rss.livelink.threads-in-node

Agent 365 | Identity & Access Controls in Entra

Zachary-Cavanell — Fri, 12 Jun 2026 13:35:57 GMT

Surface agents across AWS Bedrock, Google Vertex, Databricks, and Salesforce in one registry, assign Entra Agent IDs via CLI or SDK, and enforce least-privilege access through Conditional Access policies and Agent Blueprints, all without rebuilding your existing identity infrastructure.

Lock down agent activity with sign-in logs that capture every authentication attempt, policy hit, and failure. Govern agents as first-class identities alongside your users, apps, and devices, and draw a hard line between managed and unmanaged AI in your organization.

Vince Smith, Microsoft Entra Principal Product Manager, shares how to establish full visibility, access control, and lifecycle governance for AI agents using Microsoft Entra and Agent 365.

Transform unmanaged agents into a managed agent identity.

CA policy enforcement, lifecycle controls, & full audit trail—start with Agent ID in Microsoft Entra.

One Agent blueprint. Multiple agent identities.

Use Agent blueprints in Microsoft Entra to enforce least-privilege access for agent identities at scale. Start here.

Lock down agent activity in Microsoft Entra.

Get full audit visibility into every sign-in, Conditional Access decision, and failure reason. See how it works.

QUICK LINKS:

00:00 — Visibility and control with Agent 365

01:39 — Multi-platform registry sync

02:29 — Assign Agent ID

04:14 — Agent Blueprints

05:24 — Conditional Access for agents

06:24 — Sign-in logs audit trail

07:03 — Unblock the agent

07:54 — Wrap up

Link References

Check out https://aka.ms/EntraforAgents

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Ensuring agents don’t operate unchecked in your environment means making sure their access to data and apps, along with other agents and resources, is appropriately scoped, and no more than necessary, so they’re never overprivileged. Agent 365 gives IT and security teams a unified control plane for agent activity. They can work together using the tools they already work in every day to see which agents are in use, understand the risk, and act before issues escalate. Today, in part 3 of this Agent 365 series, we look at how, as an identity admin using Microsoft Entra, you can establish the critical foundation to prevent agents from being both overprivileged or running without the right level of visibility.

-This all starts with Agent 365, which gives you visibility into your agents, control over what they can access, and governance across the entire lifecycle. As a developer, you can use the Agent 365 CLI and SDK to create and integrate an Agent ID into your agent. This ensures your agents can be managed across their lifecycle, with continuous risk evaluation and least privileged conditional access controls in Microsoft Entra, ensuring that agents can only connect to and act on the resources they truly need, for as long as they need, no more, no less.

-Just like with your users and apps today, with Agent ID, agents become explicitly manageable and governable, including conditional access policies and access packages. And by assigning an Entra identity to your agents, you establish a clear boundary between managed and unmanaged AI, which makes it much easier to detect which agents need to be brought under control. Let’s start in the Microsoft 365 Admin Center to see this in action. As an IT admin, you can access Agent 365 controls to view your agents, find unmanaged AI in use, and configure tools and settings. I’m in the Agent 365 overview page, where I can find top-level insights and metrics, as well as common actions. In fact, the Registry sync controls let me configure these options, so let’s take a look. And you can see that we’ve already configured sync for AWS Bedrock and Google Vertex, which gives us visibility into agents running on those platforms.

-Just to show you what’s behind this and your options, I’ll click Connect a platform. And under External platforms, we can see Bedrock and Vertex here, along with Databricks Genie and Salesforce AgentForce. The respective agents will peer in the agent registry once I sync from these platforms. That said, while we were able to see the agents from those platforms running in our environment, without respective Agent IDs, we won’t have visibility into exactly what those agents are accessing. In fact, here we can see that all of our Amazon Bedrock agents are currently unmanaged. And when I click in, we can see a few details about the agent creation date and publisher, but not much else. So we know these agents exist, but again, without an Agent ID, we don’t know exactly what these agents are accessing to be able to apply the right controls for their needs.

-Practically speaking, our first step here is to work with the unmanaged agent creators to get their agents an Entra ID. This is where, as a developer creating and updating agents, we can use the agent 365 CLI and SDK to create an assign and Agent ID, which also includes an Agent Blueprint. I’ve used a simple prompt here to generate the code and enter configuration needed. The cool thing about Agent Blueprints is that permissions granted on the blueprint can be inherited by all agent IDs using that blueprint, and I’ll explain more about this in a moment. And because this is standard OAuth, it is interoperable across agent platforms. In fact, the agent we’re updating is the one I showed earlier that’s running on AWS Bedrock. And once the agent is republished to Agent 365, it’s ready for management.

-In fact, going back to the agent registry in Agent 365, viewing the details of the agent, we can move over to the right and expand this field for identity information. We can see it has an Agent ID along with a Blueprint ID, which wasn’t there when we looked at the unmanaged agent card before. And scrolling back up and opening the Security tab, I can see that the agent already has default protections applied from Microsoft Purview and Entra, including sensitive data protections and compliance evaluation as part of the Agent 365 platform. Because the agent is an object in our directory, provided we are entitled with the right management permissions, we can grant the appropriate level of access and get visibility into its details and activities.

-I’ll start by first looking at what resources the developer has configured for the agent to access. In the agent identities page, we can see our agent. Importantly, this agent now has an agent sponsor assigned. This is the person responsible for the agent, and can be the agent builder themselves or someone they designate. And viewing its access and granted permissions, we can see a list of the requested permissions the agent has configured. Notice that the grant source is inherited from the parent, which is our Agent Blueprint. A blueprint is the template for a class of agents. It holds the credentials that associated agents use for authentication. The credentials can be managed in Entra, or federated outside of Entra, or even system managed, such as with an Azure Managed Identity. It also provides a way to define identity and permissions for agents at scale.

-Here we see in this case, the agent’s permissions aren’t set directly on the agent itself. They come from its parent blueprint. The first permission for Agent365.Observability is a default to capture agent telemetry. And under that, you’ll see Microsoft Graph permissions to read groups, users, and mail. Under Developer settings in the Manifest, we can view and optionally edit the details as JSON that we saw earlier in the code.

-As an Entra admin, I can control who is able to consent to the agent’s permissions, which gives me both security and scale, but I also want defense in depth. In our organization, as a blanket control, we have conditional access policies to block access to all unverified agents. Under conditional access, when I click into the AWS Bedrock policy, you’ll notice that this policy targets all agent identities and blocks their access to Entra-managed resources by default. To give our now verified agent access, we’ll need to exclude it from this conditional access block policy.

-Before we do that, I’ll show you this policy in action from the agent testing experience in Amazon Bedrock. I’ll have the agent perform a simple look up for a user account in our tenant. And you’ll see that it’s blocked from retrieving the user information. In fact, if I move over to this agent’s logs, I can see all the invalid grant errors. And expanding on the first one and then scrolling down to the error description, it gives more specific detail about the conditional access block and what happened.

-Now, if I move back to Microsoft Entra and look at the sign-in logs, we can see all of the sign-in activities for this agent. I’ll expand the same request we just saw in the Bedrock portal and move into this specific instance. And you’ll see the failure reason is exactly what the agent developers saw in Bedrock. In fact, digging into this Conditional Access tab, we can see the corresponding policies listed that apply to this agent, along with AWS Bedrock policy on top and the corresponding failure result. Now let’s look at how we can unblock this agent. As a Microsoft Entra administrator, once we verify that this agent’s identity is established and its permissions are appropriate, we can exclude it from our conditional access block policy to allow it access.

-Back in our conditional access policy settings, under Assignments, I can set up an exclude condition. Then I search for my agent by its name. Here I’m typing, “widget.” There it is. Now I’ll select it and confirm, then I just need to save my policy. That’s it. With our exclusion setup, the agent will be able to perform its operation with least privileged access and Entra. So let’s test it out. Back in the Amazon Bedrock portal, I’ll run the same prompt that failed last time, our account look up. And as you can see, this time it works, and it was able to access and display the account information for this user from our tenant.

-There we have it. That’s how easy it is to integrate Entra Agent ID into your agents and bring them under management. Agent 365 with identity and access controls in Microsoft Entra provides IT and security teams the management and visibility to assess and respond to agent risks. This lets you efficiently integrate agents into your existing systems and infrastructure as first-class identities, alongside existing users, applications, and devices. To learn more, check out aka.ms/EntraforAgents. Keep checking back to Microsoft Mechanics for the latest tech updates, and thanks for watching.

Introducing Azure HorizonDB - PostgreSQL

Zachary-Cavanell — Tue, 09 Jun 2026 18:15:00 GMT

Call AI models directly from SQL, build durable vector pipelines inside the database, and deliver high-accuracy similarity search at massive scale with DiskANN and AI re-ranking, all without leaving PostgreSQL.

Debug and optimize queries faster with the Azure HorizonDB VS Code extension. Visualize execution plans, let Copilot generate fixes, and clone production data to test environments in seconds.

Charles Feddersen, PostgreSQL Partner Director PM, shares how to put all of it to work on Azure.

Same hardware, same zone, same PostgreSQL version.

4,200 TPS self-managed vs. 11,000+ on Azure HorizonDB. The separation of storage and compute layers make the difference. See how it works.

Chunking. Embeddings. Vector storage.

All running as a durable background task inside PostgreSQL with AI Pipelines in Azure HorizonDB, no external orchestration needed. Check it out.

Visual query execution plans. Copilot-generated fixes.

The Azure HorizonDB VS Code extension brings all of it into the editor. Get it now.

QUICK LINKS:

00:00 — Azure HorizonDB features

00:57 — Open-source PostgreSQL

02:24 — How it works

03:37 — Performance

04:51 — Enterprise-ready security

05:34 — Memory & storage work together

06:29 — AI Model Management + AI Functions

08:24 — AI Pipelines

09:50 — DiskANN + AI Re-ranking

10:50 — VS Code Extension + Data Cloning

12:31 — Wrap up

Link References

Check out our blog at https://aka.ms/azurepostgresblog

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- The Postgres you know and love is now even more supercharged on Azure with the latest platform optimizations and AI for enterprise apps all made possible with the new cloud-native Postgres service, Azure HorizonDB. Now, we’ll go deep on its ultra fast performance at high scale, the built-in resiliency across different availability zones, along with major new built-in AI-centric features, leveraging DiskANN, as well as integrated AI model management, where you can provision models or bring your own from Microsoft Foundry, plus a built-in AI pipeline that automatically chunks and processes data in real time as it’s ingested into the database. And finally, a brand new VS code extension with AI-powered query development and debugging as you build your apps and more. And today I’m joined once again by Charles Feddersen who leads the Postgres efforts on Azure. Welcome back to the show.

- Thanks Jeremy, it’s good to be back and we’ve got a lot to get through today.

- Yeah, so the new HorizonDB service in Azure is our newest managed Postgres service where we also have Azure database for Postgres, and we’re actively making deep contributions in the Postgres project as well.

- Yeah, so Microsoft has been actively supporting Postgres on Azure for about nine years now, and our approach has always been to keep the Postgres, you know, and love for its portability and ecosystem and make Azure the best place to run your Postgres workloads. You know, and as you mentioned, we are a major contributor to open source Postgres. In Postgres 19, Microsoft Committers modified over 64,000 lines of code, which represents about 8% of all changes in this version. And we made about 340 commits. These improvements cover both new functionality and also improvements based on our own learnings of running Postgres at a massive scale on Azure. We also host the largest virtual Postgres community conference in the world called POSETTE, which is now in its fifth year. Because we understand the core Postgres engine so well, it’s not unusual for our core committers on the team to work with our customers to help debug and resolve issues that they might be having as well.

- Right, and I remember last time you were on, we discussed how you were shipping major versions of Postgres on Azure within weeks of their releases.

- Yeah, and now we’ve effectively eliminated that delay. There is now zero cloud lag in waiting to leverage the latest features when using Postgres on Azure. We ship the new major version on the same day in Azure.

- So that’s a big deal, there’s no lag, same day access. Why don’t we move back though to our newest managed Postgres service HorizonDB. How does that then change the game for anyone who’s running Postgres services now on Azure?

- Yeah, so HorizonDB brings cloud scale performance built-in resilience and AI ready capabilities to Postgres without changing how you build or run your apps. How this works is we’ve completely decoupled compute and storage to improve performance, scale and availability. At the compute layer, it runs the Postgres engine, fully compatible so existing apps and tools just work. At the storage layer, we built a new and highly optimized log service for transactions where we can sustain a commit latency of typically under one millisecond. That log service is paired to a new shared storage platform, which natively stores data across availability zones for resilient storage by default. We can attach multiple read replicas to the storage and the primary can fail over to any of these replicas in less than five seconds, in the event of an outage. This gives you read scale without replication latency. Ultimately, HorizonDB lets you run any Postgres workload from new AI apps to large scale enterprise systems with the performance, resilience and scale of Azure already built in.

- All right, so you said performance. Let’s dig deeper there. Everybody loves a performance story, so can you prove it?

- Yeah, so one of the big challenges with self-managed Postgres is that enabling high availability, especially across cloud zones, often comes with a performance cost. With HorizonDB, we introduced a new quorum commit protocol that let you durably commit across zones before flushing to disk, so you get both resilience and high performance. Now to show this in action, I’ve got a split screen, HorizonDB on the right and self-managed Postgres on the left. This is the same Postgres version on the same hardware with the same high availability setup in the same Azure region. And I’ll kick both off and then go ahead and let them run. And as you can see clearly HorizonDB is delivering about three times more transactions per second. This gain comes directly from the storage architecture, and now that it’s finished, we can see that self-managed Postgres on the left delivered over 4,200 transactions per second. And HorizonDB had more than 11,000 with much lower latency. Performance was a core design principle for HorizonDB from the beginning, and it’s something that you’ll see directly in your applications.

- Okay, so performance is ultra fast, and we know this is built for both enterprises and developers, and we know enterprises love security. So what’s different there?

- Yeah, so security of course is foundational. It spans everything from network isolation and identity to data protection. Just like performance, it’s been a core focus from day one. And we’re building on the proven enterprise capabilities of Azure database for Postgres to deliver it out of the box like Entra ID integration, where you can enable identity-based access, so users connect securely without managing passwords or private endpoints to lock down access. So the database is only reachable over your private network with no public exposure and of course encryption at rest where data is automatically encrypted on the disk. All of this is available from day one, so you get strong enterprise ready security without any extra setup.

- Okay, and bringing this back to our developers who are watching the built-in AI centric features with HorizonDB now also make it easier to build AI apps.

- Yeah, and this is an area that we’re really leaning into. Postgres was already popular and chat with your data use cases accelerated that adoption because it natively supports vectors for similarity search. Our focus is on making intelligent retrieval and generative AI work on a massive scale with high accuracy and efficiency. To do that, we’ve rethought how memory and storage work together in the database so that more IO traffic moves to disk letting you take advantage of much larger storage capacity using Microsoft’s disk accelerated nearest neighbor or DiskANN technology. This quantize a vector-based graph in memory and maps it to a full precision graph stored on disk, which significantly reduces memory requirements while still delivering fast higher quality similarity search across your data.

- And speaking of generative AI responses, we’ve also made it easier for the database to work directly with AI models.

- Yeah, we have, and this starts with AI model management, which automatically registers a set of models with your instance of HorizonDB. It’s really simple. So here’s my HorizonDB, and I’ll just select the enable managed models then confirm. And what this does behind the scenes is it automatically registers a few AI models for use. Once the provisioning is complete, you can see the AI model management blade in the portal with the GPT, text embedding and re-ranking models listed. And you can also bring your own models where you register them through the database directly.

- So now you can use models effectively with Postgres without extra manual provisioning configuration. So, how would you interact with them?

- Yeah, this is where AI functions come in. These are a set of SQL functions that you interact directly with AI models. The Azure AI extension in HorizonDB provides functions that you can invoke using SQL to leverage AI models. So let me show you a couple. For example, you can use the generate function to produce a response from a prompt. In this case, I’ll say summarize the following customer reviews in two to three sentences, and then I’ll run it and you can see the response is generated as a SQL result that I could use in my app. Alternatively, the extract function is designed to pull specific entities from unstructured text into a structured form that you can then store and query. You can see here that I’m going to use an array to ask for the main product features along with the customer sentiment from my database. Now, we’ll let that run for a moment and we can see the response of producers for each item in the catalog.

- And this is just one scenario that you showed with querying, but I can imagine another case where you might say, use data transformation where the results are written back into the database.

- Yeah, absolutely. And when you do that, obviously the retrieval time for those results stored in the database is incredibly fast and you’re saving on your tokens as well.

- That’s really great to see. So another challenge that we hear a lot of times is around building and maintaining AI pipeline. So we’re making that easier too.

- So this is where AI pipelines in HorizonDB extend AI model management and AI functions even further. Today, most generative AI apps rebuild the same steps, chunking, creating embeddings, backfilling data, often in fragile external pipelines. With AI pipelines, all of this is built directly into Postgres. So you can see here that I’ve created a pipeline using the create pipeline function in the AI extension. This chunks the data in a database in real time as it’s added. It will then create embeddings for those chunks using the embedding model that the AI model management enabled for us. And these are ultimately stored in a table. So I can then go ahead and run this, and then if I count the records in the output table, you can see that it’s increasing. And this is all happening asynchronously in the background so that it’s not blocking or really having any real performance impact on my transactional workload. But the best thing about these pipelines is that they’re durable. And this means that I could pause it. And you can see here that the row count stops increasing, even if the workload continues and I can resume it, think of it as a reliable background task. And if my server fails over, it’s no problem, the AI pipeline fails over as well and it just keeps running.

- So all that pipeline complexity then just moves into the database and kind of reduces the complexity and runs reliably.

- Exactly, and building on this, we can now also use the rank function to re-rank search results with an AI model. Earlier I talked about how DiskANN improved similarity search, but that’s just the first step. With rank, we can apply a model like Cohere to refine the top results and improve overall relevance. Let me show you, I’ve got two identical queries here. One just uses an index and the other wraps the same query in our rank function to improve the relevance of results. If I run the first query for the headphones with the highest playtime and good calling, you can see the results seem pretty good. And these aren’t bad with a few showing around 40 hours. But when I run the rank query that applies the AI ranking model, the top most results are definitely more relevant to my search. Here, there are headphones with 60 or more hours, and the top ranked model has a hundred.

- And this is really powerful. So you basically started out with fast similarity search, then used AI to make the results even more relevant. But why don’t we move beyond the database itself and look at what we’ve done then to help with the building experience of Postgres workloads on HorizonDB?

- Sure, and this is one of my favorite additions. We’ve built a new VS code extension that brings familiar Postgres tools into a modern AI powered experience. As someone who spent years working in database tools, this is something that I really wish I’d had. It makes debugging and development a lot more easy. So here we’re in VS code and on the left you can see I’m using the Postgres extension. Now this works with any Postgres, but when you connect to Postgres on Azure, you get even deeper integration. So let’s look at an Azure server, and if I right click, you can see a number of server management features like network configuration, backups, and even start stop built in with a single click. And if I right click on tables, one of the most recent additions is object properties. But now let’s run a query. This is a little slower than we’d expect. So I open the new visual query execution plans to debug. It’s easy to identify the Inefficient query operator, and I can click on that to debug further. But the best part is that Copilot can fix it for me. Here, I’ll just click on the Copilot button in the query plan and it gets to work. The Copilot generates the fix for me, and it’s really that simple. Now I want to test this fix in a non-prod server, and that’s easy to. For that, I’ll show you a first look at the new built-in data cloning. I’ll go back up to the server and right click and I can clone it with all my data. And that just takes a moment to validate my solution.

- And that’s a real shift. You got the same familiar Postgres experience, but now with AI and platform capabilities that really improve how you build and run apps. So what’s next?

- Yeah, so we’ve covered a lot today, but this is just the start. We’re continuing to push the boundaries of what you can do with Postgres on Azure. So here’s a lot more coming.

- So what’s the best way then for everyone watching to get started with Azure HorizonDB?

- Yeah, so, you know, you can go try it for yourself. It’s in preview now and it’s easy to get started with everything that I demoed. The VS code extension is available in the VS code marketplace. And of course, to stay current, check out our blog at aka.ms/azurepostgresblog.

- Thanks so much for joining us today, Charles, and of course, keep checking back to Microsoft Mechanics for the latest tech updates, and we’ll see you again next time.

Agent 365 | Security Operations in Defender

Zachary-Cavanell — Tue, 09 Jun 2026 16:01:58 GMT

Triage high-severity alerts as IT in the Microsoft 365 admin center, then pivot into the full incident graph as a SOC analyst in Microsoft Defender. Block malicious tool invocations the instant they fire and catch jailbreak attempts on Copilot Studio agents before they take hold.

Trace a compromised user back to suspicious agent activity, then trigger Microsoft Entra conditional access to revoke the session and force a password reset straight from the incident. Hunt overpermissioned agents with pre-built advanced hunting templates — including one that exposes every agent running MCP tools on the maker’s standing credentials — and pull risky builds from the Agent Store using the Agent Registry.

Spencer Berg, AI & Security Product Manager, shares how to turn agent risk signals into coordinated remediation across Defender, Entra, and the Microsoft 365 admin center.

One agent. Two security views.

IT admins triage critical alerts in the M365 admin center. SOC analysts dig into the full incident graph in Microsoft Defender. Try Agent 365.

Real-time agent defense.

Microsoft Defender blocks malicious tool calls mid-execution and flags persistent jailbreak attempts on Copilot Studio agents the moment they happen. Watch it in action.

Pull a risky AI agent from the Agent Store.

Open the Agent Registry in the Microsoft 365 admin center, block the agent, and cut access for current users until the maker resubmits a safer build. See it here.

QUICK LINKS:

00:00 — Stay in control with Agent 365

00:40 — Gain visibility with unified control plane

01:48 — Unified IT & SOC agent view

02:54 — Real-time blocking and jailbreak detection

04:08 — Auto-revoke via Entra conditional access

04:32 — Prevent future incidents

05:28 — Advanced hunting for AI agents

06:43 — Block risky agents

07:15 — Wrap up

Link References

Check out https://aka.ms/Agent365SecOps

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcripts:

-What if your next Sev 1 security incident isn’t a compromised user, but instead an autonomous agent, chaining actions across systems you didn’t even know it could reach? In the agentic era, SOC teams aren’t just defending endpoints or identities. They’re defending a machine-speed execution layer that collapses boundaries and turns small gaps into full attack paths. When agents act on their own while logged in as a user, on-behalf-of activity becomes user impersonation. They can access and interact with Teams, email, other internal apps, and your users’ devices. This blurs the lines between human and agent activity. So how do you gain visibility into these activities and stay in control? It starts with the fundamentals of agent defense, knowing what’s running, controlling what it can access, and seeing what it’s doing in real time. Agent 365 brings all these defense areas together through a unified control plane.

