At the same time, this innovation is happening against a sea change in AI-powered attacks where agents can become “double agents.” And chief information officers (CIOs), chief information security officers (CISOs), and security decision makers are grappling with the resulting security implications: How do they observe, govern, and secure agents? How do they secure their foundations in this new era? How can they use agentic AI to protect their organization and detect and respond to traditional and emerging threats?

The answer starts with trust, and security has always been the root of trust. In this agentic era, security must be woven into, and around, every layer of the AI estate. It must be ambient and autonomous, just like the AI it protects. This is our vision for security as the core primitive of the AI stack.

At RSAC 2026, we are delivering on that vision with new purpose-built capabilities designed to help organizations secure agents, secure their foundations, and defend using agents and experts. Fueled by more than 100 trillion daily signals, Microsoft Security helps protect 1.6 million customers, one billion identities, and 24 billion Copilot interactions.² Read on to learn how we can help you secure agentic AI.

Secure agents

Earlier this month, we announced that Agent 365 will be generally available on May 1. Agent 365—the control plane for agents—gives IT, security, and business teams the visibility and tools they need to observe, secure, and govern agents at scale using the infrastructure you already have and trust. It includes new Microsoft Defender, Entra, and Purview capabilities to help you secure agent access, prevent data oversharing, and defend against emerging threats.

Agent 365 is included in Microsoft 365 E7: The Frontier Suite along with Microsoft 365 Copilot, Microsoft Entra Suite, and Microsoft 365 E5, which includes many of the advanced Microsoft Security capabilities below to deliver comprehensive protection for your organization.

Secure your foundations

Along with securing agents, we also need to think of securing AI comprehensively. To truly secure agentic AI, we must secure foundations—the systems that agentic AI is built and runs on and the people who are developing and using AI. At RSAC 2026, we are introducing new capabilities to help you gain visibility into risks across your enterprise, secure identities with continuous adaptive access, safeguard sensitive data across AI workflows, and defend against threats at the speed and scale of AI.

Gain visibility into risks across your enterprise

As AI adoption accelerates, so does the need for comprehensive and continuous visibility into AI risks across your environment—from agents to AI apps and services. We are addressing this challenge with new capabilities that give you insight into risks across your enterprise so you know where AI is showing up, how it is being used, and where your exposure to risk may be growing. New capabilities include:

• Security Dashboard for AI provides CISOs and security teams with unified visibility into AI-related risk across the organization. Now generally available.
• Entra Internet Access Shadow AI Detection uses the network layer to identify previously unknown AI applications and surface unmanaged AI usage that might otherwise go undetected. Generally available March 31.
• Enhanced Intune app inventory provides rich visibility into your app estate installed on devices, including AI-enabled apps, to support targeted remediation of high-risk software. Generally available in May.

Secure identities with continuous, adaptive access

Identity is the foundation of modern security, the most targeted layer in any environment, and the first line of defense. With Microsoft Entra, you can secure access and deliver comprehensive identity security using new capabilities that help you harden your identity infrastructure, improve tenant governance, modernize authentication, and make intelligent access decisions.

• Entra Backup and Recovery strengthens resilience with an automated backup of Entra directory objects to enable rapid recovery in case of accidental data deletion or unauthorized changes. Now available in preview.
• Entra Tenant Governance helps organizations discover unmanaged (shadow) Entra tenants and establish consistent tenant policies and governance in multi-tenant environments. Now available in preview.
• Entra passkey capabilities now include synced passkeys and passkey profiles to enable maximum flexibility for end-users, making it easy to move between devices, while organizations looking for maximum control still have the option of device-bound passkeys. Plus, Entra passkeys are now natively integrated into the Windows Hello experience, making phishing-resistant passkey authentication more seamless on Windows devices. Synced passkeys and passkey profiles are generally available, passkey integration into Windows Hello is in preview. 
• Entra external Multi-Factor Authentication (MFA) allows organizations to connect external MFA providers directly with Microsoft Entra so they can leverage pre-existing MFA investments or use highly specialized MFA methods. Now generally available.
• Entra adaptive risk remediation helps users securely regain access without help-desk friction through automatic self-remediation across authentication methods, adapting to where they are in their modern authentication journey. Generally available in April.
• Unified identity security provides end-to-end coverage across identity infrastructure, the identity control plane, and identity threat detection and response (ITDR)—built for rapid response and real-time decisions. The new identity security dashboard in Microsoft Defender highlights the most impactful insights across human and non-human identities to help accelerate response, and the new identity risk score unifies account-level risk signals to deliver a comprehensive view of user risk to inform real-time access decisions and SecOps investigations. Now available in preview.

Safeguard sensitive data across AI workflows

With AI embedded in everyday work, sensitive data increasingly moves through prompts, responses, and grounding flows—often faster than policies can keep up. Security teams need visibility into how AI interacts with data as well as the ability to stop data oversharing and data leakage. Microsoft brings data security directly into the AI control plane, giving organizations clear insight into risk, real-time enforcement at the point of use, and the confidence to enable AI responsibly across the enterprise. New Microsoft Purview capabilities include:

• Expanded Purview data loss prevention for Microsoft 365 Copilot helps block sensitive information such as PII, credit card numbers, and custom data types in prompts from being processed or used for web grounding. Generally available March 31.
• Purview embedded in Copilot Control System provides a unified view of AI‑related data risk directly in the Microsoft 365 Admin Center. Generally available in April.
• Purview customizable data security reports enable tailored reporting and drilldowns to prioritized data security risks. Available in preview March 31.

Defend against threats across endpoints, cloud, and AI services

Security teams need proactive 24/7 threat protection that disrupts threats early and contains them automatically. Microsoft is extending predictive shielding to proactively limit impact and reduce exposure, expanding our container security capabilities, and introducing network-layer protection against malicious AI prompts.

• Entra Internet Access prompt injection protection helps block malicious AI prompts across apps and agents by enforcing universal network-level policies. Generally available March 31.
• Enhanced Defender for Cloud container security includes binary drift and antimalware prevention to close gaps attackers exploit in containerized environments. Now available in preview.
• Defender for Cloud posture management adds broader coverage and supports Amazon Web Services and Google Cloud Platform, delivering security recommendations and compliance insights for newly discovered resources. Available in preview in April.
• Defender predictive shielding dynamically adjusts identity and access policies during active attacks, reducing exposure and limiting impact. Now available in preview.

Defend with agents and experts

To defend in the agentic age, we need agentic defense. This means having an agentic defense platform and security agents embedded directly into the flow of work, augmented by deep human expertise and comprehensive security services when you need them.

Agents built into the flow of security work

Security teams move fastest with targeted help where and when work is happening. As alerts surface and investigations unfold across identities, data, endpoints, and cloud workloads, AI-powered assistance needs to operate alongside defenders. With Security Copilot now included in Microsoft 365 E5 and E7, we are empowering defenders with agents embedded directly into daily security and IT operations that help accelerate response and reduce manual effort so they can focus on what matters most.

New agents available now include:

• Security Analyst Agent in Microsoft Defender helps accelerate threat investigations by providing contextual analysis and guided workflows. Available in preview March 26.
• Security Alert Triage Agent in Microsoft Defender has the capabilities of the phishing triage agent and then extends to cloud and identity to autonomously analyze, classify, prioritize, and resolve repetitive low-value alerts at scale. Available in preview in April.
• Conditional Access Optimization Agent in Microsoft Entra enhancements add context-aware recommendations, deeper analysis, and phased rollout to strengthen identity security. Agent generally available, enhancements now available in preview.
• Data Security Posture Agent in Microsoft Purview enhancements include a credential scanning capability that can be used to proactively detect credential exposure in your data. Now available in preview.
• Data Security Triage Agent in Microsoft Purview enhancements include an advanced AI reasoning layer and improved interpretation of custom Sensitive Information Types (SITs), to improve agent outputs during alert triage. Agent generally available, enhancements available in preview March 31.
• Over 15 new partner-built agents extend Security Copilot with additional capabilities, all available in the Security Store.

