Microsoft has rolled out a major update to its security tools, adding new features to help prevent sensitive information from leaking through workplace automation. Announced in late March 2026, these updates are built into Microsoft Purview and Defender and focus on the risks posed by fast-paced data processing at work as more companies use digital assistants for tasks such as internal messaging and document creation. IT teams are increasingly worried about accidental data sharing. The new update launches a central dashboard that tracks how information is used, ensuring that company data is maintained securely, even when handled by advanced AI systems.
Strengthening Data Loss Prevention for Web Grounding
A key part of this update is the addition of sophisticated data loss prevention (DNP) controls made for web-based activities. Many workplace assistants use web searching to find real-time answers by searching the internet for context. But this can sometimes send confidential information, such as Customer IDs or project identifiers, in search requests to external services. With the new purview features, organizations can now block sensitive data from appearing in web searches while still allowing the system to use approved internal information.
With these protections now covering web traffic, the software can spot and block sensitive information in real-time across web browsers. This inline protection prevents employees from accidentally pasting regulated data into public websites or third-party services in fields such as finance and healthcare, where compliance with regulations is required. This feature serves as a safety net. It lets organizations use digital tools without risking the security of protected information.
Identity Resilience And Tenant Governance
The update also focuses on strengthening the identity perimeter, which is often targeted by data breaches. Microsoft has added new features to Entra, its identity and access management platform, to help manage user identities and credentials more securely. One highlight is the preview of Entra-tenant governance, a tool that helps large organizations discover and control shadow or unmanaged environments outside their main data protection policies. By consolidating these separate areas into a single system, administrators can enforce the same data protection rules across the entire organization.
Microsoft has also improved its use of passkey technology. Stronger authentication comes from using sync passkeys. With Windows Hello, the aim is to replace weak passwords with secure hardware-based credentials. This reduces the risk of stolen credentials, which often lead to data breaches. To help security teams, Microsoft Defender now includes an identity dashboard. This dashboard provides a single risk score to prioritize the most sensitive threats.
Automated Reporting and Risk Visibility
Transparency is essential for enterprise security. The March 2026 update enables customizable data security reports. Starting March 31, administrators gain a dynamic reporting interface in the Microsoft 365 admin center to review in-depth AI data. These reports clarify how business data flows through automated workflows. They also pinpoint abnormal access or repeated policy breaches. Enhanced visibility lets teams shift from reactive to proactive security management.
The copilot control system enhances this visibility by allowing administrators to monitor high-volume users and block automated tools from accessing restricted domains. Organizations can define approved use cases and set up automated approval workflows, ensuring that digital assistants operate only in low‑risk environments. This detailed control is especially helpful for managing agentic software, which can perform tasks on its own. It guarantees every action is less than a good idea. Logs, audits, and makes security standards.
Securing The Agentic Workspace
As digital assistants evolve from basic drafting tools to active agents, the risk of data leaks increases. These agents can edit files and manage projects. Microsoft’s update tackles this by adding security controls directly into the developer frameworks for these agents. The Purview SDK now supports automatic classification of data as it is created. For example, a sensitive report made by an agent is immediately labeled with the correct sensitivity tags. This protects data from the start and helps prevent accidental sharing or storage in the wrong place.
These controls also apply to in-app intelligence features in tools like SharePoint and Excel, using work, IQ, Context, and the system. It can judge a project’s sensitivity based on who is involved and what files are being accessed. If a user attempts to make multiple changes to a highly confidential spreadsheet, the system can automatically apply stricter access controls and prevent the file from being shared outside the organization. This context-aware security module offers smarter protection that recognizes the importance of the information it protects.
The Alert Framework of Trust
As our digital environments become more automated, we are building a new basis of trust. Security is becoming more fluent and less noticeable, making it easier to work without constant interruptions. Over time, the fear of accidental data leaks may fade as our tools become better at protecting our information. This progress allows us to focus on our work, knowing our data is secure and well-protected.
Source: Secure agentic AI end-to-end
