Microsoft Expands AI Security to Prevent Enterprise Data Leaks

Microsoft Expands AI Security to Prevent Enterprise Data Leaks

Microsoft has rolled out a major update to its security tools, adding new features to help prevent sensitive information from leaking through workplace automation. Announced in late March 2026, these updates are built into Microsoft Purview and Defender and focus on the risks posed by fast-paced data processing at work as more companies use digital assistants for tasks such as internal messaging and document creation. IT teams are increasingly worried about accidental data sharing. The new update launches a central dashboard that tracks how information is used, ensuring that company data is maintained securely, even when handled by advanced AI systems.  

Strengthening Data Loss Prevention for Web Grounding 

A key part of this update is the addition of sophisticated data loss prevention (DNP) controls made for web-based activities. Many workplace assistants use web searching to find real-time answers by searching the internet for context. But this can sometimes send confidential information, such as Customer IDs or project identifiers, in search requests to external services. With the new purview features, organizations can now block sensitive data from appearing in web searches while still allowing the system to use approved internal information.  

With these protections now covering web traffic, the software can spot and block sensitive information in real-time across web browsers. This inline protection prevents employees from accidentally pasting regulated data into public websites or third-party services in fields such as finance and healthcare, where compliance with regulations is required. This feature serves as a safety net. It lets organizations use digital tools without risking the security of protected information.  

Identity Resilience And Tenant Governance 

The update also focuses on strengthening the identity perimeter, which is often targeted by data breaches. Microsoft has added new features to Entra, its identity and access management platform, to help manage user identities and credentials more securely. One highlight is the preview of Entra-tenant governance, a tool that helps large organizations discover and control shadow or unmanaged environments outside their main data protection policies. By consolidating these separate areas into a single system, administrators can enforce the same data protection rules across the entire organization.  

Microsoft has also improved its use of passkey technology. Stronger authentication comes from using sync passkeys. With Windows Hello, the aim is to replace weak passwords with secure hardware-based credentials. This reduces the risk of stolen credentials, which often lead to data breaches. To help security teams, Microsoft Defender now includes an identity dashboard. This dashboard provides a single risk score to prioritize the most sensitive threats.  

Automated Reporting and Risk Visibility 

Transparency is essential for enterprise security. The March 2026 update enables customizable data security reports. Starting March 31, administrators gain a dynamic reporting interface in the Microsoft 365 admin center to review in-depth AI data. These reports clarify how business data flows through automated workflows. They also pinpoint abnormal access or repeated policy breaches. Enhanced visibility lets teams shift from reactive to proactive security management.  

The copilot control system enhances this visibility by allowing administrators to monitor high-volume users and block automated tools from accessing restricted domains. Organizations can define approved use cases and set up automated approval workflows, ensuring that digital assistants operate only in low‑risk environments. This detailed control is especially helpful for managing agentic software, which can perform tasks on its own. It guarantees every action is less than a good idea. Logs, audits, and makes security standards.  

Securing The Agentic Workspace 

As digital assistants evolve from basic drafting tools to active agents, the risk of data leaks increases. These agents can edit files and manage projects. Microsoft’s update tackles this by adding security controls directly into the developer frameworks for these agents. The Purview SDK now supports automatic classification of data as it is created. For example, a sensitive report made by an agent is immediately labeled with the correct sensitivity tags. This protects data from the start and helps prevent accidental sharing or storage in the wrong place.  

These controls also apply to in-app intelligence features in tools like SharePoint and Excel, using work, IQ, Context, and the system. It can judge a project’s sensitivity based on who is involved and what files are being accessed. If a user attempts to make multiple changes to a highly confidential spreadsheet, the system can automatically apply stricter access controls and prevent the file from being shared outside the organization. This context-aware security module offers smarter protection that recognizes the importance of the information it protects.  

The Alert Framework of Trust 

As our digital environments become more automated, we are building a new basis of trust. Security is becoming more fluent and less noticeable, making it easier to work without constant interruptions. Over time, the fear of accidental data leaks may fade as our tools become better at protecting our information. This progress allows us to focus on our work, knowing our data is secure and well-protected.  

Source: Secure agentic AI end-to-end 

Microsoft Strengthens AI Security to Reduce Enterprise Risks

Microsoft Strengthens AI Security to Reduce Enterprise Risks

Next week marks the 35th anniversary of the RSAC conference, a key event where the security community addresses new challenges and opportunities. As we reach this milestone, Agentic AI is rapidly transforming industries, and 80% of Fortune 500 companies are already using agents.  