Scale with an agentic defense platform

To help defenders and agents work together in a more coordinated, intelligence-driven way, Microsoft is expanding Sentinel, the agentic defense platform, to unify context, automate end-to-end workflows, and standardize access, governance, and deployment across security solutions.

• Sentinel data federation powered by Microsoft Fabric investigates external security data in place in Databricks, Microsoft Fabric, and Azure Data Lake Storage while preserving governance. Now available in preview.
• Sentinel playbook generator with natural language orchestration helps accelerate investigations and automate complex workflows. Now available in preview.
• Sentinel granular delegated administrator privileges and unified role-based access control enable secure and scaling management for partners and enterprise customers with cross-tenant collaboration. Now available in preview.
• Security Store embedded in Purview and Entra makes it easier to discover and deploy agents directly within existing security experiences. Generally available March 31.
• Sentinel custom graphs powered by Microsoft Fabric enable views unique to your organization of relationships across your environment. Now available in preview.
• Sentinel model context protocol (MCP) entity analyzer helps automate faster with natural language and harnesses the flexibility of code to accelerate responses. Generally available in April.

Strengthen with experts

Even the most mature security organizations face moments that call for deeper partnership—a sophisticated attack, a complex investigation, a situation where seasoned expertise alongside your team makes all the difference. The Microsoft Defender Experts Suite brings together expert-led services—technical advisory, managed extended detection and response (MXDR), and end-to-end proactive and reactive incident response—to help you defend against advanced cyber threats, build long-term resilience, and modernize security operations with confidence.

Apply Zero Trust for AI

Zero Trust has always been built on three principles: verify explicitly, use least privilege, and assume breach. As AI becomes embedded across your entire environment—from the models you build on, to the data they consume, to the agents that act on your behalf—applying those principles has never been more critical. At RSAC 2026, we’re extending our Zero Trust architecture, the full AI lifecycle—from data ingestion and model training to deployment agent behavior. And we’re making it actionable with an updated Zero Trust for AI reference architecture, workshop, assessment tool, and new patterns and practices articles to help you improve your security posture.

See you at RSAC

If you’re joining the global security community in San Francisco for RSAC 2026 Conference, we invite you to connect with us. Join us at our Microsoft Pre-Day event and stop by our booth at the RSAC Conference North Expo (N-5744) to explore our latest innovations across Microsoft Agent 365, Microsoft Defender, Microsoft Entra, Microsoft Purview, Microsoft Sentinel, and Microsoft Security Copilot and see firsthand how we can help your organization secure agents, secure your foundation, and help you defend with agents and experts. The future of security is ambient, autonomous, and built for the era of AI. Let’s build it together.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Based on Microsoft first-party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the last 28 days of November 2025.

²Microsoft Fiscal Year 2026 First Quarter Earnings Conference Call and Microsoft Fiscal Year 2026 Second Quarter Earnings Conference Call

The post Secure agentic AI end-to-end appeared first on Microsoft Security Blog.

As our customers rapidly embrace agentic AI, chief information officers (CIOs), chief information security officers (CISOs), and security decision makers are asking urgent questions: How do I track and monitor all these agents? How do I know what they are doing? Do they have the right access? Can they leak sensitive data? Are they protected from cyberthreats? How do I govern them?

Agent 365 and Microsoft 365 E7: The Frontier Suite, generally available on May 1, 2026, are designed to help answer these questions and give organizations the confidence to go further with AI.

Agent 365—the control plane for agents

As organizations adopt agentic AI, growing visibility and security gaps can increase the risk of agents becoming double agents. Without a unified control plane, IT, security, and business teams lack visibility into which agents exist, how they behave, who has access to them, and what potential security risks exist across the enterprise. With Microsoft Agent 365 you now have a unified control plane for agents that enables IT, security, and business teams to work together to observe, govern, and secure agents across your organization—including agents built with Microsoft AI platforms and agents from our ecosystem partners—using new Microsoft Security capabilities built into their existing flow of work.

Here is what that looks like in practice:

As we are now running Agent 365 in production, Avanade has real visibility into agent activity, the ability to govern agent sprawl, control resource usage, and manage agents as identity-aware digital entities in Microsoft Entra. This significantly reduces operational and security risk, represents a critical step forward in operationalizing the agent lifecycle at scale, and underscores Microsoft’s commitment to responsible, production-ready AI.

—Aaron Reich, Chief Technology and Information Officer, Avanade

Key Agent 365 capabilities include:

Observability for every role

With Agent 365, IT, security, and business teams gain visibility into all Agent 365 managed agents in their environment, understand how they are used, and can act quickly on performance, behavior, and risk signals relevant to their role—from within existing tools and workflows.

• Agent Registry provides an inventory of agents in your organization, including agents built with Microsoft AI platforms, ecosystem partner agents, and agents registered through APIs. This agent inventory is available to IT teams in the Microsoft 365 admin center. Security teams see the same unified agent inventory in their existing Microsoft Defender and Purview workflows.
• Agent behavior and performance observability provides detailed reports about agent performance, adoption and usage metrics, an agent map, and activity details.
• Agent risk signals across Microsoft Defender*, Entra, and Purview* help security teams evaluate agent risk—just like they do for users—and block agent actions based on agent compromise, sign-in anomalies, and risky data interactions. Defender assesses risk of agent compromise, Entra evaluates identity risk, and Purview evaluates insider risk. IT also has visibility into these risks in the Microsoft 365 admin center.
• Security policy templates, starting with Microsoft Entra, automate collaboration between IT and security. They enable security teams to define tenant-wide security policies that IT leaders can then enforce in the Microsoft 365 admin center as they onboard new agents.

*These capabilities are in public preview and will continue to be on May 1.

Secure and govern agent access

Unmanaged agents may create significant risk, from accessing resources unchecked to accumulating excessive privileges and being misused by malicious actors. With Microsoft Entra capabilities included in Agent 365, you can secure agent identities and their access to resources.

• Agent ID gives each agent a unique identity in Microsoft Entra, designed specifically for the needs of agents. With Agent ID, organizations can apply trusted access policies at scale, reduce gaps from unmanaged identities, and keep agent access aligned to existing organizational controls.
• Identity Protection and Conditional Access for agents extend existing user policies that make real-time access decisions based on risks, device compliance from Microsoft Intune, and custom security attributes to agents working on behalf of a user. These policies help prevent compromise and help ensure that agents cannot be misused by malicious actors.
• Identity Governance for agents enables identity leaders to limit agent access to only resources they need, with access packages that can be scoped to a subset of the users permissions, and includes the ability to audit access granted to agents.

Prevent data oversharing and ensure agent compliance

Microsoft Purview capabilities in Agent 365 provide comprehensive data security and compliance coverage for agents. You can protect agents from accessing sensitive data, prevent data leaks from risky insiders, and help ensure agents process data responsibly to support compliance with global regulations.

• Data Security Posture Management provides visibility and insights into data risks for agents so data security admins can proactively mitigate those risks.
• Information Protection helps ensure that agents inherit and honor Microsoft 365 data sensitivity labels so that they follow the same rules as users for handling sensitive data to prevent agent-led sensitive data leaks.
• Inline Data Loss Prevention (DLP) for prompts to Microsoft Copilot Studio agents blocks sensitive information such as personally identifiable information, credit card numbers, and custom sensitive information types (SITs) from being processed in the runtime.
• Insider Risk Management extends insider risk protection to agents to help ensure that risky agent interactions with sensitive data are blocked and flagged to data security admins.
• Data Lifecycle Management enables data retention and deletion policies for prompts and agent-generated data so you can manage risk and liability by keeping the data that you need and deleting what you don’t.  
• Audit and eDiscovery extend core compliance and records management capabilities to agents, treating AI agents as auditable entities alongside users and applications. This will help ensure that organizations can audit, investigate, and defensibly manage AI agent activity across the enterprise.
• Communication Compliance extends to agent interactions to detect and enable human oversight of risky AI communications. This enables business leaders to extend their code of conduct and data compliance policies to AI communications.