-The Microsoft 365 admin center provides centralized inventory and governance of agents and tools. Entra establishes strong identity with least-privilege access and clear ownership. Defender delivers runtime protection and deep observability with end-to-end activity tracing and detection. And Purview enforces data protection and posture by monitoring how agents interact with sensitive information. Together, these capabilities create a shared, consistent view so security and IT can manage agent risk as one system, not in silos. Today, in the second episode of this series, we build on that foundation and dive deeper from the SOC perspective in Microsoft Defender, showing how unified agent visibility enables faster detection, stronger investigations, and coordinated response with IT before agent-driven risk escalates.

-Starting off as an IT admin in the Microsoft 365 admin center, I can see agents which have risks associated with them. The agent risks tab in the registry has identified several agents that need my attention based on security risk signals surfaced here. And drilling into any of these agents exposes the security & compliance page, where the IT admin will see only unresolved alerts with high and critical severity from Defender. Switching perspectives, as a SOC analyst on the Zava security team, the Microsoft Defender portal is my go-to-solution for threat protection, including posture management and investigations. I also need detailed security information for the agents that run in our environment.

-I can view the same agent within Defender with a security lens with related incidents and alerts. I mentioned before that an IT admin can see the big picture and even view unresolved alerts from critical incidents within their experience, but as a SOC analyst, I need the granular details to dig deeper into the incident. I can see all the lower priority and resolved incidents that provide more context on the activity of this agent. Microsoft Defender continuously monitors AI agent activity in real time. It can block malicious tool invocation attempts as they happen, and alert security teams that there have been attempts to jailbreak AI agents.

-Let’s click into the critical incident to investigate further. In the details, I can see that this has been identified as a collection incident involving one user. It also includes the information that our SOC team needs. I can look at the incident description to see that the agent is connected to a tool that sends emails, which was blocked, thankfully. Let’s open the incident page to investigate further.

-Now we can see a detailed explanation of what happened, who was involved, and additional context. Alerts related to the agent are combined into a more detailed incident view, including persistent jailbreak attempts on a Copilot Studio agent and an AI agent tool invocation by the same user, which was blocked by Microsoft Defender. The alert also provides recommended actions to remediate it. It shows all events related to our user, Griffin, where the agent tried to invoke the same email tool multiple times within a short period, each with details on the date, time, and the user’s IP address. Optionally, we could investigate the user further using advanced hunting to view additional activity across a longer period.

-That said, for this incident, I have enough information to suspect that it’s potentially stolen credentials and is carrying out suspicious activity. I can then click on the user to view their details and confirm that they have been compromised. Defender can automatically trigger our Entra conditional access policy to revoke Griffin’s access and require them to reset their password. This would now show that their account has been compromised and let us resolve the incident without further impact.

-And I can also prevent future incidents with this agent. For that, I’ll use advanced hunting to get more information and context. I’ll click on the agent within the incident graph to find out more about the purpose of the agent, its number of associated incidents and alerts, as well as other tools it’s connected to. Running this query gives me the most up-to-date information about this agent. I can see detailed attributes like the agent’s name and creation date, who last modified it, and when. It also shows its action triggers, which actually invokes the agent to run, and any connected or child agents it interacts with.

-Now, tying this back to our earlier attack, we saw that Defender’s real-time protection blocked a tool invocation for the tool that sends emails. That’s already good news, but as the investigator, I want to know what else this agent can do and how risky it is. I’ll open Agent Tool Details and I can see that, in addition to sending emails, this agent also has access to an MCP server as a knowledge source. MCP servers often expose a broad set of actions. These are mostly used for read access, but sometimes write access too. Often, as a workaround for future permissions issues, developers or makers give write access even in cases where the agent only needs read access. That’s what we call overpermissioning, and it goes against the principle of least privilege. In turn, it introduces a lot more risk if the agent is ever compromised. But I don’t want to stop with just one agent. Let’s find out if other agents in my organization are exposing risks related to overpermissioning.

-Here, I have a collection of pre-built queries designed specifically for AI agents, making it easy to spot misconfigurations, excessive permissions, and other risky setups across my environment. This specific template gives me a view into agents with MCP tools configured using the maker’s credentials. That’s not good. With these permissions, the MCP server tools can be accessed using the standing permissions of the agent maker. This can lead to privilege escalation and data exposure. The advanced hunting results show that multiple agents have access to MCP servers with maker privileges, which put them at high risk.

-Now we have the information we need to notify each creator that changes are necessary to scope their agent’s permissions so that they can be used safely. From there, our Microsoft 365 administrator can prevent the current agents from being used until new versions are ready. To do that, as the IT admin, I’m signed into the Microsoft 365 admin center, and in the Agent Registry. There’s our Customer Billing Agent, and I’ll click into its details. I can take action from here and block it from being used, then confirm. That’s going to remove it from the Agent Store for new users, and prevent current users from accessing it.

-Then, once a newer, safer version of the agent is ready, the maker can resubmit it for publishing approval. With Agent 365 using Microsoft Defender, you can strengthen agent security posture and protect against threats. This helps you proactively identify and mitigate risks before attacks occur.

-To learn more, check out aka.ms/Agent365SecOps. And in the next episode of this series, we’ll explore Agent 365 with Microsoft Entra to prevent agent sprawl, unclear ownership, and weak lifecycle management. Keep watching Microsoft Mechanics for the latest AI and security updates. Thanks for watching.

Automate evaluations | Microsoft Foundry

Zachary-Cavanell — Thu, 28 May 2026 16:02:56 GMT

Trace every run end-to-end, generate synthetic datasets to stress-test on demand, fire automated Red Team attacks at your own agents, and pin down why evaluations fail — all from the Microsoft Foundry control plane. Lock in guardrails that inspect every tool call at runtime, define the risks once, and enforce them across every agent run.

Mohammad Abuomar, Responsible AI Principal Architect, shares how to turn a coding agent into production-ready software inside Foundry.

Describe the agent, set the row count, confirm.

Your test set lands in seconds. Microsoft Foundry’s synthetic dataset generator builds eval data on demand. Get started.

Pin down why your agent fails evaluations.

Foundry’s Analyze Results uses AI to cluster failures, name the root cause, and recommend specific fixes. Check it out.

Lock down agent behavior with the Task Adherence Guardrail.

It inspects every tool call against the original task and blocks the off-script ones. Try it in Microsoft Foundry.

QUICK LINKS:

00:00 — Microsoft Foundry control plane

00:33 — See a finished agent

02:30 — See where the agent started

03:19 — Traces

04:04 — Built-in monitoring

04:34 — Evaluation types

05:51 — Red team evaluations

07:08 — Evaluation results

08:14 — Built-in Guardrails

08:14 — Wrap up

Link References

Get everything you need in Microsoft Foundry at https://ai.azure.com

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-If you want to build agents that meet your expectations for output quality, performance, safety, and cost, it’s not just about the model or framework you select. The testing, evaluation, and the controls surrounding your agent matter. And that’s what the Microsoft Foundry control plane is designed to do, with tools you can use during development to make sure your agents raise the bar across every important dimension. Today, I’m going to walk through the process of building a coding agent and demonstrate where the controls in Foundry come in to make it better. I’ll start by showing my finished agent, then after that, I’ll show you the steps I took using Foundry to make it production ready. This agent is designed to take a simple user prompt, then find what it needs to build apps automatically.

-So, I’ll paste in my prompt asking it to generate a Windows desktop app for personal cashflow management. It needs to be fast, use WebUI, and easy to use for broad appeal. I’m also asking it to make it safe, secure, and follow privacy best practices. And it needs to be easy for a developer to read, maintain, and to add to it. I’ll submit the request and it gets to work, with its reasoning on the left and code on the right. This process takes several minutes to complete with a few interactions in between, so to save a little time, I’ll skip to the result. We can see the agent’s reasoning and plan, with its technology stack, approach and initial action. Then, we can follow all of the steps it performed to author and configure the app and its dependencies.

-Below that, is the React code and JavaScript. It asked whether to proceed writing this as an Electron and React setup, and I confirmed. Then it started to write, test and iterate on the app, followed by another question whether to implement more features or focus on security. And I responded to do both. It then finished writing the app and finally it outlined the steps to run the app locally.

-So, let’s test it out. I’ll move over to my terminal window running PowerShell and start it. And here is the generated app. It’s fully functional with user authentication. I can enter my first item, Travel Expenses, and the amount, and there’s a Category dropdown menu with pre-configured options, and I’ll choose “Transportation”. And it writes that record into the local data store. This is a simple, production-ready app that the agent was able to create in just a few minutes. But it didn’t start out this way, and if you’ve built agents or apps yourself, you’ll know a lot of what doesn’t get shown is the testing, iteration, and refinement work to end up with production-ready code. Let’s change that.

-Let’s go back in time to where this agent started. I’m in Visual Studio Code and this is my agent, which I built using the Foundry SDK. Here are the defined tools for it to use, WebSearch and CodeInterpreter. And on the left, we can see the full list of local tools. Like interacting with the file system, as well as git, patching, registry, local search and running shell scripts. And here in the center is the key SDK line that creates the agent, adds the tools, deployment name and so on.

-So, the agent is functional and I’ve also started manual testing. And this is where Foundry controls let me stress‑test the agent to see what works and what doesn’t and see the details for each run. In the Microsoft Foundry portal, I have my agent open and the Traces tab. These are OTel traces of all of the runs for this agent, with the newest runs on top, everything here is backed by Azure Monitor. And I can click into any conversation or Trace ID to view the Input + Output turns for that session. They’re easier to parse than standard logs, speeding up reviews. We can also see the system message, user input, and what the agent did. Along with the agent’s reasoning, the technology stack it used, and the app features. Below that, we can see the development process as well as tool outputs Beyond that, with built-in monitoring, you can get a roll-up view of all activities for our agent with key metrics I’m in the Monitor tab. It shows me the estimated cost and token usage so far. This agent is new so I haven’t configured Evaluations yet, but we’ll get to those in a moment.

-Next, you’ll see Operational metrics like the number of agent runs and how many successfully completed or failed, token consumption, tool calls made by the agent, and the error rate over time. Evaluations are where a lot more testing automation comes in to help you improve agent faster. I’m in the Evaluations tab, I need to create my first one. The options are: Automatic Evaluation, where you can automate the process using AI; Human Evaluation, where someone tests the agent and completes surveys; and Red team, where an agent runs automated attacks to expose vulnerabilities. I’ll start with Automatic Evaluation and hit Create. It starts with defining a target. My agent and the version I want are already selected. For data, I can upload an existing dataset or save time by creating a synthetic dataset, which is very cool. This generates data automatically, you just select the number of rows you want. I’ll guide it with a prompt, “Create a dataset for evaluating a coding agent.” I’ll skip the reference file and just Confirm. That automatically generates 90 rows of data to test with.

-Next, I’ll choose the evaluation Criteria. There are several built-in evaluators for Agents. Below that are evaluators for Quality. These are editable, so I’ll remove Coherence, Fluency, and Groundedness because my agent doesn’t need them. For Safety, there are seven evaluators, and I’ll keep them as-is and move on to Review, then Submit it. These Automatic Evaluations can take several minutes to complete, so while it’s working, I’ll move into Red Teaming, which is now becoming a core part of AI testing to spot vulnerabilities early on. I’ve started creating my first red team evaluation. Let’s look at the standard configuration for risk categories. You can modify these. It can check for unsafe categories plus ungrounded attributes, code vulnerabilities, and task adherence. It shows the tools that the agent can access. I’ll provide descriptions for web_search, to search the internet for relevant SDKs, and the code_interpreter to run code for the coding agent. Then I’ll Save it.

-Next, I’ll change Seed queries from 5 to 10 per category for more testing. In the Attack strategies, I can see exactly what the red teaming agents will try to do and select the ones most relevant to my agent. Each tile describes the attack type that will be tested. I’ll choose AsciiSmuggler, Base64, Jailbreak, StringJoin, UnicodeSubstitution, and IndirectJailbreak. Now, I can review the prohibited actions, including things like attempts to change password, and more. These are all things attackers might try to do with your agent, and we’re automating those tests for you. I’ll hit Submit to get everything started. Now, with two evaluations running, to save a little time, I’ll fast forward to the results of the evaluations.

-Here, we can see the two runs. I’ll open the Automatic Evaluation first. Then clicking into the Run shows the details for each evaluator. If I scroll to the right, you’ll see that we’re green almost across the board. One glaring exception is the TaskCompletion score at 59%, which is below my bar, so it’s something to fix. One of my favorite capabilities in evaluation is using AI to analyze the results. I’ll start the analysis, and it creates a nice cluster analysis showing the main issues. I mentioned TaskCompletion before. Here, you can see “incomplete resolution” and “action plan issues”. Drilling in, looks that there is a “lack of actionable output” and the AI suggests specific ways to fix it. This saved me time to find ways to improve my agent.

-Now, let’s review our Red Teaming evaluation. I’m at the top level view and I’ll click in to see the issues. Immediately, I can see that the Task adherence is red, which is also related to TaskCompletion. We can fix this using a built-in guardrail to check for task adherence. Guardrails define what risks to detect, from which point in the process, and how to respond. Let’s go to the agent playground. Scrolling down to Guardrails, I can see only the default model guardrail is set. Let’s add another by clicking Manage guardrails and Create. Here, I can define the risks and controls I want to enforce. I’ll start with Risk, and these are the types of risks we can detect and mitigate. There’s an option for “Task adherence” that I’ll choose. This guardrail checks any tool call made by the agent to ensure it’s used appropriately to “adhere” to the task.

-Now, I just need hit Submit to activate this guardrail. And the TaskCompletion issue should now be fixed. In fact, here I’ve run another evaluation, and we can see that TaskCompletion is now green and everything meets our overall quality goals. With that, my agent is ready for broader use. And while I focused today on a single agent and using Foundry controls to test it, expose vulnerabilities, and make it better, Foundry also provides fleet-wide performance visibility across all agents and enables centrally applied and enforced policies and configurations to keep agents compliant.

-To find out more and get started with these and other controls, you’ll find everything you need in Microsoft Foundry at ai.azure.com. Subscribe to Mechanics for the latest tech updates, and thanks for watching.

Microsoft Entra Tenant Governance | Find Configuration Drift

Zachary-Cavanell — Wed, 27 May 2026 18:03:51 GMT

Capture configuration as code across 200+ resource types in Entra, Intune, Exchange, Teams, Defender, and Purview. Turn that snapshot into a Monitor. It scans for drift every six hours and flags every policy change.

Extend control to the tenants you don’t fully see today. Entra Tenant Governance surfaces them automatically through B2B, multi-tenant app, and billing signals. Request governance with role-based templates. Complete the secure approval handshake in the Entra admin center, then administer the governed tenant from a single browser using the roles forged in that handshake.

Jeff Staiman, Microsoft Entra Principal Product Manager, shares how to bring every tenant under one governance model.

More than 200 resource types. One baseline.

Configuration Snapshots in Microsoft Entra Tenant Governance lock in your tenant config across Entra, Intune, Exchange, Teams, Defender, & Purview. Start here.

Every tenant connected to your org, surfaced.

Entra Tenant Governance assembles a live Related Tenants list from B2B traffic, multi-tenant app config, and Microsoft Commerce billing signals. Check it out.

Same browser, same login.

Entra Tenant Governance authenticates you through the role assignments from your governance handshake. See how it works.

QUICK LINKS:

00:00 — Prevent tenant configuration drift

00:57 — Create a configuration baseline

02:23 — Detect configuration drifts

03:08 — Identify related tenants to govern

04:05 — Governed tenants

05:01 — Incoming request

06:17 — Set up monitoring

07:40 — Wrap up

Link References

Get started at https://aka.ms/EntraTenantGovernance

Restrict tenant’s connections at https://aka.ms/TenantQuarantine

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-To protect your organization, you need to ensure that your tenant configuration doesn’t drift from your defined security and compliance requirements. This needs to include all the Microsoft Entra tenants that you manage, whether for end-user collaboration, development and testing, mergers and acquisitions, or regional teams, as well as all the unsanctioned tenants set up by your employees, such as for testing or for shadow IT. Even a single configuration drift in one of your tenants can introduce vulnerability to your environment, and that’s where Microsoft Entra Tenant Governance comes in, to define configuration baselines as code in order to monitor configuration drift, to automatically find related tenants with existing B2B, billing, or multi-tenant app relationships, to request the permissions you need, to govern the tenants where you need visibility and control, and once approved by the related tenant admin, to monitor those configuration baselines in your governed tenants to detect drift from your desired state anywhere. Let’s start by creating a configuration baseline for our main tenant, Contoso Inc, to monitor for configuration drift.

-In the Microsoft Entra Admin Center, you can find Tenant governance under Entra ID. This tenant has several conditional access policies and cross-tenant access policies, as well as device compliance policies. We’ve already given the service permissions to read all the policies in this tenant, and that’s going to be required to run the snapshot process, and will be needed later to monitor for configuration drift. I’m going to give you a first look at the new configuration snapshots page, where you can capture the configuration of your existing tenant settings to detect drift or to use as a baseline for other tenants. I’ll create a new snapshot. I’ll begin by giving it a name, Contoso core compliance, and a description, Contoso core compliance May 2026. Then I select the resource types that I want to snapshot. You can use more than 200 resource types to monitor configuration across Entra, Intune, Exchange, Teams, Defender and Purview.

-First, I’ll select conditional access policies, then cross-tenant access policies, and external identity policies in Entra. Then in Intune, I’ll search for device compliance and I’ll choose iOS and Windows. I can review the resource permissions and expand out. Then I just need to confirm by clicking Create Snapshot. That’ll take a moment to query and write the configuration settings. Once it’s completed, I can click into it to view the details, and in the Configuration baseline tab, I can access adjacent representation of all the configuration settings.

-Now I want to set up monitoring so that I can automatically detect any configuration drift in any of these policies in my tenant that happens in the future. I can easily set this up by creating a monitor from this snapshot. In settings, it pre-populated the name and description. The monitors also pre-populate with the settings that were captured in the snapshot. We see that all the required permissions are in place. Monitoring a resource uses the same permissions as snapshotting it, so this is as expected. Now I can confirm and hit Create Monitor. It’ll run on a scheduled interval, currently every six hours. After the monitor has completed one or more runs in your tenant, you can check it for configuration drift. With our first run complete, I can check if there were any configuration drifts, and as you’d expect, everything looks good. No drifts.

-Now that I know I can keep the configuration of my main tenant healthy, let’s see how to identify other related tenants that I also need to govern. I’m still signed in as the admin for our main Contoso Inc tenant, and I’ll start from the related tenants list. It shows all tenants connected to my organization, including shadow tenants and external partner tenants. The list is automatically created and kept up to date by Entra’s tenant discovery signals, which look at B2B usage, multi-tenant app configuration, and Microsoft commerce billing. I see the Contoso 1 tenant in the list, which gets my attention since it has the Contoso name in it. I click on Contoso 1 to see the details. If I click into it and then I look at discovery signals, it shows B2B registration, B2B sign-in, admin app sign-ins, and multi-tenant apps, as well as billing relationships that were detected. I can get more detailed information in the Discovery Signals tab, where I can click to see the number of sign-ins for B2B and for admin apps. And in billing, it looks like our primary tenant is already paying for this one.

-Now let me show you how to establish governance over a related tenant. This is clearly a tenant that we need to govern, so I’ll close this view and I’ll move over to the Governed tenants view. Here you can see that I already have one governed tenant, Fabrikam, but not the Contoso 1 tenant. Let’s add it. So I click Request to govern. In the list of tenants, I can see the Contoso 1 tenant, and I’ll select it.

-To speed up the process, I’ve already created a few governance policy templates to define the access that my primary tenant needs over different types of governed tenants. Next, because this looks like a dev test tenant, I’ll choose the DevOps governance policy template, where I’ll request the global reader, security admin, and tenant governance admin rules. Templates are extensible to use your own multi-tenant resource management apps. This one contains the MegaMonitor app, which is a custom app that Contoso has written to monitor resources and govern tenants. From there, I just need to review and hit Create. The request gets sent via email. Now with the invitation sent, I’ll switch over to the perspective of the Contoso 1 tenant admin, who receives the incoming request. The email is sent from a Microsoft Security account in the microsoft.com domain and contains the details for the tenant governance request.

-For security, the request can’t be approved within the email directly. It needs to be approved in the Entra Admin Center. There’s a link in the email which takes you to the tenant governance relationship tab for pending requests. I see the request on the top of the list, and I click the request to see additional details. As I showed from the requester point of view, it contains the request for three roles: global reader, security admin, and tenant governance admin, and a request for that multi-tenant app called MegaMonitor to have permission to read audit logs and policies.

-From there, I can choose to accept or reject the request, and I’ll accept it. If the other tenant’s admin doesn’t approve your request, you can restrict their tenant’s connections to your primary tenant by blocking apps, preventing B2B access, stopping bill payment, or applying network blocks. To learn how, check out our documentation at aka.ms/TenantQuarantine. Once the request is accepted, the handshake between the tenants is complete and you can govern that other tenant.

-Now let’s switch back to the primary tenant admin’s point of view. Here I can see that the governance request was accepted and the governance status is now active.

-Now I can set up monitoring for that tenant to ensure that the conditional access policies and other policies meet Contoso Inc’s requirements. I need to create that new monitor while logged in as an admin in the newly governed tenant, and the good news is you don’t need to switch browser profiles or authentication contexts to do this. I copy the tenant ID from the Governed tenants page. Then I type entra.microsoft.com/ and I paste in the tenant ID from my clipboard. This signs me into the Entra Admin Center in the context of the governed tenant, Contoso 1. The authentication and authorization works using the Entra role assignment set up with a governance relationship, so there’s no need for a B2B account. You can see the authentication context in the user account area in the upper right corner of the admin center.

-Now I can go to the Tenant governance page. I navigate over to Monitors to create a new one. I start by giving it a name and description, and then I need to put in the configuration baseline for the monitor in Contoso 1. For that, I can go back to my primary tenant and go to my baseline and copy it. Now I’ll go back into the governed tenant and paste it in there.

-Next, there are the application permissions I showed before. A monitoring service in the Contoso 1 tenant needs the same permissions that it needed in the Contoso Inc tenant. To save time, I’ve added these read permissions in advance. Now all I need to do is review and hit Create. The monitoring service will run four times per day, and you’ll be able to review monitoring results from the governed tenant.

