Microsoft Mechanics Blog articles

Automate evaluations | Microsoft Foundry

Zachary-Cavanell — Thu, 28 May 2026 16:02:56 GMT

Trace every run end-to-end, generate synthetic datasets to stress-test on demand, fire automated Red Team attacks at your own agents, and pin down why evaluations fail — all from the Microsoft Foundry control plane. Lock in guardrails that inspect every tool call at runtime, define the risks once, and enforce them across every agent run.

Mohammad Abuomar, Responsible AI Principal Architect, shares how to turn a coding agent into production-ready software inside Foundry.

Describe the agent, set the row count, confirm.

Your test set lands in seconds. Microsoft Foundry’s synthetic dataset generator builds eval data on demand. Get started.

Pin down why your agent fails evaluations.

Foundry’s Analyze Results uses AI to cluster failures, name the root cause, and recommend specific fixes. Check it out.

Lock down agent behavior with the Task Adherence Guardrail.

It inspects every tool call against the original task and blocks the off-script ones. Try it in Microsoft Foundry.

QUICK LINKS:

00:00 — Microsoft Foundry control plane

00:33 — See a finished agent

02:30 — See where the agent started

03:19 — Traces

04:04 — Built-in monitoring

04:34 — Evaluation types

05:51 — Red team evaluations

07:08 — Evaluation results

08:14 — Built-in Guardrails

08:14 — Wrap up

Link References

Get everything you need in Microsoft Foundry at https://ai.azure.com

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-If you want to build agents that meet your expectations for output quality, performance, safety, and cost, it’s not just about the model or framework you select. The testing, evaluation, and the controls surrounding your agent matter. And that’s what the Microsoft Foundry control plane is designed to do, with tools you can use during development to make sure your agents raise the bar across every important dimension. Today, I’m going to walk through the process of building a coding agent and demonstrate where the controls in Foundry come in to make it better. I’ll start by showing my finished agent, then after that, I’ll show you the steps I took using Foundry to make it production ready. This agent is designed to take a simple user prompt, then find what it needs to build apps automatically.

-So, I’ll paste in my prompt asking it to generate a Windows desktop app for personal cashflow management. It needs to be fast, use WebUI, and easy to use for broad appeal. I’m also asking it to make it safe, secure, and follow privacy best practices. And it needs to be easy for a developer to read, maintain, and to add to it. I’ll submit the request and it gets to work, with its reasoning on the left and code on the right. This process takes several minutes to complete with a few interactions in between, so to save a little time, I’ll skip to the result. We can see the agent’s reasoning and plan, with its technology stack, approach and initial action. Then, we can follow all of the steps it performed to author and configure the app and its dependencies.

-Below that, is the React code and JavaScript. It asked whether to proceed writing this as an Electron and React setup, and I confirmed. Then it started to write, test and iterate on the app, followed by another question whether to implement more features or focus on security. And I responded to do both. It then finished writing the app and finally it outlined the steps to run the app locally.

-So, let’s test it out. I’ll move over to my terminal window running PowerShell and start it. And here is the generated app. It’s fully functional with user authentication. I can enter my first item, Travel Expenses, and the amount, and there’s a Category dropdown menu with pre-configured options, and I’ll choose “Transportation”. And it writes that record into the local data store. This is a simple, production-ready app that the agent was able to create in just a few minutes. But it didn’t start out this way, and if you’ve built agents or apps yourself, you’ll know a lot of what doesn’t get shown is the testing, iteration, and refinement work to end up with production-ready code. Let’s change that.

-Let’s go back in time to where this agent started. I’m in Visual Studio Code and this is my agent, which I built using the Foundry SDK. Here are the defined tools for it to use, WebSearch and CodeInterpreter. And on the left, we can see the full list of local tools. Like interacting with the file system, as well as git, patching, registry, local search and running shell scripts. And here in the center is the key SDK line that creates the agent, adds the tools, deployment name and so on.

-So, the agent is functional and I’ve also started manual testing. And this is where Foundry controls let me stress‑test the agent to see what works and what doesn’t and see the details for each run. In the Microsoft Foundry portal, I have my agent open and the Traces tab. These are OTel traces of all of the runs for this agent, with the newest runs on top, everything here is backed by Azure Monitor. And I can click into any conversation or Trace ID to view the Input + Output turns for that session. They’re easier to parse than standard logs, speeding up reviews. We can also see the system message, user input, and what the agent did. Along with the agent’s reasoning, the technology stack it used, and the app features. Below that, we can see the development process as well as tool outputs Beyond that, with built-in monitoring, you can get a roll-up view of all activities for our agent with key metrics I’m in the Monitor tab. It shows me the estimated cost and token usage so far. This agent is new so I haven’t configured Evaluations yet, but we’ll get to those in a moment.

-Next, you’ll see Operational metrics like the number of agent runs and how many successfully completed or failed, token consumption, tool calls made by the agent, and the error rate over time. Evaluations are where a lot more testing automation comes in to help you improve agent faster. I’m in the Evaluations tab, I need to create my first one. The options are: Automatic Evaluation, where you can automate the process using AI; Human Evaluation, where someone tests the agent and completes surveys; and Red team, where an agent runs automated attacks to expose vulnerabilities. I’ll start with Automatic Evaluation and hit Create. It starts with defining a target. My agent and the version I want are already selected. For data, I can upload an existing dataset or save time by creating a synthetic dataset, which is very cool. This generates data automatically, you just select the number of rows you want. I’ll guide it with a prompt, “Create a dataset for evaluating a coding agent.” I’ll skip the reference file and just Confirm. That automatically generates 90 rows of data to test with.

-Next, I’ll choose the evaluation Criteria. There are several built-in evaluators for Agents. Below that are evaluators for Quality. These are editable, so I’ll remove Coherence, Fluency, and Groundedness because my agent doesn’t need them. For Safety, there are seven evaluators, and I’ll keep them as-is and move on to Review, then Submit it. These Automatic Evaluations can take several minutes to complete, so while it’s working, I’ll move into Red Teaming, which is now becoming a core part of AI testing to spot vulnerabilities early on. I’ve started creating my first red team evaluation. Let’s look at the standard configuration for risk categories. You can modify these. It can check for unsafe categories plus ungrounded attributes, code vulnerabilities, and task adherence. It shows the tools that the agent can access. I’ll provide descriptions for web_search, to search the internet for relevant SDKs, and the code_interpreter to run code for the coding agent. Then I’ll Save it.

-Next, I’ll change Seed queries from 5 to 10 per category for more testing. In the Attack strategies, I can see exactly what the red teaming agents will try to do and select the ones most relevant to my agent. Each tile describes the attack type that will be tested. I’ll choose AsciiSmuggler, Base64, Jailbreak, StringJoin, UnicodeSubstitution, and IndirectJailbreak. Now, I can review the prohibited actions, including things like attempts to change password, and more. These are all things attackers might try to do with your agent, and we’re automating those tests for you. I’ll hit Submit to get everything started. Now, with two evaluations running, to save a little time, I’ll fast forward to the results of the evaluations.

-Here, we can see the two runs. I’ll open the Automatic Evaluation first. Then clicking into the Run shows the details for each evaluator. If I scroll to the right, you’ll see that we’re green almost across the board. One glaring exception is the TaskCompletion score at 59%, which is below my bar, so it’s something to fix. One of my favorite capabilities in evaluation is using AI to analyze the results. I’ll start the analysis, and it creates a nice cluster analysis showing the main issues. I mentioned TaskCompletion before. Here, you can see “incomplete resolution” and “action plan issues”. Drilling in, looks that there is a “lack of actionable output” and the AI suggests specific ways to fix it. This saved me time to find ways to improve my agent.

-Now, let’s review our Red Teaming evaluation. I’m at the top level view and I’ll click in to see the issues. Immediately, I can see that the Task adherence is red, which is also related to TaskCompletion. We can fix this using a built-in guardrail to check for task adherence. Guardrails define what risks to detect, from which point in the process, and how to respond. Let’s go to the agent playground. Scrolling down to Guardrails, I can see only the default model guardrail is set. Let’s add another by clicking Manage guardrails and Create. Here, I can define the risks and controls I want to enforce. I’ll start with Risk, and these are the types of risks we can detect and mitigate. There’s an option for “Task adherence” that I’ll choose. This guardrail checks any tool call made by the agent to ensure it’s used appropriately to “adhere” to the task.

-Now, I just need hit Submit to activate this guardrail. And the TaskCompletion issue should now be fixed. In fact, here I’ve run another evaluation, and we can see that TaskCompletion is now green and everything meets our overall quality goals. With that, my agent is ready for broader use. And while I focused today on a single agent and using Foundry controls to test it, expose vulnerabilities, and make it better, Foundry also provides fleet-wide performance visibility across all agents and enables centrally applied and enforced policies and configurations to keep agents compliant.

-To find out more and get started with these and other controls, you’ll find everything you need in Microsoft Foundry at ai.azure.com. Subscribe to Mechanics for the latest tech updates, and thanks for watching.

Microsoft Entra Tenant Governance | Find Configuration Drift

Zachary-Cavanell — Wed, 27 May 2026 18:03:51 GMT

Capture configuration as code across 200+ resource types in Entra, Intune, Exchange, Teams, Defender, and Purview. Turn that snapshot into a Monitor. It scans for drift every six hours and flags every policy change.

Extend control to the tenants you don’t fully see today. Entra Tenant Governance surfaces them automatically through B2B, multi-tenant app, and billing signals. Request governance with role-based templates. Complete the secure approval handshake in the Entra admin center, then administer the governed tenant from a single browser using the roles forged in that handshake.

Jeff Staiman, Microsoft Entra Principal Product Manager, shares how to bring every tenant under one governance model.

More than 200 resource types. One baseline.

Configuration Snapshots in Microsoft Entra Tenant Governance lock in your tenant config across Entra, Intune, Exchange, Teams, Defender, & Purview. Start here.

Every tenant connected to your org, surfaced.

Entra Tenant Governance assembles a live Related Tenants list from B2B traffic, multi-tenant app config, and Microsoft Commerce billing signals. Check it out.

Same browser, same login.

Entra Tenant Governance authenticates you through the role assignments from your governance handshake. See how it works.

QUICK LINKS:

00:00 — Prevent tenant configuration drift

00:57 — Create a configuration baseline

02:23 — Detect configuration drifts

03:08 — Identify related tenants to govern

04:05 — Governed tenants

05:01 — Incoming request

06:17 — Set up monitoring

07:40 — Wrap up

Link References

Get started at https://aka.ms/EntraTenantGovernance

Restrict tenant’s connections at https://aka.ms/TenantQuarantine

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-To protect your organization, you need to ensure that your tenant configuration doesn’t drift from your defined security and compliance requirements. This needs to include all the Microsoft Entra tenants that you manage, whether for end-user collaboration, development and testing, mergers and acquisitions, or regional teams, as well as all the unsanctioned tenants set up by your employees, such as for testing or for shadow IT. Even a single configuration drift in one of your tenants can introduce vulnerability to your environment, and that’s where Microsoft Entra Tenant Governance comes in, to define configuration baselines as code in order to monitor configuration drift, to automatically find related tenants with existing B2B, billing, or multi-tenant app relationships, to request the permissions you need, to govern the tenants where you need visibility and control, and once approved by the related tenant admin, to monitor those configuration baselines in your governed tenants to detect drift from your desired state anywhere. Let’s start by creating a configuration baseline for our main tenant, Contoso Inc, to monitor for configuration drift.

-In the Microsoft Entra Admin Center, you can find Tenant governance under Entra ID. This tenant has several conditional access policies and cross-tenant access policies, as well as device compliance policies. We’ve already given the service permissions to read all the policies in this tenant, and that’s going to be required to run the snapshot process, and will be needed later to monitor for configuration drift. I’m going to give you a first look at the new configuration snapshots page, where you can capture the configuration of your existing tenant settings to detect drift or to use as a baseline for other tenants. I’ll create a new snapshot. I’ll begin by giving it a name, Contoso core compliance, and a description, Contoso core compliance May 2026. Then I select the resource types that I want to snapshot. You can use more than 200 resource types to monitor configuration across Entra, Intune, Exchange, Teams, Defender and Purview.

-First, I’ll select conditional access policies, then cross-tenant access policies, and external identity policies in Entra. Then in Intune, I’ll search for device compliance and I’ll choose iOS and Windows. I can review the resource permissions and expand out. Then I just need to confirm by clicking Create Snapshot. That’ll take a moment to query and write the configuration settings. Once it’s completed, I can click into it to view the details, and in the Configuration baseline tab, I can access adjacent representation of all the configuration settings.

-Now I want to set up monitoring so that I can automatically detect any configuration drift in any of these policies in my tenant that happens in the future. I can easily set this up by creating a monitor from this snapshot. In settings, it pre-populated the name and description. The monitors also pre-populate with the settings that were captured in the snapshot. We see that all the required permissions are in place. Monitoring a resource uses the same permissions as snapshotting it, so this is as expected. Now I can confirm and hit Create Monitor. It’ll run on a scheduled interval, currently every six hours. After the monitor has completed one or more runs in your tenant, you can check it for configuration drift. With our first run complete, I can check if there were any configuration drifts, and as you’d expect, everything looks good. No drifts.

-Now that I know I can keep the configuration of my main tenant healthy, let’s see how to identify other related tenants that I also need to govern. I’m still signed in as the admin for our main Contoso Inc tenant, and I’ll start from the related tenants list. It shows all tenants connected to my organization, including shadow tenants and external partner tenants. The list is automatically created and kept up to date by Entra’s tenant discovery signals, which look at B2B usage, multi-tenant app configuration, and Microsoft commerce billing. I see the Contoso 1 tenant in the list, which gets my attention since it has the Contoso name in it. I click on Contoso 1 to see the details. If I click into it and then I look at discovery signals, it shows B2B registration, B2B sign-in, admin app sign-ins, and multi-tenant apps, as well as billing relationships that were detected. I can get more detailed information in the Discovery Signals tab, where I can click to see the number of sign-ins for B2B and for admin apps. And in billing, it looks like our primary tenant is already paying for this one.

-Now let me show you how to establish governance over a related tenant. This is clearly a tenant that we need to govern, so I’ll close this view and I’ll move over to the Governed tenants view. Here you can see that I already have one governed tenant, Fabrikam, but not the Contoso 1 tenant. Let’s add it. So I click Request to govern. In the list of tenants, I can see the Contoso 1 tenant, and I’ll select it.

-To speed up the process, I’ve already created a few governance policy templates to define the access that my primary tenant needs over different types of governed tenants. Next, because this looks like a dev test tenant, I’ll choose the DevOps governance policy template, where I’ll request the global reader, security admin, and tenant governance admin rules. Templates are extensible to use your own multi-tenant resource management apps. This one contains the MegaMonitor app, which is a custom app that Contoso has written to monitor resources and govern tenants. From there, I just need to review and hit Create. The request gets sent via email. Now with the invitation sent, I’ll switch over to the perspective of the Contoso 1 tenant admin, who receives the incoming request. The email is sent from a Microsoft Security account in the microsoft.com domain and contains the details for the tenant governance request.

-For security, the request can’t be approved within the email directly. It needs to be approved in the Entra Admin Center. There’s a link in the email which takes you to the tenant governance relationship tab for pending requests. I see the request on the top of the list, and I click the request to see additional details. As I showed from the requester point of view, it contains the request for three roles: global reader, security admin, and tenant governance admin, and a request for that multi-tenant app called MegaMonitor to have permission to read audit logs and policies.

-From there, I can choose to accept or reject the request, and I’ll accept it. If the other tenant’s admin doesn’t approve your request, you can restrict their tenant’s connections to your primary tenant by blocking apps, preventing B2B access, stopping bill payment, or applying network blocks. To learn how, check out our documentation at aka.ms/TenantQuarantine. Once the request is accepted, the handshake between the tenants is complete and you can govern that other tenant.

-Now let’s switch back to the primary tenant admin’s point of view. Here I can see that the governance request was accepted and the governance status is now active.

-Now I can set up monitoring for that tenant to ensure that the conditional access policies and other policies meet Contoso Inc’s requirements. I need to create that new monitor while logged in as an admin in the newly governed tenant, and the good news is you don’t need to switch browser profiles or authentication contexts to do this. I copy the tenant ID from the Governed tenants page. Then I type entra.microsoft.com/ and I paste in the tenant ID from my clipboard. This signs me into the Entra Admin Center in the context of the governed tenant, Contoso 1. The authentication and authorization works using the Entra role assignment set up with a governance relationship, so there’s no need for a B2B account. You can see the authentication context in the user account area in the upper right corner of the admin center.

-Now I can go to the Tenant governance page. I navigate over to Monitors to create a new one. I start by giving it a name and description, and then I need to put in the configuration baseline for the monitor in Contoso 1. For that, I can go back to my primary tenant and go to my baseline and copy it. Now I’ll go back into the governed tenant and paste it in there.

-Next, there are the application permissions I showed before. A monitoring service in the Contoso 1 tenant needs the same permissions that it needed in the Contoso Inc tenant. To save time, I’ve added these read permissions in advance. Now all I need to do is review and hit Create. The monitoring service will run four times per day, and you’ll be able to review monitoring results from the governed tenant.

-And so that’s how tenant governance lets you keep all of your tenants securely configured on an ongoing basis, including related tenants that you don’t even know about today. To find out more and get started, check out aka.ms/EntraTenantGovernance. Keep watching Microsoft Mechanics for the latest tech updates, and thanks for watching.

Microsoft Excel Beginners Tutorial (2026)

Zachary-Cavanell — Tue, 19 May 2026 16:18:33 GMT

If you’re new to and getting started with Excel or coming from another app, in this video we teach the basics of Excel, the user interface, core concepts, and how to work with basic data. We’ll show you how to build a full Excel workbook from scratch using natural language prompts with Copilot. Format cells, write formulas, and analyze a year of data. Generate sample data, calculate totals, apply conditional formatting, and pin down outliers across columns and rows, all from your browser at excel.new. Share the workbook by name, group, or email and co-author with teammates across web, desktop, and phone. Every edit syncs to OneDrive in real time.

Jeremy Chapman, Microsoft 365 Director, shares how to go from blank workbook to analyzed, shared spreadsheet in one sitting.

A full data set with only one prompt.

Copilot in Excel builds categories, columns, and currency-formatted cells from a natural language prompt. Try it now.

Skip the formula syntax.

Copilot inserts row and column totals from natural language prompts and exposes the underlying SUM logic so you can verify the math. See how it works.

Pull reasoning out of your spreadsheet.

Copilot in Excel surfaces the highest- and lowest-cost months and explains the drivers behind each. Try it in Excel.

