Safe agentic AI end-to-end | Microsoft Safety Weblog

Subsequent week, RSAC™ Convention celebrates its 35-year anniversary as a discussion board that brings the safety neighborhood collectively to handle new challenges and embrace alternatives in our quest to make the world a safer place for all. As we glance in direction of that milestone, agentic AI is reshaping industries quickly as clients rework to grow to be Frontier Corporations—these anchored in intelligence and belief and utilizing brokers to raise human ambition, holistically reimagining their enterprise to attain their highest aspirations. Our current analysis exhibits that 80% of Fortune 500 corporations are already utilizing brokers.¹

On the identical time, this innovation is occurring in opposition to a sea change in AI-powered assaults the place brokers can grow to be “double brokers.” And chief info officers (CIOs), chief info safety officers (CISOs), and safety choice makers are grappling with the ensuing safety implications: How do they observe, govern, and safe brokers? How do they safe their foundations on this new period? How can they use agentic AI to guard their group and detect and reply to conventional and rising threats?

The reply begins with belief, and safety has at all times been the basis of belief. On this agentic period, safety should be woven into, and round, each layer of the AI property. It should be ambient and autonomous, identical to the AI it protects. That is our imaginative and prescient for safety because the core primitive of the AI stack.

At RSAC 2026, we’re delivering on that imaginative and prescient with new purpose-built capabilities designed to assist organizations safe brokers, safe their foundations, and defend utilizing brokers and specialists. Fueled by greater than 100 trillion every day indicators, Microsoft Safety helps defend 1.6 million clients, one billion identities, and 24 billion Copilot interactions.² Learn on to learn the way we can assist you safe agentic AI.

Safe brokers

Earlier this month, we introduced that Agent 365 can be usually accessible on Could 1. Agent 365—the management airplane for brokers—provides IT, safety, and enterprise groups the visibility and instruments they should observe, safe, and govern brokers at scale utilizing the infrastructure you have already got and belief. It consists of new Microsoft Defender, Entra, and Purview capabilities that can assist you safe agent entry, forestall information oversharing, and defend in opposition to rising threats.

Agent 365 is included in Microsoft 365 E7: The Frontier Suite together with Microsoft 365 Copilot, Microsoft Entra Suite, and Microsoft 365 E5, which incorporates most of the superior Microsoft Safety capabilities under to ship complete safety on your group.

Safe your foundations

Together with securing brokers, we additionally want to consider securing AI comprehensively. To actually safe agentic AI, we should safe foundations—the methods that agentic AI is constructed and runs on and the people who find themselves growing and utilizing AI. At RSAC 2026, we’re introducing new capabilities that can assist you acquire visibility into dangers throughout your enterprise, safe identities with steady adaptive entry, safeguard delicate information throughout AI workflows, and defend in opposition to threats on the velocity and scale of AI.

Acquire visibility into dangers throughout your enterprise

As AI adoption accelerates, so does the necessity for complete and steady visibility into AI dangers throughout your surroundings—from brokers to AI apps and providers. We’re addressing this problem with new capabilities that provide you with perception into dangers throughout your enterprise so you understand the place AI is exhibiting up, how it’s getting used, and the place your publicity to threat could also be rising. New capabilities embody:

• Safety Dashboard for AI offers CISOs and safety groups with unified visibility into AI-related threat throughout the group. Now usually accessible.
• Entra Web Entry Shadow AI Detection makes use of the community layer to establish beforehand unknown AI purposes and floor unmanaged AI utilization that may in any other case go undetected. Typically accessible March 31.
• Enhanced Intune app stock offers wealthy visibility into your app property put in on units, together with AI-enabled apps, to help focused remediation of high-risk software program. Typically accessible in Could.

Safe identities with steady, adaptive entry

Identification is the inspiration of contemporary safety, probably the most focused layer in any surroundings, and the primary line of protection. With Microsoft Entra, you possibly can safe entry and ship complete identification safety utilizing new capabilities that provide help to harden your identification infrastructure, enhance tenant governance, modernize authentication, and make clever entry selections.