-And so that’s how tenant governance lets you keep all of your tenants securely configured on an ongoing basis, including related tenants that you don’t even know about today. To find out more and get started, check out aka.ms/EntraTenantGovernance. Keep watching Microsoft Mechanics for the latest tech updates, and thanks for watching.

Microsoft Excel Beginners Tutorial (2026)

Zachary-Cavanell — Tue, 19 May 2026 16:18:33 GMT

If you’re new to and getting started with Excel or coming from another app, in this video we teach the basics of Excel, the user interface, core concepts, and how to work with basic data. We’ll show you how to build a full Excel workbook from scratch using natural language prompts with Copilot. Format cells, write formulas, and analyze a year of data. Generate sample data, calculate totals, apply conditional formatting, and pin down outliers across columns and rows, all from your browser at excel.new. Share the workbook by name, group, or email and co-author with teammates across web, desktop, and phone. Every edit syncs to OneDrive in real time.

Jeremy Chapman, Microsoft 365 Director, shares how to go from blank workbook to analyzed, shared spreadsheet in one sitting.

A full data set with only one prompt.

Copilot in Excel builds categories, columns, and currency-formatted cells from a natural language prompt. Try it now.

Skip the formula syntax.

Copilot inserts row and column totals from natural language prompts and exposes the underlying SUM logic so you can verify the math. See how it works.

Pull reasoning out of your spreadsheet.

Copilot in Excel surfaces the highest- and lowest-cost months and explains the drivers behind each. Try it in Excel.

QUICK LINKS:

00:00 — Excel Essentials

00:57 — Start from a blank workbook

02:11 — Core terms and concepts

04:25 — Generate Sample Data with Copilot

06:16 — How to work with the numbers

09:35 — Copilot Writes Your SUM Formulas

09:57 — Conditional Formatting from a Prompt

10:40 — Outlier Analysis with Reasoning

11:36 — Real-Time Co-Authoring in OneDrive

12:22 — Wrap up

Link References

Check it out at https://microsoft.com/excel

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Microsoft Excel can help you organize information, perform calculations, and discover patterns in your data all in one place, and you can get to it on your PC, your Mac, your phone, or on the web. I’m Jeremy Chapman, and I’ve been part of the product team responsible for Office at Microsoft since 2012. And today, I’ll walk you through the essentials of Excel and how to use it. So first, if you have a Microsoft account, like outlook.com, OneDrive, or Xbox, or if you use Microsoft 365 at work, you can use Excel on the web, in your browser, and you can get to Excel by navigating to excel.new. And by the way, if you have the Excel app installed, you can open that on your computer or your phone and follow along. When you’re signed into your work or personal Microsoft account, Excel saves your files to OneDrive, so you can easily find them and pull them up on other devices later.

-So for today, I’ll keep things simple. So I’ll start with a blank workbook Using Excel on the web. Wherever you use Excel, it’s designed to be a consistent experience on large screen devices, so you can follow along if you’re using the local app on Windows or on a Mac. And Excel is designed to organize any kind of information, numbers, dates, texts, and more. In the main view, you can see that I have columns and rows all ready to enter data. In most cases, there’s a one-time step to create what’s called a workbook in Excel, which I have one open here. Now this is where you’ll use and create a blank workbook, or you can choose from dozens of different templates that are filled in with sample data and formatting to get you started. At that point, you can enter your data, your headers, and start formatting your cells.

-Now if you have existing data in a table in another app, you can open it with Excel or just paste in the contents to start working with it. On top, Excel has what’s called the ribbon, with groups of controls presented as tabs that you can use. Within each tab, there are smaller groups of controls, like you can see here with the fonts, alignment, and number. Now let me define a few core names and concepts that you’ll use when you work with Excel in this workbook to manage data. So each field or rectangle that you can see here as I’m highlighting them, these are called cells. Then you have columns, and those are the vertical lines of cells, and those are represented with letters on top.

-Next you have rows, and those are the horizontal lines, and those are represented by numbers. For example, the upper left cell is called A1, A for the column name and 1 for the row name. Now a block of multiple connected cells is called a range. So here, for example, I’ve selected range A1 to D4. Right now I’m in a sheet called Sheet1, and you can see in the lower left corner, I can add more sheets, like I’ll do now, and then I can move between multiple sheets and reference data across them as well. But I won’t do that today.

-So now I’m going to go ahead and go back to Sheet1. And if you right-click and go to Format Cells, you’ll find options for things like number formats, for example, currency, date, time, and percentage. And on the Home tab, the font group is another place to change these settings, as well as Fill, which lets you change the background color for cells, columns, or rows. I’m going to add some text in this cell as a title for what I want to create today, a monthly expense tracker. Now this text looks like it’s spilling into cell B1, but it’s actually just in cell A1. So I can widen or narrow the columns as much as I want. And if I want this title to span several columns, like in my case, I know that I’m going to need 12 months. So I’ll go ahead and select rows M1 all the way back to A1. Then in the alignment group, I’ll choose the Merge & Center option right here, and that makes my 13 cells into one with the text centered.

-So now, in the font group, I can choose the fill color that I want. So in my case, I’ll pick blue. Then for the font color, I’d like to choose something contrasting. So I’ll choose white in my case. And by using these formatting options, you can make things a lot easier to understand as you work with your data. But we still need some content, so let’s add some. So for that, I can use AI with Copilot to generate sample data. So I’m going to go ahead and pull up Copilot and type, “Generate monthly personal finance data for one year with months for columns and expense categories as rows, including sample data. Do not add columns or rows with totals.”

-Now I added that last sentence because I want to show you how to calculate totals yourself in a moment. The Copilot is part of Excel on the web and in the desktop and mobile apps if you’re using Microsoft 365 Personal or a work or school account. And you’ll see, once it’s finished, that Copilot generated a Category column and several month columns, as well as multiple rows with different expense types all filled in with the sample data that I asked for. Now notice that it also formatted the row 2 and column A using formatting options that I mentioned before. And each cell in the middle is also formatted as a currency number with a dollar sign.

-So I want to add a row here, in my case, for car payment. And you’ll see that it doesn’t match the others yet, and I’ll fix that in a second. Now I’ll add an amount for January, 300. And since this is the same amount every month, I can just select the cell. Then using this square in the lower right corner, I can just drag across the other months, and each, in this case, will have the same number, 300. Let’s fix our formatting. Now, to make the dollar amounts match the cells above, I’ll select this one above my new row, then click on the Format painter, this paintbrush icon here, then I’ll select my new cells. And now they all match. Now I can do the same thing for my Car Payment label in cell A16.

-So now I have some formatted data to work with and I can show you how to work with those numbers. I’ll use the Formulas ribbon where you’ll see the most common options to analyze data. For example, if I select all the cells with numbers in column B, then I go up and click on AutoSum, it adds all of the numbers in that column. In fact, now if I click on that cell in the formula bar, I can see a simple formula. Now these start with an equal sign, in my case, SUM as the function itself. Then I have an open parentheses with my range, in my case, B3 to B16, and close parentheses for what I want to calculate. Now that was an example of a very simple formula. Like I did before with the numbers, I can even drag formulas into blank cells.

-So I’ll go ahead and grab this one again by the lower right corner square and drag it across all of my columns. So that now has copied the original formula from the B column and duplicated it for each of the other columns. But as I click into each one, notice something that just happened, I have the column letters B all the way through M to each corresponding formula. That makes each sum specific to each of these column months. Likewise, I can select and drag entire columns into blank areas to fill in that data too. And because Excel detected a series of month names in row 2, it even filled in Jan as the new month name for the new cells that I added. Now let’s try another basic formula. For that, I’m going to select all the numbers above the totals row in column B.

-Now I’m going to choose Average, and that adds a cell with the average across the entire range that I just selected. So now I want to clean up a few cells. And when you go to delete data, you’ll need to know a few different options. So first, I’ll select the month cells that I just added. And if I just hit the Delete key, it leaves the formatting in those columns, like this blue cell here. This is also called clearing content. I’ll use the Control key + Z simultaneously to bring that content back and undo changes. Now I’m going to go ahead and select the same cells. And when I right-click, you’ll see that there are options to Insert or Delete along with Clear Contents like I just did using the Delete key.

-So this time, I’ll choose Delete, and then I have options to delete a column or shift cells left or up. In my case, deleting column N and shifting cells left will clear the contents and formatting. I’ll choose Shift cells left. So now I’ll clear the contents of rows 17 and 18 with my sums and the average to get my content data ready for other ways to analyze it. And there are hundreds of formula options in Excel. In fact, if I expand Financial functions, there are dozens related to accounting and finance. and hovering over each explains how they are used. And in math and trig, for example, there are dozens more that may look familiar if you’ve ever used a scientific calculator. And here I’m just scratching the surface. Those are just a few highlights of the functions that you can use.

-But what if you know how to describe what you want but don’t know the function for it? And that’s another area where Copilot helps you get started. So this time, I’ll use Copilot to calculate the totals. I’ll type, “Add a row and column with totals for each month in category.” And Copilot adds the totals by month and even a new column with the totals per category. Copilot will also help with cell formatting. So if I add, “Make the cells you just added with formulas white and bold text in black,” in my prompt, Copilot then reformats those cells too. And you can also add colors to each cell to easily spot differences across these numbers using something called conditional formatting, which is something else that Copilot can help with. I’ll type, “Add conditional formatting in each row to highlight low and high numbers.”

-And now we can see where the numbers are the lowest and the highest compared to the others in the same expense category for each month. So you just need to describe what you want and Copilot will do the rest. Now let’s go ahead and move on to deeper analysis of our data. With conditional formatting applied, it’s easier to see each month and how it varies in costs across our different categories. So let’s find some outliers. So I’ll ask Copilot, “What months have the highest expenses and why?” And Copilot analyzes the information and finds the months with the highest expenses.

-Then for each, it explains why with the most likely reasons. In this case, December is my highest, and that’s likely due to holiday spending and seasonality. July is the next highest, likely due to air conditioning for utilities costs and the rest of the summer activities that were happening in July. Then August was third highest, also with more travel, AC costs, and dining out. The key insights here summarize what Copilot found with reasoning for increases and decreases along with the lowest months as well. And one more core component that I’ll touch on today is how Excel lets you edit workbooks simultaneously with others.

-As I mentioned in the beginning, when you’re using Excel, signed in with a Microsoft account, or using Microsoft 365 at work or at school, it stores your files in OneDrive by default. Now, it also means that when you share an Excel workbook with other people using their name, group, or email, I’ll add Adele here, for example, and hit Send. Then they will be able to open the Excel workbook on their computer or phone and simultaneously edit it with you. And while you co-author with other people as changes are made, like with Adele here, changing the amounts for dining out and entertainment in January, they are saved to the same file.

-So those are the basic concepts to navigate Excel, format data, analyze it, and work with others using sharing. And I showed you how Copilot AI can help you as you get started. To learn more, check out microsoft.com/excel. And be sure to subscribe to Microsoft Mechanics for the latest updates, and thanks for watching.

Work IQ | Data, Context, Skills & Tools for Copilot and Your Agents

Zachary-Cavanell — Thu, 14 May 2026 12:00:00 GMT

Pull context from SharePoint, OneDrive, Teams, email, and meetings — all through Work IQ. Draft Word documents that carry your existing sensitivity labels, and resolve calendar conflicts in Outlook. Run multi-step Copilot Cowork workflows that generate files, schedule meetings, and send status updates from a single prompt.

Extend the same knowledge layer to ServiceNow, CRMs, and other non-Microsoft systems with API and MCP Server connectors in the Microsoft 365 admin center, or build your own agents in code against the Work IQ API.

Jeremy Chapman, Microsoft 365 Director, shares how data, context, and skills & tools combine into a single grounding layer for Copilot and your custom agents.

Skip the manual prompt scaffolding.

Work IQ delivers data, context, skills & tools as the built-in knowledge layer behind Microsoft 365 Copilot and agents. See how it grounds every response.

Kick off Copilot Cowork with one prompt.

Generate a briefing doc, customer presentation, and Excel forecast in parallel. Queue up meeting scheduling and email drafts while it works. See how it runs.

Your agent. Your code. Work IQ’s grounding.

Integrate Work IQ data, MCP servers, plugins, and skills into custom agents via the Work IQ API. Start here.

QUICK LINKS:

00:00 — Work IQ Knowledge Layer

01:32 — Copilot Chat experiences

02:16 — Work IQ in your apps

03:03 — Auto-Applied Sensitivity Labels

04:20 — Copilot Cowork Agentic Workflow

06:11 — Admin Center Connectors

07:21 — Work IQ API for Developers

08:50 — Wrap up

Link References

Check out the latest updates at https://aka.ms/WorkIQ

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Imagine AI that understands your individual work context without you having to author long, detailed prompts, manually upload reference content, or query and add business data. That’s what Work IQ is all about. Today, I’ll explain what Work IQ is, how it works, and show you what it can do. So, Work IQ is the brain behind Microsoft 365 Copilot and agents. It’s a built-in knowledge layer that comprises data, with secure access to your unstructured work data across SharePoint, emails, Teams chats and meetings, as well as your structured business data in Dynamics 365 and Power Apps. And you can extend Work IQ data even further to securely interact with external systems using Copilot and Power Platform connectors.

-Then context adds semantic understanding of your business data and relationships, like who you work with, work patterns, like projects important to you. This context also includes personalization in Copilot, consisting of the instructions you provide to format its responses, as well as saved memories comprising personal interests and important facts that Copilot retains from chat.

-And finally, skills and tools as actions that AI can take with specialized capabilities like generating different files, workflow automation for business processes, scheduling relevant meetings, and more. Together, all of these elements are added to your prompts and subsequent reasoning steps performed to generate more relevant responses and outputs. If you’re using other AI tools today, these are things that you would need to bring in manually, sometimes moving files from policy-protected locations to services without your security controls or visibility, so let me show you a few examples of how this works, starting with a few that use data and context.

-So, I’m in Copilot Chat and want to follow up on a recent project discussion, so I’m going to I’ll prompt it, “What did Daichi say about the solar promo timelines earlier this week?” Even though this is a vague statement and could be information in email, Teams, or a recent meeting, Work IQ finds the conversation and its details, then presents those to me. It also finds a related meeting series in my calendar that Daichi scheduled on the topic. And these Work IQ experiences are also available in your apps, like Outlook or other Microsoft 365 apps.

-In this case, my calendar is packed with meetings and I’m double-booked in three different time slots. From Outlook, I can ask Copilot to recommend how to resolve conflicts on my calendar for May 12. Copilot, using information from Work IQ, analyzes my schedule, along with my priorities and past meeting patterns. It finds the three timing conflicts on top. Then for each conflict, it reasons over the adjacent meetings, my role, and work patterns to create detailed recommendations for each conflict time. Below that in the summary, it suggests which meetings to reschedule, who to notify, and some actions to take. And Work IQ can help as you write or edit your files in apps like Word.

-So, here, I want to to write a summary for a project, and as you can see, there are no project details in this document. It’s just a blank page. So I’ll open Copilot and I’ll prompt it to draft an executive summary about our expansion strategy that highlights our products, the market for outdoor gear, our unique position, and go-to-market strategy. Copilot, together with Work IQ, finds and pulls in data from relevant project files in SharePoint and OneDrive, recent updates from meetings, and relevant emails and Teams conversations. You can see that it automatically applied a sensitivity label based on my existing information protection policies.

-Then it generates a detailed summary using all of the data and context that it found, and assembles a fully formatted Word document with specific details about our connected outdoor products, the market opportunity, go-to-market strategy, and our expansion plan with details for carrying it out. As you saw, I didn’t need to author a super long detailed prompt with the project details and have to upload any content or even directly reference files using links. It automatically retrieved relevant content that was aligned with my access permissions as well as my company’s data security policies.

-Now let me show you an example using intelligent skills and tools. In this case, I need to prepare for a customer meeting where I need to have several files generated, internal briefing document, a customer presentation, and data insights in a spreadsheet. So, for that, I’ll use Copilot Cowork. I’m going to paste in my prompt where I’m asking it to create those files. Now, I’ll kick off the process. And now it’s using Work IQ data, context, skills, and tools to find relevant data and information and then generate the files I want.

-Now, this process can run several minutes, so I’ll speed things up a little to save time. As it works, I can even request more tasks while it’s running using other skills and tools. Here, I ask it to schedule prep time with people on my team and send an email status update to the account team. As it continues working, it checks and finds a mutually open time on our schedules, and it proposes a meeting with participants with all of the details filled in. I can create it right from here. Then it uses another skill to author an email to my contact on the account team that I can even edit right from here. Once everything’s done, you’ll see that it’s created a Zava client presentation, a customer briefing doc, and a customer overview Excel file. I’ll open the briefing document first, and it has everything relevant to the meeting and uses our standard briefing template.

-Now, I’ll open the presentation it generated. It explains our work at a glance with key metrics from Work IQ and referenced files, as well as revenue and growth highlights. Now, if I move on to the generated Excel file and open that, it’s laid out year-over-year performance and used that to generate forecasts for this year And you can see the growth trends and more, all from the data it discovered via Work IQ. And like I mentioned, the data can be securely extended to systems from non-Microsoft services using connectors, allowing you to pull in other information like your online CRM systems, content management, databases, ticketing system, and more.

-Now, these can be added and configured under Copilot Connectors in the Microsoft 365 admin center. The gallery lets you select from dozens of pre-built connectors or you can create your own. And these can be API-based or MCP server-based. API connections are indexed for read operations and MCP servers are not indexed and support read and write. To add one, like this API-backed connector for ServiceNow Knowledge, you’ll set up the REST API endpoint, provide its namespace and URL to your instance. And since I already have a few MCP server connectors configured, I’ll cancel out of this view and then go to my connections to show you those. Now, here, you can see all of the MCP connections that I have configured in my tenant for things like financial apps, creative suites, collaboration services, and more.

-Once connected, these in turn can be accessed via Work IQ by Copilot or your agents. In fact, as a developer, if you are building agents, you can integrate Work IQ into your code with connections using the Work IQ API. Here, I’m using the GitHub CLI. It’s connected to Work IQ and using its underlying MCP servers, plugins, and skills. I have my prompt already entered to find a conversation with Ben and Darrel asking about the availability of an MCP server from the claims team. Now, I want this agent to build another agent based on our discussed feature requests, so I’m going to kick it off. And you can see that it reasons immediately and looks for the conversation to find the features that it needs.

-So, after it’s found that, it lists out the features and connects to the insurance claims MCP server and looks at its available tooling. Then it starts to build the scaffolding files for the new agent as JSON and text files. And then deploys a local instance of the agent to test out with a link, so I’ll open that and run a prompt to stack-rank my open claims by age so I can clear the backlog. Then the agent builds a nice claims dashboard with a tiled view of each stack ranked claim. And below that, it even summarizes my priorities so that I can easily focus on what’s important and work through the list.

-So, even as you develop new agents or work in other solutions, you can use the data, context, skills, and tools from Work IQ to power those experiences and save time. Work IQ works with Copilot and your agents to deliver personalized, accurate, and grounded outputs based on your real work data, context, and specialized skills and tools.

-To learn more, check out the latest updates at aka.ms/WorkIQ. Keep watching Microsoft Mechanics for latest deep dives about AI and what makes it work. And thanks for watching.

Azure Arc | On-prem + Multi-cloud Management

Zachary-Cavanell — Wed, 13 May 2026 14:32:38 GMT

In this video, we explore how Azure Arc simplifies hybrid and multi-cloud operations by providing a single, consistent control plane for managing your entire infrastructure across Linux and Windows, on-prem, in Azure, or in any cloud.

Once connected, you can patch Windows and Linux together with Azure Update Manager, enforce CIS benchmarks and Azure Security Baselines through Azure Policy, and pull consistent inventory, tags, and RBAC across your whole estate.

Auto-recover unbootable Windows Server 2025 machines with Quick Machine Recovery, audit and configure WinRE using built-in Azure Policy. Run your virtual machines as Azure Virtual Desktop session hosts on Nutanix, VMware, Hyper-V, or using physical Windows hardware.

Satya Vel, Azure Arc Principal Group PDM Manager, shares how to make Azure your operational standard for every workload, anywhere it runs.

Learn more about Azure Arc at https://aka.ms/AzureArcServer, or join the community at https://aka.ms/ArcServerForumSignup

Organize, filter, & manage inventory at scale.

Centralize visibility into servers, VMs, and Kubernetes clusters across on‑prem, AWS, GCP, and Azure from a single control plane. Check out Azure Arc.

Policy-as-code, everywhere your servers run.

Azure Arc extends Azure Policy to on-prem, AWS, and GCP resources — pre-built CIS and security baselines included. Try it.

AVD, off-Azure.

Azure Virtual Desktop for hybrid environments turns any Azure Arc-enabled Windows VM or physical server into a session host. Get started.

QUICK LINKS:

00:00 — Azure Arc in hybrid environments

00:46 — Transitioning to Azure Arc

02:35 — Unified management

03:43 — How to bring in servers and containers

04:48 — Inventory management

05:30 — Patching

06:48 — Auto-manage future updates

08:25 — One-time update

09:32 — Configuration in a hybrid environment

11:05 — Auditing Windows machines

11:34 — Microsoft Defender for Cloud

13:06 — Desktop virtualization

13:51 — Wrap up

Link References

For more information go to https://aka.ms/AzureArc

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- If you’re managing servers and containers today, you’re probably operating across on-prem multiple clouds and using different tools for each. Azure Arc changes that by providing a single way to manage servers, Kubernetes, and containers across Linux and Windows, on-prem, in any cloud, and at the edge. Since launching in 2019, Azure Arc has gained strong momentum, enabling consistent patching, configuration, compliance, and advanced resilience features like remote recovery even for machines that cannot boot and more. And to explore how Azure Arc works in real hybrid environments, I’m joined by our resident management expert, Satya Vel. Welcome.

- Hi, Jeremy. It’s great to be on the show. It’s been a while.

- Yeah, it has been a while. Thanks for joining us today. And why don’t we jump right into this? So if I’m coming from maybe a traditional server management background using things like Ansible, VMware vSphere, maybe System Center, what does it take then to transition to Azure Arc, and why would I do it and is it worth the effort?

- That’s a fair question. Those are all proven powerful tools. That said, it’s challenging moving between multiple tools to manage what you have. What we are seeing today is more of a people and process change. Most enterprises are now hybrid by default, on-prem, multi-cloud, multiple operating systems managed by a central operations team. And what those teams want most is consistency. Azure extends its management capabilities to servers and Kubernetes clusters wherever they run using Azure Arc. That’s where the value of cloud native innovation shows up, beyond basic monitoring of servers and clusters, like the health and status of each resource. With Azure Arc, you can collect richer operational and security data and query it at a massive scale. All these are now actionable insights. You can use them to improve your security posture to close vulnerabilities faster. They’ll let you more easily fix compliance drift to realign resources with your policies and maintain day-to-day operations. This includes modern patching, all applied across your multi-cloud and hybrid estate. And finally, Azure Arc centralizes governance by bringing consistent tags for grouping along with unified identity and access management using RBAC for connected resources. That way everything is controlled the same way regardless of where it runs from a single control plane without duplication or drift. So to answer your earlier question, it is totally worth it, and Azure Arc is really the glue that brings it all together.