QUICK LINKS:

00:00 — Excel Essentials

00:57 — Start from a blank workbook

02:11 — Core terms and concepts

04:25 — Generate Sample Data with Copilot

06:16 — How to work with the numbers

09:35 — Copilot Writes Your SUM Formulas

09:57 — Conditional Formatting from a Prompt

10:40 — Outlier Analysis with Reasoning

11:36 — Real-Time Co-Authoring in OneDrive

12:22 — Wrap up

Link References

Check it out at https://microsoft.com/excel

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Microsoft Excel can help you organize information, perform calculations, and discover patterns in your data all in one place, and you can get to it on your PC, your Mac, your phone, or on the web. I’m Jeremy Chapman, and I’ve been part of the product team responsible for Office at Microsoft since 2012. And today, I’ll walk you through the essentials of Excel and how to use it. So first, if you have a Microsoft account, like outlook.com, OneDrive, or Xbox, or if you use Microsoft 365 at work, you can use Excel on the web, in your browser, and you can get to Excel by navigating to excel.new. And by the way, if you have the Excel app installed, you can open that on your computer or your phone and follow along. When you’re signed into your work or personal Microsoft account, Excel saves your files to OneDrive, so you can easily find them and pull them up on other devices later.

-So for today, I’ll keep things simple. So I’ll start with a blank workbook Using Excel on the web. Wherever you use Excel, it’s designed to be a consistent experience on large screen devices, so you can follow along if you’re using the local app on Windows or on a Mac. And Excel is designed to organize any kind of information, numbers, dates, texts, and more. In the main view, you can see that I have columns and rows all ready to enter data. In most cases, there’s a one-time step to create what’s called a workbook in Excel, which I have one open here. Now this is where you’ll use and create a blank workbook, or you can choose from dozens of different templates that are filled in with sample data and formatting to get you started. At that point, you can enter your data, your headers, and start formatting your cells.

-Now if you have existing data in a table in another app, you can open it with Excel or just paste in the contents to start working with it. On top, Excel has what’s called the ribbon, with groups of controls presented as tabs that you can use. Within each tab, there are smaller groups of controls, like you can see here with the fonts, alignment, and number. Now let me define a few core names and concepts that you’ll use when you work with Excel in this workbook to manage data. So each field or rectangle that you can see here as I’m highlighting them, these are called cells. Then you have columns, and those are the vertical lines of cells, and those are represented with letters on top.

-Next you have rows, and those are the horizontal lines, and those are represented by numbers. For example, the upper left cell is called A1, A for the column name and 1 for the row name. Now a block of multiple connected cells is called a range. So here, for example, I’ve selected range A1 to D4. Right now I’m in a sheet called Sheet1, and you can see in the lower left corner, I can add more sheets, like I’ll do now, and then I can move between multiple sheets and reference data across them as well. But I won’t do that today.

-So now I’m going to go ahead and go back to Sheet1. And if you right-click and go to Format Cells, you’ll find options for things like number formats, for example, currency, date, time, and percentage. And on the Home tab, the font group is another place to change these settings, as well as Fill, which lets you change the background color for cells, columns, or rows. I’m going to add some text in this cell as a title for what I want to create today, a monthly expense tracker. Now this text looks like it’s spilling into cell B1, but it’s actually just in cell A1. So I can widen or narrow the columns as much as I want. And if I want this title to span several columns, like in my case, I know that I’m going to need 12 months. So I’ll go ahead and select rows M1 all the way back to A1. Then in the alignment group, I’ll choose the Merge & Center option right here, and that makes my 13 cells into one with the text centered.

-So now, in the font group, I can choose the fill color that I want. So in my case, I’ll pick blue. Then for the font color, I’d like to choose something contrasting. So I’ll choose white in my case. And by using these formatting options, you can make things a lot easier to understand as you work with your data. But we still need some content, so let’s add some. So for that, I can use AI with Copilot to generate sample data. So I’m going to go ahead and pull up Copilot and type, “Generate monthly personal finance data for one year with months for columns and expense categories as rows, including sample data. Do not add columns or rows with totals.”

-Now I added that last sentence because I want to show you how to calculate totals yourself in a moment. The Copilot is part of Excel on the web and in the desktop and mobile apps if you’re using Microsoft 365 Personal or a work or school account. And you’ll see, once it’s finished, that Copilot generated a Category column and several month columns, as well as multiple rows with different expense types all filled in with the sample data that I asked for. Now notice that it also formatted the row 2 and column A using formatting options that I mentioned before. And each cell in the middle is also formatted as a currency number with a dollar sign.

-So I want to add a row here, in my case, for car payment. And you’ll see that it doesn’t match the others yet, and I’ll fix that in a second. Now I’ll add an amount for January, 300. And since this is the same amount every month, I can just select the cell. Then using this square in the lower right corner, I can just drag across the other months, and each, in this case, will have the same number, 300. Let’s fix our formatting. Now, to make the dollar amounts match the cells above, I’ll select this one above my new row, then click on the Format painter, this paintbrush icon here, then I’ll select my new cells. And now they all match. Now I can do the same thing for my Car Payment label in cell A16.

-So now I have some formatted data to work with and I can show you how to work with those numbers. I’ll use the Formulas ribbon where you’ll see the most common options to analyze data. For example, if I select all the cells with numbers in column B, then I go up and click on AutoSum, it adds all of the numbers in that column. In fact, now if I click on that cell in the formula bar, I can see a simple formula. Now these start with an equal sign, in my case, SUM as the function itself. Then I have an open parentheses with my range, in my case, B3 to B16, and close parentheses for what I want to calculate. Now that was an example of a very simple formula. Like I did before with the numbers, I can even drag formulas into blank cells.

-So I’ll go ahead and grab this one again by the lower right corner square and drag it across all of my columns. So that now has copied the original formula from the B column and duplicated it for each of the other columns. But as I click into each one, notice something that just happened, I have the column letters B all the way through M to each corresponding formula. That makes each sum specific to each of these column months. Likewise, I can select and drag entire columns into blank areas to fill in that data too. And because Excel detected a series of month names in row 2, it even filled in Jan as the new month name for the new cells that I added. Now let’s try another basic formula. For that, I’m going to select all the numbers above the totals row in column B.

-Now I’m going to choose Average, and that adds a cell with the average across the entire range that I just selected. So now I want to clean up a few cells. And when you go to delete data, you’ll need to know a few different options. So first, I’ll select the month cells that I just added. And if I just hit the Delete key, it leaves the formatting in those columns, like this blue cell here. This is also called clearing content. I’ll use the Control key + Z simultaneously to bring that content back and undo changes. Now I’m going to go ahead and select the same cells. And when I right-click, you’ll see that there are options to Insert or Delete along with Clear Contents like I just did using the Delete key.

-So this time, I’ll choose Delete, and then I have options to delete a column or shift cells left or up. In my case, deleting column N and shifting cells left will clear the contents and formatting. I’ll choose Shift cells left. So now I’ll clear the contents of rows 17 and 18 with my sums and the average to get my content data ready for other ways to analyze it. And there are hundreds of formula options in Excel. In fact, if I expand Financial functions, there are dozens related to accounting and finance. and hovering over each explains how they are used. And in math and trig, for example, there are dozens more that may look familiar if you’ve ever used a scientific calculator. And here I’m just scratching the surface. Those are just a few highlights of the functions that you can use.

-But what if you know how to describe what you want but don’t know the function for it? And that’s another area where Copilot helps you get started. So this time, I’ll use Copilot to calculate the totals. I’ll type, “Add a row and column with totals for each month in category.” And Copilot adds the totals by month and even a new column with the totals per category. Copilot will also help with cell formatting. So if I add, “Make the cells you just added with formulas white and bold text in black,” in my prompt, Copilot then reformats those cells too. And you can also add colors to each cell to easily spot differences across these numbers using something called conditional formatting, which is something else that Copilot can help with. I’ll type, “Add conditional formatting in each row to highlight low and high numbers.”

-And now we can see where the numbers are the lowest and the highest compared to the others in the same expense category for each month. So you just need to describe what you want and Copilot will do the rest. Now let’s go ahead and move on to deeper analysis of our data. With conditional formatting applied, it’s easier to see each month and how it varies in costs across our different categories. So let’s find some outliers. So I’ll ask Copilot, “What months have the highest expenses and why?” And Copilot analyzes the information and finds the months with the highest expenses.

-Then for each, it explains why with the most likely reasons. In this case, December is my highest, and that’s likely due to holiday spending and seasonality. July is the next highest, likely due to air conditioning for utilities costs and the rest of the summer activities that were happening in July. Then August was third highest, also with more travel, AC costs, and dining out. The key insights here summarize what Copilot found with reasoning for increases and decreases along with the lowest months as well. And one more core component that I’ll touch on today is how Excel lets you edit workbooks simultaneously with others.

-As I mentioned in the beginning, when you’re using Excel, signed in with a Microsoft account, or using Microsoft 365 at work or at school, it stores your files in OneDrive by default. Now, it also means that when you share an Excel workbook with other people using their name, group, or email, I’ll add Adele here, for example, and hit Send. Then they will be able to open the Excel workbook on their computer or phone and simultaneously edit it with you. And while you co-author with other people as changes are made, like with Adele here, changing the amounts for dining out and entertainment in January, they are saved to the same file.

-So those are the basic concepts to navigate Excel, format data, analyze it, and work with others using sharing. And I showed you how Copilot AI can help you as you get started. To learn more, check out microsoft.com/excel. And be sure to subscribe to Microsoft Mechanics for the latest updates, and thanks for watching.

Work IQ | Data, Context, Skills & Tools for Copilot and Your Agents

Zachary-Cavanell — Thu, 14 May 2026 12:00:00 GMT

Pull context from SharePoint, OneDrive, Teams, email, and meetings — all through Work IQ. Draft Word documents that carry your existing sensitivity labels, and resolve calendar conflicts in Outlook. Run multi-step Copilot Cowork workflows that generate files, schedule meetings, and send status updates from a single prompt.

Extend the same knowledge layer to ServiceNow, CRMs, and other non-Microsoft systems with API and MCP Server connectors in the Microsoft 365 admin center, or build your own agents in code against the Work IQ API.

Jeremy Chapman, Microsoft 365 Director, shares how data, context, and skills & tools combine into a single grounding layer for Copilot and your custom agents.

Skip the manual prompt scaffolding.

Work IQ delivers data, context, skills & tools as the built-in knowledge layer behind Microsoft 365 Copilot and agents. See how it grounds every response.

Kick off Copilot Cowork with one prompt.

Generate a briefing doc, customer presentation, and Excel forecast in parallel. Queue up meeting scheduling and email drafts while it works. See how it runs.

Your agent. Your code. Work IQ’s grounding.

Integrate Work IQ data, MCP servers, plugins, and skills into custom agents via the Work IQ API. Start here.

QUICK LINKS:

00:00 — Work IQ Knowledge Layer

01:32 — Copilot Chat experiences

02:16 — Work IQ in your apps

03:03 — Auto-Applied Sensitivity Labels

04:20 — Copilot Cowork Agentic Workflow

06:11 — Admin Center Connectors

07:21 — Work IQ API for Developers

08:50 — Wrap up

Link References

Check out the latest updates at https://aka.ms/WorkIQ

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Imagine AI that understands your individual work context without you having to author long, detailed prompts, manually upload reference content, or query and add business data. That’s what Work IQ is all about. Today, I’ll explain what Work IQ is, how it works, and show you what it can do. So, Work IQ is the brain behind Microsoft 365 Copilot and agents. It’s a built-in knowledge layer that comprises data, with secure access to your unstructured work data across SharePoint, emails, Teams chats and meetings, as well as your structured business data in Dynamics 365 and Power Apps. And you can extend Work IQ data even further to securely interact with external systems using Copilot and Power Platform connectors.

-Then context adds semantic understanding of your business data and relationships, like who you work with, work patterns, like projects important to you. This context also includes personalization in Copilot, consisting of the instructions you provide to format its responses, as well as saved memories comprising personal interests and important facts that Copilot retains from chat.

-And finally, skills and tools as actions that AI can take with specialized capabilities like generating different files, workflow automation for business processes, scheduling relevant meetings, and more. Together, all of these elements are added to your prompts and subsequent reasoning steps performed to generate more relevant responses and outputs. If you’re using other AI tools today, these are things that you would need to bring in manually, sometimes moving files from policy-protected locations to services without your security controls or visibility, so let me show you a few examples of how this works, starting with a few that use data and context.

-So, I’m in Copilot Chat and want to follow up on a recent project discussion, so I’m going to I’ll prompt it, “What did Daichi say about the solar promo timelines earlier this week?” Even though this is a vague statement and could be information in email, Teams, or a recent meeting, Work IQ finds the conversation and its details, then presents those to me. It also finds a related meeting series in my calendar that Daichi scheduled on the topic. And these Work IQ experiences are also available in your apps, like Outlook or other Microsoft 365 apps.

-In this case, my calendar is packed with meetings and I’m double-booked in three different time slots. From Outlook, I can ask Copilot to recommend how to resolve conflicts on my calendar for May 12. Copilot, using information from Work IQ, analyzes my schedule, along with my priorities and past meeting patterns. It finds the three timing conflicts on top. Then for each conflict, it reasons over the adjacent meetings, my role, and work patterns to create detailed recommendations for each conflict time. Below that in the summary, it suggests which meetings to reschedule, who to notify, and some actions to take. And Work IQ can help as you write or edit your files in apps like Word.

-So, here, I want to to write a summary for a project, and as you can see, there are no project details in this document. It’s just a blank page. So I’ll open Copilot and I’ll prompt it to draft an executive summary about our expansion strategy that highlights our products, the market for outdoor gear, our unique position, and go-to-market strategy. Copilot, together with Work IQ, finds and pulls in data from relevant project files in SharePoint and OneDrive, recent updates from meetings, and relevant emails and Teams conversations. You can see that it automatically applied a sensitivity label based on my existing information protection policies.

-Then it generates a detailed summary using all of the data and context that it found, and assembles a fully formatted Word document with specific details about our connected outdoor products, the market opportunity, go-to-market strategy, and our expansion plan with details for carrying it out. As you saw, I didn’t need to author a super long detailed prompt with the project details and have to upload any content or even directly reference files using links. It automatically retrieved relevant content that was aligned with my access permissions as well as my company’s data security policies.

-Now let me show you an example using intelligent skills and tools. In this case, I need to prepare for a customer meeting where I need to have several files generated, internal briefing document, a customer presentation, and data insights in a spreadsheet. So, for that, I’ll use Copilot Cowork. I’m going to paste in my prompt where I’m asking it to create those files. Now, I’ll kick off the process. And now it’s using Work IQ data, context, skills, and tools to find relevant data and information and then generate the files I want.

-Now, this process can run several minutes, so I’ll speed things up a little to save time. As it works, I can even request more tasks while it’s running using other skills and tools. Here, I ask it to schedule prep time with people on my team and send an email status update to the account team. As it continues working, it checks and finds a mutually open time on our schedules, and it proposes a meeting with participants with all of the details filled in. I can create it right from here. Then it uses another skill to author an email to my contact on the account team that I can even edit right from here. Once everything’s done, you’ll see that it’s created a Zava client presentation, a customer briefing doc, and a customer overview Excel file. I’ll open the briefing document first, and it has everything relevant to the meeting and uses our standard briefing template.

-Now, I’ll open the presentation it generated. It explains our work at a glance with key metrics from Work IQ and referenced files, as well as revenue and growth highlights. Now, if I move on to the generated Excel file and open that, it’s laid out year-over-year performance and used that to generate forecasts for this year And you can see the growth trends and more, all from the data it discovered via Work IQ. And like I mentioned, the data can be securely extended to systems from non-Microsoft services using connectors, allowing you to pull in other information like your online CRM systems, content management, databases, ticketing system, and more.

-Now, these can be added and configured under Copilot Connectors in the Microsoft 365 admin center. The gallery lets you select from dozens of pre-built connectors or you can create your own. And these can be API-based or MCP server-based. API connections are indexed for read operations and MCP servers are not indexed and support read and write. To add one, like this API-backed connector for ServiceNow Knowledge, you’ll set up the REST API endpoint, provide its namespace and URL to your instance. And since I already have a few MCP server connectors configured, I’ll cancel out of this view and then go to my connections to show you those. Now, here, you can see all of the MCP connections that I have configured in my tenant for things like financial apps, creative suites, collaboration services, and more.

-Once connected, these in turn can be accessed via Work IQ by Copilot or your agents. In fact, as a developer, if you are building agents, you can integrate Work IQ into your code with connections using the Work IQ API. Here, I’m using the GitHub CLI. It’s connected to Work IQ and using its underlying MCP servers, plugins, and skills. I have my prompt already entered to find a conversation with Ben and Darrel asking about the availability of an MCP server from the claims team. Now, I want this agent to build another agent based on our discussed feature requests, so I’m going to kick it off. And you can see that it reasons immediately and looks for the conversation to find the features that it needs.

-So, after it’s found that, it lists out the features and connects to the insurance claims MCP server and looks at its available tooling. Then it starts to build the scaffolding files for the new agent as JSON and text files. And then deploys a local instance of the agent to test out with a link, so I’ll open that and run a prompt to stack-rank my open claims by age so I can clear the backlog. Then the agent builds a nice claims dashboard with a tiled view of each stack ranked claim. And below that, it even summarizes my priorities so that I can easily focus on what’s important and work through the list.

-So, even as you develop new agents or work in other solutions, you can use the data, context, skills, and tools from Work IQ to power those experiences and save time. Work IQ works with Copilot and your agents to deliver personalized, accurate, and grounded outputs based on your real work data, context, and specialized skills and tools.

-To learn more, check out the latest updates at aka.ms/WorkIQ. Keep watching Microsoft Mechanics for latest deep dives about AI and what makes it work. And thanks for watching.

Azure Arc | On-prem + Multi-cloud Management

Zachary-Cavanell — Wed, 13 May 2026 14:32:38 GMT

In this video, we explore how Azure Arc simplifies hybrid and multi-cloud operations by providing a single, consistent control plane for managing your entire infrastructure across Linux and Windows, on-prem, in Azure, or in any cloud.

Once connected, you can patch Windows and Linux together with Azure Update Manager, enforce CIS benchmarks and Azure Security Baselines through Azure Policy, and pull consistent inventory, tags, and RBAC across your whole estate.

Auto-recover unbootable Windows Server 2025 machines with Quick Machine Recovery, audit and configure WinRE using built-in Azure Policy. Run your virtual machines as Azure Virtual Desktop session hosts on Nutanix, VMware, Hyper-V, or using physical Windows hardware.

Satya Vel, Azure Arc Principal Group PDM Manager, shares how to make Azure your operational standard for every workload, anywhere it runs.

Learn more about Azure Arc at https://aka.ms/AzureArcServer, or join the community at https://aka.ms/ArcServerForumSignup

Organize, filter, & manage inventory at scale.

Centralize visibility into servers, VMs, and Kubernetes clusters across on‑prem, AWS, GCP, and Azure from a single control plane. Check out Azure Arc.