Defend agents against emerging cyberthreats

To help you stay ahead of emerging cyberthreats, Agent 365 includes Microsoft Defender protections purpose-built to detect and mitigate specific AI vulnerabilities and threats such as prompt manipulation, model tampering, and agent-based attack chains.

• Security posture management for Microsoft Foundry and Copilot Studio agents* detects misconfigurations and vulnerabilities in agents so security leaders can stay ahead of malicious actors by proactively resolving them before they become an attack vector.
• Detection, investigation, and response for Foundry and Copilot Studio agents* enables the investigation and remediation of attacks that target agents and helps ensure that agents are accounted for in security investigations.
• Runtime threat protection, investigation, and hunting** for agents that use the Agent 365 tools gateway, helps organizations detect, block, and investigate malicious agent activities.

Agent 365 will be generally available on May 1, 2026, and priced at $15 per user per month. Learn more about Agent 365.

*These capabilities are in public preview and will continue to be on May 1.

**This new capability will enter public preview in April 2026 and continue to be on May 1.

Microsoft 365 E7: The Frontier Suite

Microsoft 365 E7 brings together intelligence and trust to enable organizations to accelerate Frontier Transformation, equipping employees with AI across email, documents, meetings, spreadsheets, and business application surfaces. It also gives IT and security leaders the observability and governance needed to operate AI at enterprise scale.

Microsoft 365 E7 includes Microsoft 365 Copilot, Agent 365, Microsoft Entra Suite, and Microsoft 365 E5 with advanced Defender, Entra, Intune, and Purview security capabilities to help secure users, delivering comprehensive protection across users and agents. It will be available for purchase on May 1, 2026, at a retail price of $99 per user per month. Learn more about Microsoft 365 E7.

End-to-end security for the agentic era

Frontier Transformation is anchored in intelligence and trust, and trust starts with security. Microsoft Security capabilities help protect 1.6 million customers at the speed and scale of AI.¹ With Agent 365, we are extending these enterprise-grade capabilities so organizations can observe, secure, and govern agents and delivering comprehensive protection across agents and users with Microsoft 365 E7.

Secure your Frontier Transformation today with Agent 365 and Microsoft 365 E7: The Frontier Suite. And join us at RSAC Conference 2026 to learn more about these new solutions and hear from industry experts and customers who are shaping how agents can be observed, governed, secured, and trusted in the real world.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Fiscal Year 2026 Second Quarter Earnings Conference Call.

The post Secure agentic AI for your Frontier Transformation appeared first on Microsoft Security Blog.

Throughout my career, I’ve been inspired by extraordinary women leaders—trailblazers who broke barriers, opened doors, and reshaped what leadership in technology looks like. But today, I want to shine a light on another group that inspires me just as deeply: women early in their careers—the builders, learners, and question-askers who are defining the future of cybersecurity and developing their skills in the era of AI.

These women are entering the field at a moment of unprecedented complexity. Cyberthreats are accelerating. AI is reshaping how we defend, detect, and respond. And the stakes—for trust, safety, and resilience—have never been higher.

That’s exactly why it has never been more critical to have a wide range of experiences and perspectives in our defender community.

Be Cybersmart

Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.

Get the Be Cybersmart Kit.

Why diversity of perspectives is not optional in cybersecurity

Cybersecurity is fundamentally about understanding people—how they behave, how they make decisions, how systems can be misused, and where harm can occur. That’s why diversity of perspectives, backgrounds, experiences, and people is a security imperative.

The ISACA paper titled “The Value of Diversity and Inclusion in Cybersecurity” concludes that cybersecurity teams lacking diversity are at greater risk of engaging in limited threat modeling, exhibiting reduced innovation, and making less robust decisions in complex security environments. At Microsoft Security, we recognize that the cyberthreats we encounter are as varied and multifaceted as humanity itself.

To stay ahead, our teams must reflect that diversity across gender, background, culture, discipline, and lived experience.

When teams bring different perspectives to the table,

• They ask better questions;
• They surface risks earlier;
• They design systems that work for more people;
• And they build security that is resilient by design.

The power of women early in career and beyond

Women early in their career bring something incredibly powerful to cybersecurity and AI: fresh perspective paired with fearless curiosity. Women bring empathy, clarity, systems thinking, and collaborative leadership that directly strengthen our ability to detect cyberthreats, understand human behavior, and build secure products that work for everyone.

This makes me think of my valued friend and colleague, Lauren Buitta, who is the founder and chief executive officer (CEO) of Girl Security. Lauren has been a tireless advocate for providing women early in career—especially those from underrepresented backgrounds, with the skills and confidence needed to enter security careers. She often says, “Security isn’t just a discipline—it’s empowerment through knowledge.” That philosophy extends to Girl Security’s work preparing the next generation to navigate and lead in an AI-powered world. Her efforts show us that nurturing curiosity early on can have lasting effects throughout life.

They challenge assumptions that may no longer hold. They ask “why” before accepting “how.” They’re often the first to notice gaps—in data, in design, in who is represented and who is missing. Supporting women at this stage isn’t just about equity. It’s about strengthening the future of security itself. These actions build a stronger, more resilient security ecosystem.

Building and cultivating pathways for the next generation

Investing in women early in their cybersecurity and AI security careers is essential. Early access to education, opportunity, and confidence building experiences helps more women see themselves in this field—and choose to stay.

But if we stop there, we shouldn’t be surprised when the numbers don’t move.  In fact, independent global analyses from the Global Cybersecurity Forum and Boston Consulting Group show that women represent just 24% of the cybersecurity workforce worldwide—a figure reinforced by LinkedIn’s real-time labor market data. What I’ve realized is this: To change outcomes, we have to cultivate women throughout their careers—from first exposure to technical mastery, from early roles to leadership, and from individual contributor to decisionmaker. Otherwise, we’ll continue to bring women into the field without creating the conditions that allow them to grow, advance, and remain.

That means pairing early career investment with sustained support, inclusive cultures, and everyday actions that reinforce belonging and opportunity over time.

Here are meaningful steps we can all take—not just to widen the pipeline, but to strengthen it end to end:

1. Share stories from a diverse set of role models at every career stage.
Representation fuels imagination. When women early in career see themselves reflected in cybersecurity, they’re more likely to enter the field. When women midcareer and in senior roles see paths forward, they’re more likely to stay and lead.

2. Reevaluate job descriptions at entry and beyond.
Rigid expectations or narrow definitions of technical expertise discourage qualified candidates from applying, and can also limit progression into advanced or leadership roles.

3. Invest in inclusive training and early career programs and sustain learning over time.
Accessible, hands-on learning builds confidence early. Continued upskilling, reskilling, and leadership development ensure women can evolve alongside rapidly changing security and AI technologies.

4. Volunteer with organizations driving cybersecurity and AI education.
Groups like Girl Security and Women in CyberSecurity (WiCyS) are changing outcomes for thousands of girls and women. Your time, mentorship, or sponsorship helps build momentum early—and reinforces pathways later. I welcome you to join Nicole Ford, Vice President Customer Security Officer at Microsoft, who will be hosting a leadership lunch at the WiCyS conference to discuss cultivating leaders for the future and though advocacy and sponsorship.

5. Partner with community groups offering mentorship and sponsorship opportunities.
Mentorship is one of the strongest predictors of early career success. Sponsorship—advocacy that opens doors to stretch roles, visibility, and advancement—is critical for long term progression.