- Okay, so why don’t we make this real for everyone watching? Can you show us the unified management experience and what that looks like with Azure Arc?

- Sure thing, and that’s the best part. In fact here I’m managing my on-prem and multi-cloud environment using Azure services enabled by Azure Arc. Notice I have everything from a Windows server to Kubernetes clusters running on AWS, different Linux distros. There’s even a Windows client Desktop VM and more. All right here. And I can drill into any of these items to see its specs as well as what’s configured. I can take a look at whether it’s compliant with my configuration policies. For example, this test resource has a few non-compliant policies that I might want to take a look into. And the great thing is everything is in one spot. I don’t need to move between consoles to see everything. Once these resources are enrolled, everything is automated and rule-based. I can look for servers and workloads as they are provisioned or updated, and monitor them 24/7. Then based on the configuration status it finds, it can take actions and get items into a compliant state.

- Okay, so we’re going to get to what the management experiences look like in a minute, but let’s go back a step. So what happens if I’ve got infrastructure and I want to bring that into Azure Arc? What does that experience look?

- This process is super straightforward and simple. Let me show you. You can bring servers and containers running in any cloud on-premises and on any hypervisor under management with Azure Arc. To onboard resources to Azure Arc, we have a few different methods. The any environment option is the most flexible, where you can use scripts for Linux and Windows, or an installer. This is a lightweight agent that you can install on your Linux and Windows servers. You can use your preferred deployment method to run the scripts on your servers and clusters, like this one for Linux, which downloads the agent, installs it and connects it to Azure Arc. And if you have existing tools like Ansible Automation Controller, formerly known as Ansible Tower, we have published a playbook that makes it super simple to onboard your machines. And this playbook is published in the Ansible Galaxy, which is the official community hub.

- Okay, so now we’ve got everything in. Now moving into the next thing that people manage a lot every day, inventory. So how does Azure Arc change that?

- So I briefly showed the different locations and platforms that could run under Azure Arc. But there’s more to it. All my servers and clusters are in one view. It spans on-prem as I search for Azure Local, then I’ll filter for AWS as well as GCP services. And I can see Azure VMs plus my on-prem servers listed together with a consistent tagging and status information. I define everything based on their location and platforms in Azure, so it’s super easy to see where everything is running, and there’s less chance that any infrastructure falls through the cracks.

- Beyond inventory management, something else that we do every day is patch management. So can Azure ARC handle patch management for servers and infrastructure outside of Azure?

- Absolutely. This is an area where Azure Arc can help a lot. Today, patching often means different tools for different environments: WSUS or SCCM for Windows, scripts for Linux, or separate crowd portals. And with Azure Arc, this all happens consistently from one place. You can see Azure Update Manager, which I have opened here. Each server has an update status indicating if it’s got pending updates or not. Azure Update Manager continuously assesses the update compliance of your managed servers on a schedule. And you can manually trigger assessments by selecting resources and hitting check for updates. Now, you can see I have both Linux and Windows machines missing updates, and even though these are different OS types, I can update them together with just a few clicks if I want. But before I do that, notice this on-prem Windows Server 2016 machine that needs to be updated. Here, a benefit of managing your Windows and SQL Server infrastructure on Azure is that the service offers extended security updates so you can run them longer in support without disruption to business critical applications. Let’s get back to updating these machines. The nice thing is that you only have to set the right policy and logic one time to manage updates automatically in the future. To save a little time, I’ll select every machine. From here, I can schedule updates for these resources where first I’ll fill in the basics for my subscription and resource group. Then the instance details like the configuration name and the region. The maintenance scope using the guest option lets me target my resources. Then under schedule, I can select the start date as well as the time, how many hours and minutes I want the maintenance window to be, the frequency of repeats in hours, days, weeks, or months. Then in the resources tab, if I want to add more servers, I can group everything I want in the same maintenance schedule. Likewise, you’d use this grouping for staggered rollouts. Importantly, using dynamic scopes, I can also make sure that any new resources are targeted as they come online based on defined filters like the resource groups they’re in, the resource types, locations, operating systems or tags. In updates, I can target the type of updates I want, for example, only critical and security updates. Finally, I can add pre and post events to run before and after the update, like redirecting an app to an informational page saying that the resource is being serviced and when it’ll be back online. Of course, I can tag this as well. And then I just need to review and click create.

- And the favorite thing I just saw there was the dynamic scoping that you can apply as a set it and forget it setting basically. So what happens though, if I’ve got an update that’s really critical that I need to push out immediately, can I do that?

- Not a problem. You can do that as well. For that, you’ll select one or more resources and choose one time updates so that it gets applied immediately. I just need to confirm the machines, then choose the update type or any exclusions that I want to define. I’ll keep everything in scope here. Then in properties I can determine the reboot behavior I want and maximum maintenance window time in minutes. From there, I can review and install. That will push the update to my selected servers, whether they are in the cloud or on-premise, so it’s one place to get resources into update compliance. And in case you want to stagger updates over a longer period of time for large patch management jobs, you can orchestrate updates using groups.

- So the main thing is here you control the timing, like only patching during off hours and approvals and you get to decide which updates to apply, so it’s super flexible. Now, software updates are one type of configuration management, but what other types of configurations can you manage here?

- Configuration management in hybrid environments is complex. You traditionally use group policy, desired state configuration or scripts for Windows, and then separate tools like Ansible, remote scripting or manual commands of SSH for Linux. All this can be done centrally from Azure Arc. It extends Azure policy to any resource. And you can use Microsoft provided built-in policy baselines covering common security requirements. For example, the security baseline contains best practices and controls that we’ve defined for cloud services running on Linux and Windows. And above that, you can also see CIS Benchmark policy, which is an internationally recognized standard spanning OS platforms used to protect against cyber attacks. I’ll apply this baseline, then I’ll choose the Red Hat Enterprise Linux 9 Benchmark. And searching across 300 CIS Benchmark policies, I’ll look for passwords. And there are 24 policies defined. And then for Firewall, you can see four more. And these are just a few examples that are pre-configured. So once you assign these to your resources, Azure continuously monitors each machine for compliance. So you can use policy as code across your entire state with Azure policy controls that automatically stay current as standards like CIS evolve. We also recently added the ability to audit and enable WinRE through Azure Arc, improving recoverability even for machines that can’t boot. As you can see, there are a couple of new policies for auditing machines that do not have WinRE enabled and configuring WinRE on Windows machine. With quick machine recovery on Windows Server 2025, that also means for broader issues with known fixes, we’ll automatically recover machines that are not bootable.

- And that’s really a great resiliency option. But what about security, compliance, and configurations and assessments? Can we do something there?

- For that, you can use Microsoft Defender for Cloud. This lets you standardize security agents and settings across machines and containers wherever they run. In the Defender portal, you can see that the same way Azure Resources spanned Azure, AWS, GCP, and other environments, those same resources are visible here too. Defender continuously assesses connected resources for security posture. This includes what I showed before in the Security Baseline and CIS Benchmark. It detects threats in real time with associated security alerts and how they are trending. You get a complete breakdown by compute with your virtual machines and their associated risks. And the same is true for your connected containers running in Kubernetes. If I move over to cloud assets here you can see all the virtual machines, Kubernetes clusters that we saw in Azure Arc. And clicking into any of these, like this Ubuntu VM will show me all of its details. Scrolling down, I get a view of its risk factors. And below that, you’ll see that this one has 82 risk-based recommendations to improve its security.

- And one of the big upsides of Microsoft Defender is that shared visibility, so everything logs to the same place. So if you think about assumed breach, it means that you won’t have any blind spots then as attackers are moving laterally through your environment. So that means security teams, they see what you see. So why don’t we move on though to desktop virtualization. What can Azure Arc do to help me there?

- Sure, Azure Arc unlocks the ability to run Azure Virtual Desktop, or AVD, for short, outside of Azure so it can run on your own infrastructure, either via Azure Local or something new we recently announced: Azure Virtual Desktop for hybrid environments. This means any existing on-prem server can be configured as a AVD session host as long as it’s attached to Azure Arc. The management is in the VM layer using a management extension. It’s flexible, and Nutanix AHV, VMware vSphere, Hyper-V, or physical Windows Server can work. So with Azure Arc, you have full control over the entire infrastructure’s lifecycle from inventory, configuration management and policy enforcement all from one place. And the good news is that if you own Software Assurance, you can access services enabled by Azure Arc as part of your license for inventory, configuration, and update management.

- That was a great tour and update of Azure Arc. So thanks for joining us today, Satya. And if you want to learn more about Azure Arc and try it out for yourself, just go to aka.ms/AzureArc for more information. Or as an admin search for Arc, A-R-C, in the Azure Portal to get started. And keep watching Microsoft Mechanics for the latest updates. We’ll see you again soon.

Agent 365 | Your Security & Compliance Controls

Zachary-Cavanell — Wed, 13 May 2026 06:21:15 GMT

Block agent access to labeled files at runtime, stop sensitive data from leaving in agent-drafted emails, and catch agents that cross conduct lines using the same Microsoft Purview controls you already run for users. Map every risky agent action in Insider Risk Management, drill into Activity Explorer for interaction-level detail, and pull regulator-ready forensics from Purview Audit.

Shilpa Ranganathan, Microsoft Purview Partner Group Squad Leader, shares how IT and data security teams can govern agent behavior on a single Agent 365 control plane built into the Microsoft tools that you're already using today.

Block labeled files from agent access in real time.

No policy bypass, no data leak. See how it works using Microsoft Purview as part of Agent 365.

Same policies, now extended to agents.

Purview DLP catches sensitive content and blocks the send. Watch it in action.

Map the full chain of risky agent actions in one view.

Insider Risk Management in Purview sequences sensitive file access & DLP blocks. See how it works.

QUICK LINKS:

00:00 — Agent security, compliance, & IT

01:13 — IT & data security teams using Agent 365

02:22 — Visibility with Microsoft Purview

03:14 — End user perspective

04:05 — DLP on Agent-Initiated Messages

04:23 — Communication Compliance for Agent Behavior

04:50 — Data Security admin in the Purview portal

06:04 — Policy violations

06:39 — Purview Audit

07:06 — Microsoft 365 admin center

07:44 — Wrap up

Link References

Check out https://aka.ms/Agent365DataSecurity

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-How do you make sure agents don’t run unchecked across your environment? It starts with the right level of observability across security, compliance, and IT, insights that’s tailored to each team’s domain expertise, yet shared across teams, so issues can be identified early and addressed quickly when something goes wrong. This is where Agent 365 comes in to bring together security and IT teams so they can stay in control through a unified control plane, built to work with the Microsoft tools you already use.

-Whether you’re viewing agents along with their configurations and high-level activities in the Microsoft 365 Admin Center, understanding agent activities and protecting sensitive information with Microsoft Purview, managing agent identities and permissions to apps, data, and resources with Microsoft Entra, or investigating and responding to incidents in Microsoft Defender, Agent 365 provides a common source of truth for agent activity, enabling teams to assess and respond to risks from their own domain expertise using the tools and workflows they know best. Today is the first episode in a series where we go deeper on using Agent 365 across your organization, starting with protecting your sensitive data. For example, if data isn’t properly classified and protected, AI, which uses powerful semantic search, can quickly surface information that was once hard to find, leading to data loss.

-At the same time, it can potentially share it with the wrong people, and related other risks can escalate quickly. Microsoft Purview now extends the controls you have for users in your organization to agents so they stay aligned with your organization’s data security and compliance requirements. Let me show you how IT and data security teams can work together using Agent 365. Starting in Agent 365 in the Microsoft 365 Admin Center. As an IT admin, I can see a comprehensive list of agents in our organization. I can manage agent deployment requests to review the details for agent configurations and even leverage built-in security defaults for Agent 365 to quickly establish policy controls.

-That said, as agents are used inside of your organization, Microsoft Purview, as part of the Agent 365 control plane, provides more granular controls with deeper visibility over data security. This includes rich AI observability, protection, and compliance. Right from Microsoft Purview, I can see agents running in my organization with the same left-to-right agent visibility we saw in the Microsoft 365 Admin Center. From Data Security Posture Management, or DSPM, for short, I can find key agent metrics and what’s important for data security, like which agents are active and their risk levels, whether they’re interacting with sensitive data, in which ways, along with interaction trends. I can also see if their activities are protected with sufficient policy coverage.

-Let me show you an example of how this level of oversight and protection works, starting from the end user perspective. This is a custom, in-house-developed Zava supplier agent. It’s designed to review and summarize purchase orders for clients. Here, a member of the procurement team asks the agent to review a few linked purchase orders PDF files and check for delays and impacts. The reasoning agent gets to work almost immediately, providing a summary for the linked files. It then attempts to access a contract file to figure out the contractual impacts of any delays.

-Now, because the contract has a label that the agent is not allowed to process, it stops and says that it cannot access the information contained in that file. This is Microsoft Purview enforcing least-privilege access in real time. Next, our same user asks the agent to email the summary to an external supplier. The agent tries, but Purview spots sensitive data in the message. In fact, if we move to Outlook and open the message, we can see that our sensitive information policies have blocked the email from being sent. Back in Teams, we can see that the same user is attempting to use the agent to draft an email that promises an exclusive gift incentive to fast track the PO approval. The agent stops again. It recognizes the request crosses ethical and compliance lines and explains why to our user.

-Importantly, behind the scenes, Purview logs all activity as it happens and flags the interaction for review. In fact, let’s switch perspectives to the data security admin in the Purview portal after these activities have taken place. I’m back in DSPM under AI Observability with a view of my running agents. And on top of my list, Purview has flagged the supplier agent as high risk. Let’s drill into it. For that, I’m in insider risk management view for this activity. It maps out the sequence of events that our user and agent attempted to carry out, starting with sensitive file access in SharePoint, including the contract I mentioned.

-Then the DLP policy block, which stopped the email summary from being sent to the external supplier. And, finally, the unethical behavior block when a user attempted to offer a gift in exchange for faster contract approval. All these activities raise the risk level of the agent, and each action is clearly outlined. To get more detailed context about the agent’s behavior, I can view the activity timeline, which links me directly into Activity Explorer in DSPM to see other interactions with this agent. It looks like there’s a mix of benign activity at the bottom of the list, and the higher risk activities for our user are at the top. All prompts and responses are evaluated against compliance policies and classifiers, and any matches are surfaced using the same investigation and remediation workflows you already use today.

-In fact, you can find the details for agent policy violations across solutions in Microsoft Purview. For example, if your focus is on communication compliance, you can find the details for the agent interaction that was flagged as unethical. In this case, it matched the gifts and entertainment condition. And clicking in, you can see related matches for other sources too. And Purview Audit also captures every agent interaction, which you’ll find using an audit search.

-Here we’ve searched across agent interactions that occurred between February 1st and March 1st for our agent, and you can see the exportable details for each interaction, including IP, user, agent, record, and activity details. So when a regulator asks: “How did this happen?” You can trace it instantly using Purview Audit. Of course, with Agent 365 at the foundation, everything is connected and integrated across the control plane. So now as an IT admin working in the Microsoft 365 Admin Center, I can see the agents running in our environment filtered by high risk, and there’s our supplier agent. In its details, under Security and Compliance, I can see it has performed a few risky activities. This is all signal that has been pulled in from Microsoft Purview as part of Agent 365.

-From here, I can tune the agent configurations, including its permissions, or even block it all together from use. AI agents move fast, and without the right level of visibility and guardrails in place, they can easily access data they shouldn’t overshare, and even work against your company’s ethics. Agent 365 with Microsoft Purview keeps your agents in line, spots trouble before it happens, and makes sure that actions are recorded.

-To learn more, check out aka.ms/Agent365DataSecurity. In the next episode of the series, we’ll explore Agent 365 with Microsoft Defender to investigate and respond to security incidents involving agentic activity. Subscribe to Microsoft Mechanics if you haven’t already, and thanks for watching.

Operations Context for AI | Ontology in Fabric IQ

Zachary-Cavanell — Wed, 29 Apr 2026 16:50:48 GMT

Generate a full business ontology from an existing Power BI semantic model, map entities and relationships, and embed real-time operational signals alongside business rules that live inside the ontology with the data and its meaning.

From there, trace cascading operational impacts across your business through the relationship graph, stand up Operations Agents in natural language with Teams-based actions, and connect the same ontology as a knowledge source in Copilot Studio or Azure AI Foundry.

Chafia Aouissi, Fabric IQ Principal PM Manager, shares how to model your business operations, embed intelligence in your data, and deploy agents that act on it.

Logic lives with your data.

Embed business rules directly in the Fabric IQ ontology. Define thresholds, trigger notifications, and cascade decisions through connected entities. Watch the demo.

Surface cascading impacts with a single query.

Filter the Fabric IQ relationship graph by any entity and trace downstream operational impact across your entire business. Check out a built-in ontology graph in Fabric IQ.

Build a Fabric IQ Operations agent in natural language.

Define monitoring goals, connect your ontology as its knowledge base, configure Teams actions, & deploy. See the full build.

QUICK LINKS:

00:00 — Unify models & data with Fabric IQ

01:12 — Generate an ontology

02:27 — Bring in Power BI reports

03:08 — View across multiple data sources

04:23 — Define rules

05:18 — Built-in ontology graph

06:03 — Fabric IQ agents

08:24 — Fabric IQ as Knowledge Source

08:54 — Wrap up

Link References

Get started at https://aka.ms/FabricIQ

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-The agents you build and use need the right operational context of how your business runs to deliver the best outcomes. Today, that context is often fragmented across systems, defined differently by different teams, or buried in dashboards and logic, making outcomes inconsistent and agent behavior hard to predict. That’s where Microsoft Fabric IQ comes in. Fabric IQ introduces a semantic foundation that unifies models and data through an ontology. It defines the shared business entities and their relationships, and connects them to your data. It provides the operational context needed to understand how the business actually runs, without altering any underlying data. Analysts can not only work with the data they already trust, but also model how the business works. And agents can use that same shared context to reason and act more consistently. Today, I’ll show you both sides.

-First, how a data analyst leverages Fabric IQ inside a Fabric workspace, using ontology to model the business concepts. Then, how Fabric IQ uses the same context to drive more reliable and predictable insights from agents. I’ll start from the point of view of an analyst looking to create a full fidelity view of how an airline operates, including processes such as ticketing, maintenance, and more. The first thing I need to do is to create a new ontology. I can either build one from scratch, or jumpstart by using an existing Power BI semantic model. As you see here, there’s a new option to generate an ontology from this semantic model. I just need to choose the workspace, give it a name. I’ll choose AirlineOperationsOntology. Then confirm by hitting Create. In just a few clicks, I’m able to see the different entities of our airline business. All data is now linked not only through keys, but also business relationships and semantics. We can see flights, airlines, routes, and more. If I click into airports, because Fabric IQ is semantically aware of the relationships between entities, it shows the routes connected to runways which are in turn connected to airports.

-And for any entity, I can choose to add more live operational signals. In this case, I want to add details about the runway conditions using real-time data, including contamination, visual range for visibility, as well as the available cleared width and more. And you can also bring in your Power BI reports for a canonical view of how to monitor and manage these aircrafts. From the ontology, I’ll head over to the Report links tab that opens the OneLake catalog with all of my reports. I’ll search for air and there are three matching reports for gates, ground service, plus safety and runway. So I’ll add them and hit Connect to confirm.

-So, in just a few clicks, we’ve expanded our ontology with the live operational view, using real-time signal, geospatial data, and more. Now, as an analyst, I can work immediately with it, and our agents can act on it as well. Let’s fast‑forward and see what I’ve unlocked. You can see that I now have a richer view over my data, which is connected to real‑world operations. We’re no longer optimizing one report or one dataset at a time. We’re looking at our operations across multiple data sources, in the language of our business, with meaning and relationships already understood.

-Now let me show you how this makes it easier to turn insights into concrete decisions and actions. First, in the flight entity type overview, I can see how it relates to my other business processes. I see entities like bookings, gates, airlines, and more as a graph. I have links to all of my connected Power BI reports. There is a real-time weather data, including wind knots, as well as geo-spatial insights showing all of my flights. Using Fabric Maps, I have a fleet level view of all my active flights, and I can see live air traffic across the fleet. This, in fact, is a heat map view of three New York City area airports, and we can see that JFK in this case is impacted with lots of runway activity.

-I can now understand the system as a whole, across bookings, flights, airports, and real‑time conditions. And I can drill in further to understand what is going on: I have opened the runways entity, and you’ll remember some of these categories from before. Since there’s snow in the area, I can immediately see the runway conditions that affect operations, things like surface friction and contamination levels, so I understand how safe it is for planes to take off and land.

-Beyond connecting raw data, I can also define rules directly in the ontology, so this logic lives with the data and its business meaning, instead of being hard coded somewhere else. In this case, I’ll add a rule that says if runway contamination exceeds high threshold value of 25%, notify the passengers proactively of upcoming delays. We’ll also notify the ground crew, so they know that the runways need to be cleared. The rules are now embedded in the ontology, and the value comes from seeing how runway conditions impact the rest of the operations. That’s where the built‑in ontology graph helps. Let’s look at the relationship graph. I’ll expand the graph view. And add a filter for JFK airport Then run the query. No code needed here. And I get a filtered view for JFK. And immediately, I can see a poor condition that’s affecting Runway 25R.

-From that insight, it’s easy to see the downstream impact. This runway issue is already affecting related gates and baggage operations that will need to be rescheduled. This is a unified view of our entire operations and how connected events will cascade across related business entities. This is how ontology helps you as an analyst. But remember, the same operational context is also available to AI agents, no matter how you build them.

-Let me demonstrate this in the context of one our built-in Fabric IQ agents. From the New Item catalog, you can find the built-in agents by searching for agent. There is a Data agent designed to answer questions, and an Operations agent designed for real-time data and business action recommendations. The Operations agent is a perfect fit for our airline operations scenario, so I’ll choose that one. I want this agent to help with runway-related analysis and actions, so I’ll name it RunwayConditionsAgent, leave the location, and create it.

-From there, I can add a bit more information to set up the agent, like adding the business goals for what it should accomplish I want this one to monitor surface conditions for runways and ensure things run smoothly based on logic like we used before. In fact, in the Agent instructions, using natural language, no code, I’ll describe that if surface contamination is reported above 10%, send ground crews to take care of it. Likewise, the clear width should be more than 25 meters, and the agent should send ground crew to visually assess whether planes can safely brake.

