Microsoft Expands AI Security to Prevent Enterprise Data Leaks

Microsoft Expands AI Security to Prevent Enterprise Data Leaks

Microsoft has rolled out a major update to its security tools, adding new features to help prevent sensitive information from leaking through workplace automation. Announced in late March 2026, these updates are built into Microsoft Purview and Defender and focus on the risks posed by fast-paced data processing at work as more companies use digital assistants for tasks such as internal messaging and document creation. IT teams are increasingly worried about accidental data sharing. The new update launches a central dashboard that tracks how information is used, ensuring that company data is maintained securely, even when handled by advanced AI systems.  

Strengthening Data Loss Prevention for Web Grounding 

A key part of this update is the addition of sophisticated data loss prevention (DNP) controls made for web-based activities. Many workplace assistants use web searching to find real-time answers by searching the internet for context. But this can sometimes send confidential information, such as Customer IDs or project identifiers, in search requests to external services. With the new purview features, organizations can now block sensitive data from appearing in web searches while still allowing the system to use approved internal information.  

With these protections now covering web traffic, the software can spot and block sensitive information in real-time across web browsers. This inline protection prevents employees from accidentally pasting regulated data into public websites or third-party services in fields such as finance and healthcare, where compliance with regulations is required. This feature serves as a safety net. It lets organizations use digital tools without risking the security of protected information.  

Identity Resilience And Tenant Governance 

The update also focuses on strengthening the identity perimeter, which is often targeted by data breaches. Microsoft has added new features to Entra, its identity and access management platform, to help manage user identities and credentials more securely. One highlight is the preview of Entra-tenant governance, a tool that helps large organizations discover and control shadow or unmanaged environments outside their main data protection policies. By consolidating these separate areas into a single system, administrators can enforce the same data protection rules across the entire organization.  

Microsoft has also improved its use of passkey technology. Stronger authentication comes from using sync passkeys. With Windows Hello, the aim is to replace weak passwords with secure hardware-based credentials. This reduces the risk of stolen credentials, which often lead to data breaches. To help security teams, Microsoft Defender now includes an identity dashboard. This dashboard provides a single risk score to prioritize the most sensitive threats.  

Automated Reporting and Risk Visibility 

Transparency is essential for enterprise security. The March 2026 update enables customizable data security reports. Starting March 31, administrators gain a dynamic reporting interface in the Microsoft 365 admin center to review in-depth AI data. These reports clarify how business data flows through automated workflows. They also pinpoint abnormal access or repeated policy breaches. Enhanced visibility lets teams shift from reactive to proactive security management.  

The copilot control system enhances this visibility by allowing administrators to monitor high-volume users and block automated tools from accessing restricted domains. Organizations can define approved use cases and set up automated approval workflows, ensuring that digital assistants operate only in low‑risk environments. This detailed control is especially helpful for managing agentic software, which can perform tasks on its own. It guarantees every action is less than a good idea. Logs, audits, and makes security standards.  

Securing The Agentic Workspace 

As digital assistants evolve from basic drafting tools to active agents, the risk of data leaks increases. These agents can edit files and manage projects. Microsoft’s update tackles this by adding security controls directly into the developer frameworks for these agents. The Purview SDK now supports automatic classification of data as it is created. For example, a sensitive report made by an agent is immediately labeled with the correct sensitivity tags. This protects data from the start and helps prevent accidental sharing or storage in the wrong place.  

These controls also apply to in-app intelligence features in tools like SharePoint and Excel, using work, IQ, Context, and the system. It can judge a project’s sensitivity based on who is involved and what files are being accessed. If a user attempts to make multiple changes to a highly confidential spreadsheet, the system can automatically apply stricter access controls and prevent the file from being shared outside the organization. This context-aware security module offers smarter protection that recognizes the importance of the information it protects.  

The Alert Framework of Trust 

As our digital environments become more automated, we are building a new basis of trust. Security is becoming more fluent and less noticeable, making it easier to work without constant interruptions. Over time, the fear of accidental data leaks may fade as our tools become better at protecting our information. This progress allows us to focus on our work, knowing our data is secure and well-protected.  

Source: Secure agentic AI end-to-end 

Microsoft Strengthens AI Security to Reduce Enterprise Risks

Microsoft Strengthens AI Security to Reduce Enterprise Risks

Next week marks the 35th anniversary of the RSAC conference, a key event where the security community addresses new challenges and opportunities. As we reach this milestone, Agentic AI is rapidly transforming industries, and 80% of Fortune 500 companies are already using agents.  

At the same time, we are witnessing a critical shift in AI-powered attacks, where agents act as dangerous double agents. CIOs, CISOs, and other security leaders urgently face unprecedented security challenges. The Immediate Questions column: How can they monitor, manage, and secure agents, protect core systems, and leverage agentic AI to aggressively defend organizations against evolving threats?  