Policy-as-code, everywhere your servers run.

Azure Arc extends Azure Policy to on-prem, AWS, and GCP resources — pre-built CIS and security baselines included. Try it.

AVD, off-Azure.

Azure Virtual Desktop for hybrid environments turns any Azure Arc-enabled Windows VM or physical server into a session host. Get started.

QUICK LINKS:

00:00 — Azure Arc in hybrid environments

00:46 — Transitioning to Azure Arc

02:35 — Unified management

03:43 — How to bring in servers and containers

04:48 — Inventory management

05:30 — Patching

06:48 — Auto-manage future updates

08:25 — One-time update

09:32 — Configuration in a hybrid environment

11:05 — Auditing Windows machines

11:34 — Microsoft Defender for Cloud

13:06 — Desktop virtualization

13:51 — Wrap up

Link References

For more information go to https://aka.ms/AzureArc

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- If you’re managing servers and containers today, you’re probably operating across on-prem multiple clouds and using different tools for each. Azure Arc changes that by providing a single way to manage servers, Kubernetes, and containers across Linux and Windows, on-prem, in any cloud, and at the edge. Since launching in 2019, Azure Arc has gained strong momentum, enabling consistent patching, configuration, compliance, and advanced resilience features like remote recovery even for machines that cannot boot and more. And to explore how Azure Arc works in real hybrid environments, I’m joined by our resident management expert, Satya Vel. Welcome.

- Hi, Jeremy. It’s great to be on the show. It’s been a while.

- Yeah, it has been a while. Thanks for joining us today. And why don’t we jump right into this? So if I’m coming from maybe a traditional server management background using things like Ansible, VMware vSphere, maybe System Center, what does it take then to transition to Azure Arc, and why would I do it and is it worth the effort?

- That’s a fair question. Those are all proven powerful tools. That said, it’s challenging moving between multiple tools to manage what you have. What we are seeing today is more of a people and process change. Most enterprises are now hybrid by default, on-prem, multi-cloud, multiple operating systems managed by a central operations team. And what those teams want most is consistency. Azure extends its management capabilities to servers and Kubernetes clusters wherever they run using Azure Arc. That’s where the value of cloud native innovation shows up, beyond basic monitoring of servers and clusters, like the health and status of each resource. With Azure Arc, you can collect richer operational and security data and query it at a massive scale. All these are now actionable insights. You can use them to improve your security posture to close vulnerabilities faster. They’ll let you more easily fix compliance drift to realign resources with your policies and maintain day-to-day operations. This includes modern patching, all applied across your multi-cloud and hybrid estate. And finally, Azure Arc centralizes governance by bringing consistent tags for grouping along with unified identity and access management using RBAC for connected resources. That way everything is controlled the same way regardless of where it runs from a single control plane without duplication or drift. So to answer your earlier question, it is totally worth it, and Azure Arc is really the glue that brings it all together.

- Okay, so why don’t we make this real for everyone watching? Can you show us the unified management experience and what that looks like with Azure Arc?

- Sure thing, and that’s the best part. In fact here I’m managing my on-prem and multi-cloud environment using Azure services enabled by Azure Arc. Notice I have everything from a Windows server to Kubernetes clusters running on AWS, different Linux distros. There’s even a Windows client Desktop VM and more. All right here. And I can drill into any of these items to see its specs as well as what’s configured. I can take a look at whether it’s compliant with my configuration policies. For example, this test resource has a few non-compliant policies that I might want to take a look into. And the great thing is everything is in one spot. I don’t need to move between consoles to see everything. Once these resources are enrolled, everything is automated and rule-based. I can look for servers and workloads as they are provisioned or updated, and monitor them 24/7. Then based on the configuration status it finds, it can take actions and get items into a compliant state.

- Okay, so we’re going to get to what the management experiences look like in a minute, but let’s go back a step. So what happens if I’ve got infrastructure and I want to bring that into Azure Arc? What does that experience look?

- This process is super straightforward and simple. Let me show you. You can bring servers and containers running in any cloud on-premises and on any hypervisor under management with Azure Arc. To onboard resources to Azure Arc, we have a few different methods. The any environment option is the most flexible, where you can use scripts for Linux and Windows, or an installer. This is a lightweight agent that you can install on your Linux and Windows servers. You can use your preferred deployment method to run the scripts on your servers and clusters, like this one for Linux, which downloads the agent, installs it and connects it to Azure Arc. And if you have existing tools like Ansible Automation Controller, formerly known as Ansible Tower, we have published a playbook that makes it super simple to onboard your machines. And this playbook is published in the Ansible Galaxy, which is the official community hub.

- Okay, so now we’ve got everything in. Now moving into the next thing that people manage a lot every day, inventory. So how does Azure Arc change that?

- So I briefly showed the different locations and platforms that could run under Azure Arc. But there’s more to it. All my servers and clusters are in one view. It spans on-prem as I search for Azure Local, then I’ll filter for AWS as well as GCP services. And I can see Azure VMs plus my on-prem servers listed together with a consistent tagging and status information. I define everything based on their location and platforms in Azure, so it’s super easy to see where everything is running, and there’s less chance that any infrastructure falls through the cracks.

- Beyond inventory management, something else that we do every day is patch management. So can Azure ARC handle patch management for servers and infrastructure outside of Azure?

- Absolutely. This is an area where Azure Arc can help a lot. Today, patching often means different tools for different environments: WSUS or SCCM for Windows, scripts for Linux, or separate crowd portals. And with Azure Arc, this all happens consistently from one place. You can see Azure Update Manager, which I have opened here. Each server has an update status indicating if it’s got pending updates or not. Azure Update Manager continuously assesses the update compliance of your managed servers on a schedule. And you can manually trigger assessments by selecting resources and hitting check for updates. Now, you can see I have both Linux and Windows machines missing updates, and even though these are different OS types, I can update them together with just a few clicks if I want. But before I do that, notice this on-prem Windows Server 2016 machine that needs to be updated. Here, a benefit of managing your Windows and SQL Server infrastructure on Azure is that the service offers extended security updates so you can run them longer in support without disruption to business critical applications. Let’s get back to updating these machines. The nice thing is that you only have to set the right policy and logic one time to manage updates automatically in the future. To save a little time, I’ll select every machine. From here, I can schedule updates for these resources where first I’ll fill in the basics for my subscription and resource group. Then the instance details like the configuration name and the region. The maintenance scope using the guest option lets me target my resources. Then under schedule, I can select the start date as well as the time, how many hours and minutes I want the maintenance window to be, the frequency of repeats in hours, days, weeks, or months. Then in the resources tab, if I want to add more servers, I can group everything I want in the same maintenance schedule. Likewise, you’d use this grouping for staggered rollouts. Importantly, using dynamic scopes, I can also make sure that any new resources are targeted as they come online based on defined filters like the resource groups they’re in, the resource types, locations, operating systems or tags. In updates, I can target the type of updates I want, for example, only critical and security updates. Finally, I can add pre and post events to run before and after the update, like redirecting an app to an informational page saying that the resource is being serviced and when it’ll be back online. Of course, I can tag this as well. And then I just need to review and click create.

- And the favorite thing I just saw there was the dynamic scoping that you can apply as a set it and forget it setting basically. So what happens though, if I’ve got an update that’s really critical that I need to push out immediately, can I do that?

- Not a problem. You can do that as well. For that, you’ll select one or more resources and choose one time updates so that it gets applied immediately. I just need to confirm the machines, then choose the update type or any exclusions that I want to define. I’ll keep everything in scope here. Then in properties I can determine the reboot behavior I want and maximum maintenance window time in minutes. From there, I can review and install. That will push the update to my selected servers, whether they are in the cloud or on-premise, so it’s one place to get resources into update compliance. And in case you want to stagger updates over a longer period of time for large patch management jobs, you can orchestrate updates using groups.

- So the main thing is here you control the timing, like only patching during off hours and approvals and you get to decide which updates to apply, so it’s super flexible. Now, software updates are one type of configuration management, but what other types of configurations can you manage here?

- Configuration management in hybrid environments is complex. You traditionally use group policy, desired state configuration or scripts for Windows, and then separate tools like Ansible, remote scripting or manual commands of SSH for Linux. All this can be done centrally from Azure Arc. It extends Azure policy to any resource. And you can use Microsoft provided built-in policy baselines covering common security requirements. For example, the security baseline contains best practices and controls that we’ve defined for cloud services running on Linux and Windows. And above that, you can also see CIS Benchmark policy, which is an internationally recognized standard spanning OS platforms used to protect against cyber attacks. I’ll apply this baseline, then I’ll choose the Red Hat Enterprise Linux 9 Benchmark. And searching across 300 CIS Benchmark policies, I’ll look for passwords. And there are 24 policies defined. And then for Firewall, you can see four more. And these are just a few examples that are pre-configured. So once you assign these to your resources, Azure continuously monitors each machine for compliance. So you can use policy as code across your entire state with Azure policy controls that automatically stay current as standards like CIS evolve. We also recently added the ability to audit and enable WinRE through Azure Arc, improving recoverability even for machines that can’t boot. As you can see, there are a couple of new policies for auditing machines that do not have WinRE enabled and configuring WinRE on Windows machine. With quick machine recovery on Windows Server 2025, that also means for broader issues with known fixes, we’ll automatically recover machines that are not bootable.

- And that’s really a great resiliency option. But what about security, compliance, and configurations and assessments? Can we do something there?

- For that, you can use Microsoft Defender for Cloud. This lets you standardize security agents and settings across machines and containers wherever they run. In the Defender portal, you can see that the same way Azure Resources spanned Azure, AWS, GCP, and other environments, those same resources are visible here too. Defender continuously assesses connected resources for security posture. This includes what I showed before in the Security Baseline and CIS Benchmark. It detects threats in real time with associated security alerts and how they are trending. You get a complete breakdown by compute with your virtual machines and their associated risks. And the same is true for your connected containers running in Kubernetes. If I move over to cloud assets here you can see all the virtual machines, Kubernetes clusters that we saw in Azure Arc. And clicking into any of these, like this Ubuntu VM will show me all of its details. Scrolling down, I get a view of its risk factors. And below that, you’ll see that this one has 82 risk-based recommendations to improve its security.

- And one of the big upsides of Microsoft Defender is that shared visibility, so everything logs to the same place. So if you think about assumed breach, it means that you won’t have any blind spots then as attackers are moving laterally through your environment. So that means security teams, they see what you see. So why don’t we move on though to desktop virtualization. What can Azure Arc do to help me there?

- Sure, Azure Arc unlocks the ability to run Azure Virtual Desktop, or AVD, for short, outside of Azure so it can run on your own infrastructure, either via Azure Local or something new we recently announced: Azure Virtual Desktop for hybrid environments. This means any existing on-prem server can be configured as a AVD session host as long as it’s attached to Azure Arc. The management is in the VM layer using a management extension. It’s flexible, and Nutanix AHV, VMware vSphere, Hyper-V, or physical Windows Server can work. So with Azure Arc, you have full control over the entire infrastructure’s lifecycle from inventory, configuration management and policy enforcement all from one place. And the good news is that if you own Software Assurance, you can access services enabled by Azure Arc as part of your license for inventory, configuration, and update management.

- That was a great tour and update of Azure Arc. So thanks for joining us today, Satya. And if you want to learn more about Azure Arc and try it out for yourself, just go to aka.ms/AzureArc for more information. Or as an admin search for Arc, A-R-C, in the Azure Portal to get started. And keep watching Microsoft Mechanics for the latest updates. We’ll see you again soon.

Agent 365 | Your Security & Compliance Controls

Zachary-Cavanell — Wed, 13 May 2026 06:21:15 GMT

Block agent access to labeled files at runtime, stop sensitive data from leaving in agent-drafted emails, and catch agents that cross conduct lines using the same Microsoft Purview controls you already run for users. Map every risky agent action in Insider Risk Management, drill into Activity Explorer for interaction-level detail, and pull regulator-ready forensics from Purview Audit.

Shilpa Ranganathan, Microsoft Purview Partner Group Squad Leader, shares how IT and data security teams can govern agent behavior on a single Agent 365 control plane built into the Microsoft tools that you're already using today.

Block labeled files from agent access in real time.

No policy bypass, no data leak. See how it works using Microsoft Purview as part of Agent 365.

Same policies, now extended to agents.

Purview DLP catches sensitive content and blocks the send. Watch it in action.

Map the full chain of risky agent actions in one view.

Insider Risk Management in Purview sequences sensitive file access & DLP blocks. See how it works.

QUICK LINKS:

00:00 — Agent security, compliance, & IT

01:13 — IT & data security teams using Agent 365

02:22 — Visibility with Microsoft Purview

03:14 — End user perspective

04:05 — DLP on Agent-Initiated Messages

04:23 — Communication Compliance for Agent Behavior

04:50 — Data Security admin in the Purview portal

06:04 — Policy violations

06:39 — Purview Audit

07:06 — Microsoft 365 admin center

07:44 — Wrap up

Link References

Check out https://aka.ms/Agent365DataSecurity

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-How do you make sure agents don’t run unchecked across your environment? It starts with the right level of observability across security, compliance, and IT, insights that’s tailored to each team’s domain expertise, yet shared across teams, so issues can be identified early and addressed quickly when something goes wrong. This is where Agent 365 comes in to bring together security and IT teams so they can stay in control through a unified control plane, built to work with the Microsoft tools you already use.

-Whether you’re viewing agents along with their configurations and high-level activities in the Microsoft 365 Admin Center, understanding agent activities and protecting sensitive information with Microsoft Purview, managing agent identities and permissions to apps, data, and resources with Microsoft Entra, or investigating and responding to incidents in Microsoft Defender, Agent 365 provides a common source of truth for agent activity, enabling teams to assess and respond to risks from their own domain expertise using the tools and workflows they know best. Today is the first episode in a series where we go deeper on using Agent 365 across your organization, starting with protecting your sensitive data. For example, if data isn’t properly classified and protected, AI, which uses powerful semantic search, can quickly surface information that was once hard to find, leading to data loss.

-At the same time, it can potentially share it with the wrong people, and related other risks can escalate quickly. Microsoft Purview now extends the controls you have for users in your organization to agents so they stay aligned with your organization’s data security and compliance requirements. Let me show you how IT and data security teams can work together using Agent 365. Starting in Agent 365 in the Microsoft 365 Admin Center. As an IT admin, I can see a comprehensive list of agents in our organization. I can manage agent deployment requests to review the details for agent configurations and even leverage built-in security defaults for Agent 365 to quickly establish policy controls.

-That said, as agents are used inside of your organization, Microsoft Purview, as part of the Agent 365 control plane, provides more granular controls with deeper visibility over data security. This includes rich AI observability, protection, and compliance. Right from Microsoft Purview, I can see agents running in my organization with the same left-to-right agent visibility we saw in the Microsoft 365 Admin Center. From Data Security Posture Management, or DSPM, for short, I can find key agent metrics and what’s important for data security, like which agents are active and their risk levels, whether they’re interacting with sensitive data, in which ways, along with interaction trends. I can also see if their activities are protected with sufficient policy coverage.

-Let me show you an example of how this level of oversight and protection works, starting from the end user perspective. This is a custom, in-house-developed Zava supplier agent. It’s designed to review and summarize purchase orders for clients. Here, a member of the procurement team asks the agent to review a few linked purchase orders PDF files and check for delays and impacts. The reasoning agent gets to work almost immediately, providing a summary for the linked files. It then attempts to access a contract file to figure out the contractual impacts of any delays.

-Now, because the contract has a label that the agent is not allowed to process, it stops and says that it cannot access the information contained in that file. This is Microsoft Purview enforcing least-privilege access in real time. Next, our same user asks the agent to email the summary to an external supplier. The agent tries, but Purview spots sensitive data in the message. In fact, if we move to Outlook and open the message, we can see that our sensitive information policies have blocked the email from being sent. Back in Teams, we can see that the same user is attempting to use the agent to draft an email that promises an exclusive gift incentive to fast track the PO approval. The agent stops again. It recognizes the request crosses ethical and compliance lines and explains why to our user.

-Importantly, behind the scenes, Purview logs all activity as it happens and flags the interaction for review. In fact, let’s switch perspectives to the data security admin in the Purview portal after these activities have taken place. I’m back in DSPM under AI Observability with a view of my running agents. And on top of my list, Purview has flagged the supplier agent as high risk. Let’s drill into it. For that, I’m in insider risk management view for this activity. It maps out the sequence of events that our user and agent attempted to carry out, starting with sensitive file access in SharePoint, including the contract I mentioned.

-Then the DLP policy block, which stopped the email summary from being sent to the external supplier. And, finally, the unethical behavior block when a user attempted to offer a gift in exchange for faster contract approval. All these activities raise the risk level of the agent, and each action is clearly outlined. To get more detailed context about the agent’s behavior, I can view the activity timeline, which links me directly into Activity Explorer in DSPM to see other interactions with this agent. It looks like there’s a mix of benign activity at the bottom of the list, and the higher risk activities for our user are at the top. All prompts and responses are evaluated against compliance policies and classifiers, and any matches are surfaced using the same investigation and remediation workflows you already use today.

-In fact, you can find the details for agent policy violations across solutions in Microsoft Purview. For example, if your focus is on communication compliance, you can find the details for the agent interaction that was flagged as unethical. In this case, it matched the gifts and entertainment condition. And clicking in, you can see related matches for other sources too. And Purview Audit also captures every agent interaction, which you’ll find using an audit search.

-Here we’ve searched across agent interactions that occurred between February 1st and March 1st for our agent, and you can see the exportable details for each interaction, including IP, user, agent, record, and activity details. So when a regulator asks: “How did this happen?” You can trace it instantly using Purview Audit. Of course, with Agent 365 at the foundation, everything is connected and integrated across the control plane. So now as an IT admin working in the Microsoft 365 Admin Center, I can see the agents running in our environment filtered by high risk, and there’s our supplier agent. In its details, under Security and Compliance, I can see it has performed a few risky activities. This is all signal that has been pulled in from Microsoft Purview as part of Agent 365.

-From here, I can tune the agent configurations, including its permissions, or even block it all together from use. AI agents move fast, and without the right level of visibility and guardrails in place, they can easily access data they shouldn’t overshare, and even work against your company’s ethics. Agent 365 with Microsoft Purview keeps your agents in line, spots trouble before it happens, and makes sure that actions are recorded.

-To learn more, check out aka.ms/Agent365DataSecurity. In the next episode of the series, we’ll explore Agent 365 with Microsoft Defender to investigate and respond to security incidents involving agentic activity. Subscribe to Microsoft Mechanics if you haven’t already, and thanks for watching.

Operations Context for AI | Ontology in Fabric IQ

Zachary-Cavanell — Wed, 29 Apr 2026 16:50:48 GMT

Generate a full business ontology from an existing Power BI semantic model, map entities and relationships, and embed real-time operational signals alongside business rules that live inside the ontology with the data and its meaning.