At the same time, we are witnessing a critical shift in AI-powered attacks, where agents act as dangerous double agents. CIOs, CISOs, and other security leaders urgently face unprecedented security challenges. The Immediate Questions column: How can they monitor, manage, and secure agents, protect core systems, and leverage agentic AI to aggressively defend organizations against evolving threats?  

Trust and security are the foundation of trust in this new era of agentic AI; security must be built into every part of the AI system. With secure, agentic AI, organizations benefit from both greater productivity and proactive defense against threats as agents efficiently accomplish tasks. Security should work in the background and on its own, just like the AI it protects. This is our vision: making security the core of any AI stack.  

Register today for RSAC 2026 and see firsthand how Microsoft Security tools and expertise can help you secure Agentic AI, protect your organization, and empower your teams to stay ahead of evolving threats.  

Secure Agents 

Earlier this month, we urgently announced that Agent 365 will be available to everyone on May 1. Agent 365 is the essential platform for managing agents, giving IT, security, and business teams the critical tools and insight needed to monitor. Monitor, secure, and manage agents at scale with the trusted systems you can rely on now. It also delivers crucial new features from Microsoft, Defender, Intra, and Purview to urgently secure agent access, prevent risky data oversharing, and proactively guard against emerging threats.  

Agent 365 comes with Microsoft 365 E7, the Frontier Suite, along with Microsoft 365 Copilot, Microsoft Entra, and Microsoft 365 E5. These include advanced Microsoft security features to provide your organization with complete protection.  

Secure Your Foundations. 

In addition to securing agents, it’s important to take an all-encompassing approach to AI security. To protect agentic AI, we need to secure the systems it relies on as well as the people who develop and use it. At RSAC 2026, we are launching new features to help you see the risks across your organization, secure identities with adaptive access controls, protect sensitive data in AI workflows, and respond to threats quickly and at scale.  

Gain Visibility Into Risks Across Your Enterprise 

As more organizations use AI, it’s more important than ever to have ongoing visibility into AI risks across your environment, from agents to apps and services. Meeting this need with new tools that show you where AI is present, how it’s being used, and where your risk might be increasing. These new features include visibility into AI-related risks across the organization.  

  • Entra Internet Access Shadow AI detection monitors network activity to locate AI applications that have not been previously identified by an organization. It highlights instances of unsanctioned AI tools, providing visibility into unmanaged AI use that could pose security risks. It is generally available as of March 31.  
  • Enhanced InTune app inventory extends its reach and visibility into the apps installed on your devices, including AI-enabled apps, to support targeted remediation of high-risk software. Generally available in May.  

Secure Identities With Continuous Adaptive Access 

Identity is the core of modern security, often the main target in any environment, and the first line of defense. With Microsoft Intra, you can secure access and strengthen identity protection with new features that help you improve your identity setup, manage tenants better, update authentication, and make smarter access decisions.  

  • Entra-tenant governance enables organizations to find and manage intra-tenants that are not currently under central IT governance. It establishes policies and ensures management consistency across multiple tenants, helping reduce shadow IT risks. This feature is now available in preview.  
  • Entra now offers synced passkeys and passkey profiles, giving users more flexibility to move between devices. Organizations that want more control can still use device-bound passkeys.  
  • Entra passkeys are also now built into Windows Halo, making secure, phishing-resistant authentication easier on Windows devices. Sync passkeys and profiles are available now, and Windows Hello integration is in preview. Connect external MFA providers directly with Microsoft Intra so they can leverage pre-existing MFA investments or use highly specialized MFA methods now generally available.  
  • Entra adaptive risk remediation helps users restore account access independently after a lockout or risk-based challenge by selecting from a range of authentication methods. The system adapts its prompts based on the user’s authentication progress. This self-service solution will be available in April.  
  • Unified identity security covers your entire identity setup, including systems, infrastructure, control systems, and threat monitoring and response, all designed for quick action and instant decisions. The new identity security dashboard in Microsoft Defender provides key insights for both human and non-human identities, helping you respond faster. The new identity risk score aggregates risk signals from different accounts to provide a clear view of user risk for instant access decisions and security investigations. Now available in preview.  

