Merging changes synced from https://github.com/MicrosoftDocs/defender-docs-pr (branch live)

Author: Learn Build Service GitHub App

defender-office-365/quarantine-about.md

@@ -1,5 +1,5 @@
 ---
-title: Quarantined email messages
+title: Quarantined email messages in Microsoft 365
 author: chrisda
 ms.author: chrisda
 ms.topic: overview
@@ -10,7 +10,8 @@ ms.collection:
   - tier1
 ms.custom:
   - seo-marvel-apr2020
-description: Admins can learn about email quarantine in Microsoft 365 that holds potentially dangerous or unwanted messages.
+  - msecd-doc-authoring-1012
+description: Learn about email quarantine in Microsoft 365, including which detections quarantine messages, how retention works, and how admins and users manage quarantined items.
 ms.service: defender-office-365
 ms.date: 02/02/2026
 appliesto:
@@ -29,15 +30,15 @@ In all organizations with cloud mailboxes, quarantine is available to hold poten
 > [!NOTE]
 > In Microsoft 365 operated by 21Vianet in China, quarantine isn't currently available in the Microsoft Defender portal. Quarantine is available only in the classic Exchange admin center (classic EAC).
 >
-> You can't completely turn off quarantine in Microsoft 365. Malware and high-confidence phishing messages are always quarantined to protect the service. Admin can reduce quarantined messages by changing actions to deliver messages to the Junk Email folder instead of quarantinemod in anti-spam polices and anti-phishing policies.
+> You can't completely turn off quarantine in Microsoft 365. Malware and high-confidence phishing messages are always quarantined to protect the service. Admins can reduce quarantined messages by changing actions to deliver messages to the Junk Email folder instead of quarantine in anti-spam policies and anti-phishing policies.
 
 Whether a detected message is quarantined by default depends on the following factors:
 
 - The protection feature that detected the message. For example, the following detections are always quarantined:
   - Malware detections by [anti-malware policies](anti-malware-policies-configure.md)<sup>\*</sup>.
   - Malware or phishing detections by [Safe Attachments policies](safe-attachments-policies-configure.md), including [Built-in protection](preset-security-policies.md) for Safe Attachments<sup>\*</sup>.
   - High confidence phishing detections by [anti-spam policies](anti-spam-policies-configure.md).
-- Whether you're using the Standard and/or Strict [preset security policies](preset-security-policies.md). The Strict profile quarantines more types of detections than the Standard profile.
+- Whether you're using the Standard or Strict [preset security policies](preset-security-policies.md). The Strict profile quarantines more types of detections than the Standard profile.
 
 <sup>\*</sup> Malware filtering is skipped on SecOps mailboxes that are identified in the advanced delivery policy. For more information, see [Configure the advanced delivery policy for non-Microsoft phishing simulations and email delivery to SecOps mailboxes](advanced-delivery-policy-configure.md).
 
@@ -56,12 +57,14 @@ Threat policies for [supported features](quarantine-policies.md#step-2-assign-a-
 
 ## Quarantine policies
 
-_Quarantine policies_ define what users are able to do or not do to quarantined messages, and whether users receive quarantine notifications for those messages. For more information, see [Anatomy of a quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy).
+_Quarantine policies_ define what users can or can't do to quarantined messages, and whether users receive quarantine notifications for those messages. For more information, see [Anatomy of a quarantine policy](quarantine-policies.md#anatomy-of-a-quarantine-policy).
 
 > [!TIP]
 > You can create customized [quarantine notifications for different languages](quarantine-policies.md#customize-quarantine-notifications-for-different-languages). You can also [use a custom logo in quarantine notifications](quarantine-policies.md#customize-all-quarantine-notifications).
 
-The default quarantine policies assigned to protection feature verdicts enforce the historical capabilities that users get for their quarantined messages (messages where they're a recipient). For more information, see the table in [Find and release quarantined messages as a user](quarantine-end-user.md). For example, only admins can work with messages that were quarantined as malware or high confidence phishing. By default, users can work with their messages that were quarantined as spam, bulk, phishing, spoof, user impersonation, domain impersonation, or mailbox intelligence.
+The default quarantine policies assigned to protection feature verdicts enforce the historical capabilities that users get for their quarantined messages (messages where they're a recipient). For more information, see the table in [Find and release quarantined messages as a user](quarantine-end-user.md).
+
+For example, only admins can work with messages that were quarantined as malware or high confidence phishing. By default, users can work with their messages that were quarantined as spam, bulk, phishing, spoof, user impersonation, domain impersonation, or mailbox intelligence.
 
