You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: defender-xdr/security-for-ai/ai-agent-detection-protection.md
+7-14Lines changed: 7 additions & 14 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -18,15 +18,9 @@ Deployed AI agents operate autonomously, invoking tools, accessing data, and tak
18
18
19
19
This article explains how Microsoft Defender detects, blocks, and enables security teams to investigate threats to AI agents managed through [Microsoft Agent 365](/microsoft-agent-365/overview), including the extended detection and protection capabilities available for supported agent platforms.
20
20
21
-
> [!NOTE]
22
-
> Some capabilities described in this article currently require onboarding through Microsoft Defender for Cloud Apps. This is a temporary configuration that will be part of the Agent 365 product experience. Starting June 30, 2026, your organization needs an [Agent 365 subscription](https://www.microsoft.com/en/microsoft-agent-365) to continue using agent protection and visibility capabilities.
23
-
24
21
## Block unsafe AI agent actions in real time
25
22
26
-
Microsoft Defender provides real-time protection (RTP) to prevent AI agents from performing unsafe actions during runtime. Defender integrates directly with [Work IQ MCP](/microsoft-agent-365/tooling-servers-overview) to evaluate supported agent-initiated tool invocations before they execute. If Defender determines that an action is risky, it blocks the action before the agent performs it, preventing harmful behavior.
27
-
28
-
> [!NOTE]
29
-
> Real-time protection is available only for AI agents that use tools currently supported in Work IQ MCP. Agents that rely on unsupported tools or do not integrate with Work IQ MCP are outside the scope of this capability.
23
+
Microsoft Defender provides real-time protection (RTP) to prevent AI agents from performing unsafe actions during runtime. Defender integrates directly with [Microsoft Agent 365’s Agent Tooling Gateway (ATG)](/microsoft-agent-365/tooling-servers-overview) to evaluate supported agent-initiated tool invocations before they execute. If Defender determines that an action is risky, it blocks the action before the agent performs it, preventing harmful behavior.
30
24
31
25
Real-time protection focuses on high-confidence threats, including:
- Credential leakage through legitimate channels such as email or external APIs
39
33
40
34
> [!NOTE]
41
-
> For agents built with Microsoft Copilot Studio, Microsoft Defender also provides real-time protection by evaluating model prompts and responses. This capability doesn't depend on Work IQ.
35
+
> Beyond the real-time protection through the Agent Tooling Gateway (ATG), which evaluates agent-initiated tool invocations at runtime, Microsoft Defender also evaluates user prompts for agents built with Microsoft Copilot Studio.
42
36
43
-
When Microsoft Defender blocks an action, it generates a detailed alert that explains what was blocked, why the action was considered risky, and which agent, user, and tool were involved. This ensures security teams can investigate blocked actions using familiar Defender workflows.
37
+
When Microsoft Defender blocks an action, it generates a detailed alert that explains what was blocked, why the action was considered risky, and which agent, user, and tool were involved. This ensures security teams can investigate attempted behavior using familiar Defender workflows.
38
+
39
+
Beyond the core real‑time protection capabilities available for all Microsoft Agent 365‑managed agents, you can enable an extended set of real‑time protection capabilities for agents built with Microsoft Copilot Studio.
44
40
45
41
### Enable real-time protection
46
42
@@ -68,17 +64,14 @@ For more information, see [Incidents and alerts in the Microsoft Defender portal
68
64
69
65
Near-real-time detections rely on Agent 365 observability data, which also provides valuable context for [investigating incidents and threat hunting](#investigate-ai-agent-threats-and-hunt-for-risks-using-advanced-hunting). Microsoft Defender analyzes this data to identify suspicious agent behavior and generate alerts.
70
66
71
-
> [!NOTE]
72
-
> For agents built with Microsoft Copilot Studio and Microsoft Foundry, Microsoft Defender also supports detections based on evaluation of model prompts and responses.
73
-
74
-
### Enable near-real-time detections and advanced threat hunting
67
+
#### Enable near-real-time detections and advanced threat hunting
75
68
76
69
To enable near-real-time alerts and threat hunting:
77
70
78
71
1. Enable the Microsoft 365 app connector to collect Agent 365 observability data for AI agent actions. For more information, see [Connect Microsoft 365 to Microsoft Defender for Cloud Apps](/defender-cloud-apps/protect-office-365#connect-microsoft-365-to-microsoft-defender-for-cloud-apps).
79
72
1. Ensure that your AI agent emits observability data to Microsoft 365.
80
73
- Agents built with Microsoft Copilot Studio send observability data to Microsoft 365 by default.
81
-
- For AI agents built on other platforms, enable observability using the Microsoft Agent 365 SDK, as described in the [Agent 365 development lifecycle documentation](/microsoft-agent-365/developer/a365-dev-lifecycle#1-build-and-run-agent).
