Microsoft Defender Adds Identity Risk Scoring for AI-Driven Security Decisions

Published 26 Mar 2026
Microsoft Defender Adds Identity Risk Scoring for AI-Driven Security Decisions

Next week, the RSAC conference celebrates its 35th anniversary as the security community’s pivotal event for meeting new challenges and discovering opportunities to make the world safer. As we reach this milestone, Agentic AI is quickly changing industries. 

Many customers are becoming frontier firms focusing on intelligence and trust and using agents to help people reach their goals and rethink how they do business. Our recent research shows that 80% of Fortune 500 companies are already using agents.  

At the same time, as these innovations expand, we are also seeing a rise in AI-powered attacks in which agents can act as double agents. CIOs, CISOs, and other security leaders now face important questions. How can they monitor, manage, and secure agents? How do they protect their core systems in this new era? And how can agentic AI help defend their organizations against both old and new threats?  

To address these challenges, the solution begins with trust, and security is the foundation of that trust. In this new era of agentic AI, security needs to be built into every part of the AI system. It should work in the background and on its own. Like the AI, it protects. This is our vision: making security the core of the AI stack.  

At RSAC 2026, we are bringing this vision to life with new tools that help organizations secure agents, protect core systems, and defend themselves with support from agents and experts. Microsoft Security processes over 100 trillion signals daily, protecting 1.6 million customers, 1 billion identities, and 24 billion Co-Pilot interactions. Keep reading to see how we can help you secure agentic AI.  

Secure Agents 

Agent 365, available May 1, centralizes agent management for IT, security, and business teams using existing infrastructure. It includes the new Defender Era and Purview features for secure access, data protection, and threat defense.  

Agent 365 is part of Microsoft 365 E7, the Frontier Suite, which also includes Copilot, Intra-Suite, and E5, offering advanced air security features for full protection.  

Secure Your Foundations 

In addition to securing agents, AI must also be protected at every level. Securing agent AI requires safeguarding its systems and the people who build and use it. At RSAC 2026, we are launching new features to help you spot organizational risks, secure identities and adaptive access controls, protect sensitive data in AI workflows, and defend against evolving threats.  

Gain Visibility Into Risks Across Your Enterprise 

As AI adoption accelerates, so does the need for comprehensive continuous visibility into AI risks across your environment. As more organizations adopt AI, it becomes even more important to have clear, ongoing visibility into AI risks across your environment—from agents to AI apps and services. We are meeting this need with new tools that show you where AI is being used, how it is used, and where your risks might be increasing. These new features are now generally available.  

  • Entra Internet Access Shadow AI Detection identifies unknown and unmanaged AI apps through network analysis. Available March 31.  
  • Enhanced Intune App Inventory provides rich visibility into the apps installed on your devices, including AI-enabled apps to support targeted remediation of high-risk software, generally available in May.  

Secure Identities With Continuous Adaptive Access 

Identity is the foundation of modern security, often the primary target in any system, and the first line of defense against threats. With Microsoft Entra, you can secure access and strengthen identity protection using new features that help you improve your identity setup, manage tenants better, update authentication methods, and make smarter access decisions.  

  • Entra backup and recovery strengthens resilience by automatically backing up Entra directory objects, enabling rapid recovery in the event of accidental data deletion or unauthorized changes. Now available in preview.  
  • Entra-Tenant Governance discovers and manages shadow tenants with consistent policies in preview.  
  • Entra passkey capabilities now include synced passkeys and other passkey profiles, enabling maximum flexibility for end users and making it easy to move between devices, while organizations seeking maximum control can still use device-bound passkeys. In addition, intra-passkeys are now natively integrated into Windows Hello, making phishing-resistant passkey authentication even more seamless across Windows services. Synced passkeys and passkey profiles are generally available. Passkey integration in Windows Hello is in preview.  
  • Entra External Multi-Factor Authentication allows organizations to connect external MFA providers directly to Microsoft Entra, enabling them to leverage pre-existing MFA investments or use highly specialized MFA methods that are now generally available.  
  • Entra Adaptive Risk Remediation helps users securely regain access without help desk friction by automatically self-remediating across authentication methods, adapting to where they are in their modern authentication journey. It will be generally available in April.  
  • Unified Identity Security offers complete protection across your identity systems, control center, and threat identification and response, all designed for quick action and instant decisions. The new identity security dashboard in Microsoft Defender displays the most important data for both human and non-human identities, helping you respond faster. The new Identity Risk Score combines risk signals from different accounts to provide a comprehensive view of user risk, supporting real-time access decisions and security investigations. Now available in preview.  

Secure Sensitive Data Across AI Workflows 

As AI becomes part of daily work, sensitive data now moves quickly through prompts, responses, and grounding flows, sometimes outpacing existing policies. Security teams need to see how AI uses data and be able to prevent oversharing or leaks. 

Microsoft now brings data security into the AI control pane, giving organizations a clear view of risks, real-time enforcement, and the confidence to use AI responsibly across the business. New Microsoft Purview features include.  

  • Expanded Purview Data Loss Prevention for Microsoft 365 Copilot helps block sensitive information such as PII, credit card numbers, and custom data types from being processed or used for web scraping. Generally available March 31.  
  • Purview embedded in the Copilot control system provides a unified view of AI-related data risk directly in the Microsoft 365 admin center. Generally available in April.  
  • Purview customizable data security reports enable tailored reporting and drilldowns to prioritized data risks. available in preview on March 31.  