From there, trace cascading operational impacts across your business through the relationship graph, stand up Operations Agents in natural language with Teams-based actions, and connect the same ontology as a knowledge source in Copilot Studio or Azure AI Foundry.

Chafia Aouissi, Fabric IQ Principal PM Manager, shares how to model your business operations, embed intelligence in your data, and deploy agents that act on it.

Logic lives with your data.

Embed business rules directly in the Fabric IQ ontology. Define thresholds, trigger notifications, and cascade decisions through connected entities. Watch the demo.

Surface cascading impacts with a single query.

Filter the Fabric IQ relationship graph by any entity and trace downstream operational impact across your entire business. Check out a built-in ontology graph in Fabric IQ.

Build a Fabric IQ Operations agent in natural language.

Define monitoring goals, connect your ontology as its knowledge base, configure Teams actions, & deploy. See the full build.

QUICK LINKS:

00:00 — Unify models & data with Fabric IQ

01:12 — Generate an ontology

02:27 — Bring in Power BI reports

03:08 — View across multiple data sources

04:23 — Define rules

05:18 — Built-in ontology graph

06:03 — Fabric IQ agents

08:24 — Fabric IQ as Knowledge Source

08:54 — Wrap up

Link References

Get started at https://aka.ms/FabricIQ

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-The agents you build and use need the right operational context of how your business runs to deliver the best outcomes. Today, that context is often fragmented across systems, defined differently by different teams, or buried in dashboards and logic, making outcomes inconsistent and agent behavior hard to predict. That’s where Microsoft Fabric IQ comes in. Fabric IQ introduces a semantic foundation that unifies models and data through an ontology. It defines the shared business entities and their relationships, and connects them to your data. It provides the operational context needed to understand how the business actually runs, without altering any underlying data. Analysts can not only work with the data they already trust, but also model how the business works. And agents can use that same shared context to reason and act more consistently. Today, I’ll show you both sides.

-First, how a data analyst leverages Fabric IQ inside a Fabric workspace, using ontology to model the business concepts. Then, how Fabric IQ uses the same context to drive more reliable and predictable insights from agents. I’ll start from the point of view of an analyst looking to create a full fidelity view of how an airline operates, including processes such as ticketing, maintenance, and more. The first thing I need to do is to create a new ontology. I can either build one from scratch, or jumpstart by using an existing Power BI semantic model. As you see here, there’s a new option to generate an ontology from this semantic model. I just need to choose the workspace, give it a name. I’ll choose AirlineOperationsOntology. Then confirm by hitting Create. In just a few clicks, I’m able to see the different entities of our airline business. All data is now linked not only through keys, but also business relationships and semantics. We can see flights, airlines, routes, and more. If I click into airports, because Fabric IQ is semantically aware of the relationships between entities, it shows the routes connected to runways which are in turn connected to airports.

-And for any entity, I can choose to add more live operational signals. In this case, I want to add details about the runway conditions using real-time data, including contamination, visual range for visibility, as well as the available cleared width and more. And you can also bring in your Power BI reports for a canonical view of how to monitor and manage these aircrafts. From the ontology, I’ll head over to the Report links tab that opens the OneLake catalog with all of my reports. I’ll search for air and there are three matching reports for gates, ground service, plus safety and runway. So I’ll add them and hit Connect to confirm.

-So, in just a few clicks, we’ve expanded our ontology with the live operational view, using real-time signal, geospatial data, and more. Now, as an analyst, I can work immediately with it, and our agents can act on it as well. Let’s fast‑forward and see what I’ve unlocked. You can see that I now have a richer view over my data, which is connected to real‑world operations. We’re no longer optimizing one report or one dataset at a time. We’re looking at our operations across multiple data sources, in the language of our business, with meaning and relationships already understood.

-Now let me show you how this makes it easier to turn insights into concrete decisions and actions. First, in the flight entity type overview, I can see how it relates to my other business processes. I see entities like bookings, gates, airlines, and more as a graph. I have links to all of my connected Power BI reports. There is a real-time weather data, including wind knots, as well as geo-spatial insights showing all of my flights. Using Fabric Maps, I have a fleet level view of all my active flights, and I can see live air traffic across the fleet. This, in fact, is a heat map view of three New York City area airports, and we can see that JFK in this case is impacted with lots of runway activity.

-I can now understand the system as a whole, across bookings, flights, airports, and real‑time conditions. And I can drill in further to understand what is going on: I have opened the runways entity, and you’ll remember some of these categories from before. Since there’s snow in the area, I can immediately see the runway conditions that affect operations, things like surface friction and contamination levels, so I understand how safe it is for planes to take off and land.

-Beyond connecting raw data, I can also define rules directly in the ontology, so this logic lives with the data and its business meaning, instead of being hard coded somewhere else. In this case, I’ll add a rule that says if runway contamination exceeds high threshold value of 25%, notify the passengers proactively of upcoming delays. We’ll also notify the ground crew, so they know that the runways need to be cleared. The rules are now embedded in the ontology, and the value comes from seeing how runway conditions impact the rest of the operations. That’s where the built‑in ontology graph helps. Let’s look at the relationship graph. I’ll expand the graph view. And add a filter for JFK airport Then run the query. No code needed here. And I get a filtered view for JFK. And immediately, I can see a poor condition that’s affecting Runway 25R.

-From that insight, it’s easy to see the downstream impact. This runway issue is already affecting related gates and baggage operations that will need to be rescheduled. This is a unified view of our entire operations and how connected events will cascade across related business entities. This is how ontology helps you as an analyst. But remember, the same operational context is also available to AI agents, no matter how you build them.

-Let me demonstrate this in the context of one our built-in Fabric IQ agents. From the New Item catalog, you can find the built-in agents by searching for agent. There is a Data agent designed to answer questions, and an Operations agent designed for real-time data and business action recommendations. The Operations agent is a perfect fit for our airline operations scenario, so I’ll choose that one. I want this agent to help with runway-related analysis and actions, so I’ll name it RunwayConditionsAgent, leave the location, and create it.

-From there, I can add a bit more information to set up the agent, like adding the business goals for what it should accomplish I want this one to monitor surface conditions for runways and ensure things run smoothly based on logic like we used before. In fact, in the Agent instructions, using natural language, no code, I’ll describe that if surface contamination is reported above 10%, send ground crews to take care of it. Likewise, the clear width should be more than 25 meters, and the agent should send ground crew to visually assess whether planes can safely brake.

-Now let’s add some knowledge. And for that, I’ll choose our AirlineOntology. And here’s where I can add actions. I’ll add one to assign ground crew for clearing, along with description for what needs to be done. Then I’ll give it the Runway ID as the one to clear and the Temperature to predict the type of clearing needed. And Create to add that one. Now I’ll add another for requesting visual assessment, and perform similar steps for the parameters. These will send status updates in Microsoft Teams. Now everything is defined and ready. I just need to save this new agent. That takes a moment. And once it’s finished, it creates a nice agent playbook with what it’s designed to do.

-Now, with the agent running, the right people will get notified of what to do in Microsoft Teams Here, I’m looking at the Operations agent It’s alerting us that Runway 29L has only 22 meters of clear path. This is under our 25 meter threshold. It recommends to deploy the ground crew for a runway clearance operation. As the human in the loop, I can choose whether or not to proceed with the recommendation. I’ll do that.

-Then it asks to confirm a few details. They look good, so I’ll confirm, and the ground crew is on its way. And here is the good news. If you’re building your own agent in Microsoft Copilot Studio or using Microsoft Foundry, Fabric IQ ontology will be an integrated knowledge source that you will be able to choose from. As you choose your knowledge types, you can select Fabric IQ. This will ground agents in the same semantic foundation that already runs your operations. And of course, the agents you build and connect to Fabric IQ will respect the permissions and security policies you already use in Fabric today.

-As I have shown, Microsoft Fabric IQ gives agents shared understanding, with entities, relationships, rules, and actions so they can move from insight to decision more reliably. To learn more and get started, check out aka.ms/FabricIQ. Keep watching Microsoft Mechanics for the latest news and deep dives. And thank you for watching.

Foundry Agent Service + Microsoft Agent Framework Explained

Zachary-Cavanell — Tue, 28 Apr 2026 13:15:00 GMT

Deploy directly from your local environment, run with secure identity and scoped permissions, and monitor every interaction so you can debug, improve, and scale without losing control. Publish agents into the tools your team already uses and ensure every action is traceable, governed, and isolated.

Ground your agents in real work and business data to generate outputs that are actually useful. Pull from emails, meetings, and operational systems to create personalized insights, documents, and presentations. Build faster with familiar tools and frameworks, then manage performance, cost, and quality across all your agents as they scale.

Jeff Hollan, Partner Director, AI Agent Services, shares how to operationalize AI agents across your organization — from deployment to real-world impact.

Control what your agent can access.

Assign scoped permissions and identities so every action is traceable and compliant. See how it works in Microsoft Foundry.

Scale agents without losing visibility.

Monitor performance, conversations, and health in one place with Microsoft Foundry. Check it out.

Pull insights from across systems.

Prepare faster and make better decisions. Act with full context, not guesswork using Work IQ, Foundry IQ, and Fabric IQ.

QUICK LINKS:

00:00 — Build single and multi-agentic workloads

00:44 — Build agents at scale with Foundry

01:33 — Demo: Sales meeting preparation agent

03:32 — How it works

04:48 — Access controls

05:44 — Publish the agent

06:23 — Direct integration with Microsoft 365

07:26 — Work IQ, Foundry IQ, & Fabric IQ

10:24 — Agent creation

11:21 — See what’s happening in the code

12:54 — Manage performance

13:56 — Wrap up

Link References

Go to the Microsoft Foundry to build your first project at https://ai.azure.com

Check out https://github.com/microsoft-foundry

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- AI agents are gaining traction everywhere right now, but moving from experimentation to production, especially in enterprise environments is where most people get stuck. So to solve for this, today we’ll get hands-on with the Microsoft Foundry Agent Service, a platform which lets you bring in your own agents using your preferred tools and host them with built-in enterprise controls, measurability, and discoverability, and the powerful open-source Microsoft Agent Framework that’s uniquely designed to make it easier to build both single and multi-agentic workloads with orchestration. And joining me to demonstrate all this is resident developer expert, Jeff Hollan. No stranger to Mechanics. Welcome back.

- I’m so excited to be back.

- Yeah, so it’s been a while. It’s good to have you back on. So these two services that we’re covering today, both are for hosting and building agents themselves. So what’s driving all this?

- What’s driving this is something that we are hearing constantly, which is even though it’s gotten easier to build agents, it’s hard to deploy them safely and reliably across the enterprise, especially considering that a lot of what we see getting built has moved past the small pilot phase. Some agents might be chat experiences used by thousands of employees while others run behind the scenes, sometimes integrating with mission-critical systems. These all need foundational capabilities, like identity and access controls, private connectivity, along with agent and fleet-level telemetry and tracing, which is complex to stitch together by yourself. And so our Foundry services help you build agents that will run securely and at scale with full visibility.

- So I’d love to see an example of this. Did you come prepared?

- Of course, I came prepared. Let’s jump into it. So what I’ve helped walk through here and built is a sales meeting preparation agent. This is the kind of thing that a sales team would use to get ready for customer meetings. Now I already have my code written here and ready to go. I’ve used my framework of choice. In this case, this is the Microsoft Agent Framework written in Python, but you could bring your own framework and language. And you can see that I’ve defined quite a few tools here, some middleware logic and even a workflow. Now, all of these details we’re going to jump into in a bit, but importantly for now, I just want you to know that this is all running locally. It’s ready to go. I’ve built it out. Now the question often comes, how do I take something like this but get it deployed? How do I make sure that it can run in a secure and scalable way that’s compliant and safe across my entire enterprise? And Foundry makes this incredibly easy. So right here in Visual Studio Code, if I expand out the AI Toolkit extension, I can simply hit deploy to hosted agents. This gesture takes my agent as I’ve written it, packages it up, and deploys it inside of Foundry as a hosted agent. So why would I want this inside of Foundry? And I want to walk you through some of what lights up the moment that I do that. So here in the Foundry portal, you can see that this is the same agent that I was just looking at locally, but now it’s running inside of Microsoft Foundry. So let’s go ahead and call this agent from the playground so I can show you all the type of capabilities that it has in action. So I’ll ask it, what important meetings do I have this week? Now I’m actually using some of the more modern agent patterns here. So my agent is actually executing inside a secure sandbox or microVM. So you can see this agent is actually starting to think and work through the problem, looking at my calendar. It has the ability to write and execute code, very much like powerful coding agents like GitHub Copilot CLI or Claude Code. Now, while it runs, I’ll describe a little bit of how this works behind the scenes. First, as soon as you deploy the agent, it gets its own unique ID assigned from Microsoft Entra. The ID makes it so that any action the agent makes, like looking at my calendar, is traceable back to the agent. And it allows the agent to autonomously access resources directly with its own scoped permissions, or the agent can act on behalf of a human in the loop using the user’s permissions instead. And on top of all of that, for each user that invokes an agent session, Foundry automatically spins up a secure microVM, which is an isolated sandbox. So now if I ask a question and another salesperson asks another question at the same time, because we each have our own agent instances, the information from each of our sessions can be read, written, and stored in its own dedicated space. Additionally, for every interaction, the service looks at any policies or guardrails set by your organization. This ensures that your agent works within the controls you’ve set, whether it’s content filtering, protecting prompt injections, or preventing against copyright materials. So you can maintain precise control over what the agent can do and access, and everything was set up automatically when I deployed this agent. So if I come back here to our running agent, you can see that it’s returned some results. It looks like the Zava DIY is my top priority based on all of the signals that it found and looped through. So in this case, it’s worked on behalf of me using my identity and permissions to look at my calendar and surface the accounts that I should be paying attention to.

- It makes sense you’d want to have the right access controls in place because it is actually needing to look at your inbox. For example, your calendar, your data, and your file stores.

- Yeah, and this is super important to make sure that you’re building a compliant systems. Related to enterprise readiness, there are a couple of other things that I want to show that you get directly from Foundry. So in Foundry, this is my area to build and work on my agent. I have monitoring and traces. I can understand all of the conversations that might be happening, how my agent’s going about answering each questions and the overall health of my agent. Everything I need for observability is all right here. Next, there’s publishing the agent so that people can find it. So once I have my agent up and running, how do I now get this into the hands of all of my salespeople? Nobody likes building a new app, and then just hoping that everyone finds the link and bookmarks it. Well, in my case, I know that everyone in my company is using Microsoft 365 and Teams. So right here, I have a Publish button. I can take any agent deployed inside of Foundry and publish it directly to those services. This registers the agent so people can discover it and start using it right where they already work, right from Microsoft 365 on their desktop or on their phone away from the office.

- So there’s direct integration then right in Microsoft 365. In this case, in the Copilot Chat experience. And by the way, it’s also available for Microsoft Teams. Now, something also integrated with the Foundry services, Microsoft’s unified intelligence layer for AI, which helps ensure that agents are grounded in the right knowledge and also business context to keep their outputs useful and relevant. And all that goes way beyond a single source MCP server. So for example, if the agents working on your behalf, then Work IQ provides the context for how you work with the connections to your email, your calendar, your previous meetings, your Teams chat and files and more. And then you’ve got Fabric IQ, and that can be used to add context over your connected business operations. Think of things like sales data or customer records or logistics. Then you’ve got Foundry IQ, which lets you combine multiple knowledge sources for your agents, where everything from structured data sources and databases to unstructured data in your cloud stores, even images can be retrieved by agentic processes. And so Jeff, of all those different IQs that we looked at, we saw Work IQ. In that case, the agent was actually pulling from your calendar. So can we see and go deeper maybe on the rest of the intelligence layer?

- Of course, this agent has a few more tricks up its sleeve. So if we come back to the code, you’ll see that this agent actually has access to the three IQs that you just mentioned. Work IQ, Foundry IQ, and Fabric IQ. Now, based on the tools and skills I give it, let’s go back to the playground and show them in action. Again, the agent’s previous output says that I have an important meeting coming up with Zava, so I’m going to use this agent to help me get ready for this important meeting. I’m going to say, help me prepare for my upcoming meeting with Zava. Now watch what happens inside the sandbox. The agent is doing exactly the things we just described. Again, it’s checking my Work IQ to understand my correspondence, pulling in emails and Teams conversations that I’ve had with Zava. Next, it’s reaching out to Fabric IQ to pull usage data, purchasing patterns, and contract details. And it’s using Foundry IQ to search through our sales enablement materials, marketing content, to find what’s most relevant for them. Now, I’ve incorporated a few skills into this agent using the popular agent skills pattern. For example, there’s a skill defined that generates a PowerPoint presentation, another skill that creates briefing documents using Microsoft Word. So this agent came back with two file linked artifacts, a personally curated Word document for our internal team and a custom PowerPoint presentation that I can use with Zava. So I’ll go ahead and open each of these up, starting with that briefing document. You can see this has synthesized all of that contextual data retrieved from that intelligence layer, our CRM system for the relationship content and my correspondence for recent communications. It’s gone into all of the business analytics and health usage and metering, our ticketing system for support tickets. All of this is creating recommended discussion topics all into a single preparation document this agent generated. Now, if I go back, I can even show you the linked PowerPoint presentation that was generated using my other agent skill. Now, this file is actually personalized specifically for my interaction with Zava. It’s using our own company’s brand colors. You can see it’s pulled information and integrated it from Fabric IQ and Foundry IQ to give me the right talking points and relevant customer specific insights about our recent activities with Zava. It’s pulled in business operations data and included campaign metrics, including new opportunities and services that I can explore to help me build towards the next steps to take our partnership with Zava to the next level. And that’s the power of not just deploying agents, but having them run on top of the Microsoft intelligence layer, working on your behalf to access your work data, your business data, and your organizational knowledge. And it’s all integrated seamlessly with Microsoft 365.

- So now we’ve seen the agent running, we know what it can do. Now for all the developers that are watching and they’re interested in building something like this, can you explain what’s behind it and how you made it?