• Entra Backup and Restoration strengthens resilience with an automatic backup of Entra listing objects to allow fast restoration in case of unintentional information deletion or unauthorized adjustments. Now accessible in preview.
• Entra Tenant Governance helps organizations uncover unmanaged (shadow) Entra tenants and set up constant tenant insurance policies and governance in multi-tenant environments. Now accessible in preview.
• Entra passkey capabilities now embody synced passkeys and passkey profiles to allow most flexibility for end-users, making it straightforward to maneuver between units, whereas organizations in search of most management nonetheless have the choice of device-bound passkeys. Plus, Entra passkeys are actually natively built-in into the Home windows Good day expertise, making phishing-resistant passkey authentication extra seamless on Home windows units. Synced passkeys and passkey profiles are usually accessible, passkey integration into Home windows Good day is in preview. 
• Entra exterior Multi-Issue Authentication (MFA) permits organizations to attach exterior MFA suppliers straight with Microsoft Entra to allow them to leverage pre-existing MFA investments or use extremely specialised MFA strategies. Now usually accessible.
• Entra adaptive threat remediation helps customers securely regain entry with out help-desk friction via automated self-remediation throughout authentication strategies, adapting to the place they’re of their fashionable authentication journey. Typically accessible in April.
• Unified identification safety offers end-to-end protection throughout identification infrastructure, the identification management airplane, and identification menace detection and response (ITDR)—constructed for fast response and real-time selections. The brand new identification safety dashboard in Microsoft Defender highlights probably the most impactful insights throughout human and non-human identities to assist speed up response, and the brand new identification threat rating unifies account-level threat indicators to ship a complete view of person threat to tell real-time entry selections and SecOps investigations. Now accessible in preview.

Safeguard delicate information throughout AI workflows

With AI embedded in on a regular basis work, delicate information more and more strikes via prompts, responses, and grounding flows—typically sooner than insurance policies can sustain. Safety groups want visibility into how AI interacts with information in addition to the flexibility to cease information oversharing and information leakage. Microsoft brings information safety straight into the AI management airplane, giving organizations clear perception into threat, real-time enforcement on the level of use, and the boldness to allow AI responsibly throughout the enterprise. New Microsoft Purview capabilities embody:

• Expanded Purview information loss prevention for Microsoft 365 Copilot helps block delicate info resembling PII, bank card numbers, and customized information sorts in prompts from being processed or used for net grounding. Typically accessible March 31.
• Purview embedded in Copilot Management System offers a unified view of AI‑associated information threat straight within the Microsoft 365 Admin Heart. Typically accessible in April.
• Purview customizable information safety stories allow tailor-made reporting and drilldowns to prioritized information safety dangers. Out there in preview March 31.

Defend in opposition to threats throughout endpoints, cloud, and AI providers

Safety groups want proactive 24/7 menace safety that disrupts threats early and incorporates them mechanically. Microsoft is extending predictive shielding to proactively restrict impression and cut back publicity, increasing our container safety capabilities, and introducing network-layer safety in opposition to malicious AI prompts.

• Entra Web Entry immediate injection safety helps block malicious AI prompts throughout apps and brokers by implementing common network-level insurance policies. Typically accessible March 31.
• Enhanced Defender for Cloud container safety consists of binary drift and antimalware prevention to shut gaps attackers exploit in containerized environments. Now accessible in preview.
• Defender for Cloud posture administration provides broader protection and helps Amazon Net Companies and Google Cloud Platform, delivering safety suggestions and compliance insights for newly found assets. Out there in preview in April.
• Defender predictive shielding dynamically adjusts identification and entry insurance policies throughout energetic assaults, lowering publicity and limiting impression. Now accessible in preview.

Defend with brokers and specialists

To defend within the agentic age, we’d like agentic protection. This implies having an agentic protection platform and safety brokers embedded straight into the movement of labor, augmented by deep human experience and complete safety providers while you want them.

Brokers constructed into the movement of safety work

Safety groups transfer quickest with focused assist the place and when work is occurring. As alerts floor and investigations unfold throughout identities, information, endpoints, and cloud workloads, AI-powered help must function alongside defenders. With Safety Copilot now included in Microsoft 365 E5 and E7, we’re empowering defenders with brokers embedded straight into every day safety and IT operations that assist speed up response and cut back guide effort to allow them to concentrate on what issues most.