-Now let’s add some knowledge. And for that, I’ll choose our AirlineOntology. And here’s where I can add actions. I’ll add one to assign ground crew for clearing, along with description for what needs to be done. Then I’ll give it the Runway ID as the one to clear and the Temperature to predict the type of clearing needed. And Create to add that one. Now I’ll add another for requesting visual assessment, and perform similar steps for the parameters. These will send status updates in Microsoft Teams. Now everything is defined and ready. I just need to save this new agent. That takes a moment. And once it’s finished, it creates a nice agent playbook with what it’s designed to do.

-Now, with the agent running, the right people will get notified of what to do in Microsoft Teams Here, I’m looking at the Operations agent It’s alerting us that Runway 29L has only 22 meters of clear path. This is under our 25 meter threshold. It recommends to deploy the ground crew for a runway clearance operation. As the human in the loop, I can choose whether or not to proceed with the recommendation. I’ll do that.

-Then it asks to confirm a few details. They look good, so I’ll confirm, and the ground crew is on its way. And here is the good news. If you’re building your own agent in Microsoft Copilot Studio or using Microsoft Foundry, Fabric IQ ontology will be an integrated knowledge source that you will be able to choose from. As you choose your knowledge types, you can select Fabric IQ. This will ground agents in the same semantic foundation that already runs your operations. And of course, the agents you build and connect to Fabric IQ will respect the permissions and security policies you already use in Fabric today.

-As I have shown, Microsoft Fabric IQ gives agents shared understanding, with entities, relationships, rules, and actions so they can move from insight to decision more reliably. To learn more and get started, check out aka.ms/FabricIQ. Keep watching Microsoft Mechanics for the latest news and deep dives. And thank you for watching.

Foundry Agent Service + Microsoft Agent Framework Explained

Zachary-Cavanell — Tue, 28 Apr 2026 13:15:00 GMT

Deploy directly from your local environment, run with secure identity and scoped permissions, and monitor every interaction so you can debug, improve, and scale without losing control. Publish agents into the tools your team already uses and ensure every action is traceable, governed, and isolated.

Ground your agents in real work and business data to generate outputs that are actually useful. Pull from emails, meetings, and operational systems to create personalized insights, documents, and presentations. Build faster with familiar tools and frameworks, then manage performance, cost, and quality across all your agents as they scale.

Jeff Hollan, Partner Director, AI Agent Services, shares how to operationalize AI agents across your organization — from deployment to real-world impact.

Control what your agent can access.

Assign scoped permissions and identities so every action is traceable and compliant. See how it works in Microsoft Foundry.

Scale agents without losing visibility.

Monitor performance, conversations, and health in one place with Microsoft Foundry. Check it out.

Pull insights from across systems.

Prepare faster and make better decisions. Act with full context, not guesswork using Work IQ, Foundry IQ, and Fabric IQ.

QUICK LINKS:

00:00 — Build single and multi-agentic workloads

00:44 — Build agents at scale with Foundry

01:33 — Demo: Sales meeting preparation agent

03:32 — How it works

04:48 — Access controls

05:44 — Publish the agent

06:23 — Direct integration with Microsoft 365

07:26 — Work IQ, Foundry IQ, & Fabric IQ

10:24 — Agent creation

11:21 — See what’s happening in the code

12:54 — Manage performance

13:56 — Wrap up

Link References

Go to the Microsoft Foundry to build your first project at https://ai.azure.com

Check out https://github.com/microsoft-foundry

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- AI agents are gaining traction everywhere right now, but moving from experimentation to production, especially in enterprise environments is where most people get stuck. So to solve for this, today we’ll get hands-on with the Microsoft Foundry Agent Service, a platform which lets you bring in your own agents using your preferred tools and host them with built-in enterprise controls, measurability, and discoverability, and the powerful open-source Microsoft Agent Framework that’s uniquely designed to make it easier to build both single and multi-agentic workloads with orchestration. And joining me to demonstrate all this is resident developer expert, Jeff Hollan. No stranger to Mechanics. Welcome back.

- I’m so excited to be back.

- Yeah, so it’s been a while. It’s good to have you back on. So these two services that we’re covering today, both are for hosting and building agents themselves. So what’s driving all this?

- What’s driving this is something that we are hearing constantly, which is even though it’s gotten easier to build agents, it’s hard to deploy them safely and reliably across the enterprise, especially considering that a lot of what we see getting built has moved past the small pilot phase. Some agents might be chat experiences used by thousands of employees while others run behind the scenes, sometimes integrating with mission-critical systems. These all need foundational capabilities, like identity and access controls, private connectivity, along with agent and fleet-level telemetry and tracing, which is complex to stitch together by yourself. And so our Foundry services help you build agents that will run securely and at scale with full visibility.

- So I’d love to see an example of this. Did you come prepared?

- Of course, I came prepared. Let’s jump into it. So what I’ve helped walk through here and built is a sales meeting preparation agent. This is the kind of thing that a sales team would use to get ready for customer meetings. Now I already have my code written here and ready to go. I’ve used my framework of choice. In this case, this is the Microsoft Agent Framework written in Python, but you could bring your own framework and language. And you can see that I’ve defined quite a few tools here, some middleware logic and even a workflow. Now, all of these details we’re going to jump into in a bit, but importantly for now, I just want you to know that this is all running locally. It’s ready to go. I’ve built it out. Now the question often comes, how do I take something like this but get it deployed? How do I make sure that it can run in a secure and scalable way that’s compliant and safe across my entire enterprise? And Foundry makes this incredibly easy. So right here in Visual Studio Code, if I expand out the AI Toolkit extension, I can simply hit deploy to hosted agents. This gesture takes my agent as I’ve written it, packages it up, and deploys it inside of Foundry as a hosted agent. So why would I want this inside of Foundry? And I want to walk you through some of what lights up the moment that I do that. So here in the Foundry portal, you can see that this is the same agent that I was just looking at locally, but now it’s running inside of Microsoft Foundry. So let’s go ahead and call this agent from the playground so I can show you all the type of capabilities that it has in action. So I’ll ask it, what important meetings do I have this week? Now I’m actually using some of the more modern agent patterns here. So my agent is actually executing inside a secure sandbox or microVM. So you can see this agent is actually starting to think and work through the problem, looking at my calendar. It has the ability to write and execute code, very much like powerful coding agents like GitHub Copilot CLI or Claude Code. Now, while it runs, I’ll describe a little bit of how this works behind the scenes. First, as soon as you deploy the agent, it gets its own unique ID assigned from Microsoft Entra. The ID makes it so that any action the agent makes, like looking at my calendar, is traceable back to the agent. And it allows the agent to autonomously access resources directly with its own scoped permissions, or the agent can act on behalf of a human in the loop using the user’s permissions instead. And on top of all of that, for each user that invokes an agent session, Foundry automatically spins up a secure microVM, which is an isolated sandbox. So now if I ask a question and another salesperson asks another question at the same time, because we each have our own agent instances, the information from each of our sessions can be read, written, and stored in its own dedicated space. Additionally, for every interaction, the service looks at any policies or guardrails set by your organization. This ensures that your agent works within the controls you’ve set, whether it’s content filtering, protecting prompt injections, or preventing against copyright materials. So you can maintain precise control over what the agent can do and access, and everything was set up automatically when I deployed this agent. So if I come back here to our running agent, you can see that it’s returned some results. It looks like the Zava DIY is my top priority based on all of the signals that it found and looped through. So in this case, it’s worked on behalf of me using my identity and permissions to look at my calendar and surface the accounts that I should be paying attention to.

- It makes sense you’d want to have the right access controls in place because it is actually needing to look at your inbox. For example, your calendar, your data, and your file stores.

- Yeah, and this is super important to make sure that you’re building a compliant systems. Related to enterprise readiness, there are a couple of other things that I want to show that you get directly from Foundry. So in Foundry, this is my area to build and work on my agent. I have monitoring and traces. I can understand all of the conversations that might be happening, how my agent’s going about answering each questions and the overall health of my agent. Everything I need for observability is all right here. Next, there’s publishing the agent so that people can find it. So once I have my agent up and running, how do I now get this into the hands of all of my salespeople? Nobody likes building a new app, and then just hoping that everyone finds the link and bookmarks it. Well, in my case, I know that everyone in my company is using Microsoft 365 and Teams. So right here, I have a Publish button. I can take any agent deployed inside of Foundry and publish it directly to those services. This registers the agent so people can discover it and start using it right where they already work, right from Microsoft 365 on their desktop or on their phone away from the office.

- So there’s direct integration then right in Microsoft 365. In this case, in the Copilot Chat experience. And by the way, it’s also available for Microsoft Teams. Now, something also integrated with the Foundry services, Microsoft’s unified intelligence layer for AI, which helps ensure that agents are grounded in the right knowledge and also business context to keep their outputs useful and relevant. And all that goes way beyond a single source MCP server. So for example, if the agents working on your behalf, then Work IQ provides the context for how you work with the connections to your email, your calendar, your previous meetings, your Teams chat and files and more. And then you’ve got Fabric IQ, and that can be used to add context over your connected business operations. Think of things like sales data or customer records or logistics. Then you’ve got Foundry IQ, which lets you combine multiple knowledge sources for your agents, where everything from structured data sources and databases to unstructured data in your cloud stores, even images can be retrieved by agentic processes. And so Jeff, of all those different IQs that we looked at, we saw Work IQ. In that case, the agent was actually pulling from your calendar. So can we see and go deeper maybe on the rest of the intelligence layer?

- Of course, this agent has a few more tricks up its sleeve. So if we come back to the code, you’ll see that this agent actually has access to the three IQs that you just mentioned. Work IQ, Foundry IQ, and Fabric IQ. Now, based on the tools and skills I give it, let’s go back to the playground and show them in action. Again, the agent’s previous output says that I have an important meeting coming up with Zava, so I’m going to use this agent to help me get ready for this important meeting. I’m going to say, help me prepare for my upcoming meeting with Zava. Now watch what happens inside the sandbox. The agent is doing exactly the things we just described. Again, it’s checking my Work IQ to understand my correspondence, pulling in emails and Teams conversations that I’ve had with Zava. Next, it’s reaching out to Fabric IQ to pull usage data, purchasing patterns, and contract details. And it’s using Foundry IQ to search through our sales enablement materials, marketing content, to find what’s most relevant for them. Now, I’ve incorporated a few skills into this agent using the popular agent skills pattern. For example, there’s a skill defined that generates a PowerPoint presentation, another skill that creates briefing documents using Microsoft Word. So this agent came back with two file linked artifacts, a personally curated Word document for our internal team and a custom PowerPoint presentation that I can use with Zava. So I’ll go ahead and open each of these up, starting with that briefing document. You can see this has synthesized all of that contextual data retrieved from that intelligence layer, our CRM system for the relationship content and my correspondence for recent communications. It’s gone into all of the business analytics and health usage and metering, our ticketing system for support tickets. All of this is creating recommended discussion topics all into a single preparation document this agent generated. Now, if I go back, I can even show you the linked PowerPoint presentation that was generated using my other agent skill. Now, this file is actually personalized specifically for my interaction with Zava. It’s using our own company’s brand colors. You can see it’s pulled information and integrated it from Fabric IQ and Foundry IQ to give me the right talking points and relevant customer specific insights about our recent activities with Zava. It’s pulled in business operations data and included campaign metrics, including new opportunities and services that I can explore to help me build towards the next steps to take our partnership with Zava to the next level. And that’s the power of not just deploying agents, but having them run on top of the Microsoft intelligence layer, working on your behalf to access your work data, your business data, and your organizational knowledge. And it’s all integrated seamlessly with Microsoft 365.

- So now we’ve seen the agent running, we know what it can do. Now for all the developers that are watching and they’re interested in building something like this, can you explain what’s behind it and how you made it?

- Sure, so before I show you what’s behind the scenes of that more advanced agent, let’s go ahead and start with something more simple quickly here on my laptop. So for this, I’m using the Azure Developer CLI. I’ll go ahead and initialize a new project and say I want to create a sales prep agent. Now, one thing to mention, you can absolutely create chat-based agents, which are super popular. You can use any framework that you want, including things like LangGraph. And with Foundry agents, we also support emerging patterns. You’ll see we have templates to help get you going fast. So if I go ahead and choose this template, it’s going to scaffold all of the files that I need. So from here, it’s actually really straightforward. I can start debugging locally, deploy, and everything is ready to run. So this is a simple agent that I can use with a template, but there’s a lot of customization options. So we can now go ahead and go back to our advanced sales prep agent from before and look at some of what’s happening behind the scenes in the code. So you can see here, this is where I’ve defined the tools and knowledge sources. So you can see those three IQs that we walked through before. But there are some other types of skills here as well that I’m able to create and include in my coding agent patterns today. So at the core of all of this power, this agent is using the GitHub Copilot SDK. This runs a powerful agentic loop over the set of tools that I’ve defined. So when my agent was reasoning before over dozens of files, emails, and previous meetings, as well as operational and service-specific data to find relevant insights, all of this was generating informed recommendations powered by the Copilot SDK. To pull everything together, I’m using Microsoft Agent Framework. This helps me define additional pieces like middleware. So for example, here I’ve defined that if the coding agent ever tries to generate one of those documents, but it doesn’t have enough data from one of those three IQs, I want to block that because without that grounded data from all those sources, this output is almost guaranteed to be hallucinated. So these types of patterns are critical when you’re scaling deployment within an enterprise, wanting quality controls across the entire sales team, and additional guardrails and controls. Now, of course, the real power gets unlocked when I combine both these frameworks and patterns, but I host it inside of the powerful capabilities of the Foundry Agent Service.

- Okay, so in our case, we’ve published and we’ve built out two different agents. Why don’t we fast forward in time a little, one of my favorite parts of these shows, or maybe we’ve got a couple of agents running, we want to be able to monitor and manage them. What can we do there?

- Yeah, we can do all of this because it’s all running inside of Foundry. So moving back to the Foundry portal, I can manage performance costs of my entire fleet of agents in one view. So I can go ahead and look at the agent health on alerts. It looks like mine appear healthy. No alerts for me yet. I can see my estimated cost, success rates, and token usage, along with drill-in details about run volumes for our top agents. And the top and bottom agents for success rates help me see what might need attention. So you can see everything that I need to go from experimentation to production and publish across all of my end users is all right here, built-in, with full observability,

- Right, and all this is really about reducing complexity of building out and deploying your agents safely and reliably across your organization. So how can everyone who’s watching right now learn more and get started?

- Yeah, so the best way to learn is to try some of these things out for yourself. So everyone here can go to Microsoft Foundry at ai.azure.com to build your very first project. And be sure to check out github.com/microsoft-foundry. There’s a number of samples that you can try to find the SDK that you want and start coding.

- Great to have you back on, Jeff, and thank you so much for joining us today. And as always, be sure to keep it locked in here on Microsoft Mechanics, and we’ll see you again soon.

Amateur using MS Teams needs easy steps to transcribe an MP4 recording into editable text.

lizziesem — Mon, 27 Apr 2026 19:13:43 GMT

Hi;

I have tried multiple ways, which until recently wasn't necessary; I waited until the MS Teams recording was ready; then I downloaded (it automatically downloads into an MP4 format), then I saved it and opened it in MS Notepad, which opened in American English. Now it opens in gibberish, and I can't use MS Word Transcribe because the recording is over 1 hour long. How can I do this as an amateur user? Thank you for your help; even AI isn't helping with this.

Windows App Management in Microsoft Intune

Zachary-Cavanell — Mon, 27 Apr 2026 18:56:18 GMT

Audit every managed and unmanaged app per device with more metadata, including publisher, architecture, estimated size on disk, install location, uninstall commands, to help troubleshoot PCs and expose shadow IT before it spreads. Pull curated Win32 apps straight from the Enterprise App Catalog or upload PowerShell scripts to control exactly how each app installs.

Stage rollouts in rings with Intune deployments, to gradually deploy, pause or cancel any deployment in flight; and auto-trust every app you push using App Control for Business with Managed Installer, which also works with Autopilot as you provision new devices, now with up to 25 apps. Keep your fleet of apps up-to-date automatically as vendors publish new versions through the Enterprise App Catalog, or trigger updates on demand from the Guided Upgrade Supersedence report.

Nicole Zhao, Microsoft Intune Product Manager, shares how to put these built-in enhancements to work across every managed device.

*Intune Deployments is currently in private preview. Capabilities shown are subject to change and not yet generally available.

Identify shadow apps across your managed devices.

Microsoft Intune’s app inventory now surfaces publisher, architecture, size on disk, install location, & uninstall command per device. See how it works.

Auto-trust every app you deploy through Intune.

App Control for Business with Managed Installer tags your deployments as safe and scopes trust to specific user groups. Check it out.

One toggle, continuous app updates.

The Enterprise App Catalog in Intune pushes vendor releases to managed devices automatically, or surfaces them in a Guided Supersedence report for manual review. Try it now.

QUICK LINKS:

00:00 — Built-in app management

00:51 — App Inventory Visibility

01:42 — Enterprise Application Management (EAM)

02:28 — PowerShell Script Installer GA

03:09 — Ring-Based Deployment Plans

04:44 — Managed Installer Auto-Trust

05:39 — Enterprise App Catalog Auto-Update

06:12 — Guided supersedence

06:50 — Wrap up

Link References

Go to https://aka.ms/IntuneAppManagement

Check out https://aka.ms/RSAC26-Intune-Blog from the RSA Conference for additional security context and guidance when managing apps with Microsoft Intune.

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Controlling the application layer on devices, delivering the right apps, keeping them secure, up to date, and protected has always been one of the toughest challenges as you manage IT environments. This is nothing new, but what is new is how much easier Microsoft Intune now makes it. With the latest built‑in app management enhancements, you can more easily discover apps across your environment with clearer visibility into your full app inventory per device, simplify app preparation and deployment through pre-packaged apps or with scripted installs, as well as safer, gradual app roll-outs using ring-based deployments.

-Ensure only trusted apps run by automatically trusting deployed apps through App Control for Business with Managed Installer, and keep devices automatically on the latest versions as vendors release updates, using the new auto-update capability with your Enterprise App Catalog. It all starts with knowing what apps people have running on their managed devices. And that’s where the latest improvements to app inventory in Intune give you the full up-to-date picture with minimal latency.

-Here, for each device, you can see a comprehensive list of inventoried applications, including both managed and unmanaged apps. Importantly, we’ve added more app metadata to help you make better decisions about your apps or start troubleshooting. For each app, you can see the publisher name, architecture, and now even estimated size on disk, as well as installed location, uninstall command, and languages, as long as that information was registered in Windows. For shared devices, we’ve also improved the per user app information to include all users on the device. This gives you clear visibility into which applications exist in your environment, to help you identify unknown or shadow applications that may be running against your policy and governance controls. Next, for getting the right apps deployed, let me show you how we’ve made it easier to bring apps into your managed catalog.

-Here, Enterprise App Management, or EAM, is designed to simplify app lifecycle management. I’m going to start by creating an app. Unlike the consumer-focused Microsoft Store, which uses community-driven WinGet app types for app discovery, EAM provides a curated list of enterprise-ready Win32 apps. You can find these apps by choosing the Enterprise App Catalog app type and Confirm. From there, you just need to search for the apps you want. In this case, I’ll look for Blender, and then under Configuration, you’ll find available architectures and versions. You’ll see that it pre-populates the app information. And in the Program tab, the install and uninstall command lines are pre-populated, as well as the exit codes.

-Now, this used a command line installer type, but something new to give you even more control is the script installer, which is now generally available. This lets you use PowerShell script to control the installation of your Win32 apps. So, I’ll change the installer type to be a PowerShell script, and that will expose a control to upload a custom script as a PS1 file. Next, I’ll choose the Blenderinstaller script from File Explorer. It conveniently enters the name field for me and then mounts the script to give a preview of the pre-installation commands it runs. This gives you precise control over the install behavior of your apps using script-based installation. And as we progress, the rest of the steps for getting this app deployed to your managed devices should be pretty familiar.

-Next, for app roll-outs, Intune’s policy-driven deployment lets you introduce application changes gradually using Deployment Plans. This helps avoid issues from misconfigured, compromised, or unintended app updates, giving you more control over the roll-out process. Let me show you how to create a deployment. You’ll start in Deployments, which you’ll find under Managed Devices. At the top, you’ll see two tabs: Deployments, which lists the app payloads targeted for existing roll-outs; and Deployment Plans, which are reusable deployment schedules that you create with ring timing, as well as assigned groups. I’ll move to the Deployments tab and select Create. Then I’ll give it a name, Global Secure Access Client, and description, East Coast rollout, Next, I’ll select a payload. I’ll choose Win32 and Add Payload, and select Global Secure Access Client.

-Now I’ll configure the deployment schedule, which is the key step when setting up this deployment. Here I can either build rings manually, where you’ll add time offsets per ring, or I can load an existing deployment plan. In this case, I’ll load a plan. From here, I can choose the plan I want. I’ll pick the East Coast retail store rollout plan. I’ll choose a start date and add a time. Once the plan loads, all the rings are added with their timelines and associated groups or exclusions. For example, this one has a one-week offset between each ring. When I move to the last Review step, this dialog on top tells me that, once created, I can pause, resume, or cancel the deployment at any time.

-From there, I can review my deployment and confirm by hitting Create. Now my app will roll out based on this defined schedule. Let’s look at the latest capabilities for keeping your apps trusted. First, App Control for Business with Managed Installer in Intune means that apps you deploy using this method are automatically tagged as safe apps, without manual allow-listing. It lets you upload your app control policies as XML files or leverage built-in controls to automatically trust apps from the managed installer.

-There’s also a new option to target the Managed Installer to specific groups where you enable Intune Managed Extension as Managed Installer and scope the managed installer to specific users with inclusion and exclusion policies. Additionally, with Managed Installer enabled during Autopilot device preparation, you can ensure apps are trusted right from the start as you provision new devices. And using device preparation policies, Autopilot also supports an increased app limit of up to 25 apps. Of course, you can combine these capabilities with Windows Defender Application Control together with Intune to allow only trusted and approved apps to run on your managed devices. Now let’s look at new ways to keep apps on the latest version.

-First, with the new auto-update capability using the Enterprise App Catalog, you can have Intune automatically keep apps up-to-date on your managed devices. When you add a new app using the Enterprise App Catalog, as part of the initial configuration in the Updates tab, you can choose between Automatically Update and Update with Supersedence. This is a one-time setting that allows Intune to automatically install updates as they are published. From there, once you confirm, you’ll see that, by design, many of the subsequent settings have been streamlined to just Scope tags, Assignments and Review + Create.