- Sure, so before I show you what’s behind the scenes of that more advanced agent, let’s go ahead and start with something more simple quickly here on my laptop. So for this, I’m using the Azure Developer CLI. I’ll go ahead and initialize a new project and say I want to create a sales prep agent. Now, one thing to mention, you can absolutely create chat-based agents, which are super popular. You can use any framework that you want, including things like LangGraph. And with Foundry agents, we also support emerging patterns. You’ll see we have templates to help get you going fast. So if I go ahead and choose this template, it’s going to scaffold all of the files that I need. So from here, it’s actually really straightforward. I can start debugging locally, deploy, and everything is ready to run. So this is a simple agent that I can use with a template, but there’s a lot of customization options. So we can now go ahead and go back to our advanced sales prep agent from before and look at some of what’s happening behind the scenes in the code. So you can see here, this is where I’ve defined the tools and knowledge sources. So you can see those three IQs that we walked through before. But there are some other types of skills here as well that I’m able to create and include in my coding agent patterns today. So at the core of all of this power, this agent is using the GitHub Copilot SDK. This runs a powerful agentic loop over the set of tools that I’ve defined. So when my agent was reasoning before over dozens of files, emails, and previous meetings, as well as operational and service-specific data to find relevant insights, all of this was generating informed recommendations powered by the Copilot SDK. To pull everything together, I’m using Microsoft Agent Framework. This helps me define additional pieces like middleware. So for example, here I’ve defined that if the coding agent ever tries to generate one of those documents, but it doesn’t have enough data from one of those three IQs, I want to block that because without that grounded data from all those sources, this output is almost guaranteed to be hallucinated. So these types of patterns are critical when you’re scaling deployment within an enterprise, wanting quality controls across the entire sales team, and additional guardrails and controls. Now, of course, the real power gets unlocked when I combine both these frameworks and patterns, but I host it inside of the powerful capabilities of the Foundry Agent Service.

- Okay, so in our case, we’ve published and we’ve built out two different agents. Why don’t we fast forward in time a little, one of my favorite parts of these shows, or maybe we’ve got a couple of agents running, we want to be able to monitor and manage them. What can we do there?

- Yeah, we can do all of this because it’s all running inside of Foundry. So moving back to the Foundry portal, I can manage performance costs of my entire fleet of agents in one view. So I can go ahead and look at the agent health on alerts. It looks like mine appear healthy. No alerts for me yet. I can see my estimated cost, success rates, and token usage, along with drill-in details about run volumes for our top agents. And the top and bottom agents for success rates help me see what might need attention. So you can see everything that I need to go from experimentation to production and publish across all of my end users is all right here, built-in, with full observability,

- Right, and all this is really about reducing complexity of building out and deploying your agents safely and reliably across your organization. So how can everyone who’s watching right now learn more and get started?

- Yeah, so the best way to learn is to try some of these things out for yourself. So everyone here can go to Microsoft Foundry at ai.azure.com to build your very first project. And be sure to check out github.com/microsoft-foundry. There’s a number of samples that you can try to find the SDK that you want and start coding.

- Great to have you back on, Jeff, and thank you so much for joining us today. And as always, be sure to keep it locked in here on Microsoft Mechanics, and we’ll see you again soon.

Windows App Management in Microsoft Intune

Zachary-Cavanell — Mon, 27 Apr 2026 18:56:18 GMT

Audit every managed and unmanaged app per device with more metadata, including publisher, architecture, estimated size on disk, install location, uninstall commands, to help troubleshoot PCs and expose shadow IT before it spreads. Pull curated Win32 apps straight from the Enterprise App Catalog or upload PowerShell scripts to control exactly how each app installs.

Stage rollouts in rings with Intune deployments, to gradually deploy, pause or cancel any deployment in flight; and auto-trust every app you push using App Control for Business with Managed Installer, which also works with Autopilot as you provision new devices, now with up to 25 apps. Keep your fleet of apps up-to-date automatically as vendors publish new versions through the Enterprise App Catalog, or trigger updates on demand from the Guided Upgrade Supersedence report.

Nicole Zhao, Microsoft Intune Product Manager, shares how to put these built-in enhancements to work across every managed device.

*Intune Deployments is currently in private preview. Capabilities shown are subject to change and not yet generally available.

Identify shadow apps across your managed devices.

Microsoft Intune’s app inventory now surfaces publisher, architecture, size on disk, install location, & uninstall command per device. See how it works.

Auto-trust every app you deploy through Intune.

App Control for Business with Managed Installer tags your deployments as safe and scopes trust to specific user groups. Check it out.

One toggle, continuous app updates.

The Enterprise App Catalog in Intune pushes vendor releases to managed devices automatically, or surfaces them in a Guided Supersedence report for manual review. Try it now.

QUICK LINKS:

00:00 — Built-in app management

00:51 — App Inventory Visibility

01:42 — Enterprise Application Management (EAM)

02:28 — PowerShell Script Installer GA

03:09 — Ring-Based Deployment Plans

04:44 — Managed Installer Auto-Trust

05:39 — Enterprise App Catalog Auto-Update

06:12 — Guided supersedence

06:50 — Wrap up

Link References

Go to https://aka.ms/IntuneAppManagement

Check out https://aka.ms/RSAC26-Intune-Blog from the RSA Conference for additional security context and guidance when managing apps with Microsoft Intune.

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Controlling the application layer on devices, delivering the right apps, keeping them secure, up to date, and protected has always been one of the toughest challenges as you manage IT environments. This is nothing new, but what is new is how much easier Microsoft Intune now makes it. With the latest built‑in app management enhancements, you can more easily discover apps across your environment with clearer visibility into your full app inventory per device, simplify app preparation and deployment through pre-packaged apps or with scripted installs, as well as safer, gradual app roll-outs using ring-based deployments.

-Ensure only trusted apps run by automatically trusting deployed apps through App Control for Business with Managed Installer, and keep devices automatically on the latest versions as vendors release updates, using the new auto-update capability with your Enterprise App Catalog. It all starts with knowing what apps people have running on their managed devices. And that’s where the latest improvements to app inventory in Intune give you the full up-to-date picture with minimal latency.

-Here, for each device, you can see a comprehensive list of inventoried applications, including both managed and unmanaged apps. Importantly, we’ve added more app metadata to help you make better decisions about your apps or start troubleshooting. For each app, you can see the publisher name, architecture, and now even estimated size on disk, as well as installed location, uninstall command, and languages, as long as that information was registered in Windows. For shared devices, we’ve also improved the per user app information to include all users on the device. This gives you clear visibility into which applications exist in your environment, to help you identify unknown or shadow applications that may be running against your policy and governance controls. Next, for getting the right apps deployed, let me show you how we’ve made it easier to bring apps into your managed catalog.

-Here, Enterprise App Management, or EAM, is designed to simplify app lifecycle management. I’m going to start by creating an app. Unlike the consumer-focused Microsoft Store, which uses community-driven WinGet app types for app discovery, EAM provides a curated list of enterprise-ready Win32 apps. You can find these apps by choosing the Enterprise App Catalog app type and Confirm. From there, you just need to search for the apps you want. In this case, I’ll look for Blender, and then under Configuration, you’ll find available architectures and versions. You’ll see that it pre-populates the app information. And in the Program tab, the install and uninstall command lines are pre-populated, as well as the exit codes.

-Now, this used a command line installer type, but something new to give you even more control is the script installer, which is now generally available. This lets you use PowerShell script to control the installation of your Win32 apps. So, I’ll change the installer type to be a PowerShell script, and that will expose a control to upload a custom script as a PS1 file. Next, I’ll choose the Blenderinstaller script from File Explorer. It conveniently enters the name field for me and then mounts the script to give a preview of the pre-installation commands it runs. This gives you precise control over the install behavior of your apps using script-based installation. And as we progress, the rest of the steps for getting this app deployed to your managed devices should be pretty familiar.

-Next, for app roll-outs, Intune’s policy-driven deployment lets you introduce application changes gradually using Deployment Plans. This helps avoid issues from misconfigured, compromised, or unintended app updates, giving you more control over the roll-out process. Let me show you how to create a deployment. You’ll start in Deployments, which you’ll find under Managed Devices. At the top, you’ll see two tabs: Deployments, which lists the app payloads targeted for existing roll-outs; and Deployment Plans, which are reusable deployment schedules that you create with ring timing, as well as assigned groups. I’ll move to the Deployments tab and select Create. Then I’ll give it a name, Global Secure Access Client, and description, East Coast rollout, Next, I’ll select a payload. I’ll choose Win32 and Add Payload, and select Global Secure Access Client.

-Now I’ll configure the deployment schedule, which is the key step when setting up this deployment. Here I can either build rings manually, where you’ll add time offsets per ring, or I can load an existing deployment plan. In this case, I’ll load a plan. From here, I can choose the plan I want. I’ll pick the East Coast retail store rollout plan. I’ll choose a start date and add a time. Once the plan loads, all the rings are added with their timelines and associated groups or exclusions. For example, this one has a one-week offset between each ring. When I move to the last Review step, this dialog on top tells me that, once created, I can pause, resume, or cancel the deployment at any time.

-From there, I can review my deployment and confirm by hitting Create. Now my app will roll out based on this defined schedule. Let’s look at the latest capabilities for keeping your apps trusted. First, App Control for Business with Managed Installer in Intune means that apps you deploy using this method are automatically tagged as safe apps, without manual allow-listing. It lets you upload your app control policies as XML files or leverage built-in controls to automatically trust apps from the managed installer.

-There’s also a new option to target the Managed Installer to specific groups where you enable Intune Managed Extension as Managed Installer and scope the managed installer to specific users with inclusion and exclusion policies. Additionally, with Managed Installer enabled during Autopilot device preparation, you can ensure apps are trusted right from the start as you provision new devices. And using device preparation policies, Autopilot also supports an increased app limit of up to 25 apps. Of course, you can combine these capabilities with Windows Defender Application Control together with Intune to allow only trusted and approved apps to run on your managed devices. Now let’s look at new ways to keep apps on the latest version.

-First, with the new auto-update capability using the Enterprise App Catalog, you can have Intune automatically keep apps up-to-date on your managed devices. When you add a new app using the Enterprise App Catalog, as part of the initial configuration in the Updates tab, you can choose between Automatically Update and Update with Supersedence. This is a one-time setting that allows Intune to automatically install updates as they are published. From there, once you confirm, you’ll see that, by design, many of the subsequent settings have been streamlined to just Scope tags, Assignments and Review + Create.

-And if you want more control over app updates, our second option, Guided Upgrade Supersedence, automatically surfaces available updates of your deployed apps without you having to go look for new versions of each app manually. You’ll see that, under Apps in the Monitor blade, you’ll find a new report called Enterprise App Catalog apps with updates. By clicking into one of these apps, you’ll see that there is an update button in the upper left corner. This lets you supersede existing app versions for that app on managed devices in just a few clicks. You’ll see that all of the necessary information is pre-populated. And this is the same with the program tab and subsequent tabs in the app deployment workflow, including the supersedence relationship.

-Everything you’ve seen today is about simplifying control of your application layer, making apps easier to discover, deploy, trust from day one, and keep automatically up to date, so you can deliver the right apps securely and consistently across your environment. To find out more, check out aka.ms/IntuneAppManagement Keep watching Microsoft Mechanics for the latest tech updates, and thanks for watching!

Claude + GPT | Multi-model intelligence in Copilot

Zachary-Cavanell — Thu, 09 Apr 2026 18:29:27 GMT

Generate briefing documents, presentations, and Excel files from a single prompt with Copilot Cowork, pulling from your emails, calendar, and SharePoint through Work IQ — and fold in new tasks mid-run without stopping. Using Copilot Cowork, you can use the same platform that powers Claude Cowork. It’s designed for long-running, multi-step task automation.

Use Critique in Researcher to pair a generation model with a dedicated review model, applying source reliability and evidence grounding before the report lands. Run model Council to submit one prompt to GPT and Claude simultaneously and compare their full reasoning side-by-side.

These experiences with Copilot Cowork and Researcher are available now if your organization has the Frontier Program enabled. Jeremy Chapman, Microsoft 365 Director, shares how to choose, direct, and compare the right AI model for every task, all from within Microsoft 365.

One prompt. Three files.

Copilot Cowork generates your briefing doc, presentation, and Excel output — grounded in Work IQ data and saved directly to OneDrive. Try it now.

Copilot Cowork handles new requests mid-run.

Add meeting scheduling or an email update partway through and it integrates them into the active plan. Check it out.

No more copy/paste into unmanaged AI sites.

Work IQ automatically supplies Cowork and Researcher with your emails, calendar, Teams transcripts, and SharePoint files. Every output is grounded in your actual data. See how it works.

QUICK LINKS:

00:00 — Copilot capabilities

01:06 — Copilot Cowork

02:32 — Mid-Run Task Injection

03:05 — Output

04:17 — Researcher Critique: Dual-Model Pipeline

05:58 — Work IQ Auto-Retrieval

06:58 — Model Council

08:50 — Wrap up

Link References

Try it at https://microsoft365.com/copilot

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Now you don’t need to switch between AI model providers for the best models for work. Copilot has options from Anthropic and OpenAI available directly from Microsoft 365. Using Copilot Cowork, you can use the same platform that powers Claude Cowork. It’s designed for long-running, multi-step task automation and it’s grounded by Work IQ, so you don’t need to move files and data outside of Microsoft 365 to other potentially unprotected services. Researcher has also been expanded with multi-model intelligence, where the new Critique capability separates the models, with one used to generate and another to refine its research outputs. And the new Council capability lets you submit a single prompt and view a side-by-side comparison across multiple model outputs.

-Now, these experiences with Copilot Cowork and Researcher are available now if your organization has the Frontier program enabled, and today I’ll go hands-on with each while explaining the mechanics of how they work. Let’s start with Copilot Cowork. So in this example, I need to prepare for a customer meeting, and I want Cowork to build me a briefing document in Word, a PowerPoint presentation, and an Excel file with customer insights. I already have Copilot pinned with my agents and it’s opened.

-Before I start, I’ll show you what’s set up in the knowledge sources. I can access information on the web, from people, and from Work IQ, so it doesn’t rely on connectors to access my work files, calendar, or previous meetings. Now I’ll paste in my prompt with links to reference files so it can help me then prepare for my meeting, and I want Copilot to pull in details from relevant emails and my calendar. I’ve also referenced an existing briefing document template as an example to follow, as well as an Excel overview with customer-specific metrics and visuals. And I want it to create a new briefing document as well as a client-ready PowerPoint presentation with our differentiators and recommended next steps.

-So now I’m going to kick off the process and Cowork will show its progress, its inputs and outputs on the upper right-hand side of the screen. Cowork will then reason through all of the inputs and tasks from my prompt, then systematically work through everything until it generates the files that I requested. And it’s not only using the files referenced, but also searching across my Work IQ information. As it works, I can even request more tasks while it’s running.

-For example, I can ask it to schedule prep time with people on my team and send an email status update to the account team. Cowork just folds that into the plan and keeps going. It checks schedules, and here’s the meeting it proposes for me and Riley on my team to review, and I’ll create that right from here. Then it authors an email to Ellis from the account team that I can choose to edit manually if I want. I’ll go ahead and add a thank you in line and then hit send. This can process for several minutes, so to save a little time, I’ll move on to when everything is complete. You’ll see that on the right in the output folder, it’s created a Zava client presentation, a customer briefing doc, and also a customer overview Excel file.

-Now, I’ll open up the briefing document first, and it has everything relevant to the meeting and it uses our standard briefing template. In fact, if I open up the original one, you can see just how close the formatting is. Now I’ll open the presentation it generated. It explains our work at a glance, with key metrics from Work IQ and referenced files, as well as revenue and growth highlights. Now if I move on to the generated Excel file and open that, it’s laid out our year-over-year performance and used it to create forecasts for this year. We can also see the growth trends over time, and if I click into Sales by Category, we can even see a detailed breakdown across different product lines with comparisons for the last two years. And as it worked on my behalf, everything was saved directly into OneDrive, so it’s protected and can be shared with my team like any other Microsoft 365 file.

-Next, one of the most powerful experiences in Copilot, Researcher, has also added new multi-model intelligence capabilities in addition to its options for using Claude from Anthropic or GPT from OpenAI. Researcher now takes us a step further with Critique by using a combination of models to separate generation from evaluation tasks, where one model leads the generation phase, planning the task, iterating through retrieval steps, and producing an initial draft, while the second model then focuses on review and refinement, acting like an expert reviewer before the final report is presented to you. This is now the default experience, and having these models work together helps ensure higher-quality outputs. Let me show you.

-From Copilot and Microsoft 365, I already have Researcher open. At the top right, I’ll expand the model picker and explain the options. Choosing Auto will automatically generate responses using Critique with the two models working together. Under that is an option for Model Council that I’ll walk through in a moment. Then there are also options to choose GPT and Claude as standalone models. So I’m going to keep Auto in this case, and then I’ll paste in my prompt to generate an executive brief about the competition in our industry and where there might be expansion opportunities. Now, this is a very research-intensive request that will need to retrieve, evaluate, and analyze many resources via Work IQ and the web.

-Now I’ll submit my prompt to get it started. Researcher can take several minutes to research and reason over a topic and generate its response, so to save a little time, I’ll move to its output. On the top I can see the content was generated by GPT and refined by Claude. First, there’s an executive summary about the market-related conditions. As I scroll down, you can see it’s assessed source reliability, where it focuses on reputable, authoritative, and domain-appropriate sources. Then as I continue scrolling, it’s also assessed report completeness, where the reviewer model ensures that the final report satisfies the request, along with relevant insights.

-As you can see with the rest of the citations, it’s enforced strict evidence grounding, making sure that every key claim is anchored to a reliable source. So for example, here you can see that it’s pulled in structured data from an Excel file with detailed financials and several relevant Word documents from our internal SharePoint sites. And it’s done all of this research automatically without me having to manually reference or upload files into my prompt. Both models work together in this case to improve the generated output. Next, let’s move on to Model Council in Researcher. Now, this lets you compare responses from different models side by side so that you can see where they agree, where they don’t, as well as what differentiates each model.

-So I’m back in Researcher, and this time from the model picker, I’ll choose Model Council. From there, I’ll just paste in my detailed prompt, in this case to review our latest customer feedback interviews to find the top themes and give recommendations based on our current plans in motion. Again, this is going to leverage Work IQ to find and analyze recent Teams meeting transcripts, our product plans from files and SharePoint and more as research sources, and it’s a lot to process. Everything looks good here, so I’ll go ahead and send it. And in this case, Researcher asks clarifying questions to better understand my goal.

-So I’ll choose a short one-to-five-page report length. Then below that I’ll type “Go ahead” and it gets to work. I only need to submit my prompt one time for both models to process it simultaneously. Again, this process can run 10 or more minutes, so I’ll skip to the output. You can see that each model has its own tile on top, and you can click into any of them to view their outputs. Below that is a summary for how each model did, comparing their responses. And I can also view a full output for each model. So I’m going to drill into the GPT output, and that shows me a split-screen view with the GPT tab open on the right, and I can scroll its results and I can look at its structured reasoning and its response and all the details.

-Now moving to the Claude tab, I can also look at its detailed response and reasoning and everything that it performed to derive the output. I don’t need to run separate prompts to find the model that I prefer. Now Model Council helps do that work for me. So now Copilot and Microsoft 365 gives you direct access to leading models, including Anthropic and OpenAI, with multi-model intelligence and without having to switch between platforms.

-To get started, enable the Frontier program in your Microsoft 365 environment. Then go to microsoft365.com/copilot or use the mobile app to try it out. And keep watching Microsoft Mechanics for the latest tech updates, and thanks so much for watching.