Trust and security are the foundation of trust in this new era of agentic AI; security must be built into every part of the AI system. With secure, agentic AI, organizations benefit from both greater productivity and proactive defense against threats as agents efficiently accomplish tasks. Security should work in the background and on its own, just like the AI it protects. This is our vision: making security the core of any AI stack.  

Register today for RSAC 2026 and see firsthand how Microsoft Security tools and expertise can help you secure Agentic AI, protect your organization, and empower your teams to stay ahead of evolving threats.  

Secure Agents 

Earlier this month, we urgently announced that Agent 365 will be available to everyone on May 1. Agent 365 is the essential platform for managing agents, giving IT, security, and business teams the critical tools and insight needed to monitor. Monitor, secure, and manage agents at scale with the trusted systems you can rely on now. It also delivers crucial new features from Microsoft, Defender, Intra, and Purview to urgently secure agent access, prevent risky data oversharing, and proactively guard against emerging threats.  

Agent 365 comes with Microsoft 365 E7, the Frontier Suite, along with Microsoft 365 Copilot, Microsoft Entra, and Microsoft 365 E5. These include advanced Microsoft security features to provide your organization with complete protection.  

Secure Your Foundations. 

In addition to securing agents, it’s important to take an all-encompassing approach to AI security. To protect agentic AI, we need to secure the systems it relies on as well as the people who develop and use it. At RSAC 2026, we are launching new features to help you see the risks across your organization, secure identities with adaptive access controls, protect sensitive data in AI workflows, and respond to threats quickly and at scale.  

Gain Visibility Into Risks Across Your Enterprise 

As more organizations use AI, it’s more important than ever to have ongoing visibility into AI risks across your environment, from agents to apps and services. Meeting this need with new tools that show you where AI is present, how it’s being used, and where your risk might be increasing. These new features include visibility into AI-related risks across the organization.  

  • Entra Internet Access Shadow AI detection monitors network activity to locate AI applications that have not been previously identified by an organization. It highlights instances of unsanctioned AI tools, providing visibility into unmanaged AI use that could pose security risks. It is generally available as of March 31.  
  • Enhanced InTune app inventory extends its reach and visibility into the apps installed on your devices, including AI-enabled apps, to support targeted remediation of high-risk software. Generally available in May.  

Secure Identities With Continuous Adaptive Access 

Identity is the core of modern security, often the main target in any environment, and the first line of defense. With Microsoft Intra, you can secure access and strengthen identity protection with new features that help you improve your identity setup, manage tenants better, update authentication, and make smarter access decisions.  

  • Entra-tenant governance enables organizations to find and manage intra-tenants that are not currently under central IT governance. It establishes policies and ensures management consistency across multiple tenants, helping reduce shadow IT risks. This feature is now available in preview.  
  • Entra now offers synced passkeys and passkey profiles, giving users more flexibility to move between devices. Organizations that want more control can still use device-bound passkeys.  
  • Entra passkeys are also now built into Windows Halo, making secure, phishing-resistant authentication easier on Windows devices. Sync passkeys and profiles are available now, and Windows Hello integration is in preview. Connect external MFA providers directly with Microsoft Intra so they can leverage pre-existing MFA investments or use highly specialized MFA methods now generally available.  
  • Entra adaptive risk remediation helps users restore account access independently after a lockout or risk-based challenge by selecting from a range of authentication methods. The system adapts its prompts based on the user’s authentication progress. This self-service solution will be available in April.  
  • Unified identity security covers your entire identity setup, including systems, infrastructure, control systems, and threat monitoring and response, all designed for quick action and instant decisions. The new identity security dashboard in Microsoft Defender provides key insights for both human and non-human identities, helping you respond faster. The new identity risk score aggregates risk signals from different accounts to provide a clear view of user risk for instant access decisions and security investigations. Now available in preview.  

Secure Sensitive Data Across AI Workflows 

As AI becomes part of daily work, sensitive data moves through prompts, responses, and grounding flows; sometimes, files and policies keep up with security teams, so there is no need to see how AI handles data or to prevent leaks. Microsoft now adds data security into the AI control system, giving organizations risk insights, real-time enforcement, and confidence to use AI responsibly. New Microsoft Purview Features Intrude:  

  • Expanded purview data loss prevention for Microsoft 365 Copilot helps block sensitive information such as PII, credit card numbers, and custom data types from being processed or used for web scraping. Generally available March 31.  
  • Purview, embedded in Copilot Control System, integrates AI data risk insights into the Microsoft 365 Admin Center. This gives administrators a single view of AI data handling risks across their organization. General availability is planned in April.  
  • Preview customizable data security reports, tailored reporting, and drill-downs to prioritized data security risks available in preview on March 31.  

Protect Your Endpoints, Cloud, and AI Services From Threats. 