Secure Sensitive Data Across AI Workflows 

As AI becomes part of daily work, sensitive data moves through prompts, responses, and grounding flows; sometimes, files and policies keep up with security teams, so there is no need to see how AI handles data or to prevent leaks. Microsoft now adds data security into the AI control system, giving organizations risk insights, real-time enforcement, and confidence to use AI responsibly. New Microsoft Purview Features Intrude:  

  • Expanded purview data loss prevention for Microsoft 365 Copilot helps block sensitive information such as PII, credit card numbers, and custom data types from being processed or used for web scraping. Generally available March 31.  
  • Purview, embedded in Copilot Control System, integrates AI data risk insights into the Microsoft 365 Admin Center. This gives administrators a single view of AI data handling risks across their organization. General availability is planned in April.  
  • Preview customizable data security reports, tailored reporting, and drill-downs to prioritized data security risks available in preview on March 31.  

Protect Your Endpoints, Cloud, and AI Services From Threats. 

Security teams need always-on protection that detects threats early and automatically contains them. Microsoft is introducing predictive shielding to limit impact and reduce exposure, strengthening container security, and offering network protection against harmful AI prompts.  

  • Intra Internet Access now blocks harmful AI prompts in apps and agents by using network-wide policies. This feature will be available starting on March 31.  
  • The improved Defender for cloud container security now includes binary drift detection and antimalware protection to close gaps that attackers might exploit in container environments. This is now available in preview.  
  • Defender for Cloud Posture Management now covers more ground and supports both Amazon Web Services and Google Cloud Platform. It gives security recommendations and compliance insights concerning new resources. This will be available in preview in April.  
  • Defender predictive shielding can adjust identity and access policies in real time during attacks, helping reduce exposure and limit damage. This feature is now in preview.  

Defend With Agents And Experts 

Today’s defense platforms require security agents embedded in daily workflows, supported by expertise and full security services as needed.  

Agents Integrated Into Everyday Security Tasks 

Security teams work best when they get targeted help right where and when they need it. As alerts and investigations come across identities, data, endpoints, and cloud workloads, AI-powered tools should work alongside defenders. With Security Copilot now part of Microsoft 365 E5 and E7, defenders get agents built into daily security and IT operations to speed responses and reduce manual work, so they can focus on what matters most.  

Here are some of the new agents now available  

  • The security analyst in Microsoft Defender helps analysts quickly investigate threats by supplying relevant background information and step-by-step investigative guidance. It will be available in preview starting March 26, 2026.  
  • The security alert triage agent in Microsoft Defender builds on the phishing triage agent and now also handles cloud and identity alerts. It analyzes, categorizes, prioritizes, and automatically resolves routine low-priority alerts, reducing manual effort for security teams. This will be in preview in April.  
  • The conditional access optimization agent in Microsoft Intra is a tool that enhances identity security by providing context-aware recommendations, deeper analysis, and staged rollout. The agent itself is generally available, while its new features are in preview.  
  • The Security Posture Agent in Microsoft Purview enhancements include a credential scanning capability that can proactively detect credential exposure. Now available in preview.  
  • The data security triage agent in Microsoft Purview now includes an advanced AI reasoning layer and improved handling of custom sensitive information types (SITs), resulting in better alert triage. The agent is generally available, and the new features will be in preview on March 31.  
  • Over 15 new partner-built agents extend Security Copilot with additional capabilities, all available in the Security Store.  

Scale With An Agentic Defense Platform 

Microsoft is expanding Sentinel, its agent-based defense platform, to help you grow your security more efficiently. This update offers unified context, automated workflows, and standardized access governance and deployment across security tools.  

  • Sentinel Data Federation, powered by Microsoft Fabric, lets you investigate external security data directly in Databricks, Microsoft Fabric, and Azure Data Lake Storage while keeping governance in place. This is now in preview.  
  • The Sentinel Playbook Generator uses natural language to accelerate investigations and automate complex workflows.s. This feature is now available in preview.  
  • Administrator privileges and unified role-centric access control enabled secure, scalable management for partners and enterprise customers. Through cross-tenant collaboration, now available in preview.  
  • The security store is now built into Purview and Entra, so you can easily find and deploy agents right from your current security tool. This will be available starting March 31.  
  • Sentinel custom graphs powered by Microsoft Fabric enable views unique to your organization of relationships across your environment. The Sentinel Model Context Protocol (MCP) Entity Analyzer automates and speeds up responses using natural language and flexible coding. It will be generally available in April.  

Strengthen With Experts. 

Even the most experienced security teams sometimes need extra support, whether it’s handling a sophisticated attack or a complex investigation. Having experts work alongside your team can make a real difference. The Microsoft Defender Experts Suite offers services such as technical advice, managed extended detection and response (MXDR), and full incident response to help you protect against advanced cyberattacks, build lasting resilience, and modernize your security operations with confidence.  