Labeling Files is Worth It | Speed & Protection Benefits in Microsoft Purview

Zachary-Cavanell — Mon, 30 Mar 2026 15:13:47 GMT

Classify your data, apply clear labels, and enforce protections that automatically adapt to human and AI interactions so you can reduce risk without slowing down workflows. Proactively monitor, assess, and respond to risk in real time. Use labeling and layered policies to stop accidental sharing, manage AI access, and maintain consistent protection across your organization.

Matt McSpirit, Microsoft Mechanics expert, joins Jeremy Chapman to share how to turn scattered data into actionable security that moves as fast as your team and AI.

Scan your environment beyond standard detection.

Identify gaps where AI or big files might expose sensitive data. Get started with Microsoft Purview Information Protection.

Reduce the risk of accidental sharing.

Label sensitive data, including proprietary and hard-to-detect content, to enforce access controls instantly. See how DLP and IRM work.

Act before exposures become incidents.

Identify data risks early, prioritize what matters most, and take action to reduce exposure with Microsoft Purview DSPM.

QUICK LINKS:

00:00 — Microsoft Purview data protection

01:04 — Data Loss Prevention

03:36 — Layered approach in addition to DLP

04:13 — Unified classification

04:27 — How sensitive data is determined

06:23 — Create trainable classifiers

07:06 — Distinction between classification and labeling

08:06 — Configure policy protections

09:12 — DLP in action

10:10 — IRM in action

10:51 — See how protections show up

13:37 — Move from reactive to proactive protection

15:00 — Wrap up

Link References

For deeper guidance, go to https://aka.ms/PurviewInformationProtection

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- If you don’t understand your data, what it is, where it lives, and how sensitive it is, you can’t protect it. And it’s easy to assume that you’re covered, maybe you’ve already got data loss prevention, or DLP, running with near realtime detection, which is helpful, yes, but it’s not enough. Protecting data today means going beyond what traditional tech scanning can catch and making sure that those harder to parse file types are covered too. And it also requires a layered approach with instant risk insights, starting with consistent and automatic classification, so everyone’s clear on what’s actually sensitive. Labels that make sensitive content easier to interpret and trigger automatic policies, and Adaptive Protection that responds to the risk level of each user, whether human or non-human, and how they engage with the data. In fact, this matters even more with AI that can now bring hidden or long forgotten information to the surface in just seconds. Now to walk us through all of this, I’m joined by a Microsoft Mechanics expert, Matt McSpirit.

- Thanks, it’s great to be back.

- Okay, so before we get into solutions, why don’t we unpack this a bit more. So for a lot of people, even as they adopt AI, there’s this notion that maybe DLP is good enough. It’s finding things like credit cards, it’s also looking at things like financial information, identity numbers, addresses, et cetera, even if you aren’t paying attention, by the way, to where that information is stored. So is it even worth the extra effort in doing something else?

- Well, these are all fair points, and DLP is one powerful piece of the puzzle. And part of its appeal is that it works without the need to label or add any metadata to your content. It’s also rule-based and can look for sensitive information types as they’re being written, read, or sent, and then use what it finds to apply corresponding protections to prevent sharing or contain its sharing radius.

- Okay, so what you just said sounds like all upsides. So the policies are relatively easy to configure, they work by default with all your Microsoft 365 and Office apps and your managed devices, as long as people are signed in with them, regardless, really, of where that file goes as well. So what’s the downside?

- Well, depending on the scenario, there are a few areas. First, there’s speed of detection and response. Now in this case, I’ll show you an example of DLP in action. I’ll paste in a few thousand words from my clipboard into this Word document. And now DLP will compare it with hundreds of sensitive information types like bank numbers or IDs, dozens of trainable classifiers like contracts or patent applications, and do cross look-ups against exact data match, and more, which based on physics, orchestration, and query speeds, takes time. And it’s only when the policy tip appears whether I choose to apply the recommendation or not, that the content is protected. As you can see, I can’t now share this file externally because DLP has found sensitive information. So there’s a window of time based on a number of factors for DLP to find sensitive information and apply protection. Next, breadth of coverage is another area. You might have file types that can’t be scanned for text easily, like these files synced on my OneDrive location. These are proprietary file types from line of business apps as well as 3D CAD files. So in this case, you’d need a different way to identify the sensitivity of these files and protect the container of the files themselves, like you can see with this rights-protected document using the ARC Add File extension.

- And that makes a lot of sense. You know, even though compute and detection are getting faster, if you’ve got like a hundred-page document and it’s got, or maybe a massive spreadsheet, it’s got passport numbers or similar things buried in it, it’s going to take significant time, then, to find that sensitive info.

- Right, and if we add AI to the picture, which needs to orchestrate access to data across multiple data sources to respond in milliseconds, this isn’t the optimal approach when speed of response counts. And that’s where a layered approach comes in. In addition to your policy engines like DLP, it’s important to augment what you’re doing with unified data classification. It gives you a broader, persistent understanding of sensitive data across your environment so that it’s easy to assess your data risk and then add sensitivity labeling to your data security strategy. This way, DLP can immediately act on an existing signal rather than having to evaluate everything from scratch each time.

- Okay, so why don’t we go deeper then on unified classification as part of this layered approach.

- So this actually gets to the heart of the problem. Over time, as data keeps growing and shifting, different teams and tools have ended up defining sensitive data in their own ways, and it’s hard to know where all that data lives. No one really intends for the inconsistency, it just happens and you’re left with a patchwork view of your data instead of one clear picture. And that’s why the first step is giving everything that works with your data, whether that’s your users, AI, or your apps and policy engines, a single consistent way to recognize what’s important. So here in Data Explorer, Microsoft Purview has already identified sensitive data across my environment automatically. This reflects a unified data classification approach that discovers your sensitive data wherever it lives. I didn’t build any rules for this. This discovery happens automatically. And if I drill in, I can see exactly where these files are, even preview the content to see the content in question and easily understand why they were identified as sensitive.

- And there’s really a lot to it that’s powering this classification. So what is Purview then looking at to determine if there’s sensitive information there?

- Right, there’s a lot happening under the covers. Purview uses two main built-in classification methods. First, sensitive information types that detect specific regulated data such as credentials, IDs, or financial numbers with more than 300 built-in detection patterns for regulated data. And second, more than a hundred pre-trained classifiers that understand broader categories of content like budgets, HR files, or source code. These classifiers are built using Microsoft’s domain expertise and training data sets to recognize common business content categories. Additionally, how fresh your data is also matters to Purview. Purview evaluates new and modified content, automatically analyzing the data with the latest classifications and policies so that your most recent data is well understood and has the latest protections. And if you want to evaluate data that hasn’t been accessed recently, you can run on-demand classification to scan data at rest, helping you uncover sensitive data that might otherwise be overlooked.

- And building on what you said, Matt, you know, you can also teach Purview to recognize content that’s unique to your organization. For example, you can create your own trainable classifiers by providing real sample content. You just have to point it to a SharePoint site with 50 to 500 files of matching content. Or you can use exact data match for structured data comparisons against exact text strings. Think of things like code names, or maybe a specific customer, partner, or competitor names, and more. And Purview, it also supports fingerprinting for things like standard forms or templates so that they’re recognized even if the wording changes. Of course, classifications can trigger protections once they’re paired with active policies.

- Right, and interestingly, labels can also trigger protection policies.

- And we should really unpack this a bit more, because I think a lot of people watching probably make the mistake of conflating classification and labeling as being one and the same thing.

- It’s a common mistake, but there is an important distinction. In fact, there’s an easy way to think about this. Think of data classification as recognizing what your data is. It’s about understanding the sensitive information that’s present in your data. And data labeling is the simple to understand wording along with your intent for how the data should be handled. For example, a confidential/do not forward label needs no complex explanation on how you should handle the data if you’re the user. And on the backend, Purview quietly protects the data based on how you’ve define protections associated with that label, like access restrictions or watermarking. And the bonus is that this guidance and protection travels with the data. And you can set labels up in Microsoft Purview Information Protection. This lets you create sensitivity labels like these to define how different types of data should be classified. Once you’ve done that, you can configure policy protections that are triggered by those labels, such as encryption, limiting the sharing radius or visual markings, and more. And when used in tandem with DLP, you can even prevent Copilot from processing labeled content. Next, with your labels created, you can publish them so they appear in apps like Word, Excel, PowerPoint, and Outlook, and are honored across services like Fabric, Dataverse, and of course, as I mentioned, Copilot. All of what I’ve shown you is included with most versions of Microsoft 365. And with Microsoft 365 E5, you can even set up auto labeling, so Purview can apply labels automatically when it detects sensitive content.

- So labels are respected across all those destinations.

- That’s right, and once a label is applied, it’s recognized across supported workloads, and Purview solutions like DLP, Insider Risk Management, and more, know how to handle that data properly. So instead of stitching together separate tools, each with its own definition of sensitive data, you define sensitivity only once. And that same signal drives consistent protection wherever the data travels to. In fact, let me show you how this works in practice. So here in DLP, I’m going to create a policy based on what Purview has already automatically discovered across SharePoint and OneDrive. From the Insights card, you can see the top sensitive information types like medical, IP and trade secrets, financial data, and medical identifiers. So I’ll get started, then choose to create all of the recommended policies. Now, if I go back to my DLP policies view and look at the ones I’ve just created, you’ll see that there are four new policies. If I click in to edit one, you’ll notice that Purview has already preselected the right conditions with trainable classifiers and actions predefined for the policy. And from there, I can even add to this policy. In this case, I’ll add my confidential labels to the policy. These are the same ones I’ve shown before. So in short, classification identifies the sensitive content, the conditions being met will then trigger the corresponding policies to enforce protections. This reduces configuration effort and ensures consistency across your environment. And in Insider Risk Management, labels work as risk signals too. So here in the policy template, I’m adding a condition that focuses on activity involving items labeled confidential. And that way, if users including non-human agents, exfiltrate or misuse high-value labeled data, printing it, copying it to external storage, or sharing externally, IRM will automatically elevate their risk score based on the activities against the labeled data. So labels also help enforce adaptive protections based on the risk profile of who, whether that’s a human user or a non-human AI agent, and their activities with the data. What we call Adaptive Protection.

- Okay, so now we’ve got all of our policies in place. Why don’t we see how those protections show up in the flow of work, including AI interactions? So first I’m going to upload the same file that Matt showed before, but this time, it has a confidential label applied. So when I try to share it externally, you can see that I’m blocked instantly because that label is detected right away. DLP blocks the action based on the label, and this, again, is before that file could be scanned for sensitive information. Now I’m going to switch desktops. On the left here is a window with a synced folder in File Explorer. And you can see that there are proprietary file types and CAD files like we saw before, and each are labeled but cannot be analyzed for sensitive information types or classifiers. So with the labels applied to these encrypted P files, as they are, if I do try to drag and drop a file into my removable USB driver location in the window on the right, you’ll see I get a data loss prevention notification. Now because in this case, I’m under the file count threshold that we set before in policy, I can allow or override this, but I would’ve been blocked outright if I had transferred multiple files. Now again, the labels in these uncommon file types are what triggered the data loss prevention policy. And inside of risk management, it is also watching for risky handling of labeled content. For example, I can currently access this highly confidential acquisition site and see all the documents contained within it, for the moment. That said, though, because I just attempted to copy confidential information to my external USB drive, that’s going to catch up with me and automatically change my risk profile. So now after some time has passed, if I try to access that same site, I’m blocked outright and denied access. The protection automatically adapted to my heightened risk profile and blocked the site, without the administrator even needing to take any action. And by the way, the same assessment against risk profile would happen if it was an AI agent and it tried to do the same thing. And beyond agents, why don’t we look at label protection, and how that works in general with AI. So here I’m in Copilot and I have a document uploaded to SharePoint. So I’ll prompt Copilot to summarize the file named Relecloud Acquisition, and you’ll see that Copilot will first check the user’s permissions and the presence of a label before it does anything. Now, because this document is labeled as highly confidential and we have a DLP policy in place to block Copilot from processing sensitive files, it tells me that it can’t summarize that content because of its sensitivity label.

- So from creation to risky behavior and even Copilot interactions, the same sensitivity label ensures consistent protection. But the work is never really done. New data keeps coming and risk changes over time. That’s where, because you’ve already classified your data, Purview’s Data Security Posture Management, or DSPM, addresses this by continually assessing your data risk. It’s deeply integrated across Microsoft and beyond, giving you one centralized place to discover unprotected sensitive data across your entire digital estate, including select non-Microsoft services. Built-in intelligence continually assesses data risk to help you prioritize and mitigate high-risk exposures, taking advantage of recommendations where you can strengthen your policy directly from DSPM itself. AI observability features also give you granular insight into what agents are doing and any risk they may introduce. And custom reports make it easy to embed posture management into daily operations by highlighting where to improve.

- And this is all built to help you then move from reactive investigation to more proactive and measurable risk reduction.

- Exactly, and actually, this is just scratching the surface of what Purview can do. You can also use AI itself to manage human and AI data risk using deep-reasoning Purview agents. For example, they can triage alerts and automatically message users in Teams with the sensitive data found and the actions they need to take.

- Okay, so as you saw, there are lots of ways that this layered approach goes beyond traditional DLP protection. So where can everyone who’s watching right now learn more?

- Well, first, check out aka.ms/PurviewInformationProtection. Again, if you use Microsoft 365 in your organization, you’ll have Microsoft Purview today, and you can get the more advanced Purview capabilities with Microsoft 365 E5. So it’s worth exploring further. So start using unified classification and labels today.

- Thanks, Matt, and thank you for joining us. Be sure to subscriber Microsoft Mechanics if you haven’t already, and we’ll see you next time.

Data Security Investigations in Microsoft Purview

Zachary-Cavanell — Thu, 26 Mar 2026 13:33:56 GMT

Search across massive volumes of files using natural language, pinpoint the highest risk content, and connect it to user activity to see the full scope of an incident.

Investigate and act in one workflow. Analyze content deeply across files, emails, and AI interactions, uncover hidden or unclassified sensitive data, and contain exposure fast. Proactively identify risks, respond to incidents with clarity, and mitigate impact before it spreads.

Christophe Fiessinger, Microsoft Purview Principal Squad Leader, joins Jeremy Chapman to walk through real-world investigation workflows — from scoping and analysis to mitigation and automation — so you can move faster and make more informed security decisions.

Pinpoint high-risk files.

Locate files hidden among hundreds of confidential documents using contextual search. See how Microsoft Purview Data Security Investigations works.

Search thousands of files in seconds.

Use natural language queries to uncover relevant sensitive data. Get started with Microsoft Purview Data Security Investigations.

Contain data leaks immediately.

Purge exposed files while retaining investigation evidence. Take action with Microsoft Purview Data Security Investigations.

QUICK LINKS:

00:00 — Keep data safe with DSI

01:26 — Connect dots between data risk & impact

02:47 — Built-in AI

03:47 — Work across the full lifecycle of an incident

04:56 — Create an investigation

06:36 — Deep search and analysis

09:03 — How DSI helps data leaks

10:40 — Contain risk with built-in mitigation

11:32 — Automate using agents

13:23 — Estimator tool

14:57 — Wrap up

Link References

As a Microsoft Purview admin, just go to https://purview.microsoft.com/dsi

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

- If you’ve ever had to respond to a major data breach, insider-driven data theft, or even a suspicious leak involving high-value information, you know the hardest part isn’t just detecting the activity, it’s understanding what data was actually taken, how valuable it is, and what risks that creates to your organization. Today we’re going to show you how the now generally available Microsoft Purview Data Security Investigations, or DSI, dramatically accelerates that process using AI to read and analyze and connect the dots fast at massive scale. I’m joined by Christophe Fiessinger from the Microsoft Purview team to demonstrate more. Welcome.

- Thanks, Jeremy. Happy to be here.

- Thanks so much for joining us today. So most IT teams that I speak to, they’re often using things like SIEMS or incident management tools that connect activity across compromised accounts, devices, and files when they’re responding to things like security events. But these tools, they rarely reveal what’s affected in terms of the files and what’s contained in them. They might show labels, they might show file names or basic metadata like the location or the owner.

- Exactly. Beyond labels on metadata, it’s all about context. Metadata gives you the file name, classification might tell you it’s a financial document, and the label might say it’s confidential, but traditional tools can’t really tell you what’s in the content and how much risk it exposes. They just tag the content, they don’t explain it.

- So how does DSI then change things?

- So DSI on the other end doesn’t just say it’s a confidential financial document. In fact, you might have hundreds of those. Instead, it actually reads and understand each file and the data risks they pose. So of the hundred or so finance documents classified confidential, it can find the one file that carried an existential threat to your company, like the one that contains your entire customer list with the unique credentials that each customer uses to log in your online service. In DSI, that level of insight comes from hybrid vector search and generative AI working together. Hybrid vector search can pick up on semantically similar items, synonyms, or the subtle ways people hide sensitive information while also matching precise text strings like code names or account numbers. In short, it finds the right files by combining context with keyword precision, then generative AI takes over and actually analyzes those files. It performs deep content analysis to uncover sensitive data, security risk, and relationship hidden inside the impacted document.

- So it’s removing a ton of manual effort by connecting the dots around the data risk and also its impact.

- That’s right. DSI helps you rapidly understand and mitigate the downstream impact. You can start large-scale data investigation and use natural language search to find and narrow in on impact data. From there, you can leverage our powerful built-in AI to deeply analyze content, files, email, team messages, and even review and analyze prompts and responses from AI apps and agents, built-in Microsoft Foundry, Copilot Studio, as well as non-Microsoft agents and apps at scale. DSI is able to establish the context around information and even detect obscure sensitive information that might not have been flagged. It can reason over dozens of major world languages with production-grade quality. And it can directly mitigate identified risk. For example, a specific high value content has been distributed to multiple users. You can purge every instance of those files. With DSI, you can also work on data investigations more efficiently across the full lifecycle of an incident with the rest of your team. As part of Microsoft Purview, you can trigger investigation directly from Data Security Posture Management to dig deeper into data that’s at risk and see how valuable it is. And in Insider Risk Management where you might want to understand larger sets of data being used by risky users or agents. Equally, DSI also provides a useful bridge to your security operations team who can start DSI investigations directly from Microsoft Defender XDR. And because DSI is now integrated with the Microsoft Sentinel graph, data security analysts can connect at-risk information to the activities around it, who accessed it, where it was shared, whether behaviors like compromised sessions or impossible travel were involved, and visually correlate risky content, users, and their activities. It automatically combines unified audit logs, Entra audit logs, and threat intelligence which would otherwise need to be manually correlated.

- That’s a really powerful solution. Can you show us an example of an investigation?

