Security

Microsoft Agentic AI Security Tools Unveiled at RSAC

3 min läsning

Sammanfattning

At RSAC 2026, Microsoft introduced a broader security strategy for enterprise AI, led by Agent 365, a new control plane for governing and protecting AI agents that will reach general availability on May 1. The company also announced expanded AI risk visibility and identity protections across Defender, Entra, Purview, Intune, and new shadow AI detection tools, signaling that securing AI usage is becoming a core part of enterprise security operations as adoption accelerates.

Behöver du hjälp med Security?Prata med en expert

Introduction

Agentic AI is moving quickly from experimentation to enterprise deployment, and that creates a new set of security challenges for IT and security teams. At RSAC 2026, Microsoft outlined an end-to-end strategy for securing AI agents, the infrastructure they rely on, and the data and identities they touch.

What’s new

Agent 365 reaches general availability soon

Microsoft confirmed that Agent 365 will be generally available on May 1. Positioned as a control plane for agents, it is designed to help IT, security, and business teams observe, secure, and govern AI agents at scale.

Key capabilities highlighted include:

  • Integration with Microsoft Defender, Entra, and Purview
  • Controls to secure agent access
  • Protections to reduce data oversharing
  • Support for defending against emerging AI threats

Agent 365 is included in Microsoft 365 E7: The Frontier Suite.

New visibility into AI risk across the enterprise

Microsoft is adding several tools to improve AI discovery and risk awareness:

  • Security Dashboard for AI is now generally available, providing centralized visibility into AI-related risk.
  • Entra Internet Access Shadow AI Detection becomes generally available on March 31, helping identify unmanaged AI app usage at the network layer.
  • Enhanced Intune app inventory arrives in May, adding visibility into AI-enabled apps installed on devices.

Entra expands identity protection

Microsoft Entra gains several new and updated capabilities for modern identity security:

  • Entra Backup and Recovery for directory resilience is in preview.
  • Entra Tenant Governance helps discover shadow Entra tenants and improve multi-tenant governance, also in preview.
  • Synced passkeys and passkey profiles are generally available.
  • Windows Hello integration for Entra passkeys is in preview.
  • External MFA integration is now generally available.
  • Adaptive risk remediation is generally available in April.
  • A new identity security dashboard and identity risk score in Microsoft Defender are in preview.

Purview adds AI-aware data protection

To address data leakage and oversharing in AI workflows, Microsoft announced:

  • Expanded Purview DLP for Microsoft 365 Copilot, generally available March 31
  • Purview embedded in Copilot Control System, generally available in April
  • Customizable data security reports, available in preview March 31

Why this matters for IT admins

These announcements show Microsoft treating AI as a full security domain rather than a feature add-on. For administrators, the big takeaway is that AI governance, identity, endpoint visibility, and data protection are becoming more tightly integrated across the Microsoft stack.

Organizations already deploying Copilot, AI apps, or autonomous agents should expect increased scrutiny around shadow AI, access policies, and data handling. The new dashboards and controls could help reduce blind spots while supporting safer AI adoption.

Next steps

  • Review whether Agent 365 fits your AI governance strategy.
  • Enable or evaluate new Entra identity protections, especially passkeys and adaptive remediation.
  • Prepare for Shadow AI Detection and updated Intune app inventory to identify unmanaged AI usage.
  • Assess Purview DLP policies for Copilot and other AI-related workflows.
  • Brief security and compliance teams on Microsoft’s broader agentic AI security model.

Behöver du hjälp med Security?

Våra experter kan hjälpa dig att implementera och optimera dina Microsoft-lösningar.

Prata med en expert

Håll dig uppdaterad om Microsoft-teknologier

Läs originalartikeln av Vasu Jakkal
Securityagentic AIMicrosoft EntraMicrosoft PurviewMicrosoft Defender

Relaterade inlägg

Security

Trivy Supply Chain Compromise: Defender Guidance

Microsoft has published detection, investigation, and mitigation guidance for the March 2026 Trivy supply chain compromise that affected the Trivy binary and related GitHub Actions. The incident matters because it weaponized trusted CI/CD security tooling to steal credentials from build pipelines, cloud environments, and developer systems while appearing to run normally.

Security

AI Agent Governance: Aligning Intent for Security

Microsoft outlines a governance model for AI agents that aligns user, developer, role-based, and organizational intent. The framework helps enterprises keep agents useful, secure, and compliant by defining behavioral boundaries and a clear order of precedence when conflicts arise.

Security

Microsoft Defender Predictive Shielding Stops GPO Ransomware

Microsoft detailed a real-world ransomware case in which Defender’s predictive shielding detected malicious Group Policy Object abuse before encryption began. By hardening GPO propagation and disrupting compromised accounts, Defender blocked about 97% of attempted encryption activity and prevented any devices from being encrypted through the GPO delivery path.

Security

Microsoft CTI-REALM Benchmarks AI Detection Engineering

Microsoft has introduced CTI-REALM, an open-source benchmark designed to test whether AI agents can actually perform detection engineering tasks end to end, from interpreting threat intelligence reports to generating and refining KQL and Sigma detection rules. This matters because it gives security teams a more realistic way to evaluate AI for SOC operations, focusing on measurable operational outcomes across real environments instead of simple cybersecurity question answering.

Security

Microsoft Zero Trust for AI: Workshop and Architecture

Microsoft has introduced Zero Trust for AI guidance, adding an AI-focused pillar to its Zero Trust Workshop and expanding its assessment tool with new Data and Network pillars. The update matters because it gives enterprises a structured way to secure AI systems against risks like prompt injection, data poisoning, and excessive access while aligning security, IT, and business teams around nearly 700 controls.

Security

Microsoft Tax-Season Phishing Attacks Target Credentials

Microsoft is warning that tax-season phishing attacks are rising, with threat actors using fake CPA messages, W-2 QR codes, and 1099-themed lures to steal Microsoft 365 credentials and deliver malware or remote access tools. The campaigns matter because they are increasingly targeted and evasive, abusing trusted cloud services, multi-step redirects, and legitimate-looking tools to bypass defenses and raise the risk of account compromise and broader network intrusion.