-And if you want more control over app updates, our second option, Guided Upgrade Supersedence, automatically surfaces available updates of your deployed apps without you having to go look for new versions of each app manually. You’ll see that, under Apps in the Monitor blade, you’ll find a new report called Enterprise App Catalog apps with updates. By clicking into one of these apps, you’ll see that there is an update button in the upper left corner. This lets you supersede existing app versions for that app on managed devices in just a few clicks. You’ll see that all of the necessary information is pre-populated. And this is the same with the program tab and subsequent tabs in the app deployment workflow, including the supersedence relationship.

-Everything you’ve seen today is about simplifying control of your application layer, making apps easier to discover, deploy, trust from day one, and keep automatically up to date, so you can deliver the right apps securely and consistently across your environment. To find out more, check out aka.ms/IntuneAppManagement Keep watching Microsoft Mechanics for the latest tech updates, and thanks for watching!

Claude + GPT | Multi-model intelligence in Copilot

Zachary-Cavanell — Thu, 09 Apr 2026 18:29:27 GMT

Generate briefing documents, presentations, and Excel files from a single prompt with Copilot Cowork, pulling from your emails, calendar, and SharePoint through Work IQ — and fold in new tasks mid-run without stopping. Using Copilot Cowork, you can use the same platform that powers Claude Cowork. It’s designed for long-running, multi-step task automation.

Use Critique in Researcher to pair a generation model with a dedicated review model, applying source reliability and evidence grounding before the report lands. Run model Council to submit one prompt to GPT and Claude simultaneously and compare their full reasoning side-by-side.

These experiences with Copilot Cowork and Researcher are available now if your organization has the Frontier Program enabled. Jeremy Chapman, Microsoft 365 Director, shares how to choose, direct, and compare the right AI model for every task, all from within Microsoft 365.

One prompt. Three files.

Copilot Cowork generates your briefing doc, presentation, and Excel output — grounded in Work IQ data and saved directly to OneDrive. Try it now.

Copilot Cowork handles new requests mid-run.

Add meeting scheduling or an email update partway through and it integrates them into the active plan. Check it out.

No more copy/paste into unmanaged AI sites.

Work IQ automatically supplies Cowork and Researcher with your emails, calendar, Teams transcripts, and SharePoint files. Every output is grounded in your actual data. See how it works.

QUICK LINKS:

00:00 — Copilot capabilities

01:06 — Copilot Cowork

02:32 — Mid-Run Task Injection

03:05 — Output

04:17 — Researcher Critique: Dual-Model Pipeline

05:58 — Work IQ Auto-Retrieval

06:58 — Model Council

08:50 — Wrap up

Link References

Try it at https://microsoft365.com/copilot

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Now you don’t need to switch between AI model providers for the best models for work. Copilot has options from Anthropic and OpenAI available directly from Microsoft 365. Using Copilot Cowork, you can use the same platform that powers Claude Cowork. It’s designed for long-running, multi-step task automation and it’s grounded by Work IQ, so you don’t need to move files and data outside of Microsoft 365 to other potentially unprotected services. Researcher has also been expanded with multi-model intelligence, where the new Critique capability separates the models, with one used to generate and another to refine its research outputs. And the new Council capability lets you submit a single prompt and view a side-by-side comparison across multiple model outputs.

-Now, these experiences with Copilot Cowork and Researcher are available now if your organization has the Frontier program enabled, and today I’ll go hands-on with each while explaining the mechanics of how they work. Let’s start with Copilot Cowork. So in this example, I need to prepare for a customer meeting, and I want Cowork to build me a briefing document in Word, a PowerPoint presentation, and an Excel file with customer insights. I already have Copilot pinned with my agents and it’s opened.

-Before I start, I’ll show you what’s set up in the knowledge sources. I can access information on the web, from people, and from Work IQ, so it doesn’t rely on connectors to access my work files, calendar, or previous meetings. Now I’ll paste in my prompt with links to reference files so it can help me then prepare for my meeting, and I want Copilot to pull in details from relevant emails and my calendar. I’ve also referenced an existing briefing document template as an example to follow, as well as an Excel overview with customer-specific metrics and visuals. And I want it to create a new briefing document as well as a client-ready PowerPoint presentation with our differentiators and recommended next steps.

-So now I’m going to kick off the process and Cowork will show its progress, its inputs and outputs on the upper right-hand side of the screen. Cowork will then reason through all of the inputs and tasks from my prompt, then systematically work through everything until it generates the files that I requested. And it’s not only using the files referenced, but also searching across my Work IQ information. As it works, I can even request more tasks while it’s running.

-For example, I can ask it to schedule prep time with people on my team and send an email status update to the account team. Cowork just folds that into the plan and keeps going. It checks schedules, and here’s the meeting it proposes for me and Riley on my team to review, and I’ll create that right from here. Then it authors an email to Ellis from the account team that I can choose to edit manually if I want. I’ll go ahead and add a thank you in line and then hit send. This can process for several minutes, so to save a little time, I’ll move on to when everything is complete. You’ll see that on the right in the output folder, it’s created a Zava client presentation, a customer briefing doc, and also a customer overview Excel file.

-Now, I’ll open up the briefing document first, and it has everything relevant to the meeting and it uses our standard briefing template. In fact, if I open up the original one, you can see just how close the formatting is. Now I’ll open the presentation it generated. It explains our work at a glance, with key metrics from Work IQ and referenced files, as well as revenue and growth highlights. Now if I move on to the generated Excel file and open that, it’s laid out our year-over-year performance and used it to create forecasts for this year. We can also see the growth trends over time, and if I click into Sales by Category, we can even see a detailed breakdown across different product lines with comparisons for the last two years. And as it worked on my behalf, everything was saved directly into OneDrive, so it’s protected and can be shared with my team like any other Microsoft 365 file.

-Next, one of the most powerful experiences in Copilot, Researcher, has also added new multi-model intelligence capabilities in addition to its options for using Claude from Anthropic or GPT from OpenAI. Researcher now takes us a step further with Critique by using a combination of models to separate generation from evaluation tasks, where one model leads the generation phase, planning the task, iterating through retrieval steps, and producing an initial draft, while the second model then focuses on review and refinement, acting like an expert reviewer before the final report is presented to you. This is now the default experience, and having these models work together helps ensure higher-quality outputs. Let me show you.

-From Copilot and Microsoft 365, I already have Researcher open. At the top right, I’ll expand the model picker and explain the options. Choosing Auto will automatically generate responses using Critique with the two models working together. Under that is an option for Model Council that I’ll walk through in a moment. Then there are also options to choose GPT and Claude as standalone models. So I’m going to keep Auto in this case, and then I’ll paste in my prompt to generate an executive brief about the competition in our industry and where there might be expansion opportunities. Now, this is a very research-intensive request that will need to retrieve, evaluate, and analyze many resources via Work IQ and the web.

-Now I’ll submit my prompt to get it started. Researcher can take several minutes to research and reason over a topic and generate its response, so to save a little time, I’ll move to its output. On the top I can see the content was generated by GPT and refined by Claude. First, there’s an executive summary about the market-related conditions. As I scroll down, you can see it’s assessed source reliability, where it focuses on reputable, authoritative, and domain-appropriate sources. Then as I continue scrolling, it’s also assessed report completeness, where the reviewer model ensures that the final report satisfies the request, along with relevant insights.

-As you can see with the rest of the citations, it’s enforced strict evidence grounding, making sure that every key claim is anchored to a reliable source. So for example, here you can see that it’s pulled in structured data from an Excel file with detailed financials and several relevant Word documents from our internal SharePoint sites. And it’s done all of this research automatically without me having to manually reference or upload files into my prompt. Both models work together in this case to improve the generated output. Next, let’s move on to Model Council in Researcher. Now, this lets you compare responses from different models side by side so that you can see where they agree, where they don’t, as well as what differentiates each model.

-So I’m back in Researcher, and this time from the model picker, I’ll choose Model Council. From there, I’ll just paste in my detailed prompt, in this case to review our latest customer feedback interviews to find the top themes and give recommendations based on our current plans in motion. Again, this is going to leverage Work IQ to find and analyze recent Teams meeting transcripts, our product plans from files and SharePoint and more as research sources, and it’s a lot to process. Everything looks good here, so I’ll go ahead and send it. And in this case, Researcher asks clarifying questions to better understand my goal.

-So I’ll choose a short one-to-five-page report length. Then below that I’ll type “Go ahead” and it gets to work. I only need to submit my prompt one time for both models to process it simultaneously. Again, this process can run 10 or more minutes, so I’ll skip to the output. You can see that each model has its own tile on top, and you can click into any of them to view their outputs. Below that is a summary for how each model did, comparing their responses. And I can also view a full output for each model. So I’m going to drill into the GPT output, and that shows me a split-screen view with the GPT tab open on the right, and I can scroll its results and I can look at its structured reasoning and its response and all the details.

-Now moving to the Claude tab, I can also look at its detailed response and reasoning and everything that it performed to derive the output. I don’t need to run separate prompts to find the model that I prefer. Now Model Council helps do that work for me. So now Copilot and Microsoft 365 gives you direct access to leading models, including Anthropic and OpenAI, with multi-model intelligence and without having to switch between platforms.

-To get started, enable the Frontier program in your Microsoft 365 environment. Then go to microsoft365.com/copilot or use the mobile app to try it out. And keep watching Microsoft Mechanics for the latest tech updates, and thanks so much for watching.

Labeling Files is Worth It | Speed & Protection Benefits in Microsoft Purview

Zachary-Cavanell — Mon, 30 Mar 2026 15:13:47 GMT

Classify your data, apply clear labels, and enforce protections that automatically adapt to human and AI interactions so you can reduce risk without slowing down workflows. Proactively monitor, assess, and respond to risk in real time. Use labeling and layered policies to stop accidental sharing, manage AI access, and maintain consistent protection across your organization.

Matt McSpirit, Microsoft Mechanics expert, joins Jeremy Chapman to share how to turn scattered data into actionable security that moves as fast as your team and AI.

Scan your environment beyond standard detection.

Identify gaps where AI or big files might expose sensitive data. Get started with Microsoft Purview Information Protection.

Reduce the risk of accidental sharing.

Label sensitive data, including proprietary and hard-to-detect content, to enforce access controls instantly. See how DLP and IRM work.

Act before exposures become incidents.

Identify data risks early, prioritize what matters most, and take action to reduce exposure with Microsoft Purview DSPM.

QUICK LINKS:

00:00 — Microsoft Purview data protection

01:04 — Data Loss Prevention

03:36 — Layered approach in addition to DLP

04:13 — Unified classification

04:27 — How sensitive data is determined

06:23 — Create trainable classifiers

07:06 — Distinction between classification and labeling

08:06 — Configure policy protections

09:12 — DLP in action

10:10 — IRM in action

10:51 — See how protections show up

13:37 — Move from reactive to proactive protection

15:00 — Wrap up

Link References

For deeper guidance, go to https://aka.ms/PurviewInformationProtection

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- If you don’t understand your data, what it is, where it lives, and how sensitive it is, you can’t protect it. And it’s easy to assume that you’re covered, maybe you’ve already got data loss prevention, or DLP, running with near realtime detection, which is helpful, yes, but it’s not enough. Protecting data today means going beyond what traditional tech scanning can catch and making sure that those harder to parse file types are covered too. And it also requires a layered approach with instant risk insights, starting with consistent and automatic classification, so everyone’s clear on what’s actually sensitive. Labels that make sensitive content easier to interpret and trigger automatic policies, and Adaptive Protection that responds to the risk level of each user, whether human or non-human, and how they engage with the data. In fact, this matters even more with AI that can now bring hidden or long forgotten information to the surface in just seconds. Now to walk us through all of this, I’m joined by a Microsoft Mechanics expert, Matt McSpirit.

- Thanks, it’s great to be back.

- Okay, so before we get into solutions, why don’t we unpack this a bit more. So for a lot of people, even as they adopt AI, there’s this notion that maybe DLP is good enough. It’s finding things like credit cards, it’s also looking at things like financial information, identity numbers, addresses, et cetera, even if you aren’t paying attention, by the way, to where that information is stored. So is it even worth the extra effort in doing something else?

- Well, these are all fair points, and DLP is one powerful piece of the puzzle. And part of its appeal is that it works without the need to label or add any metadata to your content. It’s also rule-based and can look for sensitive information types as they’re being written, read, or sent, and then use what it finds to apply corresponding protections to prevent sharing or contain its sharing radius.

- Okay, so what you just said sounds like all upsides. So the policies are relatively easy to configure, they work by default with all your Microsoft 365 and Office apps and your managed devices, as long as people are signed in with them, regardless, really, of where that file goes as well. So what’s the downside?

- Well, depending on the scenario, there are a few areas. First, there’s speed of detection and response. Now in this case, I’ll show you an example of DLP in action. I’ll paste in a few thousand words from my clipboard into this Word document. And now DLP will compare it with hundreds of sensitive information types like bank numbers or IDs, dozens of trainable classifiers like contracts or patent applications, and do cross look-ups against exact data match, and more, which based on physics, orchestration, and query speeds, takes time. And it’s only when the policy tip appears whether I choose to apply the recommendation or not, that the content is protected. As you can see, I can’t now share this file externally because DLP has found sensitive information. So there’s a window of time based on a number of factors for DLP to find sensitive information and apply protection. Next, breadth of coverage is another area. You might have file types that can’t be scanned for text easily, like these files synced on my OneDrive location. These are proprietary file types from line of business apps as well as 3D CAD files. So in this case, you’d need a different way to identify the sensitivity of these files and protect the container of the files themselves, like you can see with this rights-protected document using the ARC Add File extension.

- And that makes a lot of sense. You know, even though compute and detection are getting faster, if you’ve got like a hundred-page document and it’s got, or maybe a massive spreadsheet, it’s got passport numbers or similar things buried in it, it’s going to take significant time, then, to find that sensitive info.

- Right, and if we add AI to the picture, which needs to orchestrate access to data across multiple data sources to respond in milliseconds, this isn’t the optimal approach when speed of response counts. And that’s where a layered approach comes in. In addition to your policy engines like DLP, it’s important to augment what you’re doing with unified data classification. It gives you a broader, persistent understanding of sensitive data across your environment so that it’s easy to assess your data risk and then add sensitivity labeling to your data security strategy. This way, DLP can immediately act on an existing signal rather than having to evaluate everything from scratch each time.

- Okay, so why don’t we go deeper then on unified classification as part of this layered approach.

- So this actually gets to the heart of the problem. Over time, as data keeps growing and shifting, different teams and tools have ended up defining sensitive data in their own ways, and it’s hard to know where all that data lives. No one really intends for the inconsistency, it just happens and you’re left with a patchwork view of your data instead of one clear picture. And that’s why the first step is giving everything that works with your data, whether that’s your users, AI, or your apps and policy engines, a single consistent way to recognize what’s important. So here in Data Explorer, Microsoft Purview has already identified sensitive data across my environment automatically. This reflects a unified data classification approach that discovers your sensitive data wherever it lives. I didn’t build any rules for this. This discovery happens automatically. And if I drill in, I can see exactly where these files are, even preview the content to see the content in question and easily understand why they were identified as sensitive.

- And there’s really a lot to it that’s powering this classification. So what is Purview then looking at to determine if there’s sensitive information there?

- Right, there’s a lot happening under the covers. Purview uses two main built-in classification methods. First, sensitive information types that detect specific regulated data such as credentials, IDs, or financial numbers with more than 300 built-in detection patterns for regulated data. And second, more than a hundred pre-trained classifiers that understand broader categories of content like budgets, HR files, or source code. These classifiers are built using Microsoft’s domain expertise and training data sets to recognize common business content categories. Additionally, how fresh your data is also matters to Purview. Purview evaluates new and modified content, automatically analyzing the data with the latest classifications and policies so that your most recent data is well understood and has the latest protections. And if you want to evaluate data that hasn’t been accessed recently, you can run on-demand classification to scan data at rest, helping you uncover sensitive data that might otherwise be overlooked.

- And building on what you said, Matt, you know, you can also teach Purview to recognize content that’s unique to your organization. For example, you can create your own trainable classifiers by providing real sample content. You just have to point it to a SharePoint site with 50 to 500 files of matching content. Or you can use exact data match for structured data comparisons against exact text strings. Think of things like code names, or maybe a specific customer, partner, or competitor names, and more. And Purview, it also supports fingerprinting for things like standard forms or templates so that they’re recognized even if the wording changes. Of course, classifications can trigger protections once they’re paired with active policies.

- Right, and interestingly, labels can also trigger protection policies.

- And we should really unpack this a bit more, because I think a lot of people watching probably make the mistake of conflating classification and labeling as being one and the same thing.

- It’s a common mistake, but there is an important distinction. In fact, there’s an easy way to think about this. Think of data classification as recognizing what your data is. It’s about understanding the sensitive information that’s present in your data. And data labeling is the simple to understand wording along with your intent for how the data should be handled. For example, a confidential/do not forward label needs no complex explanation on how you should handle the data if you’re the user. And on the backend, Purview quietly protects the data based on how you’ve define protections associated with that label, like access restrictions or watermarking. And the bonus is that this guidance and protection travels with the data. And you can set labels up in Microsoft Purview Information Protection. This lets you create sensitivity labels like these to define how different types of data should be classified. Once you’ve done that, you can configure policy protections that are triggered by those labels, such as encryption, limiting the sharing radius or visual markings, and more. And when used in tandem with DLP, you can even prevent Copilot from processing labeled content. Next, with your labels created, you can publish them so they appear in apps like Word, Excel, PowerPoint, and Outlook, and are honored across services like Fabric, Dataverse, and of course, as I mentioned, Copilot. All of what I’ve shown you is included with most versions of Microsoft 365. And with Microsoft 365 E5, you can even set up auto labeling, so Purview can apply labels automatically when it detects sensitive content.

- So labels are respected across all those destinations.

- That’s right, and once a label is applied, it’s recognized across supported workloads, and Purview solutions like DLP, Insider Risk Management, and more, know how to handle that data properly. So instead of stitching together separate tools, each with its own definition of sensitive data, you define sensitivity only once. And that same signal drives consistent protection wherever the data travels to. In fact, let me show you how this works in practice. So here in DLP, I’m going to create a policy based on what Purview has already automatically discovered across SharePoint and OneDrive. From the Insights card, you can see the top sensitive information types like medical, IP and trade secrets, financial data, and medical identifiers. So I’ll get started, then choose to create all of the recommended policies. Now, if I go back to my DLP policies view and look at the ones I’ve just created, you’ll see that there are four new policies. If I click in to edit one, you’ll notice that Purview has already preselected the right conditions with trainable classifiers and actions predefined for the policy. And from there, I can even add to this policy. In this case, I’ll add my confidential labels to the policy. These are the same ones I’ve shown before. So in short, classification identifies the sensitive content, the conditions being met will then trigger the corresponding policies to enforce protections. This reduces configuration effort and ensures consistency across your environment. And in Insider Risk Management, labels work as risk signals too. So here in the policy template, I’m adding a condition that focuses on activity involving items labeled confidential. And that way, if users including non-human agents, exfiltrate or misuse high-value labeled data, printing it, copying it to external storage, or sharing externally, IRM will automatically elevate their risk score based on the activities against the labeled data. So labels also help enforce adaptive protections based on the risk profile of who, whether that’s a human user or a non-human AI agent, and their activities with the data. What we call Adaptive Protection.

- Okay, so now we’ve got all of our policies in place. Why don’t we see how those protections show up in the flow of work, including AI interactions? So first I’m going to upload the same file that Matt showed before, but this time, it has a confidential label applied. So when I try to share it externally, you can see that I’m blocked instantly because that label is detected right away. DLP blocks the action based on the label, and this, again, is before that file could be scanned for sensitive information. Now I’m going to switch desktops. On the left here is a window with a synced folder in File Explorer. And you can see that there are proprietary file types and CAD files like we saw before, and each are labeled but cannot be analyzed for sensitive information types or classifiers. So with the labels applied to these encrypted P files, as they are, if I do try to drag and drop a file into my removable USB driver location in the window on the right, you’ll see I get a data loss prevention notification. Now because in this case, I’m under the file count threshold that we set before in policy, I can allow or override this, but I would’ve been blocked outright if I had transferred multiple files. Now again, the labels in these uncommon file types are what triggered the data loss prevention policy. And inside of risk management, it is also watching for risky handling of labeled content. For example, I can currently access this highly confidential acquisition site and see all the documents contained within it, for the moment. That said, though, because I just attempted to copy confidential information to my external USB drive, that’s going to catch up with me and automatically change my risk profile. So now after some time has passed, if I try to access that same site, I’m blocked outright and denied access. The protection automatically adapted to my heightened risk profile and blocked the site, without the administrator even needing to take any action. And by the way, the same assessment against risk profile would happen if it was an AI agent and it tried to do the same thing. And beyond agents, why don’t we look at label protection, and how that works in general with AI. So here I’m in Copilot and I have a document uploaded to SharePoint. So I’ll prompt Copilot to summarize the file named Relecloud Acquisition, and you’ll see that Copilot will first check the user’s permissions and the presence of a label before it does anything. Now, because this document is labeled as highly confidential and we have a DLP policy in place to block Copilot from processing sensitive files, it tells me that it can’t summarize that content because of its sensitivity label.

- So from creation to risky behavior and even Copilot interactions, the same sensitivity label ensures consistent protection. But the work is never really done. New data keeps coming and risk changes over time. That’s where, because you’ve already classified your data, Purview’s Data Security Posture Management, or DSPM, addresses this by continually assessing your data risk. It’s deeply integrated across Microsoft and beyond, giving you one centralized place to discover unprotected sensitive data across your entire digital estate, including select non-Microsoft services. Built-in intelligence continually assesses data risk to help you prioritize and mitigate high-risk exposures, taking advantage of recommendations where you can strengthen your policy directly from DSPM itself. AI observability features also give you granular insight into what agents are doing and any risk they may introduce. And custom reports make it easy to embed posture management into daily operations by highlighting where to improve.

- And this is all built to help you then move from reactive investigation to more proactive and measurable risk reduction.

- Exactly, and actually, this is just scratching the surface of what Purview can do. You can also use AI itself to manage human and AI data risk using deep-reasoning Purview agents. For example, they can triage alerts and automatically message users in Teams with the sensitive data found and the actions they need to take.

- Okay, so as you saw, there are lots of ways that this layered approach goes beyond traditional DLP protection. So where can everyone who’s watching right now learn more?