6. Be an ally every day across the full career journey.
Introduce emerging talent to your networks. Encourage them to speak up. Create space for them to lead. Advocate for their ideas in rooms they aren’t in yet—especially as stakes and visibility increase.

Our commitment—and our opportunity

At Microsoft, our mission is to empower every person and every organization on the planet to achieve more. That starts by ensuring the next generation of cybersecurity and AI security professionals has equitable access to opportunity, education, and belonging.

This Women’s History Month, let’s celebrate not only the women who have led the way — but the women who are just getting started.

They’re actively shaping security today, not just influencing its future. Security is a team sport and we need everyone in this team because together, we can build a safer, more inclusive digital future for all.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Women’s History Month: Encouraging women in cybersecurity at every career stage appeared first on Microsoft Security Blog.

Agent building isn’t limited to technical roles; today, employees in various positions create and use agents in daily work. More than 80% of Fortune 500 companies today use AI active agents built with low-code/no-code tools.² AI is ubiquitous in many operations, and generative AI-powered agents are embedded in workflows across sales, finance, security, customer service, and product innovation. 

With agent use expanding and transformation opportunities multiplying, now is the time to get foundational controls in place. AI agents should be held to the same standards as employees or service accounts. That means applying long‑standing Zero Trust security principles consistently:

• Least privilege access: Give every user, AI agent, or system only what they need—no more.
• Explicit verification: Always confirm who or what is requesting access using identity, device health, location, risk level.
• Assume compromise can occur: Design systems expecting that cyberattackers will get inside.

These principles are not new, and many security teams have implemented Zero Trust principles in their organization. What’s new is their application to non‑human users operating at scale and speed. Organizations that embed these controls within their deployment of AI agents from the beginning will be able to move faster, building trust in AI.

The rise of human-led AI agents

The growth of AI agents expands across many regions around the world from the Americas to Europe, Middle East, and Africa (EMEA), and Asia.

According to Cyber Pulse, leading industries such as software and technology (16%), manufacturing (13%), financial institutions (11%), and retail (9%) are using agents to support increasingly complex tasks—drafting proposals, analyzing financial data, triaging security alerts, automating repetitive processes, and surfacing insights at machine speed.³ These agents can operate in assistive modes, responding to user prompts, or autonomously, executing tasks with minimal human intervention.

And unlike traditional software, agents are dynamic. They act. They decide. They access data. And increasingly, they interact with other agents.

That changes the risk profile fundamentally.

The blind spot: Agent growth without observability, governance, and security

Despite the rapid adoption of AI agents, many organizations struggle to answer some basic questions:

• How many agents are running across the enterprise?
• Who owns them?
• What data do they touch?
• Which agents are sanctioned—and which are not?

This is not a hypothetical concern. Shadow IT has existed for decades, but shadow AI introduces new dimensions of risk. Agents can inherit permissions, access sensitive information, and generate outputs at scale—sometimes outside the visibility of IT and security teams. Bad actors might exploit agents’ access and privileges, turning them into unintended double agents. Like human employees, an agent with too much access—or the wrong instructions—can become a vulnerability. When leaders lack observability in their AI ecosystem, risk accumulates silently.

According to the Cyber Pulse report, already 29% of employees have turned to unsanctioned AI agents for work tasks.⁴ This disparity is noteworthy, as it indicates that numerous organizations are deploying AI capabilities and agents prior to establishing appropriate controls for access management, data protection, compliance, and accountability. In regulated sectors such as financial services, healthcare, and the public sector, this gap can have particularly significant consequences.

Why observability comes first

You can’t protect what you can’t see, and you can’t manage what you don’t understand. Observability is having a control plane across all layers of the organization (IT, security, developers, and AI teams) to understand:  

• What agents exist 
• Who owns them 
• What systems and data they touch 
• How they behave 

In the Cyber Pulse report, we outline five core capabilities that organizations need to establish for true observability and governance of AI agents:

• Registry: A centralized registry acts as a single source of truth for all agents across the organization—sanctioned, third‑party, and emerging shadow agents. This inventory helps prevent agent sprawl, enables accountability, and supports discovery while allowing unsanctioned agents to be restricted or quarantined when necessary.
• Access control: Each agent is governed using the same identity‑ and policy‑driven access controls applied to human users and applications. Least‑privilege permissions, enforced consistently, help ensure agents can access only the data, systems, and workflows required to fulfill their purpose—no more, no less.
• Visualization: Real‑time dashboards and telemetry provide insight into how agents interact with people, data, and systems. Leaders can see where agents are operating, understanding dependencies, and monitoring behavior and impact—supporting faster detection of misuse, drift, or emerging risk.
• Interoperability: Agents operate across Microsoft platforms, open‑source frameworks, and third‑party ecosystems under a consistent governance model. This interoperability allows agents to collaborate with people and other agents across workflows while remaining managed within the same enterprise controls.
• Security: Built‑in protections safeguard agents from internal misuse and external cyberthreats. Security signals, policy enforcement, and integrated tooling help organizations detect compromised or misaligned agents early and respond quickly—before issues escalate into business, regulatory, or reputational harm.

Governance and security are not the same—and both matter

One important clarification emerging from Cyber Pulse is this: governance and security are related, but not interchangeable.

• Governance defines ownership, accountability, policy, and oversight.
• Security enforces controls, protects access, and detects cyberthreats.

Both are required. And neither can succeed in isolation.

AI governance cannot live solely within IT, and AI security cannot be delegated only to chief information security officers (CISOs). This is a cross functional responsibility, spanning legal, compliance, human resources, data science, business leadership, and the board.

When AI risk is treated as a core enterprise risk—alongside financial, operational, and regulatory risk—organizations are better positioned to move quickly and safely.

Strong security and governance do more than reduce risk—they enable transparency. And transparency is fast becoming a competitive advantage.

From risk management to competitive advantage

This is an exciting time for leading Frontier Firms. Many organizations are already using this moment to modernize governance, reduce overshared data, and establish security controls that allow safe use. They are proving that security and innovation are not opposing forces; they are reinforcing ones. Security is a catalyst for innovation.

According to the Cyber Pulse report, the leaders who act now will mitigate risk, unlock faster innovation, protect customer trust, and build resilience into the very fabric of their AI-powered enterprises. The future belongs to organizations that innovate at machine speed and observe, govern and secure with the same precision. If we get this right, and I know we will, AI becomes more than a breakthrough in technology—it becomes a breakthrough in human ambition.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Data Security Index 2026: Unifying Data Protection and AI Innovation, Microsoft Security, 2026.

²Based on Microsoft first‑party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the last 28 days of November 2025.

³Industry and Regional Agent Metrics were created using Microsoft first‑party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the last 28 days of November 2025.

⁴July 2025 multi-national survey of more than 1,700 data security professionals commissioned by Microsoft from Hypothesis Group.

Methodology:

Industry and Regional Agent Metrics were created using Microsoft first‑party telemetry measuring agents built with Microsoft Copilot Studio or Microsoft Agent Builder that were in use during the past 28 days of November 2025. 

2026 Data Security Index: 

A 25-minute multinational online survey was conducted from July 16 to August 11, 2025, among 1,725 data security leaders. 

Questions centered around the data security landscape, data security incidents, securing employee use of generative AI, and the use of generative AI in data security programs to highlight comparisons to 2024. 

One-hour in-depth interviews were conducted with 10 data security leaders in the United States and United Kingdom to garner stories about how they are approaching data security in their organizations. 

Definitions: 

Active Agents are 1) deployed to production and 2) have some “real activity” associated with them in the past 28 days.  

“Real activity” is defined as 1+ engagement with a user (assistive agents) OR 1+ autonomous runs (autonomous agents).  

The post 80% of Fortune 500 use active AI Agents: Observability, governance, and security shape the new frontier appeared first on Microsoft Security Blog.