- Let me show you Data Security Investigations and where to quickly find all your current and future investigations. From the main Data Security Investigations overview, you’ll find everything you need to get started. identifying content, analyzing deeply what’s contained in that content, and mitigating risk, as well as access to all of your previous investigation so you can quickly pick up where you’ve left off and create new investigation from here. You can start an investigation in a few ways. Sometimes proactively using DSI to assess potential data secure risk or other times reactively like when you already know data is leaked and you need to investigate the breach. In this case, I’m going to start this investigation from Data Security Posture Management to get ahead of data risk in our environment. One of the most common types of data leaks is exfiltration of confidential information. Like if an employee moves on to a competitor with trade secrets or a seller wants to bring their client list their new job. Here I can see a recommended objective to prevent exfiltration of risky destinations. Once I click to view objectives, I can see the amount of data exfiltrated, top sources, as well as file types, and I can see an action to create a new investigation using DSI. Here I just need to give it a name, then provide some context about what I’m trying to do in this investigation like, “I’m looking into confidential data that may have been exfiltrated from my organization. I’m specifically looking for confidential and proprietary information about Project Obsidian, the new release we’re working on.” Now I’ll confirm and create the investigation. From here, I can put in the rest of the parameters for deeper search and analysis. In the investigation, I can see a summary about the investigation and from here I can refine the search scope and make change to the date range and people if I want, which will keep things more efficient. And if I need to, I can always add more data sources to the scope. I’ll keep the data source as is and hit add to scope. This grabs the content from the data source and into our investigation. Now I can further analyze the data and I can use a natural language query. And as mentioned DSI will analyze thousands of languages as part of the process. There are a few intelligent search suggestions, but I’m going to do my own search for “information disclosed to customers about project obsidian.” And in just a few seconds I’ll get information assessing exactly what I’m looking for based on my search criteria. It finds over a thousand items with a lot of different languages represented as you can see. On the left, the AI also suggests content categories based on the executed vector search so that it’s easy to organize and make sense of the amount of risk per category. So I’ll filter all those files down to using the obsidian category, and there they are. From here I can select which ones I want to deeply analyze. I’ll choose all of them in this case and hit examine. And here to choose the focus area for the investigation, I can look for credentials, analyze risk, and get mitigation recommendations. I’m going to choose risk in my case so that I can act quickly to contain the risk and hit examine one more time to kick up the process. As it works, I can view its details. This is where AI runs deep content analysis against all the content in these files by looking at the file content itself. This goes beyond common sensitive information types and trainable classifier matches. And depending on the number and size of the files that you have in scope for this, it could take a few moments to run. And you’ll see that it found relevant results each with an assessment, if it’s privileged content, and overall security risk scores and a risk explanation. I can drill into any of these to preview the content in line like this Microsoft 365 Copilot chat message. Moving back, I can also see other risk scores and explanations for credentials on the right-hand columns.

- So DSI in this case uncovered a lot of what we call dark data. These are files that were never classified, which is great then for getting ahead of risk, but leaks do eventually happen. And when they do, we need a way to see exactly what got out and how we contain it.

- That has happened pretty often, unfortunately. Let me show you a case where credentials were leaked externally as part of a security breach and I had DSI helped. And to show you the integration for SecOps teams with Microsoft Defender XDR, I’ll start from an active incident for data exfiltration in this case. In the incident view, you get the high-level signals, the attack timeline, which users on device were hit, and the file names involved. But we still don’t know what was actually inside those files and what earlier activities might have set up the attack or created additional risk across other files. So from the action menu, I’ll create a DSI investigation right from this open incident to find out more about the content in those files. Here I just need to give it a name, then also paste it in a description and some additional context like I did before for the AI. Then I’ll create the investigation and then it links me directly to an investigation in Microsoft Purview. Like before, I can see a summary and refine the search scope if I want. This time I’m going to fast forward a few steps for scoping the data source and examining the content and just go right to the examination results. Here you can see the subject or title of each item, extracted credentials, including usernames, passwords, and more, credential types including API tokens and MFA, a surrounding snippet or the text around the credential details for context, and the thought process with a summary of the AI reasoning. Next, I also want to show the built-in mitigation. We can actually purge the sensitive files that were forwarded around by email to contain the damage without touching the original copy so we’ll keep the evidence. From the results, I’ll select the items I want, then I’ll choose add to mitigation which will in turn create a list of files and messages containing those credentials. From the list I’ll select purge queue, then view the messages and run the purge where I can choose from a recoverable soft purge or permanent deletion with a hard purge. I’ll keep the default and confirm the purge. Then all the information matching that query will be deleted in minutes. And since these files are part of the investigation, they stay retained for review but are hidden from end users. And safeguards like in-place holds for eDiscovery still work normally so protected files aren’t removed.

- Okay, so far we’ve defined all the investigations up front. Is there maybe a way to automate the process using agents?

- Absolutely. We’re adding new capabilities to help tackle a major hidden risk, credentials buried in everyday files. While Microsoft Purview DLP protects credentials in real time as files are created or shared, the Data Security Posture Agent powered by Security Copilot helps security teams identify and prioritize credential-related risks across scope data allocations. Here you can see that I’ve already enabled the agent and there’s a few tasks in progress. These can be started manually or run on a schedule. I’ll start a new assignment for this agent and create a credential scanning task. We’ll be adding our task types to this over time. I can give it a name or keep what’s there. Then add some additional context, in this case, to look for credentials and passwords. Then I can view its progress as it completes scanning data locations, access patterns, analyzing risky documents, and generating the report. The agent works autonomously scanning thousands of locations and potentially millions of files. I’m going to move over to a scan I ran earlier to save some time. Once the agent completes its scan, you’ll see a prioritized list of exposed credentials such as passwords, API keys, encryption keys, tokens, and more, each with a risk score and the agent’s reasoning. From there, I can group the results into categories, then filter for the highest risk credentials. For each credential found, I can explore the details of the credential itself plus its surrounding context.

- It’s a huge advantage really to run these types of credential scans at scale to catch those risks. But why don’t we switch gears though for the human-led investigations. DSI is using pay-as-you-go billing, which, you know, if people are watching this, they’re probably wondering, how do I keep these investigations in check without breaking the bank?

- So cost, as you say, are usage based and billed through Azure. They’re going to vary depending on the size and complexity of your investigation. So we’ve introduced a new estimator tool to help. Before I go there, as a baseline to see the compute unit I’ve been showing until now, I’ll start in the pay-as-you-go dashboard in DSI, and then filter by our last investigation. This one only used about 250 megabyte and 109 DSI compute unit, which is quite conservative. So let’s go back to the DSI overview tab and scroll down to our new estimate cost tool. This lets you input key values like investigation size and gigabytes and the number of vector searches, and it will estimate cost based on what you enter. It shows you the cost breakdown by types for size and AI usage. And the last related control I want to show you is in Azure Cost Management, where like any other Azure services, you can see forecast and accumulated costs. I’ll filter this by my DSI shared view. In this chart, you’ll see the investigation compute and gigabytes by day as well as a forecast. So, voila, you’ve got what what you need to investigate deeply with AI and keep costs in check while staying ahead of incidents. And we’re only getting started. More integration, smarter AI, new mitigation actions, and more agentic workflows are on the way.

- Thanks so much for joining us today, Christophe. And if you want to learn more about DSI and try it out for yourself. As a Microsoft Purview admin, just go to purview.microsoft.com/dsi. And keep watching Microsoft Mechanics for the latest updates. We’ll see you again soon.

Automate Data Security Triage & Posture | Agents in Microsoft Purview

Zachary-Cavanell — Wed, 25 Mar 2026 21:51:42 GMT

Cut through alert noise and focus on the risks that matter with Agents in Microsoft Purview. Use Data Security Triage Agent to prioritize incidents, investigate user activity with full context, and uncover hidden patterns that signal real threats. Identify and act on high-risk behavior, like data exfiltration or persistent access, before it leads to data loss.

Detect sensitive data across your environment using natural language with Data Security Posture Agent. Analyze content to find what’s exposed, apply protections or restrict access, and surface hidden credentials, so you can take action and continuously reduce risk.

Michelle Slotwinski, Microsoft Purview Senior Product Manager, shares how to stay ahead of data risk by turning investigation into proactive protection.

Find it. Prioritize it. Fix it.

Investigate risks with the Data Security Posture + Triage Agents in Microsoft Purview. Start here.

From reactive to ready.

Uncover sensitive data, focus on what matters most, and reduce risk with the Data Security Posture and Triage Agents in Microsoft Purview. Take a look.

Reduce risks before they’re exposed.

Identify hidden passwords, API keys, and credentials buried in files with the Data Security Posture Agent credential scanning capability. Check it out.

QUICK LINKS:

00:00 — Reduce data risks

00:59 — Data Security Triage Agent

01:46 — Investigate risks

03:29 — Detect patterns

05:17 — Uncover nested insights

07:44 — Credential scanning

09:03 — Wrap up

Link References

https://aka.ms/AgentsinPurview

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Data has always moved fast. What’s new is how many places it can show up and how fast tools like AI can surface it. In the next few minutes, I’ll show you how to rapidly identify and reduce your data risks as information flows across more apps, agents, and workflows than ever using the power and speed of AI itself. This is all made possible with the latest Data Security Agents in Microsoft Purview, which work alongside you to reduce the burden of managing the surge in risks from human and AI activity, enabling rapid identification of what truly needs your attention while enabling you to proactively perform deep content analysis to uncover sensitive data at risk, including credentials and secrets that may be deeply hidden within your data.

-And we are constantly evolving these agents to meet your everyday needs, removing manual work, and taking care of the busy work for you, while surfacing context-related insights based on their ability to deeply understand the data in your environment. In Microsoft Purview, you can explore agents from the left navigation. Like most analysts, I’ll start the day by reviewing alerts, and so I’ll begin with the Data Security Triage Agent. This agent can triage alerts for both Data Loss Prevention and Insider Risk Management.

-I’m interested in the ones for Insider Risk, so I’ll open it. Here are all my triaged alerts. And I can see the agent has triaged and prioritized my alert queue down from 200 alerts to 40 that need my attention. There’s more happening under the hood than it seems. Powered by new advanced AI reasoning, the Data Security Triage Agent can process tens of thousands of activity logs at scale to add context and boost investigation accuracy. In fact, you can now see this in the richer insights that are packed into every alert. To show you, I’ll click into this alert for a data leak associated with a departing employee and view details. First, the summary tells me why this alert is highly risky. It’s flagging a highly privileged departing user, a senior engineer in fact, because it’s observed their pattern of accessing, archiving, and exfiltrating both business and personal files using multiple methods. It’s highlighting key activities. Bulk archive to export data to removable media, observed external sharing to a SharePoint Online site, and Access to Sensitive Files.

-Notably, their last working day is recorded as March 31st and the alert was generated on March 27th, so we still have a few days to act before they leave our organization. Let’s dig in deeper into Bulk archive creation. The summary tells me that high-value engineering assets were included. The device and IP address are indicated along with the time this activity occurred: March 23rd. And although the agent hasn’t detected any sensitive information, it has discovered file sensitivity labels. Files have both been archived and copied to removable media. And under details, we can see file counts, names, and types. If we filter on this activity, there’s even more detail. We can see the mix of personal and business files that the engineer has taken. In fact, let’s dig into one of them. I’ll click into the top Engineering designs file where we can see even more detail about the activity, including who performed it with their UPN, jsmith, location details, device details, and more. So using the Data Security Triage Agent for Insider Risk saves time from manual investigations. It also helps prevent important details from falling through the cracks by catching less obvious patterns too.

-In this second pattern, Observed External User Added to SharePoint Online Site, the agent was able to pick up upon the fact that the tech-savvy engineer was able to establish persistence to SharePoint resources by adding their personal Gmail account as an external member of the SharePoint site. This way, they would still have access to team resources even if their work account was deprovisioned. By detecting this behavioral pattern, the agent can infer user intent, something that traditional signals alone would have missed, especially considering that content on the SharePoint site did not contain classic sensitive information or match existing classifiers that would normally trigger protection policies. So the agent helps catch those edge cases. It lays out its findings for your validation and escalates the alert to contain the risk. In fact, here’s how advanced AI reasoning works.

-Under the hood, instead of one monolithic agent, it’s designed to intelligently plan investigation tasks and orchestrate multiple specialized sub‑agents. Each sub‑agent is an expert in a distinct capability or skill domain to retrieve information like inferred user intent, decomposition of complex tasks, understanding compliance, as well as associated data risks, and more. Results are then presented as Triaged Alerts so that you can quickly see what is important in your environment. Now I mentioned that as an analyst, you’re in control of validating agent outputs and taking action. Let me show you what that experience looks like. You can quickly and easily filter the activities within a risk pattern. And then preview the content in line within the investigation so you don’t need to traverse your intranet to view files, like this SharePoint document to see why it was flagged. And ultimately, you’ll confirm if the agent findings are true positives.

-Next, our Data Security Posture Agent helps us to go further by uncovering nested insights for specific users, groups, or sites. And it lets you stay ahead of data risks by finding sensitive data across your estate through natural language discovery. It uses large language models for contextual analysis. And beyond simple keywords or classifiers, it identifies real risk based on the purpose and context of content, which is often deeply hidden within files. And it also recommends actions. If you recall, our Triage agent found a key insight. Our engineer user, jsmith, was observed downloading key files, like Engineering designs to his local device. Notably, the file wasn’t labeled. So next, I want to do a deep analysis of the content under his account using the Data Security Posture Agent. The first thing I need to do is scope the discovery to our user, Joshua Smith, and to their specific mailbox, which comprises their email, Teams chats, and Copilot interactions, and we’ll select Site to investigate their OneDrive.

-Next, I’ll prompt the Posture Agent. “Find me all the files for this user that contain engineering architecture designs, programming code, or technical documentation.” And this operation can take a few moments or hours depending on the amount of data that the agentic process needs to analyze. The agent performs deep content analysis, reasoning over the file content and going beyond keywords and pre-defined data types. It understands context and whether or not in this case, valuable architectural designs, code or technical specs are present and exposed. Once it’s complete, the Data Security Posture Agent summarizes the number of files that match the prompt I entered. It’s found 16 files, 4 of which are not labeled, so let’s dig in further and view insights. Notice it hasn’t found any email or Teams messages or Copilot interactions. And you can see at the top of the Engineering designs file is one of the files without a label. As I scroll, I can see another three unlabeled files below.

-Because the agent was able to deeply analyze the content within these files, it saved me from the manual effort of doing this myself. I can now take action by individually selecting these files and applying a label. I’ll choose this one for Highly confidential. This label will trigger a related policy to restrict downloading the files or external sharing to user accounts outside of our organization, like the user jsmith’s personal Gmail account that we uncovered before. Next, let’s dig further into the content. Let’s see if any of these files contain additional secrets, like passwords or credentials, that could further put us at risk in the wrong hands. For that, we’ll use the new credential scanning capability of the Data Security Posture Agent, which can autonomously surface credentials buried in data across your organization.

-The first thing I need to do is create a Credential Scanning Task. I’ll give it a name based on our scan and scope its data source to the Project Abacus SharePoint Site, which, if you remember, our user Joshua Smith had persistent access to via his personal Gmail account. And I can also provide more context because we want to see if he has hidden credentials in any of the content on this site that might give him access to other services and infrastructure.

-With the task created, the agent will now scan that site using the same AI analysis that powers our Data Security Investigations solution. When the agent completes its scan, if we review its results, you’ll see a prioritized list of exposed credentials, such as private keys, Entra credentials, and API tokens, each with a risk score and the agent’s reasoning. Once it’s finished, then it’s easy to review the agent’s findings and drill into source content to see the discovered credentials inline. And of course, from there, you can take action to disable access to files containing credentials.

-So, that’s how Data Security Agents in Microsoft Purview work alongside you to remove manual work for you, while surfacing hard-to-find context-related insights. And the good news is that if your organization has Microsoft 365 E5 or E7, you’ll have access to these agents included as part of your license. If not, they are also available on a consumption basis. To learn more and get started, check out aka.ms/AgentsinPurview. Keep watching Microsoft Mechanics for the latest tech updates, and thanks for watching.

Zero Out Your Incident Queue - Human-led Microsoft Defender Experts for XDR

Zachary-Cavanell — Thu, 19 Mar 2026 20:16:45 GMT

Offload high-severity incidents, gain full visibility into every investigation, and follow clear, guided remediation steps so you can contain attacks quickly and confidently, day or night.

Extend your security operations with always-on managed detection and response and proactive threat hunting, so you can uncover hidden risks early, stop threats threats they spread, and strengthen your defenses to prevent future attacks.

Maynald Savatdy, Microsoft Defender Expert, shows how to detect, contain, and hunt threats across your environment with support from human experts.

Stay protected at all hours.

Extend security coverage to nights, weekends, & holidays without staffing new shifts. Defender Experts for XDR includes managed detection and response and proactive threat hunting.

Reduce response time and uncertainty.

Take guided remediation steps from human experts instead of guessing what to do next. See how Microsoft Defender Experts for XDR works.

Uncover hidden threats early.

Microsoft Defender Experts proactively hunts across your environment and acts on contextual alerts before exploits become public. See it here.

QUICK LINKS:

00:00 — Microsoft Defender Experts

00:54–24/7 Security Coverage

01:35 — Visibility & guidance actions

03:34 — Incidents and alerts

04:25 — Social engineering attack

05:36 — Defender Experts for hunting

06:34 — Wrap up

Link References

Get started at https://aka.ms/DefenderExperts

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-What if your security team had elite defenders available 24/7 ready to detect, respond, investigate, and hunt threats across your environment? Every day you may need to look at dozens or hundreds of incidents, and anyone of them could pose an existential threat to your organization. This is where our human-led Microsoft Defender Experts for XDR, our managed detection and response service and team come in, to work through those incidents for you. They work behind the scenes to bring deep expertise in triaging and investigating incidents, augmenting your SOC team. And you can track progress directly in Microsoft Defender.

-In fact, I’m part of the global Microsoft Defender Experts team and we represent Microsoft’s own experienced security analysts and threat hunters. People who live and breathe cybersecurity. We’ve managed some of the worst situations and developed deep understanding of all the ways systems and endpoints can be compromised. We work around the clock, including after hours, weekends, and holidays, to augment your team. Defender Experts for XDR also includes a dedicated Defender Experts for Hunting service. This augments your team with our trained engineers that proactively hunt down risks and vulnerabilities across different entry points and services. If you are part of a larger organization with an expert SecOps team, you can also get Defender Experts for Hunting as a standalone service. Our human-led team of experts will work with bespoke tooling and queries, including AI.

-In fact, we’ll uncover and work through advanced threats using up-to-the-second intel that automated systems might miss and correlate data from live raw sources that may not yet have been published. Let’s start in Microsoft Defender. You’re looking at the Incidents view, and normally, to stay protected, you’d need to triage these incidents and work them yourself. These are legitimate attacks unique to your organization and infrastructure. There could be dozens or hundreds of active incidents. The Defender Experts team will triage and work the incident queue for you as an opt-in managed service to augment your security team. In fact, right from the Home screen of the Defender portal, you’ll see the latest incidents that have been worked through by our Defender Experts team. These are stats for the number of investigated incidents and how many were resolved directly or with your help.