 Admins can create and apply custom quarantine policies that define less restrictive or more restrictive capabilities for users, and also turn on quarantine notifications. For more information, see [Create quarantine policies](quarantine-policies.md#step-1-create-quarantine-policies-in-the-microsoft-defender-portal).
 
@@ -70,7 +73,7 @@ Both users and admins can work with quarantined messages:
 - Admins can work with all types of quarantined messages for all users, including messages that were quarantined as malware, high confidence phishing, or as a result of mail flow rules (also known as transport rules). For more information, see [Manage quarantined messages and files as an admin](quarantine-admin-manage-messages-files.md).
 
   > [!TIP]
-  > For the permissions required to download and release any messages from quarantine, see the permissions entry [here](quarantine-admin-manage-messages-files.md#what-do-you-need-to-know-before-you-begin).
+  > For the permissions required to download and release all messages from quarantine, see [What do you need to know before you begin?](quarantine-admin-manage-messages-files.md#what-do-you-need-to-know-before-you-begin) in Manage quarantined messages and files as an admin.
 
 - Users can work with their quarantined messages based on the protection feature that quarantined the message, and the setting in corresponding quarantine policy. For more information, see [Find and release quarantined messages as a user](quarantine-end-user.md).
 
@@ -85,11 +88,11 @@ Both users and admins can work with quarantined messages:
 
 - Admins can report false positives to Microsoft from quarantine. For more information, see [Take action on quarantined email](quarantine-admin-manage-messages-files.md#take-action-on-quarantined-email) and [Take action on quarantined files](quarantine-admin-manage-messages-files.md#take-action-on-quarantined-files).
 
-- Users can also report false positives to Microsoft from quarantine, depending on the value of the **Reporting from quarantine** setting in [user reported settings](submissions-user-reported-messages-custom-mailbox.md).
+- Users can also report false positives to Microsoft from quarantine, based on the **Reporting from quarantine** setting in [user reported settings](submissions-user-reported-messages-custom-mailbox.md).
 
 ### Quarantine retention
 
-How long quarantined messages or files are held in quarantine before they expire depends why the message or file was quarantined. Features and their corresponding retention periods are described in the following table:
+How long quarantined messages or files are held in quarantine before they expire depends on why the message or file was quarantined. Features and their corresponding retention periods are described in the following table:
 
 |Quarantine reason|Default retention period|Customizable?|Comments|
 |---|---|:---:|---|
@@ -99,7 +102,7 @@ How long quarantined messages or files are held in quarantine before they expire
 |Messages quarantined by mail flow rules where the action is **Deliver the message to the hosted quarantine** (_Quarantine_).|30 days|No||
 |Messages quarantined by Safe Attachments policies in Defender for Office 365 (malware or phishing messages).|30 days|No||
 |Files quarantined by Safe Attachments for SharePoint, OneDrive, and Microsoft Teams (malware files).|30 days|No|Files quarantined in SharePoint or OneDrive are removed from quarantine after 30 days, but the blocked files remain in SharePoint or OneDrive in the blocked state.|
-|Messages in chats and channels quarantined by zero-hour auto protection (ZAP) for Microsoft Teams in Defender for Office 365|30 days|No|
+|Messages in chats and channels quarantined by zero-hour auto protection (ZAP) for Microsoft Teams in Defender for Office 365|30 days|No||
 
 When messages expire from quarantine after the retention period, the messages are permanently deleted and can't be recovered.
 

defender-xdr/security-for-ai/ai-agent-detection-protection.md

@@ -18,9 +18,15 @@ Deployed AI agents operate autonomously, invoking tools, accessing data, and tak
 
 This article explains how Microsoft Defender detects, blocks, and enables security teams to investigate threats to AI agents managed through [Microsoft Agent 365](/microsoft-agent-365/overview), including the extended detection and protection capabilities available for supported agent platforms.
 