As agents become ubiquitous, security leaders are asking urgent questions: How do we onboard, manage, and govern these agents? How do we protect the data they access and create? How do we protect them from cyberthreats? How do we monitor them to ensure their trustworthiness, and ensure they are not double agents? And how can we use agents to protect, defend, and respond at the speed of AI?

The answer starts with trust and security has always been, and will always be, the root of trust. In the agentic era, security must be ambient and autonomous, like the AI it protects. It must be woven into and around everything we build—from silicon to operating systems, to agents, apps, data, platforms, and clouds—and throughout everything we do. This is our vision for security, where security becomes the core primitive.

At Microsoft Ignite 2025, we’re delivering on that vision with solutions that help customers observe, secure, and govern AI agents and apps, protect the platforms and clouds they are built on, and put agentic AI to work for security and IT teams. We are announcing new innovations across Microsoft Defender, Microsoft Entra, Microsoft Intune, Microsoft Purview, and Microsoft Sentinel—solutions used by more than 1.5 million customers today—to help customers secure every layer of the AI stack with industry-leading offerings.^1,2

Securing AI agents and apps

Let’s start with the first layer of that stack: the AI agents and apps that are helping us across our work, and how we are securing them end to end.

Microsoft Agent 365

Today we announced Microsoft Agent 365, the control plane for AI agents. Agent 365 brings observability at every level of the AI stack. Whether you create agents with Microsoft tools, open-source frameworks, or third-party platforms, Agent 365 helps you observe, manage, secure, and govern them. Security teams can now address agent sprawl, detect shadow agents, and protect agents comprehensively.

Agent 365 capabilities include:

• Registry: With Microsoft Entra registry, IT leaders get the complete inventory of all agents that are being used in their organization, including agents with Microsoft Entra Agent ID, agents that they decide to register themselves, and—coming soon—shadow agents. The registry also allows IT admins to quarantine unsanctioned agents to help ensure that they cannot be discovered by users or connect to other agents and organizational resources.

• Access control: With Agent Policy Templates, customers can enforce standard security policies from day one. As agents integrate into organizational workflows, Microsoft Entra enforces adaptive access policies that respond to real-time context and risk, and blocks agents that may have been compromised from accessing organization resources.

• Visualization: A unified dashboard and advanced analytics provide a complete map of connections among agents and users, other agents, and resources in your organization. Role-based reporting with tailored metrics and analytics helps IT, security, and business leaders see what matters most, right in their flow of work.

• Interop: Agents don’t just automate tasks for users, they amplify the work. With Work IQ, agents help accelerate time to value by accessing your organization’s unique data and context. Integrated with Microsoft 365 apps such as Outlook, Word, and Excel, agents take actions, build content, and collaborate seamlessly alongside users. Agent 365 works across Microsoft platforms, open-source frameworks and partner ecosystems.

• Security: Security is non-negotiable which is why Agent 365 uses Microsoft Defender, Microsoft Entra, and Microsoft Purview to deliver comprehensive protection from external and internal threats. Security leaders can proactively assess posture and risk, detect vulnerabilities and misconfigurations, protect against AI cyberattacks such as prompt injections, prevent agents from processing or leaking sensitive data, identify risky behaviors, and give organizations the ability to audit agent interactions, assess compliance readiness, policy violations, and recommend controls for evolving regulatory requirements.

Microsoft Foundry Control Plane

We announced Foundry Control Plane, a new experience in Microsoft Foundry, which makes it easier for developers to build, manage, and secure agent fleets at scale. Microsoft Defender, Microsoft Entra, and Microsoft Purview capabilities are natively integrated into Foundry Control Plane, so developers and security teams can share unified security controls, policies, and real-time risk insights, ensuring that agents and apps are protected from code development to runtime. Developers can also use Foundry Control Plane to publish agents directly to Agent 365 for IT enablement and activation, ensuring the same shared security foundations.

Microsoft Security Dashboard for AI

As AI adoption accelerates, the need for unified visibility into the security posture, risks, and regulatory compliance of their AI agents, apps, and platforms becomes more important than ever for security teams. The Security Dashboard for AI, announced today, centralizes discovery, protection, and governance by aggregating signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview. This helps chief information security officers (CISOs) and AI risk leaders to manage security posture and mitigate risks across their entire AI estate. For example, you can see your full AI inventory and get visibility into a quarantined agent, flagged for high data risk due to oversharing sensitive information in Microsoft Purview. The dashboard then correlates that signal with identity insights from Microsoft Entra and threat protection alerts from Microsoft Defender to provide a complete picture of exposure.

Microsoft Purview expansion for Microsoft 365 Copilot

Microsoft Purview expanded data security and compliance controls for Microsoft 365 Copilot to include comprehensive data oversharing reports within the Microsoft 365 admin center, automated bulk remediation of overshared links, and data loss prevention for Microsoft 365 Copilot and chat prompts. Organizations can also benefit from automated deletion schedules for Microsoft Teams transcripts containing sensitive data, and enhanced controls to exclude processing of sensitive files in government cloud environments. These capabilities empower security and compliance teams to rapidly detect, protect, and remediate data risks in real time, and at scale.

All of these new solutions add to existing tools that help you secure and govern your AI estate.

Securing platforms and clouds

Now let’s look at the second layer of the stack: the platforms and clouds your agents and AI apps run on, and the innovations we announced to protect them.

Microsoft Defender and GitHub Advanced Security

Developers are under pressure to deliver rapid innovation while security teams are inundated with alerts and growing risk. New integration between Microsoft Defender and GitHub Advanced Security helps developers and security teams work together to secure code and infrastructure, using familiar tools. Security can recommend that developers address vulnerable code and developers can remediate with Copilot Autofix. Security can then validate fixes in Microsoft Defender, closing the loop and accelerating the “shift left” approach to security.

Microsoft Baseline Security Mode

As cyberattackers increasingly use AI to exploit legacy configurations, Baseline Security Mode, now generally available, uses Microsoft-recommended settings to help mitigate legacy risks and improve cloud security posture. A guided admin experience helps to identify potential gaps, simulate changes with “What If” analysis, and deploy broad protections designed to minimize disruption to business-critical workflows. It helps support compliance and audit readiness, provides greater visibility through built-in dashboards and telemetry, and promotes predictability with major updates approximately every six to 12 months.

Microsoft Intune and Windows Security

Windows, built to harness AI and the cloud, helps employees be more productive while you remain secure and in control. Support for post-quantum cryptography helps future-proof your organization against emerging cyberthreats while hardware-accelerated BitLocker protects data without performance trade-offs. And with the Windows Resilience Initiative, we’re making recovery faster and more reliable so when issues occur, you can return to business quickly.

Managing Windows at scale just got easier—and more secure—with new capabilities in Microsoft Intune. These enhancements give IT and security leaders the confidence to embrace AI while minimizing risk. Phased deployments simplify AI rollouts by reducing risk and validating security before scaling, ensuring smooth adoption without disruption. Recovery is faster and more reliable, transforming manual, device-by-device fixes into remote management of the Windows Recovery Environment at scale, with hardware-bound certificates guaranteeing every action is authenticated and authorized. Maintenance windows provide precise control over update timing for operating systems, drivers, and firmware, helping organizations maintain patch compliance while minimizing disruption and keeping productivity high.

Securing with agentic AI

To defend in the agentic age, we need agentic defense. This starts with having an agentic platform and security agents built into the flow of work. Microsoft Sentinel has evolved from its traditional role as a cloud security information and event management (SIEM) to an agentic security platform, powering Microsoft Security Copilot agents and new predictive protection in Microsoft Defender.

Agents built into your everyday flow of work with Security Copilot

With more than four million open roles in cybersecurity, it’s clear: human-scale defense alone cannot secure our digital future.³ The answer? Empowering every security professional with intelligent agents—AI partners that amplify human expertise and transform the very fabric of organizational security.