Defend Against Threats Across Endpoints, Cloud, and AI Services 

Security teams need round-the-clock protection that can stop threats early and automatically contain them. Microsoft is expanding predictive shielding to limit risks and reduce exposure, improving container security, and adding network-level protection against harmful AI prompts.  

  • Entra, internet access, prompt injection protection helps block malicious AI prompts across apps and agents, enforcing universal network-level policies. Generally available March 31.  
  • Enhanced Defender for cloud container security includes binary drift and anti-malware protection to close gaps that attackers exploit in container enforcements, now available in preview.  
  • Defender for Cloud Posture Management adds broader coverage and supports Amazon Web Services and Google Cloud Platform, delivering security recommendations and compliance insights for newly discovered resources, now available in preview in April.  
  • Defender Predictive Shielding automatically adjusts identity and access policies during active attacks. Reducing Exposure and Limiting Impact is now available in preview.  

Defend With Agents And Experts 

To protect organizations in this new era, a defense approach designed for agents is needed. This includes deploying a defense platform and security agents embedded in daily workflows, all supported by expert knowledge and robust security services when required.  

Agents Are Built Into the Security Workflow 

Security teams work best when they get help, right where and when they need it. As alerts arise and investigations span identities, data, devices, and cloud networks, AI-powered tools should directly support defenders with Security Copilot. 

Now part of Microsoft 365 E5 and E7, we are giving defenders agents that are built into daily security and IT tasks. These agents help speed up responses and reduce manual work, so teams can focus on what matters most.  

New Agents Available Now Include 

  • Security Analyst Agent in Microsoft Defender helps accelerate threat investigations by providing contextual analysis and guided workflows. Available in preview on March 26th.  
  • The security alert triage agent in Microsoft Defender has the capabilities of the phishing triage agent and extends to cloud and identity, autonomously analyzing, classifying, prioritizing, and resolving repetitive low-value alerts at scale. Available in preview in April.   
  • Conditional Access Optimization Agent in Microsoft Intra Enhancements: Add context-aware recommendations, deeper analysis, and staged rollout to strengthen identity security. Agent is generally available, and enhancements are now available in preview.  
  • Data Security Posture Agent enhancement in Microsoft Purview includes a credential-scanning capability that can proactively detect credential exposure in your data. Now available in preview.  
  • Data Security, Tri-Age Agent Enhancements in Microsoft Purview include an advanced AI reasoning layer and improved interpretation of custom sensitive information types (SITs) to enhance agent outputs during alert triage. The agent is generally available, and enhancements are available in preview from March 31.  
  • Over 15 part-time built agents extend Security Copilot with additional capabilities, all available in the Security Store.  

Scale With an Agentic Defense Platform 

To help defenders and agents work together more smoothly and intelligently, Microsoft is expanding Sentinel as a defense platform. This update delivers context, automates workflows from start to finish, and standardizes access, governance, and deployment across security tools.  

  • Sentinel Data Federation, powered by Microsoft Fabric, investigates external security data in Databricks, Microsoft Fabric, Azure, and Azure Data Lake Storage while preserving governance. Now available in preview.  
  • The Sentinel Playbook Generator with natural-language orchestration helps accelerate investigations and automate sophisticated workflows. Now available in preview.  
  • Sentinel, Granule, Delegated Administrator privileges, and unified role-centric access control enable secure and scalable management for partners and enterprise customers, with cross-tenant collaboration now available in preview.  
  • Security store embedded in Purview and Entra makes it easier to discover and deploy agents directly within existing security experiences. Generally available March 31.  
  • Sentinel custom graphs powered by Microsoft Fabric enable views unique to your organization of relationships across your environment. Now available in preview.  
  • The Sentinel Model Context Protocol (MCP) Entity Analyzer helps automate faster with natural language and harnesses the flexibility of code to accelerate responses generally available in April.  

Strengthen with Experts 

Even the most experienced security teams sometimes need extra support, especially during complex attacks or investigations. The Microsoft Defender Experts suite offers expert-led services, including technical advice, managed external detection and response, MXDR, and full incident response. These services help you defend against advanced threats, build sustained resilience, and modernize your security operations with confidence.  

Apply Zero Trust for AI 

Zero Trust centers on three ideas: verify consistently, use the least privilege, and assume breaches as AI permeates the environment from models to agents. These principles are critical. At RSAC 2026, we are broadening our Zero Trust architecture to cover the full AI lifecycle. Our updated reference architecture workshop, assessment tools, and new articles make this practical for you. 

Source: Secure agentic AI end-to-end 

Amazon
Harish Shenoy

Harish Shenoy

Total Post: 804

Harish Shenoy | Technology Journalist Harish Shenoy is a veteran technology journalist at Xthe with over 21 years of experience spanning tech, health, finance, and future technology. Specializing in semiconductor roadmaps, enterprise AI infrastructure, and consumer hardware, his reporting is driven by primary-source verification and official corporate disclosures. With more than a decade of focused writing across the US, UK, Australia, Canada, and India, Harish maintains a strict commitment to factual, non-sensationalized reporting on the economic and logistical shifts within the global tech sector. His current work centers on the technical evolution of "agentic AI" and next-generation silicon.

Related Article

News
Cloud Cost Optimization Strategies For US Businesses (2026)

News
Ethernet versus InfiniBand: AI Networking Compared

Leave a Reply

Your email address will not be published. Required fields are marked *