UPDATED · RSAC 2026 · MARCH 24, 2026
Microsoft Security
Products for AI
Every Microsoft security product mapped to the AI security stack. Updated with RSAC 2026 announcements. GA/Preview status reflects what was confirmed on March 20, 2026.
Control Plane & Governance
Unified Visibility & Agent Governance
↗ Click on a product name to navigate to the Microsoft documentation page.
Unified control plane for all agents. Inventory, governance, and security posture across Microsoft and partner agents. Licensing is per-user, not per-agent — governance scope does not scale with agent count. Includes new Defender, Entra, and Purview capabilities to secure agent access and prevent data oversharing.
GA May 1 2026⚠ Per-user only$15/user/mo
Unified CISO-level AI risk aggregation from Defender + Entra + Purview. AI inventory covering agents, MCP servers, models, apps — including third-party AI (ChatGPT, Gemini). Security Copilot NL-driven risk exploration. Now generally available — previously preview.
✓ Now GA · RSAC 2026No extra licenseAI Risk Scorecard
Assign control collections to specific models or agents in Azure AI Foundry. Limits tools available to each agent, constrains output behaviour, enforces content safety at the orchestration layer. Only applies to Foundry-deployed agents.
PreviewPaaSPer-agent control setsFoundry only
Bundles M365 Copilot + Agent 365 + Entra Suite + M365 E5. Agent 365 included but inherits the same per-user licensing model. Best for orgs where agents are tightly coupled to named users.
GA May 1 2026⚠ Per-user licensing$99/user/mo
Identity & Access
Identity Primitives for AI Agents
↗ Click on a product name to navigate to the Microsoft documentation page.
Register agents as non-human identities. Human sponsor required. Lifecycle automation. Currently limited preview — frontier/large enterprise only. Agents still use OBO flow underneath. Only applies to Modern Agents — most existing Copilot Studio agents are Classic Agents (Service Principals) and receive no Entra Agent ID protection. Migration tool from Classic to Modern does not yet exist. Agent names do not sync on rename — original "Agent #" name persists in Entra.
⚠ Preview · Frontier Only⚠ Modern Agents only⚠ Name sync bug⚠ OBO underneath
Today's real-world primitive for non-human identities. Designed for apps/services — not purpose-scoped for individual agents. Lacks agent-specific lifecycle governance and sponsor model. The current stopgap while Agent ID matures.
GA · Available Now⚠ Not agent-purpose-scoped
Block risky agents; enforce least-privilege and JIT access. OBO limitation: agent permissions cannot be scoped below the invoking user's own scope. New Conditional Access Optimization Agent adds context-aware recommendations and phased rollout.
⚠ OBO limits true least-privCA Optimization Agent · Preview enhancements
Secure web and AI gateway. Shadow AI Detection now GA on March 31 — uses network layer to identify unknown AI applications. Prompt Injection Protection also GA March 31 — enforces universal network-level policies to block malicious AI prompts across apps and agents.
Shadow AI Detection: GA Mar 31Prompt Injection: GA Mar 31
Connect external MFA providers directly with Microsoft Entra — leverage pre-existing MFA investments or use highly specialised MFA methods alongside Entra authentication flows. New at RSAC 2026.
✓ Now GA · RSAC 2026External MFA Providers
Automated backup of Entra directory objects to enable rapid recovery in case of accidental deletion or unauthorised changes. New resilience capability for identity infrastructure.
Preview · RSAC 2026Directory BackupRapid Recovery
Discover unmanaged (shadow) Entra tenants and establish consistent tenant policies and governance in multi-tenant environments. Addresses the risk of unsanctioned AI deployments creating orphaned tenants.
Preview · RSAC 2026Shadow Tenant DiscoveryMulti-tenant
New dashboard in Microsoft Defender highlighting the most impactful insights across human and non-human identities. New identity risk score unifies account-level risk signals for real-time access decisions and SecOps investigations.
Preview · RSAC 2026Human + NHI IdentitiesRisk Score
Threat Detection & Runtime
Runtime Defence & Threat Detection
↗ Click on a product name to navigate to the Microsoft documentation page.
Runtime defence against direct and indirect prompt injection at the orchestration layer. Inspects user inputs AND content retrieved by the agent (RAG, tool outputs) before it reaches the model decision loop.
GADirect + Indirect PIOrchestration Layer
API-level model I/O filters: harmful content, jailbreak attempts, protected material, groundedness violations. Operates at the model boundary — separate from Prompt Shields which operates at the orchestration layer.
GAModel BoundaryJailbreak · Groundedness
Dynamically adjusts identity and access policies during active attacks — reducing exposure and limiting lateral movement in real time. Applies to both human and agent identities during incidents. New at RSAC 2026.