Use Zero Trust Principles for AI Security. 

Zero trust is based on three main ideas. Consistently verify, use the least privilege needed, and assume a breach could happen as AI becomes a bigger part of your environment from the models you use to the data they process and the agents that act for you. Keeping to these principles is more important than ever. At RSAC 2026, we are expanding our zero trust approach to cover the entire AI life cycle from data collection and model training to how agents behave after deployment. We are also making it easier to put these ideas into practice with an updated Zero Trust for AI reference guide, a workshop, an assessment tool, and new articles on best practices to help you strengthen your security.  

Source: Secure agentic AI end-to-end 

Microsoft Targets Shadow AI Risks With New Security Update

Microsoft Targets Shadow AI Risks With New Security Update

Securing AI is now a fundamental pillar of Microsoft’s modern security. Our AI-first security platform empowers organizations to address today’s threats and safeguard their future.  

A year ago, we launched Microsoft Security Copilot to help defenders quickly detect, investigate, and respond to network incidents. We have now introduced the next step: column AI agents that help with phishing, data security, and identity management. As cyberattacks become more complex and numerous, AI agents are now vital to modern security.  

Phishing attacks remain among the most common and harmful cyber threats. From December to January 2024, Microsoft found over 30 billion phishing emails targeting customers. The volume of these attacks can overwhelm security teams. Teams relying only on manual work and disconnected tools may struggle to quickly sort threats and manage risk.  

The new phishing triage in Microsoft Security Copilot handles routine phishing alerts and attacks, letting human defenders focus on tougher threats and forward-looking security work. This shows how agents can change security.  

Securing and managing AI is still a top priority for organizations. We are excited to bring new features to Microsoft Defender, Microsoft Intra, and Microsoft Purview to help with this.  

Keep reading to discover more about the new agents in Security Copilot and the latest AI security updates, and see how these innovations can support your organization. Reach out to us today and take the next step in strengthening your security with AI.  

Expanding Microsoft Security Copilot With New AI Agent Capabilities 

Microsoft threat intelligence now processes 84,000,000,000,000 signals per day, underscoring how quickly cyberattacks are growing, including 7,000 password attacks per second. To keep up, scaling defenses with AI agents is a must. We’re adding six new security agents from Microsoft and five from our partners to Security Co‑Pilot, which will be available for preview in April 2025.  

Six New AI Agent Solutions From Microsoft Security 

The six new Microsoft Security Copilot agents help teams handle large volumes of security and IT tasks independently, and they work seamlessly with Microsoft security tools. These agents are built for security. Learn from feedback. Adapt to your workflows and follow Microsoft’s zero-trust framework with Teams in control. Agents speed up responses, focus on the biggest risks, and help organizations protect themselves more efficiently.  

Security co-pilot agents will be available throughout Microsoft’s security platform and are designed for the following tasks:  

  • The phishing triage agent in Microsoft Defender automatically classifies phishing alerts, distinguishing between genuine threats and false positives. It provides clear explanations for each decision and refines its detection processes using administrator feedback.  
  • Alert triage agents in Microsoft Purview identify the most important Data Loss Prevention and Insider Risk alerts. They improve their prioritization accuracy over time, using administrator input to refine results.  
  • The Conditional Access Optimization Agent in Microsoft Intra continuously monitors for new users or applications outside current access policies. It flags these gaps, recommends specific policy updates, and offers easy-to-apply fixes for identity teams.  
  • The vulnerability remediation agent in Microsoft Intune ranks vulnerabilities and recommends fixes for speeding up OS patching after admin approval.  
  • The threat intelligence briefing agent in Security Copilot gathers and summarizes the most relevant and timely threat intelligence based on organization-specific attributes and cyber threat exposure levels.  

Security co-pilots and agentic capabilities are examples of how we continue to deliver innovation, leveraging our decades of AI research. See how Agents work.  

Five New Agentic Solutions From Microsoft Security Partners 

Security works best when everyone is involved, and Microsoft is focused on supporting our security community with an open platform. This allows partners to create solutions that benefit customers. Here are five new AI agents from our partners coming to Security Copilot:  

  • The privacy breach response agent from OneTrust examines data breaches and offers tailored guidance to privacy teams on meeting specific regulatory requirements following an incident.  
  • The network supervisor agent from Aviatrix identifies root causes and summarizes issues with the VPN gateway or the site2cloud connection, including outages and failures.  
  • The SecOps tooling Agent from Blue Voyant reviews a Security Operations Center (a team that monitors and responds to security issues) and its controls, then suggests ways to improve security operations, controls, and complaints.  
  • The alert triage agent from Tanium provides analysts with the relevant context for each alert, enabling them to quickly and confidently determine the right response.  
  • The task optimizer agent from Fletch helps organizations predict and prioritize the most important cyber threat alerts, addressing alert fatigue and the challenge of impossible‑to‑prove security.  