At Microsoft Ignite, we are introducing a dozen new and enhanced Microsoft Security Copilot agents, available in Microsoft Defender, Microsoft Entra, Microsoft Intune, and Microsoft Purview, to empower security teams to shift from reactive responses to proactive strategies and help transform every aspect of organizational security.

These adaptive agents run side by side with security teams to triage incidents, optimize conditional access policies, surface threat intelligence, and maintain secure, compliant endpoints more easily. Our partner community also released more than 30 new Security Copilot agents, extending protection end-to-end.

To make it easier than ever for organizations to harness the power of Security Copilot agents to protect at the speed and scale of AI, we are thrilled to announce that Security Copilot will be included for all Microsoft 365 E5 customers.* The rollout starts today for Security Copilot customers with Microsoft 365 E5 and continues for all Microsoft 365 E5 customers in the upcoming months.

Predictive shielding with Microsoft Defender

Cyberattackers are using AI to increase the speed and scale of attacks, unleashing a barrage on defenders. Defender predictive shielding goes beyond automated cyberattack disruption and introduces a new capability that can anticipate cyberattacker movement and proactively harden attack pathways to protect critical assets. It forecasts likely attacker pivots using graph insights and threat intelligence from the 100 trillion signals Microsoft analyzes daily. Then, it applies targeted, just-in-time hardening actions to block exploitation of adjacent resources. This strategic and coordinated response minimizes business disruption and gives security teams a powerful advantage over increasingly sophisticated cyberthreats.

Securing with a new suite of expert-led services

To help organizations easily access security expertise, we’re introducing the Microsoft Defender Experts Suite, a new offering that brings together human-led, AI-powered managed extended detection and response, end-to-end proactive incident response services, and direct access to designated Microsoft security advisors. The expert-led services will help you defend against cyberthreats, build cyber resilience, and transform your security operations. Defender Experts Suite will be available early 2026 to help you accelerate security outcomes. We are also announcing that Microsoft is now an approved incident response partner of Beazley, a specialist insurer. The collaboration will provide Microsoft customers with a streamlined claims process and faster action following a cyber event.

Security is the core primitive

In the agentic AI era, digital trust is paramount: security, safety, ethics, and privacy will underpin progress, and security has been, and always will be, the root of trust. This is why we prioritize security above all else through the Microsoft Secure Future Initiative—an ongoing effort to improve security for Microsoft, our customers, and the ecosystem. It is also why we believe security must be ambient and autonomous, woven into and around everything we build—from silicon to operating systems, to agents, apps, data, platforms, and clouds—and throughout everything we do. This is our vision for security as the core primitive.

Security in the agentic era:

The core primitive

Envision a future where defenders and AI agents work together. Hear Charlie Bell and Vasu Jakkal share how leading organizations are securing AI innovation at scale—plus get demos and actionable steps.

Watch now

We are excited to connect with you, the defenders, at Ignite to explore these innovations and more throughout the week. And we look forward to working together to build a safer future for all.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security Blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

* Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.

¹ Microsoft is a recognized leader in cybersecurity, Microsoft Security. 2025.

² Microsoft FY25 Fourth Quarter Earnings Conference Call, Jonathan Neilson, Satya Nadella, Amy Hood. July 30, 2025

³ Bridging the Cyber Skills Gap, World Economic Forum. 2025.

The post ​​Ambient and autonomous security for the agentic era​​  appeared first on Microsoft Security Blog.

As part of the Microsoft Secure Future Initiative (SFI), we have committed to embed security into every layer of our technology, culture, and governance—placing security above all else. Since its launch in November 2023, SFI has mobilized the equivalent of more than 34,000 engineers to proactively reduce risk and strengthen security across Microsoft and the products and services we offer our customers. A great example of this is mitigating advanced multifactor authentication attacks, where phishing-resistant multifactor authentication now protects 100% of production system accounts and 92% of employee productivity accounts. In addition, we continue to reduce the risk of compromise during new employee setup by enforcing video-based verification, now at 99%.¹

Enabling your security-first approach

This year, we have also developed new resources and tools to support security professionals in keeping their organizations secure, particularly as we enter this next era of AI. Building upon our learnings with SFI, we have created SFI patterns and practices, which is a new library of actionable guidance designed to help organizations implement security at scale.

In addition to best practices for security professionals, we continue to add articles to our Be Cybersmart Kit, which is a great starting point for security professionals that need to educate their organizations on how to be safe. The Be Cybersmart Kit contains articles on AI safety, device security, domain impersonation, fraud, secure sign-in, and phishing. The kit is just one of the many resources available on the Microsoft Cybersecurity Awareness site. 

Be Cybersmart

Help educate everyone in your organization with cybersecurity awareness resources and training curated by the security experts at Microsoft.

Get the Be Cybersmart Kit.

Those seeking more in-depth resources can access expert-level learning paths, certifications, and technical documentation to continue their cybersecurity education. And for students pursuing the field of cybersecurity, the Microsoft Cybersecurity Scholarship Program and educational opportunities like Microsoft Elevate are here to help. The goal of all these programs is to help foster a culture that puts security and continuous learning first for students and professionals alike.

Security-first in action: Franciscan Alliance

The organization conducts monthly phishing simulations and quarterly assessments to expose staff to realistic scenarios consistently. Employees who do not pass the quarterly assessments are provided with additional training rather than being penalized, which supports a culture centered on learning and development. Training programs incorporate gamification elements to enhance accessibility and retention. Additionally, employees receive a monthly newsletter covering relevant security topics that support safe practices both professionally and personally.

During Cybersecurity Awareness Month, weekly editions are distributed, along with timely updates on emerging threats, including breaches and attacks. Franciscan Alliance also organizes threat briefings in partnership with external partners and utilizes resources such as Microsoft’s Cybersecurity Awareness materials to inform its training initiatives.

Developing security competencies in the age of AI

Additionally, Microsoft’s Chief Product Officer of Responsible AI Sarah Bird will moderate the panel, “Cyber and AI, Strategic Risk and Competitive Advantage,” at the NASDAQ Summit on October 21, 2025, at the New York Stock Exchange, where industry experts will provide guidance on governance and security for AI. In this session, experts will discuss real-world use cases, regulatory developments, and the strategic implications of integrating AI into enterprise environments. Events such as these are incredible opportunities for executives to deepen their understanding and lead with confidence in the age of AI.

Make the most out of Cybersecurity Awareness Month

We hope that these resources provide you with the learning, training, and confidence to set you and your organizations up for success—both this month and beyond. Now is the time to build a culture with a security-first mindset by making security part of your daily habits at work, home, and everywhere else. A security-first mindset means staying informed, proactively protecting digital assets, and encouraging others to do the same. Security is a team sport. By promoting vigilance and shared responsibility, we can create a safer world for all.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹April 2025 SFI progress report.

The post Cybersecurity Awareness Month: Security starts with you appeared first on Microsoft Security Blog.

We are living through a turning point in how organizations work and defend themselves. Across industries, “Frontier Firms” are emerging; these are businesses where humans and AI agents collaborate in real time to solve problems, innovate, and build resilient organizations.

For security teams, this shift brings new opportunities and challenges. The complexity and speed of modern cyberthreats demand solutions that go beyond traditional tools. To address these needs, Microsoft is introducing new agentic security capabilities to empower defenders to innovate boldly and safely in this new AI era.

Microsoft Sentinel: The security platform for the agentic era

Defenders need to protect AI end-to-end and for that they need a platform that brings together data, context, automation, and intelligent agents, enabling them to defend and adapt at AI speed. That platform is Microsoft Sentinel.