Preview · RSAC 2026Dynamic PolicyActive Attack Response
CSPM and runtime threat protection for AI infrastructure. Monitors model deployments, API access patterns, and agent behaviour. Expanded container security at RSAC 2026 including binary drift and antimalware prevention.
GAContainer security: PreviewMulti-cloud
Governs how AI agents and MCP tools access SaaS. Discovers shadow AI, governs OAuth permissions, detects over-privileged agent-to-SaaS access. For Copilot Studio specifically: provides real-time protection — blocks tool invocations if a prompt is suspicious. 1-second timeout: if no decision returned in time, tool executes. Not a guaranteed prevention control.
GAOAuth GovernanceMCP-SaaSRT Protection: Preview · 1s timeout
Detects all Copilot Studio agents in the tenant and surfaces misconfigurations via the AIAgentsInfo Advanced Hunting table. Detects no-auth agents, ownerless agents, and risky configurations. Setup requires collaboration between Defender admin AND Power Platform admin — two separate portals. Takes up to 30 minutes for initial connection and longer for full data population. Three Defender preview features must be enabled separately.
Preview · Copilot Studio only⚠ Complex dual-admin setupAIAgentsInfo KQL
SIEM + SOAR. Ingests AI-specific telemetry: agent behaviour logs, MCP server activity, Copilot interaction signals. New at RSAC 2026: Data Federation via Microsoft Fabric, Playbook Generator with natural language orchestration, MCP Entity Analyzer (GA April), and Sentinel Custom Graphs.
GAMCP Entity Analyzer: GA AprilData Federation: PreviewPlaybook Generator: Preview
Data Security
Purview — Data Governance for AI
↗ Click on a product name to navigate to the Microsoft documentation page.
Discovers where sensitive data exists across AI workloads. Identifies oversharing risks before agents exploit them. Posture assessments and automated remediation for AI data risks.
PreviewOversharing RiskAI Workloads
Blocks sensitive information such as PII, credit card numbers, and custom data types in prompts from being processed or used for web grounding. Prevents sensitive data entering the AI context window at the Copilot layer. New at RSAC 2026.
✓ GA March 31 · RSAC 2026PII ProtectionPrompt Blocking
Extends sensitivity labels into AI workflows. Prevents agents from accessing, generating, or transmitting content violating classification policies. Integrates with Entra Internet Access for network-layer enforcement.
GASensitivity LabelsDLP in AI
Monitors Copilot and agent conversations for policy violations and regulatory issues. OBO note: attribution may show user identity rather than agent identity in audit logs.
GA⚠ OBO attributionAudit Trail
Unified view of AI-related data risk directly in the Microsoft 365 Admin Center. Brings Purview data security insights into the same admin surface where Copilot is configured and governed. New at RSAC 2026.
GA April · RSAC 2026M365 Admin CenterUnified Risk View
Tracks what data agents access, process, and output at runtime. Creates a complete data access audit map for compliance and forensics teams. Feeds into eDiscovery workflows.
PreviewAgent Activity LogseDiscovery
AI-Powered SecOps
Security Copilot & Autonomous Agents
↗ Click on a product name to navigate to the Microsoft documentation page.
AI assistant embedded in Defender, Entra, Intune, Purview. Automates threat hunting, phishing triage, identity risk remediation. Included for M365 E5 at 400 SCU per 1,000 users/month. Over 15 new partner-built agents available via Security Store.
Included in E5 + E7400 SCU/1K users/mo15+ Partner Agents
Helps accelerate threat investigations by providing contextual analysis and guided workflows in Microsoft Defender. Deep multi-step investigation using Defender and Sentinel telemetry. Announced at RSAC 2026.
Preview Mar 26 · RSAC 2026Contextual AnalysisGuided Workflows
Extends the phishing triage agent to cloud and identity — autonomously analyses, classifies, prioritises, and resolves repetitive low-value alerts at scale. Reduces analyst alert fatigue across identity and cloud signals.
Preview April · RSAC 2026Cloud + IdentityAutonomous Triage
Adds context-aware recommendations, deeper analysis, and phased rollout to strengthen identity security through Conditional Access policies. Agent is GA; RSAC 2026 enhancements are in preview.
Agent: GAEnhancements: PreviewEntra
Purview agent with new credential scanning capability — proactively detects credential exposure in your data estate. Helps surface hidden identity risks embedded in documents, repositories, and data stores.
Preview · RSAC 2026Credential ScanningPurview
Purview alert triage agent with advanced AI reasoning layer and improved interpretation of custom Sensitive Information Types — improves agent outputs during alert review. Agent is GA; RSAC 2026 enhancements in preview from March 31.
Agent: GAEnhancements: Preview Mar 31Purview
Automate device policy reviews, offboarding, and risk-based remediation within Intune. Policy Configuration Agent lets IT create and validate policies via natural language. Enhanced app inventory for AI-enabled apps GA in May.
GAApp Inventory: GA MayNatural Language Config