Security teams need always-on protection that detects threats early and automatically contains them. Microsoft is introducing predictive shielding to limit impact and reduce exposure, strengthening container security, and offering network protection against harmful AI prompts.  

  • Intra Internet Access now blocks harmful AI prompts in apps and agents by using network-wide policies. This feature will be available starting on March 31.  
  • The improved Defender for cloud container security now includes binary drift detection and antimalware protection to close gaps that attackers might exploit in container environments. This is now available in preview.  
  • Defender for Cloud Posture Management now covers more ground and supports both Amazon Web Services and Google Cloud Platform. It gives security recommendations and compliance insights concerning new resources. This will be available in preview in April.  
  • Defender predictive shielding can adjust identity and access policies in real time during attacks, helping reduce exposure and limit damage. This feature is now in preview.  

Defend With Agents And Experts 

Today’s defense platforms require security agents embedded in daily workflows, supported by expertise and full security services as needed.  

Agents Integrated Into Everyday Security Tasks 

Security teams work best when they get targeted help right where and when they need it. As alerts and investigations come across identities, data, endpoints, and cloud workloads, AI-powered tools should work alongside defenders. With Security Copilot now part of Microsoft 365 E5 and E7, defenders get agents built into daily security and IT operations to speed responses and reduce manual work, so they can focus on what matters most.  

Here are some of the new agents now available  

  • The security analyst in Microsoft Defender helps analysts quickly investigate threats by supplying relevant background information and step-by-step investigative guidance. It will be available in preview starting March 26, 2026.  
  • The security alert triage agent in Microsoft Defender builds on the phishing triage agent and now also handles cloud and identity alerts. It analyzes, categorizes, prioritizes, and automatically resolves routine low-priority alerts, reducing manual effort for security teams. This will be in preview in April.  
  • The conditional access optimization agent in Microsoft Intra is a tool that enhances identity security by providing context-aware recommendations, deeper analysis, and staged rollout. The agent itself is generally available, while its new features are in preview.  
  • The Security Posture Agent in Microsoft Purview enhancements include a credential scanning capability that can proactively detect credential exposure. Now available in preview.  
  • The data security triage agent in Microsoft Purview now includes an advanced AI reasoning layer and improved handling of custom sensitive information types (SITs), resulting in better alert triage. The agent is generally available, and the new features will be in preview on March 31.  
  • Over 15 new partner-built agents extend Security Copilot with additional capabilities, all available in the Security Store.  

Scale With An Agentic Defense Platform 

Microsoft is expanding Sentinel, its agent-based defense platform, to help you grow your security more efficiently. This update offers unified context, automated workflows, and standardized access governance and deployment across security tools.  

  • Sentinel Data Federation, powered by Microsoft Fabric, lets you investigate external security data directly in Databricks, Microsoft Fabric, and Azure Data Lake Storage while keeping governance in place. This is now in preview.  
  • The Sentinel Playbook Generator uses natural language to accelerate investigations and automate complex workflows.s. This feature is now available in preview.  
  • Administrator privileges and unified role-centric access control enabled secure, scalable management for partners and enterprise customers. Through cross-tenant collaboration, now available in preview.  
  • The security store is now built into Purview and Entra, so you can easily find and deploy agents right from your current security tool. This will be available starting March 31.  
  • Sentinel custom graphs powered by Microsoft Fabric enable views unique to your organization of relationships across your environment. The Sentinel Model Context Protocol (MCP) Entity Analyzer automates and speeds up responses using natural language and flexible coding. It will be generally available in April.  

Strengthen With Experts. 

Even the most experienced security teams sometimes need extra support, whether it’s handling a sophisticated attack or a complex investigation. Having experts work alongside your team can make a real difference. The Microsoft Defender Experts Suite offers services such as technical advice, managed extended detection and response (MXDR), and full incident response to help you protect against advanced cyberattacks, build lasting resilience, and modernize your security operations with confidence.  

Use Zero Trust Principles for AI Security. 

Zero trust is based on three main ideas. Consistently verify, use the least privilege needed, and assume a breach could happen as AI becomes a bigger part of your environment from the models you use to the data they process and the agents that act for you. Keeping to these principles is more important than ever. At RSAC 2026, we are expanding our zero trust approach to cover the entire AI life cycle from data collection and model training to how agents behave after deployment. We are also making it easier to put these ideas into practice with an updated Zero Trust for AI reference guide, a workshop, an assessment tool, and new articles on best practices to help you strengthen your security.  

Source: Secure agentic AI end-to-end 

Google Cloud Introduces New Controls to Strengthen Enterprise Data Security

Google Cloud Introduces New Controls to Strengthen Enterprise Data Security

Google Cloud has introduced a new set of security controls to help organisations protect their data against mounting cyber threats. The update, published on Google Cloud’s security and identity blog, demonstrates the company’s commitment to helping businesses safeguard sensitive information across their distributed cloud environments. 

