Security

Microsoft Security May 2026: Purview and Entra Updates

3 min read

Summary

Microsoft Security’s May 2026 updates focus on improving visibility and control across data, identities, and AI-driven environments. Highlights include the general availability of the new Purview Data Security Posture Management experience, deeper investigations with OCR and custom examinations, Entra ID Account recovery, and expanded preview for Windows 365 for Agents.

Need help with Security?Talk to an Expert

Introduction

Microsoft Security’s May 2026 updates are aimed at a growing challenge for IT and security teams: protecting data, identities, and AI agents across increasingly complex environments. As organizations adopt more AI services and third-party tools, Microsoft is adding stronger posture management, deeper investigations, and more secure identity recovery options.

What’s new in Microsoft Security

Microsoft Purview DSPM is now generally available

The new Microsoft Purview Data Security Posture Management (DSPM) experience is now generally available. Microsoft says the updated experience brings discovery, protection, investigation, and remediation into a more unified workflow.

Key improvements include:

  • Goal-oriented workflows for faster risk assessment
  • Expanded reporting and deeper remediation options
  • Better visibility across third-party environments
  • Streamlined investigation and action from a single experience

For administrators, this should make it easier to identify sensitive data exposure and respond at scale without jumping between multiple tools.

Purview Data Security Investigations adds OCR and custom examinations

Microsoft also expanded Purview Data Security Investigations with:

  • Optical character recognition (OCR) to extract text from images
  • Custom examinations for tailored investigation scenarios

This matters because sensitive information is not always stored in searchable text documents. With OCR, investigators can now bring image-based content into AI-powered analysis. Custom examinations also give security teams more flexibility to detect organization-specific risks beyond Microsoft’s built-in checks.

Entra ID Account recovery adds secure access restoration

Microsoft Entra ID Account recovery is designed to help users regain access when they have lost all registered authentication methods. Unlike standard password reset workflows, this feature focuses on re-establishing trust and verifying identity before authentication methods are replaced.

This is especially important for organizations strengthening phishing-resistant authentication and reducing help desk friction in account recovery scenarios.

Windows 365 for Agents expands in public preview

Windows 365 for Agents is expanding in public preview and works alongside Microsoft Agent 365 to provide a secure environment for AI agent execution.

According to Microsoft:

  • Agent 365 governs what an agent is authorized to do
  • Windows 365 for Agents provides the managed execution environment
  • Agents can run in auditable, policy-controlled Cloud PCs

This is a notable step for organizations exploring enterprise AI agents while maintaining governance and security controls.

Impact on IT administrators

Security and identity teams should view these updates as part of Microsoft’s broader push toward protecting AI, data, and identities together. The biggest practical benefits are improved data risk workflows in Purview, stronger investigation capabilities, and a more secure path for account recovery.

Next steps

  • Review the new Purview DSPM experience if your organization uses Microsoft Purview
  • Evaluate OCR and custom examinations for data investigation use cases
  • Assess Entra ID Account recovery for identity resilience planning
  • Monitor Windows 365 for Agents if you are testing or deploying AI agents in the enterprise

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Microsoft SecurityMicrosoft PurviewEntra IDWindows 365AI security

Related Posts

Security

Salesforce OAuth Abuse: Microsoft Guidance on ShinyHunters

Microsoft detailed how threat activity associated with ShinyHunters abused trusted OAuth relationships in Salesforce to gain persistent access, exfiltrate CRM data, and evade traditional sign-in detections. The company also announced improved Salesforce telemetry and near-real-time detection in Defender for Cloud Apps, giving security teams better visibility into connected apps, OAuth scopes, and suspicious SaaS activity.

Security

Microsoft Entra ID Passkeys Default Rollout Dates

Microsoft will make passkeys the default authentication experience in Entra ID starting September 1, 2026, automatically prompting users currently using SMS or voice MFA to register a passkey. The change matters because Microsoft-provided SMS and voice authentication will be retired on February 1, 2027, pushing organizations toward phishing-resistant authentication and requiring admins to plan migrations now.

Security

Microsoft Secure Future Initiative July 2026 Update

Microsoft’s July 2026 Secure Future Initiative progress report highlights major security gains across identity, cloud resource isolation, vulnerability remediation, and AI-driven defense. The update matters to IT and security teams because it pairs measurable hardening progress with practical guidance on phishing-resistant MFA, secure defaults, composite attack paths, and post-quantum readiness.

Security

GigaWiper Malware: Microsoft Details Destructive Backdoor

Microsoft Threat Intelligence has published a deep analysis of GigaWiper, a Golang-based backdoor that combines command-and-control features with multiple destructive payloads, including disk wiping, fake ransomware, and system sabotage. The research matters because it shows attackers consolidating several malware families into a single modular implant, increasing flexibility while reducing deployment footprint.

Security

Microsoft SFI AI Hardens Cloud Security at Scale

Microsoft detailed an internal multi-agent AI system built under its Secure Future Initiative (SFI) to proactively evaluate and harden live cloud services. The approach speeds up deep security analysis from weeks to hours by correlating code, identity, network, configuration, and runtime signals to uncover composite risks that single-tool reviews can miss.

Security

Cloud Security Posture Management Trends for 2026

Frost & Sullivan’s 2025 Frost Radar shows cloud security posture management is shifting from periodic compliance checks to continuous, risk-based governance within CNAPP platforms. For IT and security teams, the key takeaway is clear: prioritize tools that unify posture, identity, workload, and data signals to reduce risk faster across multicloud environments.