update, delete, search, getSchema, and four action verbs. This is the part that actually matters. The verb set is the policy boundary. Everything you can audit, rate-limit, and deny in Work IQ hangs off those 10 verbs.

The Microsoft-Graded Numbers

Microsoft claims 54% better recall and 80% fewer tokens versus “conventional M365 API approaches” for multi-step agent workflows. The Byteiota writeup (Jun 13) repeats both numbers.

Read those carefully. “Conventional M365 API approaches” is the baseline Microsoft chose. There is no public methodology document. There is no independent benchmark. No third party has reproduced the 54% or the 80% on a published test set.

Microsoft graded its own exam. Treat the numbers as marketing until someone outside Redmond reruns the test.

The Governance Story Is the Real Story

The reason the verb set matters is what runs against it. Every Work IQ call is evaluated by a Rego-based policy engine (Open Policy Agent) before the call dispatches. Every call runs in the requesting user’s security context — no privilege escalation, no shared service principal acting on behalf of the user. The full audit trail flows to Microsoft Defender Advanced Hunting, where SOC teams can run KQL queries against agent activity the same way they query endpoint or email telemetry today.

A Jun 9 piece at Windows News AI on Microsoft Agent 365 frames the wider play: Work IQ is one product inside the Agent 365 control plane, which is where Microsoft is putting the identity, governance, and observability primitives for every agent that touches M365. It slots into the same arc as the Microsoft Scout always-on agent work from Build 2026 and the Windows-as-agent-OS push Microsoft has been running for two months.

This is the part of Work IQ that actually differentiates it. Graph is a data API. Work IQ is a data API with a policy engine, an audit stream, and a verb-set abstraction bolted to the front. The governance layer is what makes it a first-class product rather than another wrapper over Graph.

The Lock-In Math

Counter-narrative, plain: Work IQ is consumption-priced via Copilot Credits, with rough per-call rates of $0.20–$0.40 for light workflows, $0.30–$0.75 for medium, and $0.50–$1.50 for heavy. A single tool call weighs in at ~0.1 Copilot Credits (~$0.001) at the top of the rate card.

But you cannot buy into Work IQ without also buying M365 Copilot licensing at $30 per user per month minimum. Per the Cloud Factory Group partner breakdown (Jun 15), that seat license is the floor, not an optional add-on.

Do the seat math on a 5,000-person enterprise. That is $1.8 million per year before a single agent makes a single API call. The variable usage is on top. Microsoft’s consumption pricing reads as a per-call rate, but the real number is seat + usage, and the seat term is non-negotiable.

Three Gaps Microsoft Did Not Ship

  1. No app-only / service principal auth. Every Work IQ call runs in a user context, by design. There is no path for a backend service to call Work IQ on its own behalf. This kills the “background agent that processes a queue” pattern. Microsoft says app-only auth is on the roadmap; it is not in today’s GA.
  2. REST is not here. A2A and MCP are live. REST is “coming soon.” If your agent platform’s only HTTP client is a vanilla REST stack, you are waiting.
  3. No public perf methodology. The 54% and 80% are Microsoft’s own numbers against a Microsoft-chosen baseline. No third party has reproduced them. Plan capacity as if those numbers are best case, not median.

What To Do Monday Morning

Three things, in order:

  1. Check the M365 admin center. Work IQ GA is a tenant-level opt-in. Confirm whether your tenant has it on, and confirm whether your default agent workload identity is allowed to call it. The audit log starts writing the moment the toggle flips.
  2. Model the real cost. Take your projected agent calls per user per day, multiply by the per-call rate, then add the $30/user/month seat floor. Build the model for 100%, 50%, and 10% adoption and pressure-test the line items against your existing M365 Copilot spend.
  3. Treat governance as table stakes, not a feature. The Rego policy engine, the requesting-user context rule, and the Defender audit stream are what make Work IQ safe to put in front of production data. If your team is still hand-rolling RBAC and audit for agent calls, you have just been given the work for free. Use it. Anything you build on top of Work IQ that does not lean on that governance layer is technical debt from day one.

The lock-in question and the no-app-only-auth gap are the same question. Microsoft’s bet is that any agent touching M365 will run on Microsoft infrastructure, governed by Microsoft policy, billed through Microsoft credits. The product is not wrong. The assumption underneath it is.

Sources