Event details
MicrosoftQuestion from the live event:
From a security operations center perspective, how can teams get visibility into the prompts users are submitting, and what does the investigation or response workflow look like today?
MicrosoftAnswer:
We log who is prompting and who is asking the question and other key questions. We call this audit of activity telemetry that's captured end to end throughout the lifecycle AI agent. Anything that the agent interacts with or anything that interacts with the agent including tools and knowledge sources, that activity is captured and available for proof of compliance depending on what is needed and this is the bedrock for all of our investigations.
After this, the responses of the content itself which is passed to the agent or the response of the agent is based on the configurations of your tenant as an admin where you can store things by default.
All of this enriches the metadata available to data security administrators, analysts, and others who need it and can use this to say make decisions on agent risk during investigations and further analysis.