New brokers accessible now embody:

• Safety Analyst Agent in Microsoft Defender helps speed up menace investigations by offering contextual evaluation and guided workflows. Out there in preview March 26.
• Safety Alert Triage Agent in Microsoft Defender has the capabilities of the phishing triage agent after which extends to cloud and identification to autonomously analyze, classify, prioritize, and resolve repetitive low-value alerts at scale. Out there in preview in April.
• Conditional Entry Optimization Agent in Microsoft Entra enhancements add context-aware suggestions, deeper evaluation, and phased rollout to strengthen identification safety. Agent usually accessible, enhancements now accessible in preview.
• Knowledge Safety Posture Agent in Microsoft Purview enhancements embody a credential scanning functionality that can be utilized to proactively detect credential publicity in your information. Now accessible in preview.
• Knowledge Safety Triage Agent in Microsoft Purview enhancements embody a sophisticated AI reasoning layer and improved interpretation of customized Delicate Data Sorts (SITs), to enhance agent outputs throughout alert triage. Agent usually accessible, enhancements accessible in preview March 31.
• Over 15 new partner-built brokers prolong Safety Copilot with further capabilities, all accessible within the Safety Retailer.

Scale with an agentic protection platform

To assist defenders and brokers work collectively in a extra coordinated, intelligence-driven manner, Microsoft is increasing Sentinel, the agentic protection platform, to unify context, automate end-to-end workflows, and standardize entry, governance, and deployment throughout safety options.

• Sentinel information federation powered by Microsoft Cloth investigates exterior safety information in place in Databricks, Microsoft Cloth, and Azure Knowledge Lake Storage whereas preserving governance. Now accessible in preview.
• Sentinel playbook generator with pure language orchestration helps speed up investigations and automate complicated workflows. Now accessible in preview.
• Sentinel granular delegated administrator privileges and unified role-based entry management allow safe and scaling administration for companions and enterprise clients with cross-tenant collaboration. Now accessible in preview.
• Safety Retailer embedded in Purview and Entra makes it simpler to find and deploy brokers straight inside present safety experiences. Typically accessible March 31.
• Sentinel customized graphs powered by Microsoft Cloth allow views distinctive to your group of relationships throughout your surroundings. Now accessible in preview.
• Sentinel mannequin context protocol (MCP) entity analyzer helps automate sooner with pure language and harnesses the pliability of code to speed up responses. Typically accessible in April.

Strengthen with specialists

Even probably the most mature safety organizations face moments that decision for deeper partnership—a classy assault, a fancy investigation, a state of affairs the place seasoned experience alongside your staff makes all of the distinction. The Microsoft Defender Consultants Suite brings collectively expert-led providers—technical advisory, managed prolonged detection and response (MXDR), and end-to-end proactive and reactive incident response—that can assist you defend in opposition to superior cyber threats, construct long-term resilience, and modernize safety operations with confidence.

Apply Zero Belief for AI

Zero Belief has at all times been constructed on three ideas: confirm explicitly, use least privilege, and assume breach. As AI turns into embedded throughout your total surroundings—from the fashions you construct on, to the info they devour, to the brokers that act in your behalf—making use of these ideas has by no means been extra crucial. At RSAC 2026, we’re extending our Zero Belief structure, the complete AI lifecycle—from information ingestion and mannequin coaching to deployment agent conduct. And we’re making it actionable with an up to date Zero Belief for AI reference structure, workshop, evaluation software, and new patterns and practices articles that can assist you enhance your safety posture.

See you at RSAC

In case you’re becoming a member of the worldwide safety neighborhood in San Francisco for RSAC 2026 Convention, we invite you to attach with us. Be a part of us at our Microsoft Pre-Day occasion and cease by our sales space on the RSAC Convention North Expo (N-5744) to discover our newest improvements throughout Microsoft Agent 365, Microsoft Defender, Microsoft Entra, Microsoft Purview, Microsoft Sentinel, and Microsoft Safety Copilot and see firsthand how we can assist your group safe brokers, safe your basis, and provide help to defend with brokers and specialists. The way forward for safety is ambient, autonomous, and constructed for the period of AI. Let’s construct it collectively.

To be taught extra about Microsoft Safety options, go to our web site. Bookmark the Safety weblog to maintain up with our knowledgeable protection on safety issues. Additionally, observe us on LinkedIn (Microsoft Safety) and X (@MSFTSecurity) for the most recent information and updates on cybersecurity.

¹Based mostly on Microsoft first-party telemetry measuring brokers constructed with Microsoft Copilot Studio or Microsoft Agent Builder that had been in use over the last 28 days of November 2025.

²Microsoft Fiscal Yr 2026 First Quarter Earnings Convention Name and Microsoft Fiscal Yr 2026 Second Quarter Earnings Convention Name