+> [!NOTE]
+> Some capabilities described in this article currently require onboarding through Microsoft Defender for Cloud Apps. This is a temporary configuration that will be part of the Agent 365 product experience. Starting July 1, 2026, your organization needs an [Agent 365 subscription](https://www.microsoft.com/en/microsoft-agent-365) to continue using agent protection and visibility capabilities.
+
 ## Block unsafe AI agent actions in real time
 
-Microsoft Defender provides real-time protection (RTP) to prevent AI agents from performing unsafe actions during runtime. Defender integrates directly with [Microsoft Agent 365’s Agent Tooling Gateway (ATG)](/microsoft-agent-365/tooling-servers-overview) to evaluate supported agent-initiated tool invocations before they execute. If Defender determines that an action is risky, it blocks the action before the agent performs it, preventing harmful behavior.
+Microsoft Defender provides real-time protection (RTP) to prevent AI agents from performing unsafe actions during runtime. Defender integrates directly with [Work IQ MCP](/microsoft-agent-365/tooling-servers-overview) to evaluate supported agent-initiated tool invocations before they execute. If Defender determines that an action is risky, it blocks the action before the agent performs it, preventing harmful behavior.
+
+> [!NOTE]
+> Real-time protection is available only for AI agents that use tools currently supported in Work IQ MCP. Agents that rely on unsupported tools or do not integrate with Work IQ MCP are outside the scope of this capability.
 
 Real-time protection focuses on high-confidence threats, including:
 
@@ -32,11 +38,9 @@ Real-time protection focuses on high-confidence threats, including:
 - Credential leakage through legitimate channels such as email or external APIs  
 
 > [!NOTE]
-> Beyond the real-time protection through the Agent Tooling Gateway (ATG), which evaluates agent-initiated tool invocations at runtime, Microsoft Defender also evaluates user prompts for agents built with Microsoft Copilot Studio.
+> For agents built with Microsoft Copilot Studio, Microsoft Defender also provides real-time protection by evaluating model prompts and responses. This capability doesn't depend on Work IQ.
 
-When Microsoft Defender blocks an action, it generates a detailed alert that explains what was blocked, why the action was considered risky, and which agent, user, and tool were involved. This ensures security teams can investigate attempted behavior using familiar Defender workflows.
-
-Beyond the core real‑time protection capabilities available for all Microsoft Agent 365‑managed agents, you can enable an extended set of real‑time protection capabilities for agents built with Microsoft Copilot Studio.
+When Microsoft Defender blocks an action, it generates a detailed alert that explains what was blocked, why the action was considered risky, and which agent, user, and tool were involved. This ensures security teams can investigate blocked actions using familiar Defender workflows.
 
 ### Enable real-time protection
 
@@ -64,14 +68,17 @@ For more information, see [Incidents and alerts in the Microsoft Defender portal
 
 Near-real-time detections rely on Agent 365 observability data, which also provides valuable context for [investigating incidents and threat hunting](#investigate-ai-agent-threats-and-hunt-for-risks-using-advanced-hunting). Microsoft Defender analyzes this data to identify suspicious agent behavior and generate alerts.
 
-#### Enable near-real-time detections and advanced threat hunting
+> [!NOTE]
+> For agents built with Microsoft Copilot Studio and Microsoft Foundry, Microsoft Defender also supports detections based on evaluation of model prompts and responses. 
+
+### Enable near-real-time detections and advanced threat hunting
 
 To enable near-real-time alerts and threat hunting: 
 
 1. Enable the Microsoft 365 app connector to collect Agent 365 observability data for AI agent actions. For more information, see [Connect Microsoft 365 to Microsoft Defender for Cloud Apps](/defender-cloud-apps/protect-office-365#connect-microsoft-365-to-microsoft-defender-for-cloud-apps).
 1. Ensure that your AI agent emits observability data to Microsoft 365. 
     - Agents built with Microsoft Copilot Studio send observability data to Microsoft 365 by default.
-    - For AI agents built on other platforms, integrate the [Microsoft Agent 365 SDK](/microsoft-agent-365/developer/) to emit observability data to Microsoft 365.
+    - For AI agents built on other platforms, enable observability using the Microsoft Agent 365 SDK, as described in the [Agent 365 development lifecycle documentation](/microsoft-agent-365/developer/a365-dev-lifecycle#1-build-and-run-agent).
 