Sentinel started as a cloud-native security information and event management (SIEM) and expanded to also include a unified security data lake in July. Today, it is expanding into an agentic platform with the general availability of Sentinel data lake, and the public preview of Sentinel graph and Sentinel Model Context Protocol (MCP) server. With graph-based context, semantic access, and agentic orchestration, Sentinel gives defenders a single platform to ingest signals, correlate across domains, and empower AI agents built in Security Copilot, VS Code using GitHub Copilot, or other developer platforms.

Sentinel ingests signals, either structured or semi-structured, and builds a rich, contextual understanding of your digital estate through vectorized security data and graph-based relationships. By integrating these insights with Microsoft Defender and Microsoft Purview, Sentinel brings graph-powered context to the tools security teams already use, helping defenders trace attack paths, understand impact, and prioritize response—all within familiar workflows.

With Microsoft Security and Sentinel data lake, we’ve unified silos, scaled operations, automated processes, and expanded coverage—transforming how we detect patterns and prepare for the future with a unified, agile security posture.

—Bernard Knaapen, Chief Product Owner, Monitoring and Incident Response, ABN AMRO

Sentinel also organizes and enriches your security data, making it ready for AI agents to detect issues faster, investigate with more clarity, and respond automatically when needed. And Sentinel’s graph-based approach powers Security Copilot agents to reason over your environment with precision and speed, thanks to the built-in MCP server, which uses open standards for easy agent access and action. For advanced teams, Sentinel MCP server enables extensibility for predefined and custom agents, allowing AI-powered reasoning over unified data. This shifts security from reactive to predictive, helping teams anticipate threats and automate response at scale.

Sentinel is open and extensible, so partners can build their own agents and solutions. And with the new Microsoft Security Store, finding and deploying these agents is simple. We’re already collaborating with Accenture, ServiceNow, and Zscaler to strengthen the security ecosystem together.

Sentinel is an industry-leading SIEM and the scalable backbone defenders need in the age of AI.¹ Together, Sentinel and Security Copilot give security teams the visibility, automation, and scale they need to stay ahead of cyberthreats.

Security Copilot: Build your own agents—no code required

Security Copilot was created to help security teams tackle the toughest challenges—endless alerts, siloed tools, and constant pressure to do more with less. But no one understands your environment and unique needs like you do. Now you can build your own Security Copilot agents. The Security Copilot portal features a no-code agent builder that lets you describe what you need in natural language and create, optimize, and publish agents tailored to your workflows in minutes.

You can also build agents in a Sentinel MCP server-enabled coding platform, such as VS Code using GitHub Copilot. Once built, you can refine and deploy agents to your Security Copilot workspace while keeping the process within the familiar development platform.

Security Copilot agents are designed to integrate into daily tools and workflows—whether embedded in the Microsoft Security products you already use, partner-built, or custom-built for your environment. Since launching Security Copilot agents in March 2025, we’ve delivered more than a dozen agents for scenarios such as phish triage and conditional access optimization. We continue to add embedded agents such as the Access Review Agent in Microsoft Entra. Microsoft and partner-created Security Copilot agents are available to discover, buy, and deploy in the Security Store today.

Building on Sentinel’s graph-based context, Security Copilot agents can now reason more effectively across your environment—correlating alerts, enriching context with relationships, prioritizing by impact, and automating common actions. This enables fewer false positives, faster triage, and lower mean time to resolution (MTTR). Work shifts from manual triage to agent-led workflows: agents orchestrate and automate routine tasks, while analysts review and approve outcomes—focusing their time on strategic decisions and proactive threat hunts.

Secure and govern your AI comprehensively

As organizations embrace AI, Microsoft continues to invest in tools that help security teams secure and govern their AI platforms, apps, and agents across the enterprise.

Over the past few months, we’ve expanded our Security for AI capabilities, including Entra Agent ID to help discover and manage your agent estate, controls to prevent data oversharing in custom-built AI apps and agents, risk discovery tools for AI model providers and MCP servers, and advanced detection for prompt injection attacks.

At Microsoft Build 2025, we announced new enhancements to Azure AI Foundry that provide more protection for AI agents across their lifecycle. These will be available soon and include:

1. Agent task adherence control to help keep agents aligned with tasks in real time
2. Personally identifiable information (PII) guardrail
3. Spotlighting capability in prompt shields to enhance protection against cross-prompt injection attacks

Together, these innovations help you secure and govern your AI apps and agents in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry—helping you build on the trusted tools your teams already use and offering you more natively built protections for your Microsoft AI platforms.

Upcoming security events

Deep dive into these innovations at Microsoft Secure on Sep 30, Oct 1, or on demand. Then, join us at Microsoft Ignite, Nov, 17–21 in San Francisco, CA or online—for more innovations, hands-on labs, and expert connections. 

Security is a team sport

We are entering a new era: security is adaptive, intelligent, and acts at the speed of thought. The advances announced today are the building blocks for a new generation of defense.

I firmly believe that security is a team sport. That team includes all of us— innovating together, learning together, and defending together.

Together, we’re not just imagining the future. We’re securing it.

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft is again named a Leader in the 2024 Gartner® Magic Quadrant™ for Security Information and Event Management​​, Microsoft Security Blog. May 13, 2024.

The post Empowering defenders in the era of agentic AI with Microsoft Sentinel appeared first on Microsoft Security Blog.

With so many strong vendors and solutions in the Zero Trust space, you need solid data to make the right choice for your organization. That’s why Forrester’s analysis matters. They provide detailed comparisons of vendor capabilities and strategic vision, helping security leaders evaluate which platforms are best equipped to meet today’s evolving challenges.

Your decision matters now more than ever. The security landscape is evolving rapidly with the rise of generative and agentic AI—where intelligent agents can create and collaborate with other agents, collaborate autonomously, and scale faster than traditional models can keep up. Systems once built for human identities must now manage a growing web of machine identities, each with its own access and risk profile.

In this landscape, adhering to the principles of Zero Trust is critical for protecting sensitive resources, so you can:

• Expand visibility across your digital environment to reduce security vulnerabilities.
• Secure your most critical assets while ensuring compliance.
• Deploy generative AI with confidence.

Microsoft’s end-to-end, integrated approach to Zero Trust

The Forrester report cited our vision for proactive security architecture powered by innovative AI agents that automate complex security, IT, and productivity tasks. But what we believe really caught their attention was our integrated approach—how we bring together capabilities across security, compliance, identity, device management, and privacy, all informed by more than 84 trillion threat signals a day.¹ As they noted, “Microsoft excels at tool consolidation and integration, helping reduce costs and overhead.”

Customers interviewed for the report recognized that our “deep cross-platform integration” delivers “real business value” without making customers stitch different solutions together manually. This integration spans the entire Microsoft Security portfolio—Microsoft Defender, Microsoft Purview, Microsoft Intune, Microsoft Sentinel, and Microsoft Entra—to provide a unified platform that secures identities, endpoints, data, apps, infrastructure, and AI. At the heart of this integration are the strong identity management capabilities of Microsoft Entra, which Forrester noted for “deliver[ing] effective least-privilege access enforcement” while enabling data security controls and endpoint management.

Picture a typical attack pattern. Malicious activity in an on-premises system might be detected by Defender for Identity, a compromised device flagged by Defender for Endpoint, and risky insider behavior identified by Purview. These signals converge in Entra conditional access, your centralized policy engine, enabling real-time, risk-based access controls that adapt to emerging threats and, when necessary, block access automatically.

Powered by AI and threat intelligence, our unified security platform surfaces high-priority incidents and recommends next actions, transforming security from a collection of tools into a cohesive defense. You can work within our unified platform to prevent, detect, and respond to incidents across a single integrated system—no jumping between dashboards or correlating signals manually. All of this comes together with Microsoft Security Exposure Management to give full visibility into all your assets and help you proactively reduce risk.