- Well, first, check out aka.ms/PurviewInformationProtection. Again, if you use Microsoft 365 in your organization, you’ll have Microsoft Purview today, and you can get the more advanced Purview capabilities with Microsoft 365 E5. So it’s worth exploring further. So start using unified classification and labels today.

- Thanks, Matt, and thank you for joining us. Be sure to subscriber Microsoft Mechanics if you haven’t already, and we’ll see you next time.

Data Security Investigations in Microsoft Purview

Zachary-Cavanell — Thu, 26 Mar 2026 13:33:56 GMT

Search across massive volumes of files using natural language, pinpoint the highest risk content, and connect it to user activity to see the full scope of an incident.

Investigate and act in one workflow. Analyze content deeply across files, emails, and AI interactions, uncover hidden or unclassified sensitive data, and contain exposure fast. Proactively identify risks, respond to incidents with clarity, and mitigate impact before it spreads.

Christophe Fiessinger, Microsoft Purview Principal Squad Leader, joins Jeremy Chapman to walk through real-world investigation workflows — from scoping and analysis to mitigation and automation — so you can move faster and make more informed security decisions.

Pinpoint high-risk files.

Locate files hidden among hundreds of confidential documents using contextual search. See how Microsoft Purview Data Security Investigations works.

Search thousands of files in seconds.

Use natural language queries to uncover relevant sensitive data. Get started with Microsoft Purview Data Security Investigations.

Contain data leaks immediately.

Purge exposed files while retaining investigation evidence. Take action with Microsoft Purview Data Security Investigations.

QUICK LINKS:

00:00 — Keep data safe with DSI

01:26 — Connect dots between data risk & impact

02:47 — Built-in AI

03:47 — Work across the full lifecycle of an incident

04:56 — Create an investigation

06:36 — Deep search and analysis

09:03 — How DSI helps data leaks

10:40 — Contain risk with built-in mitigation

11:32 — Automate using agents

13:23 — Estimator tool

14:57 — Wrap up

Link References

As a Microsoft Purview admin, just go to https://purview.microsoft.com/dsi

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- If you’ve ever had to respond to a major data breach, insider-driven data theft, or even a suspicious leak involving high-value information, you know the hardest part isn’t just detecting the activity, it’s understanding what data was actually taken, how valuable it is, and what risks that creates to your organization. Today we’re going to show you how the now generally available Microsoft Purview Data Security Investigations, or DSI, dramatically accelerates that process using AI to read and analyze and connect the dots fast at massive scale. I’m joined by Christophe Fiessinger from the Microsoft Purview team to demonstrate more. Welcome.

- Thanks, Jeremy. Happy to be here.

- Thanks so much for joining us today. So most IT teams that I speak to, they’re often using things like SIEMS or incident management tools that connect activity across compromised accounts, devices, and files when they’re responding to things like security events. But these tools, they rarely reveal what’s affected in terms of the files and what’s contained in them. They might show labels, they might show file names or basic metadata like the location or the owner.

- Exactly. Beyond labels on metadata, it’s all about context. Metadata gives you the file name, classification might tell you it’s a financial document, and the label might say it’s confidential, but traditional tools can’t really tell you what’s in the content and how much risk it exposes. They just tag the content, they don’t explain it.

- So how does DSI then change things?

- So DSI on the other end doesn’t just say it’s a confidential financial document. In fact, you might have hundreds of those. Instead, it actually reads and understand each file and the data risks they pose. So of the hundred or so finance documents classified confidential, it can find the one file that carried an existential threat to your company, like the one that contains your entire customer list with the unique credentials that each customer uses to log in your online service. In DSI, that level of insight comes from hybrid vector search and generative AI working together. Hybrid vector search can pick up on semantically similar items, synonyms, or the subtle ways people hide sensitive information while also matching precise text strings like code names or account numbers. In short, it finds the right files by combining context with keyword precision, then generative AI takes over and actually analyzes those files. It performs deep content analysis to uncover sensitive data, security risk, and relationship hidden inside the impacted document.

- So it’s removing a ton of manual effort by connecting the dots around the data risk and also its impact.

- That’s right. DSI helps you rapidly understand and mitigate the downstream impact. You can start large-scale data investigation and use natural language search to find and narrow in on impact data. From there, you can leverage our powerful built-in AI to deeply analyze content, files, email, team messages, and even review and analyze prompts and responses from AI apps and agents, built-in Microsoft Foundry, Copilot Studio, as well as non-Microsoft agents and apps at scale. DSI is able to establish the context around information and even detect obscure sensitive information that might not have been flagged. It can reason over dozens of major world languages with production-grade quality. And it can directly mitigate identified risk. For example, a specific high value content has been distributed to multiple users. You can purge every instance of those files. With DSI, you can also work on data investigations more efficiently across the full lifecycle of an incident with the rest of your team. As part of Microsoft Purview, you can trigger investigation directly from Data Security Posture Management to dig deeper into data that’s at risk and see how valuable it is. And in Insider Risk Management where you might want to understand larger sets of data being used by risky users or agents. Equally, DSI also provides a useful bridge to your security operations team who can start DSI investigations directly from Microsoft Defender XDR. And because DSI is now integrated with the Microsoft Sentinel graph, data security analysts can connect at-risk information to the activities around it, who accessed it, where it was shared, whether behaviors like compromised sessions or impossible travel were involved, and visually correlate risky content, users, and their activities. It automatically combines unified audit logs, Entra audit logs, and threat intelligence which would otherwise need to be manually correlated.

- That’s a really powerful solution. Can you show us an example of an investigation?

- Let me show you Data Security Investigations and where to quickly find all your current and future investigations. From the main Data Security Investigations overview, you’ll find everything you need to get started. identifying content, analyzing deeply what’s contained in that content, and mitigating risk, as well as access to all of your previous investigation so you can quickly pick up where you’ve left off and create new investigation from here. You can start an investigation in a few ways. Sometimes proactively using DSI to assess potential data secure risk or other times reactively like when you already know data is leaked and you need to investigate the breach. In this case, I’m going to start this investigation from Data Security Posture Management to get ahead of data risk in our environment. One of the most common types of data leaks is exfiltration of confidential information. Like if an employee moves on to a competitor with trade secrets or a seller wants to bring their client list their new job. Here I can see a recommended objective to prevent exfiltration of risky destinations. Once I click to view objectives, I can see the amount of data exfiltrated, top sources, as well as file types, and I can see an action to create a new investigation using DSI. Here I just need to give it a name, then provide some context about what I’m trying to do in this investigation like, “I’m looking into confidential data that may have been exfiltrated from my organization. I’m specifically looking for confidential and proprietary information about Project Obsidian, the new release we’re working on.” Now I’ll confirm and create the investigation. From here, I can put in the rest of the parameters for deeper search and analysis. In the investigation, I can see a summary about the investigation and from here I can refine the search scope and make change to the date range and people if I want, which will keep things more efficient. And if I need to, I can always add more data sources to the scope. I’ll keep the data source as is and hit add to scope. This grabs the content from the data source and into our investigation. Now I can further analyze the data and I can use a natural language query. And as mentioned DSI will analyze thousands of languages as part of the process. There are a few intelligent search suggestions, but I’m going to do my own search for “information disclosed to customers about project obsidian.” And in just a few seconds I’ll get information assessing exactly what I’m looking for based on my search criteria. It finds over a thousand items with a lot of different languages represented as you can see. On the left, the AI also suggests content categories based on the executed vector search so that it’s easy to organize and make sense of the amount of risk per category. So I’ll filter all those files down to using the obsidian category, and there they are. From here I can select which ones I want to deeply analyze. I’ll choose all of them in this case and hit examine. And here to choose the focus area for the investigation, I can look for credentials, analyze risk, and get mitigation recommendations. I’m going to choose risk in my case so that I can act quickly to contain the risk and hit examine one more time to kick up the process. As it works, I can view its details. This is where AI runs deep content analysis against all the content in these files by looking at the file content itself. This goes beyond common sensitive information types and trainable classifier matches. And depending on the number and size of the files that you have in scope for this, it could take a few moments to run. And you’ll see that it found relevant results each with an assessment, if it’s privileged content, and overall security risk scores and a risk explanation. I can drill into any of these to preview the content in line like this Microsoft 365 Copilot chat message. Moving back, I can also see other risk scores and explanations for credentials on the right-hand columns.

- So DSI in this case uncovered a lot of what we call dark data. These are files that were never classified, which is great then for getting ahead of risk, but leaks do eventually happen. And when they do, we need a way to see exactly what got out and how we contain it.

- That has happened pretty often, unfortunately. Let me show you a case where credentials were leaked externally as part of a security breach and I had DSI helped. And to show you the integration for SecOps teams with Microsoft Defender XDR, I’ll start from an active incident for data exfiltration in this case. In the incident view, you get the high-level signals, the attack timeline, which users on device were hit, and the file names involved. But we still don’t know what was actually inside those files and what earlier activities might have set up the attack or created additional risk across other files. So from the action menu, I’ll create a DSI investigation right from this open incident to find out more about the content in those files. Here I just need to give it a name, then also paste it in a description and some additional context like I did before for the AI. Then I’ll create the investigation and then it links me directly to an investigation in Microsoft Purview. Like before, I can see a summary and refine the search scope if I want. This time I’m going to fast forward a few steps for scoping the data source and examining the content and just go right to the examination results. Here you can see the subject or title of each item, extracted credentials, including usernames, passwords, and more, credential types including API tokens and MFA, a surrounding snippet or the text around the credential details for context, and the thought process with a summary of the AI reasoning. Next, I also want to show the built-in mitigation. We can actually purge the sensitive files that were forwarded around by email to contain the damage without touching the original copy so we’ll keep the evidence. From the results, I’ll select the items I want, then I’ll choose add to mitigation which will in turn create a list of files and messages containing those credentials. From the list I’ll select purge queue, then view the messages and run the purge where I can choose from a recoverable soft purge or permanent deletion with a hard purge. I’ll keep the default and confirm the purge. Then all the information matching that query will be deleted in minutes. And since these files are part of the investigation, they stay retained for review but are hidden from end users. And safeguards like in-place holds for eDiscovery still work normally so protected files aren’t removed.

- Okay, so far we’ve defined all the investigations up front. Is there maybe a way to automate the process using agents?

- Absolutely. We’re adding new capabilities to help tackle a major hidden risk, credentials buried in everyday files. While Microsoft Purview DLP protects credentials in real time as files are created or shared, the Data Security Posture Agent powered by Security Copilot helps security teams identify and prioritize credential-related risks across scope data allocations. Here you can see that I’ve already enabled the agent and there’s a few tasks in progress. These can be started manually or run on a schedule. I’ll start a new assignment for this agent and create a credential scanning task. We’ll be adding our task types to this over time. I can give it a name or keep what’s there. Then add some additional context, in this case, to look for credentials and passwords. Then I can view its progress as it completes scanning data locations, access patterns, analyzing risky documents, and generating the report. The agent works autonomously scanning thousands of locations and potentially millions of files. I’m going to move over to a scan I ran earlier to save some time. Once the agent completes its scan, you’ll see a prioritized list of exposed credentials such as passwords, API keys, encryption keys, tokens, and more, each with a risk score and the agent’s reasoning. From there, I can group the results into categories, then filter for the highest risk credentials. For each credential found, I can explore the details of the credential itself plus its surrounding context.

- It’s a huge advantage really to run these types of credential scans at scale to catch those risks. But why don’t we switch gears though for the human-led investigations. DSI is using pay-as-you-go billing, which, you know, if people are watching this, they’re probably wondering, how do I keep these investigations in check without breaking the bank?

- So cost, as you say, are usage based and billed through Azure. They’re going to vary depending on the size and complexity of your investigation. So we’ve introduced a new estimator tool to help. Before I go there, as a baseline to see the compute unit I’ve been showing until now, I’ll start in the pay-as-you-go dashboard in DSI, and then filter by our last investigation. This one only used about 250 megabyte and 109 DSI compute unit, which is quite conservative. So let’s go back to the DSI overview tab and scroll down to our new estimate cost tool. This lets you input key values like investigation size and gigabytes and the number of vector searches, and it will estimate cost based on what you enter. It shows you the cost breakdown by types for size and AI usage. And the last related control I want to show you is in Azure Cost Management, where like any other Azure services, you can see forecast and accumulated costs. I’ll filter this by my DSI shared view. In this chart, you’ll see the investigation compute and gigabytes by day as well as a forecast. So, voila, you’ve got what what you need to investigate deeply with AI and keep costs in check while staying ahead of incidents. And we’re only getting started. More integration, smarter AI, new mitigation actions, and more agentic workflows are on the way.

- Thanks so much for joining us today, Christophe. And if you want to learn more about DSI and try it out for yourself. As a Microsoft Purview admin, just go to purview.microsoft.com/dsi. And keep watching Microsoft Mechanics for the latest updates. We’ll see you again soon.

Automate Data Security Triage & Posture | Agents in Microsoft Purview

Zachary-Cavanell — Wed, 25 Mar 2026 21:51:42 GMT

Cut through alert noise and focus on the risks that matter with Agents in Microsoft Purview. Use Data Security Triage Agent to prioritize incidents, investigate user activity with full context, and uncover hidden patterns that signal real threats. Identify and act on high-risk behavior, like data exfiltration or persistent access, before it leads to data loss.

Detect sensitive data across your environment using natural language with Data Security Posture Agent. Analyze content to find what’s exposed, apply protections or restrict access, and surface hidden credentials, so you can take action and continuously reduce risk.

Michelle Slotwinski, Microsoft Purview Senior Product Manager, shares how to stay ahead of data risk by turning investigation into proactive protection.

Find it. Prioritize it. Fix it.

Investigate risks with the Data Security Posture + Triage Agents in Microsoft Purview. Start here.

From reactive to ready.

Uncover sensitive data, focus on what matters most, and reduce risk with the Data Security Posture and Triage Agents in Microsoft Purview. Take a look.

Reduce risks before they’re exposed.

Identify hidden passwords, API keys, and credentials buried in files with the Data Security Posture Agent credential scanning capability. Check it out.

QUICK LINKS:

00:00 — Reduce data risks

00:59 — Data Security Triage Agent

01:46 — Investigate risks

03:29 — Detect patterns

05:17 — Uncover nested insights

07:44 — Credential scanning

09:03 — Wrap up

Link References

https://aka.ms/AgentsinPurview

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Data has always moved fast. What’s new is how many places it can show up and how fast tools like AI can surface it. In the next few minutes, I’ll show you how to rapidly identify and reduce your data risks as information flows across more apps, agents, and workflows than ever using the power and speed of AI itself. This is all made possible with the latest Data Security Agents in Microsoft Purview, which work alongside you to reduce the burden of managing the surge in risks from human and AI activity, enabling rapid identification of what truly needs your attention while enabling you to proactively perform deep content analysis to uncover sensitive data at risk, including credentials and secrets that may be deeply hidden within your data.

-And we are constantly evolving these agents to meet your everyday needs, removing manual work, and taking care of the busy work for you, while surfacing context-related insights based on their ability to deeply understand the data in your environment. In Microsoft Purview, you can explore agents from the left navigation. Like most analysts, I’ll start the day by reviewing alerts, and so I’ll begin with the Data Security Triage Agent. This agent can triage alerts for both Data Loss Prevention and Insider Risk Management.

-I’m interested in the ones for Insider Risk, so I’ll open it. Here are all my triaged alerts. And I can see the agent has triaged and prioritized my alert queue down from 200 alerts to 40 that need my attention. There’s more happening under the hood than it seems. Powered by new advanced AI reasoning, the Data Security Triage Agent can process tens of thousands of activity logs at scale to add context and boost investigation accuracy. In fact, you can now see this in the richer insights that are packed into every alert. To show you, I’ll click into this alert for a data leak associated with a departing employee and view details. First, the summary tells me why this alert is highly risky. It’s flagging a highly privileged departing user, a senior engineer in fact, because it’s observed their pattern of accessing, archiving, and exfiltrating both business and personal files using multiple methods. It’s highlighting key activities. Bulk archive to export data to removable media, observed external sharing to a SharePoint Online site, and Access to Sensitive Files.

-Notably, their last working day is recorded as March 31st and the alert was generated on March 27th, so we still have a few days to act before they leave our organization. Let’s dig in deeper into Bulk archive creation. The summary tells me that high-value engineering assets were included. The device and IP address are indicated along with the time this activity occurred: March 23rd. And although the agent hasn’t detected any sensitive information, it has discovered file sensitivity labels. Files have both been archived and copied to removable media. And under details, we can see file counts, names, and types. If we filter on this activity, there’s even more detail. We can see the mix of personal and business files that the engineer has taken. In fact, let’s dig into one of them. I’ll click into the top Engineering designs file where we can see even more detail about the activity, including who performed it with their UPN, jsmith, location details, device details, and more. So using the Data Security Triage Agent for Insider Risk saves time from manual investigations. It also helps prevent important details from falling through the cracks by catching less obvious patterns too.

-In this second pattern, Observed External User Added to SharePoint Online Site, the agent was able to pick up upon the fact that the tech-savvy engineer was able to establish persistence to SharePoint resources by adding their personal Gmail account as an external member of the SharePoint site. This way, they would still have access to team resources even if their work account was deprovisioned. By detecting this behavioral pattern, the agent can infer user intent, something that traditional signals alone would have missed, especially considering that content on the SharePoint site did not contain classic sensitive information or match existing classifiers that would normally trigger protection policies. So the agent helps catch those edge cases. It lays out its findings for your validation and escalates the alert to contain the risk. In fact, here’s how advanced AI reasoning works.

-Under the hood, instead of one monolithic agent, it’s designed to intelligently plan investigation tasks and orchestrate multiple specialized sub‑agents. Each sub‑agent is an expert in a distinct capability or skill domain to retrieve information like inferred user intent, decomposition of complex tasks, understanding compliance, as well as associated data risks, and more. Results are then presented as Triaged Alerts so that you can quickly see what is important in your environment. Now I mentioned that as an analyst, you’re in control of validating agent outputs and taking action. Let me show you what that experience looks like. You can quickly and easily filter the activities within a risk pattern. And then preview the content in line within the investigation so you don’t need to traverse your intranet to view files, like this SharePoint document to see why it was flagged. And ultimately, you’ll confirm if the agent findings are true positives.

-Next, our Data Security Posture Agent helps us to go further by uncovering nested insights for specific users, groups, or sites. And it lets you stay ahead of data risks by finding sensitive data across your estate through natural language discovery. It uses large language models for contextual analysis. And beyond simple keywords or classifiers, it identifies real risk based on the purpose and context of content, which is often deeply hidden within files. And it also recommends actions. If you recall, our Triage agent found a key insight. Our engineer user, jsmith, was observed downloading key files, like Engineering designs to his local device. Notably, the file wasn’t labeled. So next, I want to do a deep analysis of the content under his account using the Data Security Posture Agent. The first thing I need to do is scope the discovery to our user, Joshua Smith, and to their specific mailbox, which comprises their email, Teams chats, and Copilot interactions, and we’ll select Site to investigate their OneDrive.

-Next, I’ll prompt the Posture Agent. “Find me all the files for this user that contain engineering architecture designs, programming code, or technical documentation.” And this operation can take a few moments or hours depending on the amount of data that the agentic process needs to analyze. The agent performs deep content analysis, reasoning over the file content and going beyond keywords and pre-defined data types. It understands context and whether or not in this case, valuable architectural designs, code or technical specs are present and exposed. Once it’s complete, the Data Security Posture Agent summarizes the number of files that match the prompt I entered. It’s found 16 files, 4 of which are not labeled, so let’s dig in further and view insights. Notice it hasn’t found any email or Teams messages or Copilot interactions. And you can see at the top of the Engineering designs file is one of the files without a label. As I scroll, I can see another three unlabeled files below.

-Because the agent was able to deeply analyze the content within these files, it saved me from the manual effort of doing this myself. I can now take action by individually selecting these files and applying a label. I’ll choose this one for Highly confidential. This label will trigger a related policy to restrict downloading the files or external sharing to user accounts outside of our organization, like the user jsmith’s personal Gmail account that we uncovered before. Next, let’s dig further into the content. Let’s see if any of these files contain additional secrets, like passwords or credentials, that could further put us at risk in the wrong hands. For that, we’ll use the new credential scanning capability of the Data Security Posture Agent, which can autonomously surface credentials buried in data across your organization.

-The first thing I need to do is create a Credential Scanning Task. I’ll give it a name based on our scan and scope its data source to the Project Abacus SharePoint Site, which, if you remember, our user Joshua Smith had persistent access to via his personal Gmail account. And I can also provide more context because we want to see if he has hidden credentials in any of the content on this site that might give him access to other services and infrastructure.

-With the task created, the agent will now scan that site using the same AI analysis that powers our Data Security Investigations solution. When the agent completes its scan, if we review its results, you’ll see a prioritized list of exposed credentials, such as private keys, Entra credentials, and API tokens, each with a risk score and the agent’s reasoning. Once it’s finished, then it’s easy to review the agent’s findings and drill into source content to see the discovered credentials inline. And of course, from there, you can take action to disable access to files containing credentials.

-So, that’s how Data Security Agents in Microsoft Purview work alongside you to remove manual work for you, while surfacing hard-to-find context-related insights. And the good news is that if your organization has Microsoft 365 E5 or E7, you’ll have access to these agents included as part of your license. If not, they are also available on a consumption basis. To learn more and get started, check out aka.ms/AgentsinPurview. Keep watching Microsoft Mechanics for the latest tech updates, and thanks for watching.

Zero Out Your Incident Queue - Human-led Microsoft Defender Experts for XDR

Zachary-Cavanell — Thu, 19 Mar 2026 20:16:45 GMT

Offload high-severity incidents, gain full visibility into every investigation, and follow clear, guided remediation steps so you can contain attacks quickly and confidently, day or night.

Extend your security operations with always-on managed detection and response and proactive threat hunting, so you can uncover hidden risks early, stop threats threats they spread, and strengthen your defenses to prevent future attacks.

Maynald Savatdy, Microsoft Defender Expert, shows how to detect, contain, and hunt threats across your environment with support from human experts.

Stay protected at all hours.

Extend security coverage to nights, weekends, & holidays without staffing new shifts. Defender Experts for XDR includes managed detection and response and proactive threat hunting.

Reduce response time and uncertainty.

Take guided remediation steps from human experts instead of guessing what to do next. See how Microsoft Defender Experts for XDR works.

Uncover hidden threats early.

Microsoft Defender Experts proactively hunts across your environment and acts on contextual alerts before exploits become public. See it here.