 ### Enable extended near-real-time detections for Microsoft Copilot Studio and Microsoft Foundry agents
 

defender-xdr/security-for-ai/defender-security-for-ai.md

@@ -57,8 +57,8 @@ AI agents introduce unique security risks because of their ability to reason, in
 |---|---|---|
 | **AI agent discovery** | <ul><li>**All Agent 365-managed agents** - Discover all agents onboarded to Agent 365 using the [Microsoft Agent 365 SDK](/microsoft-agent-365/developer/)  and view agent details and configuration attributes using Kusto Query Language (KQL) queries in Advanced Hunting in Microsoft Defender.</li><li>**Extended capabilities for supported agents** - The AI agent inventory in the Defender portal shows supported agents in a unified UI. This is currently supported for agents built with Microsoft Copilot Studio, Microsoft Foundry, AWS Bedrock, and GCP Vertex AI.</li></ul> | [Discover AI agents and assess security posture using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-inventory) |
 | **Agent security posture management** | <ul><li>**All Agent 365-managed agents** - Use Advanced Hunting in Microsoft Defender, which provides a set of prebuilt queries to help you identify misconfigurations, risky agent settings, and excessive permissions. </li><li>**Extended capabilities for supported agents** - The AI agent inventory in the Defender portal lets you assess security posture through risk factors, attack paths, and prioritized security recommendations. This is currently supported for agents built with Microsoft Foundry, AWS Bedrock, and GCP Vertex AI.</li></ul> | [Discover AI agents and assess security posture using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-inventory) |
-| **Agent threat detection and blocking** | <ul><li>**All Agent 365-managed agents** - **Near‑real‑time detections** surface alerts based on Agent 365 observability data. **Real‑time protection** evaluates actions before an agent invokes a tool and can block unsafe behavior. Microsoft Defender reports blocked in alerts for further investigation.<br>These capabilities help protect against prompt‑based attacks, unsafe tool usage, credential exposure, data exfiltration, and anomalous execution patterns.</li><li> **Extended capabilities for supported agents** - Agents built with Microsoft Copilot Studio have an extended set of real‑time protection capabilities and near‑real‑time detection alerts. Agents built with Microsoft Foundry have an extended set of near‑real‑time detection alerts.</li></ul>| [Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection) |
-| **Agent threat investigation and hunting**| <ul><li>**All Agent 365-managed agents** - Microsoft Defender correlates signals from all of your Defender products into incidents. Analysts see the full context of a potential attack, including the relationships between involved entities and blast radius of AI agent threats, using the incident graph and investigation experience. Use Advanced Hunting to query agent activity alongside other security data to support investigation and threat hunting.</li><li>**Extended investigation capabilities** - Enable the Microsoft 365 app connector to collect Agent 365 observability data, which provides deeper investigation and more flexible threat hunting by exposing detailed records of agent actions.</li></ul> | [Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection)|
+| **Agent threat detection and blocking** | <ul><li>**All Agent 365-managed agents** - **Near‑real‑time detections** surface alerts based on Agent 365 observability data. **Real‑time protection** evaluates actions before an agent invokes a tool and can block unsafe behavior. Microsoft Defender reports blocked actions in alerts for further investigation.<br>These capabilities help protect against prompt‑based attacks, unsafe tool usage, credential exposure, data exfiltration, and anomalous execution patterns.</li><li> **Extended capabilities for supported agents** - Agents built with Microsoft Copilot Studio have an extended set of real‑time protection capabilities and near‑real‑time detection alerts. Agents built with Microsoft Foundry have an extended set of near‑real‑time detection alerts.</li></ul>| [Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection) |
+| **Agent threat investigation and hunting**| <ul><li>**All Agent 365-managed agents** - Microsoft Defender correlates signals from all of your Defender products into incidents. Analysts see the full context of a potential attack, including the relationships between involved entities and the blast radius of AI agent threats, using the incident graph and investigation experience. Use Advanced Hunting to query agent activity alongside other security data to support investigation and threat hunting.</li><li>**Extended investigation capabilities** - Enable the Microsoft 365 app connector to collect Agent 365 observability data, which provides deeper investigation and more flexible threat hunting by exposing detailed records of agent actions.</li></ul> | [Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection)|
 
 ## Protect AI infrastructure using Microsoft Defender