74
+
- For AI agents built on other platforms, integrate the [Microsoft Agent 365 SDK](/microsoft-agent-365/developer/) to emit observability data to Microsoft 365.
82
75
83
76
### Enable extended near-real-time detections for Microsoft Copilot Studio and Microsoft Foundry agents
Copy file name to clipboardExpand all lines: defender-xdr/security-for-ai/defender-security-for-ai.md
+2-2Lines changed: 2 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -57,8 +57,8 @@ AI agents introduce unique security risks because of their ability to reason, in
57
57
|---|---|---|
58
58
|**AI agent discovery**| <ul><li>**All Agent 365-managed agents** - Discover all agents onboarded to Agent 365 using the [Microsoft Agent 365 SDK](/microsoft-agent-365/developer/) and view agent details and configuration attributes using Kusto Query Language (KQL) queries in Advanced Hunting in Microsoft Defender.</li><li>**Extended capabilities for supported agents** - The AI agent inventory in the Defender portal shows supported agents in a unified UI. This is currently supported for agents built with Microsoft Copilot Studio, Microsoft Foundry, AWS Bedrock, and GCP Vertex AI.</li></ul> |[Discover AI agents and assess security posture using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-inventory)|
59
59
|**Agent security posture management**| <ul><li>**All Agent 365-managed agents** - Use Advanced Hunting in Microsoft Defender, which provides a set of prebuilt queries to help you identify misconfigurations, risky agent settings, and excessive permissions. </li><li>**Extended capabilities for supported agents** - The AI agent inventory in the Defender portal lets you assess security posture through risk factors, attack paths, and prioritized security recommendations. This is currently supported for agents built with Microsoft Foundry, AWS Bedrock, and GCP Vertex AI.</li></ul> |[Discover AI agents and assess security posture using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-inventory)|
60
-
|**Agent threat detection and blocking**| <ul><li>**All Agent 365-managed agents** - **Near‑real‑time detections** surface alerts based on Agent 365 observability data. **Real‑time protection** evaluates actions before an agent invokes a tool and can block unsafe behavior. Microsoft Defender reports blocked actions in alerts for further investigation.<br>These capabilities help protect against prompt‑based attacks, unsafe tool usage, credential exposure, data exfiltration, and anomalous execution patterns.</li><li> **Extended capabilities for supported agents** - Agents built with Microsoft Copilot Studio have an extended set of real‑time protection capabilities and near‑real‑time detection alerts. Agents built with Microsoft Foundry have an extended set of near‑real‑time detection alerts.</li></ul>|[Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection)|
61
-
|**Agent threat investigation and hunting**| <ul><li>**All Agent 365-managed agents** - Microsoft Defender correlates signals from all of your Defender products into incidents. Analysts see the full context of a potential attack, including the relationships between involved entities and the blast radius of AI agent threats, using the incident graph and investigation experience. Use Advanced Hunting to query agent activity alongside other security data to support investigation and threat hunting.</li><li>**Extended investigation capabilities** - Enable the Microsoft 365 app connector to collect Agent 365 observability data, which provides deeper investigation and more flexible threat hunting by exposing detailed records of agent actions.</li></ul> |[Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection)|
60
+
|**Agent threat detection and blocking**| <ul><li>**All Agent 365-managed agents** - **Near‑real‑time detections** surface alerts based on Agent 365 observability data. **Real‑time protection** evaluates actions before an agent invokes a tool and can block unsafe behavior. Microsoft Defender reports blocked in alerts for further investigation.<br>These capabilities help protect against prompt‑based attacks, unsafe tool usage, credential exposure, data exfiltration, and anomalous execution patterns.</li><li> **Extended capabilities for supported agents** - Agents built with Microsoft Copilot Studio have an extended set of real‑time protection capabilities and near‑real‑time detection alerts. Agents built with Microsoft Foundry have an extended set of near‑real‑time detection alerts.</li></ul>|[Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection)|
61
+
|**Agent threat investigation and hunting**| <ul><li>**All Agent 365-managed agents** - Microsoft Defender correlates signals from all of your Defender products into incidents. Analysts see the full context of a potential attack, including the relationships between involved entities and blast radius of AI agent threats, using the incident graph and investigation experience. Use Advanced Hunting to query agent activity alongside other security data to support investigation and threat hunting.</li><li>**Extended investigation capabilities** - Enable the Microsoft 365 app connector to collect Agent 365 observability data, which provides deeper investigation and more flexible threat hunting by exposing detailed records of agent actions.</li></ul> |[Detect, block, and investigate threats to AI agents using Microsoft Defender](/defender-xdr/security-for-ai/ai-agent-detection-protection)|
62
62
63
63
## Protect AI infrastructure using Microsoft Defender
0 commit comments