QUICK LINKS:

00:00 — Microsoft Defender Experts

00:54–24/7 Security Coverage

01:35 — Visibility & guidance actions

03:34 — Incidents and alerts

04:25 — Social engineering attack

05:36 — Defender Experts for hunting

06:34 — Wrap up

Link References

Get started at https://aka.ms/DefenderExperts

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-What if your security team had elite defenders available 24/7 ready to detect, respond, investigate, and hunt threats across your environment? Every day you may need to look at dozens or hundreds of incidents, and anyone of them could pose an existential threat to your organization. This is where our human-led Microsoft Defender Experts for XDR, our managed detection and response service and team come in, to work through those incidents for you. They work behind the scenes to bring deep expertise in triaging and investigating incidents, augmenting your SOC team. And you can track progress directly in Microsoft Defender.

-In fact, I’m part of the global Microsoft Defender Experts team and we represent Microsoft’s own experienced security analysts and threat hunters. People who live and breathe cybersecurity. We’ve managed some of the worst situations and developed deep understanding of all the ways systems and endpoints can be compromised. We work around the clock, including after hours, weekends, and holidays, to augment your team. Defender Experts for XDR also includes a dedicated Defender Experts for Hunting service. This augments your team with our trained engineers that proactively hunt down risks and vulnerabilities across different entry points and services. If you are part of a larger organization with an expert SecOps team, you can also get Defender Experts for Hunting as a standalone service. Our human-led team of experts will work with bespoke tooling and queries, including AI.

-In fact, we’ll uncover and work through advanced threats using up-to-the-second intel that automated systems might miss and correlate data from live raw sources that may not yet have been published. Let’s start in Microsoft Defender. You’re looking at the Incidents view, and normally, to stay protected, you’d need to triage these incidents and work them yourself. These are legitimate attacks unique to your organization and infrastructure. There could be dozens or hundreds of active incidents. The Defender Experts team will triage and work the incident queue for you as an opt-in managed service to augment your security team. In fact, right from the Home screen of the Defender portal, you’ll see the latest incidents that have been worked through by our Defender Experts team. These are stats for the number of investigated incidents and how many were resolved directly or with your help.

-Let’s click in to see all incidents for the ones that need your attention. This status means that the recommended actions needs to be taken by someone on your team. This could be due to credential resets or policy configuration changes only your team may be authorized to perform. If I click into the incident for initial access involving one user, right up top you’ll see that it’s been assigned to Defender Experts. By default, any medium or high severity incident will get our attention. You can see the managed response provided by the Defender Expert who worked on the incident. There’s a detailed summary of what happened, how the incident started, the scope of entities and services impacted, any discovered indicators of compromise, in this case, email information and a malicious phishing URL, along with which entities were investigated. And below that are details for the Advanced Hunting Queries that were used.

-Here you can see our Defender analyst was able to query emails containing the suspicious URL, which devices connected to that URL, the emails from the compromised sender account, then finally who clicked on the URL in the emails from that compromised account. And you can see the Awaited Actions below that you as the customer would need to take care of, like taking action to create an indicator that automatically blocks traffic to the URL, a password reset for the affected user, and requiring the user to sign in again by revoking their sessions. So you have full visibility into what our Defender Experts worked on and any guidance for actions that you need to take. Additionally, our Defender Experts can raise incidents and alerts themselves when suspicious activity is detected. This incident with the Defender Experts prefix was raised as both an incident and alert by our team. It’s a Teams Phishing Activity involving initial access, execution, and privilege escalation.

-From the Managed Response summary, we can see the details of the attack, which the team was able to contain, and if I scroll down, you can see the specific actions completed. They first disabled the targeted account, then created an indicator to block the suspicious domain, and they were able to block incoming Teams messages from the malicious actor along with all of the related IP addresses. So as you saw, these are hands-on interventions. When something suspicious pops up, we don’t just send an alert. Our team digs in, validates what’s happening, and guides you through any containment and remediation steps that we can’t directly perform.

-Let me expand on a social engineering attack to gain remote access, similar to this Teams incident I showed earlier, and how we addressed it. It started when we investigated an alert that was triggered when a user installed a remote viewing and management tool on their work device. At first glance, this type of software isn’t inherently malicious. It’s often used for legitimate IT support. However, our analysts noticed a pattern that didn’t align with normal behavior. The installation followed a series of junk emails sent to the user, an email bombing attack, and a Teams message claiming to be from Technical Support. Once installed, the adversary began using legitimate system paths to gain deeper access. Our team quickly disabled the user and attacker accounts and lines of communication, isolated the device and notified the customer, stopping the attack before it spread further into the network.

-Leveraging Microsoft Threat Intelligence and access to global security data for broader querying, we identified the threat actor. Following the containment, our hunters then initiated proactive searches across other customer tenants and issued intelligence-driven notifications to prevent the spread and further compromise. This is just a recent example of how attackers combine social engineering with their tactics, techniques, and procedures. Beyond reactive support, Defender Experts for Hunting, as the name suggests, proactively hunts for threats in your environment and across the ecosystem. This the Defender Experts custom alert. It’s an overview of suspicious activity, complete with context, severity, and details. Clicking into the Summary tab, there’s a tile view of alerts, recommended queries, evidence and more. Last July, before any public CVE was announced, our team observed unusual activity on a SharePoint server where the W3WP executable was seen invoking PowerShell commands with Base64 encoding, behavior that typically signals an exploit attempt.

-Using advanced hunting queries, we were able to confirm this was not just an isolated event. Based on our queries, we could confirm the attackers were actively probing weaknesses in other environments. We used the results to find the list of over 100 organizations that were vulnerable to this attack and proactively warned them of their exposure even before the exploit became widely known with guidance on how to address it.

-So, whether you’re a small team looking to scale your security operations, or a large enterprise needing deeper threat insights, Microsoft Defender Experts gives you the confidence of knowing elite defenders are watching your back. To learn more or get started, head to aka.ms/DefenderExperts and keep watching Microsoft Mechanics for the latest tech updates. Thanks for watching.

Agents in Microsoft Intune | Automate Policy Creation, Troubleshooting & Fix Guidance

Zachary-Cavanell — Tue, 03 Mar 2026 16:51:09 GMT

Automate device and security policy management by turning written compliance requirements into Intune policies. Use natural language to draft, refine, and deploy configuration profiles, review AI-generated recommendations with confidence scores, and stay in full control before publishing to your environment.

Reduce risk and manual effort by automatically evaluating admin change requests and blocking harmful scripts before deployment. Prioritize vulnerabilities from Defender, translate them into actionable Intune remediation steps, and schedule ongoing fixes.

Jason Githens, Microsoft Intune Principal GPM, shares how to move from reactive security work to continuous, proactive protection. Note: At the time of publishing this video, the Change Review Agent and Policy Configuration Agent are in public preview and the Vulnerability Remediation Agent is in limited public preview.

Use natural language to generate ready-to-review policies.

Check out the Policy Configuration Agent in Microsoft Intune.

Reduce security risk.

Detect destructive or compromised change requests in real time. and get AI-driven approve/reject recommendations. Start using the Change Review Agent in Microsoft Intune.

Shift from reactive patching to proactive security.

See how to schedule automated vulnerability remediation inside Intune.

QUICK LINKS:

00:00 — Automate work with Intune Agents

01:08 — Policy Configuration Agent

01:36 — Policy drafts

02:27 — Create a new knowledge source

03:25 — Create a new policy

04:49 — Change Review Agent

06:19 — Vulnerability Remediation Agent

07:46 — Wrap up

Link References

To get started, go to https://aka.ms/IntuneAgents

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-You can now manage your device and security policies without manual work and automate tasks that previously were not automatable. How? Well, today I’ll demonstrate new agents in Microsoft Intune. As part of Security Copilot, they’re now included and rolling out with Microsoft 365 E5. These are designed to automate the busy work for you while continuously improving the security of your digital estate. This includes the new Policy Configuration Agent, which can reason over your compliance documents, for example, security technical implementation guides, STIGs, and create matching Intune policies automatically. The Change Review Agent, which evaluates admin requests, like scripts, using signals from Microsoft Intune, Entra, and Defender, to recommend change request actions, such as approve or reject, before they’re deployed.

-Along with the Vulnerability Remediation Agent that analyzes the signals across Defender and Intune and proactively creates recommendations for medium to high-risk device vulnerabilities so they don’t get missed. They use natural language reasoning to interpret your instructions together with your policy control plane to generate informed and actionable configuration guidance. In fact, let’s take a look at what these agents can do, starting with the Policy Configuration Agent, which converts written requirements into actionable settings. From the Agents page in Intune, you can see all of your available agents. I’ll choose the Policy Configuration Agent, and here you’ll see Agent suggestions and Activity. There are tabs for Knowledge, Suggestions, and Settings. When you use this agent, it will create configuration profiles in Intune that will appear alongside your existing device policies. So these aren’t agent-only policies.

-These are policies that you or other admins on your team would have typically set and are based on the instructions you’ve laid out. Let me show you. I’m going to create a new policy. You can create policy drafts by describing the configurations you want in natural language as written instructions and optionally, you can use a knowledge source by uploading a text file, which I’ll demonstrate here. But before I do that, let me show you what I’ll be basing it on. For that I’ll move into a text editor, Notepad in my case. You’ll typically start by having or creating this type of knowledge source. You can see it’s a written text document that gives the agent a natural language description of all the different device configurations that need to be set according to specific internal or regulatory compliance requirements. As you saw, it used descriptive, but not precise, terms to help instruct the agent on the breadth of settings available to them.

-Back in Intune in the Knowledge tab, you can see all of our uploaded txt files. I’ll Create New this time a knowledge source. I’ll give it a name, then input a description to explain what it’s for. Below that, I can upload a document, so I’ll navigate to my file to upload, then hit Review to confirm. Depending on your file, this could take a minute or so to process, but in my case, I’m processing around 50 settings that could have taken hours to match manually. You can watch this progress from the Overview tab. Once it’s finished, in this case it actually took around three minutes, it will appear under Agent suggestions on the Overview tab. And if I click into the file I just uploaded, you can see the agent has successfully mapped several different settings from the baseline directly to an enforceable Intune policy.

-Additionally, the agent has provided a percentage confidence rating for each setting. These scores help you understand how accurately it was able to translate your regulatory or configuration document into actual Intune policy settings. Now that the knowledge source has been mapped with the settings, we’re ready to build a new policy from it. This time, I’ll Create a New policy draft. I’ll give the policy a name and then I’ll add a short description. Now from the optional Knowledge source dropdown, I’ll select the baseline that we just uploaded and processed. You can also create policy drafts without using a defined knowledge source. I need to instruct it to create a policy, or optionally, I can prompt it to remove or refine a setting described in the file. This makes sense, for example, in cases where we know it’s already part of another all devices policy.

-Here, you can also add a document that will be appended as text to your instructions. From there, I just need to hit Create. That process will take a few minutes to run, so we’ll skip ahead in time to show the results. In Agent suggestions, I can see my policy draft on top. When I click in, I can see all of the policy details and settings. Everything looks good to me. In my case, it was able to match all the settings. So I’ll create the configuration policy from this draft using the standard policy deployment flow. Importantly, you can review all its configurations and make changes here if you want, just like you normally would before enabling it. Add scope tags and you can assign it to groups or devices. I’ll assign devices later. Then I can review and deploy it using the normal process. Once it’s published, if I move over to my configuration policies, I can see the new one right here with the rest of our policies.

-Next, let’s move on to the Change Review Agent. Think of this like an expert script author and troubleshooter to help you evaluate admin change requests. I’m in the Change Review Agent, and to show you what’s behind this, I’ll move right into the Settings tab, and the first thing you might notice is that the agent is operating with a lot of rich information as context from Intune, Entra, Defender, including Threat Intelligence. It pulls signals from all of these sources to fully understand the impact of any proposed change. Moving back to the Overview tab, you can see that the agent has reviewed multiple admin approval requests with a recommendation to approve or reject appended as a prefix to each script name.

-Let’s look at this script submission as an example. As soon as the script is loaded, the agent analyzes it, providing deeper context and a summary of what the script does. It has identified that this is a highly destructive script designed to wipe managed devices using Graph API calls. The change requester had no previous risk identified, and the business justification was determined to be vague, so it’s likely this person’s account was compromised. You can view the request to look at what the script is doing exactly, and there’s our device wipe. All of these signals are processed in real time to help determine whether the change should be approved or rejected. In this case, the agent concludes that the script is clearly harmful if executed with its current all managed devices scope, so it recommends rejecting the request. The agent is able to rapidly decipher between legitimate and adversarial intent or policy conflicts from change requests that would introduce risk into your environment.

-Finally, the Vulnerability Remediation Agent assesses critical vulnerabilities from Microsoft Defender. It does this in a prioritized manner and maps them to at-risk devices managed in Intune to help you automate fixes. I’ll start in the Microsoft Defender portal under vulnerability management to first set some context.

-Here, you’ll see a clear view of the top risk in your environment, including impact scores, exposed devices, severity, owners, and the associated CVEs. Here’s an example where the dashboard flags an application vulnerability that requires updating Relecloud Sync app. You can drill into the details, understand the exposure, and prioritize remediation, but typically this is where the workflow stops. Defender identifies the issue, and remediation has to be coordinated manually.

-That’s where the Vulnerability Remediation Agent comes in. It takes prioritized vulnerability data from Defender and brings it into Intune. The result is that you can automate remediation in place from where you manage your device endpoints without switching context or accessing Defender. In our example, Defender indicates Relecloud needs to be updated to version 14.0.7. The agent translates that guidance into actionable steps. On the other hand, if I open the suggestion to update Microsoft Windows 11, OS and built-in applications, you’ll see that not only is the update recommended, but also, best-practice security configuration changes are all listed right here.

-And if I move into the agent settings, you’ll see that this agent also lets you automate runs based on a schedule. So that’s how Intune agents help you move from manual effort to intelligent automated guidance while keeping you in control of implementing agent recommendations. And in the future, we’ll start to integrate AI actions into common Intune workflows that you perform every day.

-To get started, log into Intune and try out the new agent capabilities. In fact, if you’re already logged in, just go to aka.ms/IntuneAgents and keep watching Microsoft Mechanics for the latest updates. Thanks for watching.

AI in Windows 11

Zachary-Cavanell — Thu, 26 Feb 2026 16:55:03 GMT

Access Copilot and agents right from the taskbar; find answers across your files, email, and meetings, and turn ideas into polished content using voice or text. AI is right there where you already work, so you can move faster, stay in your flow, and make better decisions without switching context, opening other apps or moving to the browser.

And if you do have a Copilot+ PC, you can use fluid voice dictation across apps, find files with natural language search, take action on anything on your screen, and refine writing anywhere, even offline.

Jeremy Chapman, Microsoft 365 Director, shows how whether you’re planning projects, collaborating with teammates, or building solutions, you can move faster, stay focused, and turn context into real outcomes.

Stop searching across apps.

New Copilot capabilities in Windows Search understand your work context and surfaces answers using data from your Microsoft 365 environment. Get started with Copilot experiences in Windows 11.

Run AI tasks without interrupting your workflow.

Agents stay visible and trackable in the Windows 11 taskbar. Watch here.

Interact with content on your screen using Click to Do.

Extract text, send content to Microsoft 365 Copilot, or convert a static table into a usable Excel file. Take a look.

QUICK LINKS:

00:00 — Ask Copilot

00:55 — Use voice with Copilot

02:30 — Agents on Windows 11 taskbar

04:19 — Copilot in File Explorer

05:19 — Copilot+ PC capabilities

07:04 — Click to Do

07:52 — Writing Assistance with Copilot

09:15 — Wrap up

Link References

Check out https://aka.ms/Windows11AI

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Windows does a lot more than launch and run apps. Now with built-in AI, it can do much more for you and you don’t need special skills to make that happen. There are capabilities that light up on any hardware that runs Windows 11, and some that go even further on Copilot+ PCs with on‑device AI processing. Let’s go ahead and start with what anyone running Windows 11 can use right now. So to pull up AI experiences with advanced reasoning, you’ll start with the Search box in the Taskbar, where your familiar search still remains the same, but now you can also use it with AI prompts. So here, I’ll type, “When is my performance review due?” And by drawing on information from my Microsoft Teams and Outlook calendar, Copilot identifies my performance review meeting so I can prepare for it. It’s an experience powered by Microsoft 365 Copilot, which uses Work IQ to understand my work context.

-Next with AI, it’s often easier just to say what you want and you can now use voice with Microsoft 365 Copilot because of its multi-modal support. You’ll use a long press on the Copilot key or Windows key + C if your device doesn’t have that, to activate voice control. And now I can interact with Copilot to help build a presentation that I’m working on. So for this slide I’ll ask, “Robin sent me a stat about incorporating organic design. I think it was in email, maybe Teams?” And it takes my voice command, it’s using Work IQ with Microsoft 365 Copilot to run intelligent searches, figuring out which Robin I mean while pulling in relevant context and shared information about the meeting from across my Microsoft 365 apps.

- [Copilot] Robin mentioned that incorporating organic design has been shown to boost employee creativity by 15%. That’s a pretty cool stat!

- Not bad. Can you turn that into a catchy statement on this slide here?

- [Copilot] Absolutely. How about this? Creativity matters. Create the space for it.

- Love it. I’ll need Amber to sign off on this. So when’s my next meeting with Amber?

- [Copilot] Your next one-on-one with Amber is on Thursday at 10:30 in the morning. That should be a great time to review it together.

- [Jeremy] Thanks, Copilot.

- [Copilot] You got it. Happy to help. Let me know if there’s anything else you want to fine tune before that one on one.

-This uses advanced speech‑to‑text and tightly integrates on‑device input with cloud AI, so it works on any connected Windows 11 device. Now let’s try something more challenging. Some AI tasks take longer than a quick prompt‑and‑response, and some need to run in parallel while you keep working. That’s where Agents on the Windows 11 taskbar can help. So I’m going to start by tapping into the new Windows Search box. Now, this uses new Windows shell integration, so that long running agents can be viewed similar to apps. So I just need to start with the @ symbol to pull up my agents Now I can find, open, monitor and work with my agents directly from the taskbar. So in this case, I’m going to choose the Researcher agent. I’ll ask Researcher to compare public sentiment with our design principles. I like the direction it’s thinking, so I’ll go ahead and confirm. And this agent works hard, often for 10 minutes or more to research and generate its content. And you can work on other things or with other agents while each performs their work.

-As agents run, there are status indicators directly on the taskbar, similar to when you download large files, where you can track progress and see once it’s complete. So, your agents stay visible and easy to check on as you work, not buried in browser tabs. Now let’s return to our completed Researcher run. The notification tells me that Researcher is finished with this turn and in the taskbar, I can even see a green checkmark on the Researcher icon. When I zoom in, there’s a short summary. And I can tap in to review it.

-Now, this actually took around eight or so minutes to process in real time. Everything here was grounded using Work IQ for information that was in my company. And you’ll see its answer is very well-informed and extremely comprehensive using our study for public sentiment vs. core design principles, it’s laying out its reasoning and all of its cited sources. Of course, Windows is also where you can go to find and open your files and now, your SharePoint and OneDrive cloud files will show up right inside the File Explorer. Using File Explorer Home, you can easily get to your recent files, your favorites and files shared with you.

-Then the new Copilot control lets you Ask Microsoft 365 Copilot for file insights like summaries, context, or next steps for documents. So for this Design Principles doc here, I’ll ask Copilot to review it and tell me what percentage of employees prefer workspaces that incorporate sustainable materials. And in just a few seconds, based on information deeply nested within that document, it finds that over 70% say they do and even provides supporting context. So, you don’t have to open the file or leave your flow to find the right one, whether that’s local or in the cloud. And everything I’ve shown so far works on any Windows 11 device with a Microsoft 365 work or school account and access to Copilot.

-Now let’s look at what’s unique to Copilot+ PCs, where on‑device AI and small language models deliver fast, private processing. So I’ll highlight a few of the capabilities that work on a Copilot + PC even if you don’t have Microsoft 365. First, the new Fluid Dictation works across all apps and uses on-device models for quicker, more natural voice typing as well. You can enable voice access in Settings, which on first run guides you through the experience and what it can do to interact with Windows.

-So I’m going to show an experience working across two common text editors, Notepad and Word. You can start it using either the microphone icon in the taskbar, or by saying, “Voice access, wake up. Open Notepad.” It uses powerful AI running on your local device to automatically correct grammar, add punctuation, and, um, even remove filler words that you, uh, speak. Select all. Copy. Open Word. Paste. And that was just scratching the surface for what Voice access with Fluid Dictation can do. And here are some of the common commands that you can use to interact with Windows and your apps.

-Second, to help you quickly find your files anywhere, improved Windows search uses semantic understanding across local files and Microsoft 365. You don’t need exact names, just describe what you remember. For example, this broad search here for project updates pulls up relevant files and folders of content using hybrid semantic search, and they might contain the word project or maybe synonyms, or contain related content in context of the files or even images within the files.

-Next, Click to Do lets you interact with anything on your screen. You can take actions on content or ask Microsoft 365 Copilot a question about what’s on your screen without needing to switch context. So in this case, I’ll going to pull up this PDF file and you’ll see that it opens the file in the Edge browser. Now, if I scroll down, you can see that I have a stylized table on my screen, which by the way, could be text or an image. So I’ll hit the Windows Key + left mouse click to open Click to Do. And you can also use Windows key + Q. Now you’ll see that it’s recognizing all of the text in the screenshot. I can copy it as a CSV, Save or Share it. I’ll use Convert to table with Excel. And it instantly opens Excel and becomes a usable table and you can work directly with the data.

-From here, if you also use Microsoft 365 at work or school with a Copilot+ PC, even more powerful capabilities light up. Writing Assistance with Microsoft 365 Copilot helps you quickly craft content with AI-powered rewriting and proofreading, and because it runs locally, it even works offline. This enables you to use generative AI from any app with text field input. So I’m going to go ahead and use our line-of-business app here for project planning. There’s a description and business justification field, and I’ll add a bit more detail here.

-And this works everywhere, kind of like your clipboard, so when I select text, the Writing Assistance button appears. Now with it, I can choose options to rewrite it in different ways. In this case, I’ll choose professional. It rewrites my text entry and then gives me three options. So I’ll go ahead and choose the third option here, I like that one, so I’ll go ahead and replace my previous text with it. And that can be used on any line-of-business or other app without any code changes because it’s just built into Windows.

-And finally, if you are a developer, new native support in the Model Context Protocol in Windows gives your agents a standardized way to connect with apps, tools, and files to automate tasks. You can use built-in agent connectors for File Explorer and Windows Settings, allowing your agents to manage local file operations and to modify defined device configurations.

-Windows 11’s built-in AI moves the intelligence closer to you right in the flow of your work. To learn more, check out aka.ms/Windows11AI and keep watching Microsoft Mechanics for the latest updates and thanks for watching.