Companies that move their critical operations to the cloud now treat security as their primary focus rather than an afterthought. The latest controls enable organisations to better monitor their systems, control access to their data, and strengthen their defences against new security threats. 

Addressing a Changing Threat Landscape  

The introduction of these controls comes at a time when the threat landscape is rapidly evolving. Enterprises are experiencing cybersecurity threats that extend beyond individual incidents into ongoing, sophisticated attacks targeting their cloud infrastructure, identity systems, and data protection systems.  

According to Google Cloud’s broader security insights, attackers are using misconfigurations, weak identity controls, and visibility gaps as their main method to access sensitive systems. The structure of the cloud environment increases risk because organisations store information across multiple services and geographic regions.  

Organisations will use the new controls to meet their requirements for real-time data monitoring, management, and protection.  

Expanding Identity and Access Controls  

The primary objective of the update is to improve identity and access management capabilities. Organisations must create authentication systems that safeguard user credentials for their security identities to control resource access in their cloud environments.  

Google Cloud has developed access control systems that allow organisations to create customised permission sets that meet their operational requirements. The solution helps reduce the likelihood of attackers targeting accounts with unnecessary permissions. 

The update includes an important feature that enables organisations to continuously verify user access rights by monitoring changes in user behaviour and location information in real time. The method follows a zero-trust security framework, which requires all users and systems to prove their trustworthiness before accessing resources.  

Improving Data Visibility and Monitoring  

The update provides improved data tracking capabilities, which allow users to see how data travels through the entire system. Enterprises face difficulties when they attempt to monitor data access, sharing, and modification across their intricate cloud systems. 

The new controls enable organisations to monitor data usage patterns through enhanced monitoring features that provide better visibility. The system enables security teams to discover unusual activities while they investigate security incidents and track down possible security vulnerabilities. 

Google Cloud provides security teams with detailed log information and analytical tools, enabling them to shift from responding to threats after they occur to detecting threats before they happen.  

Strengthening Data Protection Mechanisms  

The update establishes enhanced data protection methods that go beyond access management and surveillance. The system now implements stronger data protection measures, including enhanced encryption, improved key management, and additional security against unauthorised access.  

Google Cloud uses encryption as its primary security mechanism, protecting data as it travels and while it is stored. The new controls build on this foundation by ensuring that encryption policies are consistently applied across different services.  

Data protection systems prevent accidental data breaches, which include unintentional information leaks. Organisations face substantial risks of data breaches because their storage buckets remain exposed to the internet without adequate protection measures. The updated controls aim to reduce these risks by providing clearer guidelines and automated checks.  

Supporting Enterprise Compliance Requirements  

Security measures for most organisations exist because they must meet their regulatory obligations. Data protection requirements must be followed by organisations operating in the healthcare, finance, and government sectors.  

Google Cloud has developed new security controls to help organisations meet their compliance needs through tools that enable them to demonstrate regulatory compliance. The system provides three main components, which include audit functions, policy enforcement tools, and reporting capabilities to help organisations meet their regulatory compliance needs.  

The update streamlines compliance requirements, enabling businesses to dedicate more resources to developing new products while still adhering to essential security protocols.  

The Role of Automation in Cloud Security  

The process of security operations management in cloud environments requires automated systems because they must handle security operations at their required standards, as they demand extensive operational resources and advanced technical capabilities. 

The new controls incorporate automated security features that detect risks, enforce security policies, and respond to security threats without human supervision. The system achieves better operational results by increasing efficiency while reducing the likelihood of mistakes.  

Automated systems deliver faster response times by helping organisations prevent minor security issues from escalating into major breaches.  

Implications for Enterprise IT Teams  

The update delivers advanced security systems that combine artificial intelligence with organisations data protection and monitoring functions.  

The system integration process simplifies operational tasks while providing users with complete visibility into security status. Teams can make better decisions because they have access to complete data instead of working with incomplete information. Organisations need to invest in employee development because cloud systems have become more complex to manage.  

Security as a Core Cloud Priority  

The current security controls demonstrate how organisations now treat security as an essential element of their cloud computing operations. The increasing dependence of organisations on cloud services requires them to implement security systems that can handle diverse protection needs.  

Google Cloud now implements security as a fundamental element that becomes part of its cloud infrastructure design. The system uses an integrated design that establishes security protection throughout all system components. 

What Comes Next  

As cyber threats evolve, cloud providers must continually update and refine their security measures. Google Cloud’s latest controls are one step in this ongoing effort.  

Future developments will likely focus on further automation, advanced threat detection, and deeper integration with AI-driven security tools. These advancements will help organisations. 

Source links – Cloud CISO Perspectives: New Threat Horizons report highlights current cloud threats