An integrated approach doesn’t mean using only Microsoft solutions. We believe security is a team sport. In fact, the Forrester report recognized the maturity and scale of our global partner ecosystem. We’ve invested heavily in these partnerships because they provide additional signals and specialized protections that make the entire security community stronger. The report also cited our standout community, which provides education, training, and guidance on building Zero Trust architectures to ensure customers have the support they need at every step.

Our commitment to customers and the industry

Through our Secure Future Initiative, we continuously evaluate and strengthen our own security posture, improve the security of our products to better protect customers, and share progress and learnings with the industry. We are also committed to standards, guidelines, and best practices from the National Institute of Standards and Technology (NIST), The Open Group, the Cybersecurity and Infrastructure Security Agency (CISA), and MITRE—not as compliance checkboxes, but because they provide proven frameworks and common vocabulary for implementing effective security.

Take action to improve your security posture

Threats are evolving faster than ever, but so are defenses. With the right Zero Trust security strategy, you can embrace AI’s transformative power while keeping your organization secure. Microsoft’s leadership in Zero Trust, as reflected for us in the latest Forrester Wave™, highlights our commitment to helping you meet these security demands.

For more information on this recognition, check out the full Forrester Wave™: Zero Trust Platforms, Q3 2025 report.

Ready to evaluate your Zero Trust readiness for the AI era? Start with our Zero Trust assessment, host an implementation workshop, or dive into our step-by-step implementation guides.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™: Zero Trust Platforms, Q3 2025, Joshep Blankenship, Faith Born, and Peter Harrison. July 10, 2025. 

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .

¹Based on Microsoft internal data. Accurate as of July 2025.

The post ​​Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report appeared first on Microsoft Security Blog.

That’s why we are excited to announce that Microsoft and CrowdStrike are teaming up to create alignment across our individual threat actor taxonomies. By mapping where our knowledge of these actors align, we will provide security professionals with the ability to connect insights faster and make decisions with greater confidence.

Names are how we make sense of the threat landscape and organize insights into known or likely cyberattacker behaviors. At Microsoft, we’ve published our own threat actor naming taxonomy to help researchers and defenders identify, share, and act on our threat intelligence, which is informed by the 84 trillion threat signals that we process daily. But the same actor that Microsoft refers to as Midnight Blizzard might be referred to as Cozy Bear, APT29, or UNC2452 by another vendor. Our mutual customers are always looking for clarity. Aligning the known commonalities among these actor names directly with peers helps to provide greater clarity and gives defenders a clearer path to action.

Introducing a collaborative reference guide to threat actors

Microsoft and CrowdStrike are publishing the first version of our joint threat actor mapping. It includes:

• A list of common actors tracked by Microsoft and CrowdStrike mapped by their respective taxonomies.
• Corresponding aliases from each group’s taxonomy.

This reference guide serves as a starting point, a way to translate across naming systems so defenders can work faster and more efficiently, especially in environments where insights from multiple vendors are in play. This reference guide helps to:

• Improve confidence in threat actor identification.
• Streamline correlation across platforms and reports.
• Accelerate defender action in the face of active cyberthreats.

This effort is not about creating a single naming standard. Rather, it’s meant to help our customers and the broader security community align intelligence more easily, respond faster, and stay ahead of threat actors.

Looking ahead

This initial taxonomy mapping is a collaboration between Microsoft and CrowdStrike. Google/Mandiant and Palo Alto Networks Unit 42 will also be contributing to this effort. We look forward to sharing updates from those collaborations in the near future. Security is a shared responsibility, requiring community-wide efforts to improve defensive measures. We are excited to be teaming up with CrowdStrike and we look forward to others joining us on this journey.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹SP 800-150, Guide to Cyber Threat Information Sharing, NIST Computer Security Research Center. October 2016.

The post Announcing a new strategic collaboration to bring clarity to threat actor naming appeared first on Microsoft Security Blog.

Agentic AI transformation is giving rise to the Frontier Firm—a new type of organization characterized by on-demand intelligence and a workforce where humans and agents work in tandem. According to Microsoft’s 2025 Work Trend Index, we expect every organization will be on their journey to becoming a Frontier Firm within the next two to five years. 

And as AI transforms every aspect of our lives and unlocks unprecedented possibilities, it must be grounded in security—starting with a Zero Trust foundation to protect the workforce and a new generation of Frontier Firms. 

Microsoft is committed to helping customers build a strong security foundation from the start. At Microsoft Build 2025, we’re taking important steps to secure the agentic workforce.

Secure and manage agent identities with Microsoft Entra

Security starts with identity. Identity-based cyberattacks have consistently been one of the top threat vectors since the cloud era. The number of password cyberattacks has increased to approximately 7,000 password attacks per second, and identity-based cyberattacks now account for nearly 80% of breaches.¹ Identity is the new perimeter and Microsoft Entra, with more than 900 million monthly active users today, plays a pivotal role in securing all identities in the agentic era. 

We are excited to introduce Microsoft Entra Agent ID, which extends identity management and access capabilities to AI agents. Now, AI agents created within Microsoft Copilot Studio and Azure AI Foundry are automatically assigned identities in a Microsoft Entra directory—analogous to etching a unique VIN into every new car and registering it before it leaves the factory—centralizing agent and user management in one solution. 

Agentic AI is gaining momentum for its ability to combine large language models with reasoning to deliver real outcomes. As we scale autonomous capabilities, identity becomes critical—robust authentication, access provisioning, fine-grained authorization, and governance are essential. Microsoft Entra Agent ID is a huge step in delivering industry thought leadership with a tangible solution. 

—Frank Dickson, Group Vice President of Security and Trust, IDC

Partnering with ServiceNow and Workday

And as AI agents increasingly join and reshape the workforce, it’s crucial that workforce systems tap into Microsoft Entra’s expanded identity capabilities for agents. That’s why we are excited to partner with leading providers like ServiceNow and Workday. As part of this, we’ll integrate Microsoft Entra Agent ID with the ServiceNow AI Platform and the Workday Agent System of Record. This will allow for automated provisioning of identities for future digital employees.

Secure data and compliance for AI agents with Microsoft Purview 

With the adoption of generative AI apps and models—and now agents—other types of risks beyond identity have emerged such as data oversharing and leaks, new AI-specific vulnerabilities and cyberthreats, and non-compliance with stringent regulatory requirements.  

To give organizations the tools needed to help secure and govern AI agents, Microsoft Purview data security and compliance controls is now extended to:

• Any custom-built AI app with the new Microsoft Purview software development kit (SDK).
• Enabled natively for AI agents built within Azure AI Foundry and Copilot Studio.

This means that AI agents can now inherently benefit from Microsoft Purview’s robust data security and compliance capabilities. Developers can leverage these controls to help reduce the risk of their AI applications oversharing or leaking data, and to support compliance efforts, while security teams gain visibility into AI risks and mitigations. This integration improves AI data security and streamlines compliance management for development and security teams.

Proactively secure agents with Microsoft Defender 

Finally, to help developers address critical AI risks, Microsoft Defender now integrates AI security posture management recommendations and runtime threat protection alerts directly into Azure AI Foundry. This integration reduces the tooling gap between security and development teams so developers can proactively mitigate AI application risks and vulnerabilities from within the development environment and more quickly reduce surface area risk—empowering developers to enhance the security of AI applications. 

These announcements underscore our commitment to providing comprehensive security and governance for AI, with technology built on the security lessons of the past and in line with our Secure Future Initiative principles. By embedding identity, security, and governance for agents into Microsoft’s agent-building spaces with seamless integration with Microsoft Entra, Microsoft Purview, and Defender, we are helping organizations innovate more securely with AI.  

More details can be found on Tech Community.

¹ Microsoft Digital Defense Report 

The post Microsoft extends Zero Trust to secure the agentic workforce appeared first on Microsoft Security Blog.