New AI-Powered Data Security Investigations and Analysis 

We are also introducing Microsoft Purview Data Security Investigations to help security teams quickly find and address risks related to sensitive data exposure. These investigations use AI-powered content analysis to identify sensitive data and other risks associated with incidents. Investigators can use these understandings to work securely with partner teams and simplify complex tasks, enabling faster mitigation. This solution connects data security investigations to Defender incidents and Purview Insider Risk cases and will be available for preview in April 2025.  

Further Advances in Securing and Governing Generative AI 

A strong cybersecurity foundation drives successful AI transformation. As more organizations adapt generative AI, securing and managing how they create and use AI at work becomes even more important. Our new report, Secure Employee Access in the Age of AI, reveals that 57% of organizations report more security incidents due to AI use, although most recognize the need for AI controls. Sixty percent have not yet implemented them.  

Securing AI is a new challenge, and leaders are especially concerned about data oversharing, new threats and vulnerabilities, and compliance. Microsoft security solutions are designed for AI to help address these issues with new advanced features that protect AI investments, whether for organizations.  

AI Security Posture Management For Multimodal And Multi-Cloud Environments 

Organizations building their own AI solutions need to strengthen security for AI models running on different platforms and clouds. To help with this, Microsoft Defender now offers AI security posture management for Microsoft Azure and Amazon Web Services. It also supports Google Vertex AI and all models in the Azure AI Foundry catalog. Starting in May 2025, this will cover models like Gemini, Gamma, Meta, LLaMA, Mistral, and custom models. With this new multi-cloud support, organizations can see their AI security posture from code to runtime across Azure, AWS, and Google Cloud. Microsoft Defender Health organizations get started with AI security across multiple models and clouds.  

New Detection And Protection From Emerging AI Threats 

AI introduces new risks, such as more revenue for cyberattacks and undiscovered vulnerabilities. The Open Worldwide Application Security Project (OWASP) lists the top risks and solutions for generative AI apps. Starting in May 2025, Microsoft Defender will offer new and improved AI detections for several OWASP-identified risks, such as indirect prompt injection attacks, sensitive data exposure, and wallet abuse. These new detections will help SOC analysts better protect custom AI apps, with added safeguards for Azure OpenAI service and models in the Azure AI Foundry catalog.  

New Controls To Prevent Risky Access And Data Leaks Into Covert AI Apps 

As more people use generative AI (AI that can create text, images, and other content), many organizations are finding that employees are using AI apps that have not been approved by IT or security teams. This unapproved use, known as Shadow AI (the use of AI tools without company oversight), has greatly increased the risk of sensitive data leaks. To help with this, we are announcing the general availability of the NEI web category filter in Microsoft Intranet Internet Access (a service for managing secure internet connections). This feature lets organizations set detailed access permissions and enforce policies about which users and groups can use different AI applications.  

After setting access policies for AI apps, the next step is to stop users from entering sensitive data into them. To help, we are launching a preview of Microsoft Purview Browser Data Loss Prevention (DLP) controls in Microsoft Edge for business. Security teams can now enforce DLP policies and prevent sensitive data from being entered into generative AI apps. This starts with ChatGPT, Copilot Chat, DeepSeek, and Google Gemini. Learn more about our innovations in security for AI.  

New Phishing Protection In Microsoft Teams For Safer Collaboration 

Email is still the main way phishing attacks happen, but collaboration tools are now common targets too. Starting in April 2025, Microsoft Defender for Office 365 will provide built-in protection against phishing and other advanced threats in Teams. Teams will be safer from harmful links and attachments. Thanks to instant scanning, SOC teams will also get full visibility into related attempts and incidents, with alerts and data available in Microsoft Defender.  

Agile Innovation to Build a Safer World 

We continuously enhance Microsoft security by applying the principles of our Secure Future initiative, aiming to deliver strong, comprehensive protection through advanced AI tools. Thank you for joining us in building a safer world. 

Source: Microsoft unveils Microsoft Security Copilot agents and new protections for AI