-Let’s click in to see all incidents for the ones that need your attention. This status means that the recommended actions needs to be taken by someone on your team. This could be due to credential resets or policy configuration changes only your team may be authorized to perform. If I click into the incident for initial access involving one user, right up top you’ll see that it’s been assigned to Defender Experts. By default, any medium or high severity incident will get our attention. You can see the managed response provided by the Defender Expert who worked on the incident. There’s a detailed summary of what happened, how the incident started, the scope of entities and services impacted, any discovered indicators of compromise, in this case, email information and a malicious phishing URL, along with which entities were investigated. And below that are details for the Advanced Hunting Queries that were used.

-Here you can see our Defender analyst was able to query emails containing the suspicious URL, which devices connected to that URL, the emails from the compromised sender account, then finally who clicked on the URL in the emails from that compromised account. And you can see the Awaited Actions below that you as the customer would need to take care of, like taking action to create an indicator that automatically blocks traffic to the URL, a password reset for the affected user, and requiring the user to sign in again by revoking their sessions. So you have full visibility into what our Defender Experts worked on and any guidance for actions that you need to take. Additionally, our Defender Experts can raise incidents and alerts themselves when suspicious activity is detected. This incident with the Defender Experts prefix was raised as both an incident and alert by our team. It’s a Teams Phishing Activity involving initial access, execution, and privilege escalation.

-From the Managed Response summary, we can see the details of the attack, which the team was able to contain, and if I scroll down, you can see the specific actions completed. They first disabled the targeted account, then created an indicator to block the suspicious domain, and they were able to block incoming Teams messages from the malicious actor along with all of the related IP addresses. So as you saw, these are hands-on interventions. When something suspicious pops up, we don’t just send an alert. Our team digs in, validates what’s happening, and guides you through any containment and remediation steps that we can’t directly perform.

-Let me expand on a social engineering attack to gain remote access, similar to this Teams incident I showed earlier, and how we addressed it. It started when we investigated an alert that was triggered when a user installed a remote viewing and management tool on their work device. At first glance, this type of software isn’t inherently malicious. It’s often used for legitimate IT support. However, our analysts noticed a pattern that didn’t align with normal behavior. The installation followed a series of junk emails sent to the user, an email bombing attack, and a Teams message claiming to be from Technical Support. Once installed, the adversary began using legitimate system paths to gain deeper access. Our team quickly disabled the user and attacker accounts and lines of communication, isolated the device and notified the customer, stopping the attack before it spread further into the network.

-Leveraging Microsoft Threat Intelligence and access to global security data for broader querying, we identified the threat actor. Following the containment, our hunters then initiated proactive searches across other customer tenants and issued intelligence-driven notifications to prevent the spread and further compromise. This is just a recent example of how attackers combine social engineering with their tactics, techniques, and procedures. Beyond reactive support, Defender Experts for Hunting, as the name suggests, proactively hunts for threats in your environment and across the ecosystem. This the Defender Experts custom alert. It’s an overview of suspicious activity, complete with context, severity, and details. Clicking into the Summary tab, there’s a tile view of alerts, recommended queries, evidence and more. Last July, before any public CVE was announced, our team observed unusual activity on a SharePoint server where the W3WP executable was seen invoking PowerShell commands with Base64 encoding, behavior that typically signals an exploit attempt.

-Using advanced hunting queries, we were able to confirm this was not just an isolated event. Based on our queries, we could confirm the attackers were actively probing weaknesses in other environments. We used the results to find the list of over 100 organizations that were vulnerable to this attack and proactively warned them of their exposure even before the exploit became widely known with guidance on how to address it.

-So, whether you’re a small team looking to scale your security operations, or a large enterprise needing deeper threat insights, Microsoft Defender Experts gives you the confidence of knowing elite defenders are watching your back. To learn more or get started, head to aka.ms/DefenderExperts and keep watching Microsoft Mechanics for the latest tech updates. Thanks for watching.

Agents in Microsoft Intune | Automate Policy Creation, Troubleshooting & Fix Guidance

Zachary-Cavanell — Tue, 03 Mar 2026 16:51:09 GMT

Automate device and security policy management by turning written compliance requirements into Intune policies. Use natural language to draft, refine, and deploy configuration profiles, review AI-generated recommendations with confidence scores, and stay in full control before publishing to your environment.

Reduce risk and manual effort by automatically evaluating admin change requests and blocking harmful scripts before deployment. Prioritize vulnerabilities from Defender, translate them into actionable Intune remediation steps, and schedule ongoing fixes.

Jason Githens, Microsoft Intune Principal GPM, shares how to move from reactive security work to continuous, proactive protection. Note: At the time of publishing this video, the Change Review Agent and Policy Configuration Agent are in public preview and the Vulnerability Remediation Agent is in limited public preview.

Use natural language to generate ready-to-review policies.

Check out the Policy Configuration Agent in Microsoft Intune.

Reduce security risk.

Detect destructive or compromised change requests in real time. and get AI-driven approve/reject recommendations. Start using the Change Review Agent in Microsoft Intune.

Shift from reactive patching to proactive security.

See how to schedule automated vulnerability remediation inside Intune.

QUICK LINKS:

00:00 — Automate work with Intune Agents

01:08 — Policy Configuration Agent

01:36 — Policy drafts

02:27 — Create a new knowledge source

03:25 — Create a new policy

04:49 — Change Review Agent

06:19 — Vulnerability Remediation Agent

07:46 — Wrap up

Link References

To get started, go to https://aka.ms/IntuneAgents

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-You can now manage your device and security policies without manual work and automate tasks that previously were not automatable. How? Well, today I’ll demonstrate new agents in Microsoft Intune. As part of Security Copilot, they’re now included and rolling out with Microsoft 365 E5. These are designed to automate the busy work for you while continuously improving the security of your digital estate. This includes the new Policy Configuration Agent, which can reason over your compliance documents, for example, security technical implementation guides, STIGs, and create matching Intune policies automatically. The Change Review Agent, which evaluates admin requests, like scripts, using signals from Microsoft Intune, Entra, and Defender, to recommend change request actions, such as approve or reject, before they’re deployed.

-Along with the Vulnerability Remediation Agent that analyzes the signals across Defender and Intune and proactively creates recommendations for medium to high-risk device vulnerabilities so they don’t get missed. They use natural language reasoning to interpret your instructions together with your policy control plane to generate informed and actionable configuration guidance. In fact, let’s take a look at what these agents can do, starting with the Policy Configuration Agent, which converts written requirements into actionable settings. From the Agents page in Intune, you can see all of your available agents. I’ll choose the Policy Configuration Agent, and here you’ll see Agent suggestions and Activity. There are tabs for Knowledge, Suggestions, and Settings. When you use this agent, it will create configuration profiles in Intune that will appear alongside your existing device policies. So these aren’t agent-only policies.

-These are policies that you or other admins on your team would have typically set and are based on the instructions you’ve laid out. Let me show you. I’m going to create a new policy. You can create policy drafts by describing the configurations you want in natural language as written instructions and optionally, you can use a knowledge source by uploading a text file, which I’ll demonstrate here. But before I do that, let me show you what I’ll be basing it on. For that I’ll move into a text editor, Notepad in my case. You’ll typically start by having or creating this type of knowledge source. You can see it’s a written text document that gives the agent a natural language description of all the different device configurations that need to be set according to specific internal or regulatory compliance requirements. As you saw, it used descriptive, but not precise, terms to help instruct the agent on the breadth of settings available to them.

-Back in Intune in the Knowledge tab, you can see all of our uploaded txt files. I’ll Create New this time a knowledge source. I’ll give it a name, then input a description to explain what it’s for. Below that, I can upload a document, so I’ll navigate to my file to upload, then hit Review to confirm. Depending on your file, this could take a minute or so to process, but in my case, I’m processing around 50 settings that could have taken hours to match manually. You can watch this progress from the Overview tab. Once it’s finished, in this case it actually took around three minutes, it will appear under Agent suggestions on the Overview tab. And if I click into the file I just uploaded, you can see the agent has successfully mapped several different settings from the baseline directly to an enforceable Intune policy.

-Additionally, the agent has provided a percentage confidence rating for each setting. These scores help you understand how accurately it was able to translate your regulatory or configuration document into actual Intune policy settings. Now that the knowledge source has been mapped with the settings, we’re ready to build a new policy from it. This time, I’ll Create a New policy draft. I’ll give the policy a name and then I’ll add a short description. Now from the optional Knowledge source dropdown, I’ll select the baseline that we just uploaded and processed. You can also create policy drafts without using a defined knowledge source. I need to instruct it to create a policy, or optionally, I can prompt it to remove or refine a setting described in the file. This makes sense, for example, in cases where we know it’s already part of another all devices policy.

-Here, you can also add a document that will be appended as text to your instructions. From there, I just need to hit Create. That process will take a few minutes to run, so we’ll skip ahead in time to show the results. In Agent suggestions, I can see my policy draft on top. When I click in, I can see all of the policy details and settings. Everything looks good to me. In my case, it was able to match all the settings. So I’ll create the configuration policy from this draft using the standard policy deployment flow. Importantly, you can review all its configurations and make changes here if you want, just like you normally would before enabling it. Add scope tags and you can assign it to groups or devices. I’ll assign devices later. Then I can review and deploy it using the normal process. Once it’s published, if I move over to my configuration policies, I can see the new one right here with the rest of our policies.

-Next, let’s move on to the Change Review Agent. Think of this like an expert script author and troubleshooter to help you evaluate admin change requests. I’m in the Change Review Agent, and to show you what’s behind this, I’ll move right into the Settings tab, and the first thing you might notice is that the agent is operating with a lot of rich information as context from Intune, Entra, Defender, including Threat Intelligence. It pulls signals from all of these sources to fully understand the impact of any proposed change. Moving back to the Overview tab, you can see that the agent has reviewed multiple admin approval requests with a recommendation to approve or reject appended as a prefix to each script name.

-Let’s look at this script submission as an example. As soon as the script is loaded, the agent analyzes it, providing deeper context and a summary of what the script does. It has identified that this is a highly destructive script designed to wipe managed devices using Graph API calls. The change requester had no previous risk identified, and the business justification was determined to be vague, so it’s likely this person’s account was compromised. You can view the request to look at what the script is doing exactly, and there’s our device wipe. All of these signals are processed in real time to help determine whether the change should be approved or rejected. In this case, the agent concludes that the script is clearly harmful if executed with its current all managed devices scope, so it recommends rejecting the request. The agent is able to rapidly decipher between legitimate and adversarial intent or policy conflicts from change requests that would introduce risk into your environment.

-Finally, the Vulnerability Remediation Agent assesses critical vulnerabilities from Microsoft Defender. It does this in a prioritized manner and maps them to at-risk devices managed in Intune to help you automate fixes. I’ll start in the Microsoft Defender portal under vulnerability management to first set some context.

-Here, you’ll see a clear view of the top risk in your environment, including impact scores, exposed devices, severity, owners, and the associated CVEs. Here’s an example where the dashboard flags an application vulnerability that requires updating Relecloud Sync app. You can drill into the details, understand the exposure, and prioritize remediation, but typically this is where the workflow stops. Defender identifies the issue, and remediation has to be coordinated manually.

-That’s where the Vulnerability Remediation Agent comes in. It takes prioritized vulnerability data from Defender and brings it into Intune. The result is that you can automate remediation in place from where you manage your device endpoints without switching context or accessing Defender. In our example, Defender indicates Relecloud needs to be updated to version 14.0.7. The agent translates that guidance into actionable steps. On the other hand, if I open the suggestion to update Microsoft Windows 11, OS and built-in applications, you’ll see that not only is the update recommended, but also, best-practice security configuration changes are all listed right here.

-And if I move into the agent settings, you’ll see that this agent also lets you automate runs based on a schedule. So that’s how Intune agents help you move from manual effort to intelligent automated guidance while keeping you in control of implementing agent recommendations. And in the future, we’ll start to integrate AI actions into common Intune workflows that you perform every day.

-To get started, log into Intune and try out the new agent capabilities. In fact, if you’re already logged in, just go to aka.ms/IntuneAgents and keep watching Microsoft Mechanics for the latest updates. Thanks for watching.

AI in Windows 11

Zachary-Cavanell — Thu, 26 Feb 2026 16:55:03 GMT

Access Copilot and agents right from the taskbar; find answers across your files, email, and meetings, and turn ideas into polished content using voice or text. AI is right there where you already work, so you can move faster, stay in your flow, and make better decisions without switching context, opening other apps or moving to the browser.

And if you do have a Copilot+ PC, you can use fluid voice dictation across apps, find files with natural language search, take action on anything on your screen, and refine writing anywhere, even offline.

Jeremy Chapman, Microsoft 365 Director, shows how whether you’re planning projects, collaborating with teammates, or building solutions, you can move faster, stay focused, and turn context into real outcomes.

Stop searching across apps.

New Copilot capabilities in Windows Search understand your work context and surfaces answers using data from your Microsoft 365 environment. Get started with Copilot experiences in Windows 11.

Run AI tasks without interrupting your workflow.

Agents stay visible and trackable in the Windows 11 taskbar. Watch here.

Interact with content on your screen using Click to Do.

Extract text, send content to Microsoft 365 Copilot, or convert a static table into a usable Excel file. Take a look.

QUICK LINKS:

00:00 — Ask Copilot

00:55 — Use voice with Copilot

02:30 — Agents on Windows 11 taskbar

04:19 — Copilot in File Explorer

05:19 — Copilot+ PC capabilities

07:04 — Click to Do

07:52 — Writing Assistance with Copilot

09:15 — Wrap up

Link References

Check out https://aka.ms/Windows11AI

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Windows does a lot more than launch and run apps. Now with built-in AI, it can do much more for you and you don’t need special skills to make that happen. There are capabilities that light up on any hardware that runs Windows 11, and some that go even further on Copilot+ PCs with on‑device AI processing. Let’s go ahead and start with what anyone running Windows 11 can use right now. So to pull up AI experiences with advanced reasoning, you’ll start with the Search box in the Taskbar, where your familiar search still remains the same, but now you can also use it with AI prompts. So here, I’ll type, “When is my performance review due?” And by drawing on information from my Microsoft Teams and Outlook calendar, Copilot identifies my performance review meeting so I can prepare for it. It’s an experience powered by Microsoft 365 Copilot, which uses Work IQ to understand my work context.

-Next with AI, it’s often easier just to say what you want and you can now use voice with Microsoft 365 Copilot because of its multi-modal support. You’ll use a long press on the Copilot key or Windows key + C if your device doesn’t have that, to activate voice control. And now I can interact with Copilot to help build a presentation that I’m working on. So for this slide I’ll ask, “Robin sent me a stat about incorporating organic design. I think it was in email, maybe Teams?” And it takes my voice command, it’s using Work IQ with Microsoft 365 Copilot to run intelligent searches, figuring out which Robin I mean while pulling in relevant context and shared information about the meeting from across my Microsoft 365 apps.

- [Copilot] Robin mentioned that incorporating organic design has been shown to boost employee creativity by 15%. That’s a pretty cool stat!

- Not bad. Can you turn that into a catchy statement on this slide here?

- [Copilot] Absolutely. How about this? Creativity matters. Create the space for it.

- Love it. I’ll need Amber to sign off on this. So when’s my next meeting with Amber?

- [Copilot] Your next one-on-one with Amber is on Thursday at 10:30 in the morning. That should be a great time to review it together.

- [Jeremy] Thanks, Copilot.

- [Copilot] You got it. Happy to help. Let me know if there’s anything else you want to fine tune before that one on one.

-This uses advanced speech‑to‑text and tightly integrates on‑device input with cloud AI, so it works on any connected Windows 11 device. Now let’s try something more challenging. Some AI tasks take longer than a quick prompt‑and‑response, and some need to run in parallel while you keep working. That’s where Agents on the Windows 11 taskbar can help. So I’m going to start by tapping into the new Windows Search box. Now, this uses new Windows shell integration, so that long running agents can be viewed similar to apps. So I just need to start with the @ symbol to pull up my agents Now I can find, open, monitor and work with my agents directly from the taskbar. So in this case, I’m going to choose the Researcher agent. I’ll ask Researcher to compare public sentiment with our design principles. I like the direction it’s thinking, so I’ll go ahead and confirm. And this agent works hard, often for 10 minutes or more to research and generate its content. And you can work on other things or with other agents while each performs their work.

-As agents run, there are status indicators directly on the taskbar, similar to when you download large files, where you can track progress and see once it’s complete. So, your agents stay visible and easy to check on as you work, not buried in browser tabs. Now let’s return to our completed Researcher run. The notification tells me that Researcher is finished with this turn and in the taskbar, I can even see a green checkmark on the Researcher icon. When I zoom in, there’s a short summary. And I can tap in to review it.

-Now, this actually took around eight or so minutes to process in real time. Everything here was grounded using Work IQ for information that was in my company. And you’ll see its answer is very well-informed and extremely comprehensive using our study for public sentiment vs. core design principles, it’s laying out its reasoning and all of its cited sources. Of course, Windows is also where you can go to find and open your files and now, your SharePoint and OneDrive cloud files will show up right inside the File Explorer. Using File Explorer Home, you can easily get to your recent files, your favorites and files shared with you.

-Then the new Copilot control lets you Ask Microsoft 365 Copilot for file insights like summaries, context, or next steps for documents. So for this Design Principles doc here, I’ll ask Copilot to review it and tell me what percentage of employees prefer workspaces that incorporate sustainable materials. And in just a few seconds, based on information deeply nested within that document, it finds that over 70% say they do and even provides supporting context. So, you don’t have to open the file or leave your flow to find the right one, whether that’s local or in the cloud. And everything I’ve shown so far works on any Windows 11 device with a Microsoft 365 work or school account and access to Copilot.

-Now let’s look at what’s unique to Copilot+ PCs, where on‑device AI and small language models deliver fast, private processing. So I’ll highlight a few of the capabilities that work on a Copilot + PC even if you don’t have Microsoft 365. First, the new Fluid Dictation works across all apps and uses on-device models for quicker, more natural voice typing as well. You can enable voice access in Settings, which on first run guides you through the experience and what it can do to interact with Windows.

-So I’m going to show an experience working across two common text editors, Notepad and Word. You can start it using either the microphone icon in the taskbar, or by saying, “Voice access, wake up. Open Notepad.” It uses powerful AI running on your local device to automatically correct grammar, add punctuation, and, um, even remove filler words that you, uh, speak. Select all. Copy. Open Word. Paste. And that was just scratching the surface for what Voice access with Fluid Dictation can do. And here are some of the common commands that you can use to interact with Windows and your apps.

-Second, to help you quickly find your files anywhere, improved Windows search uses semantic understanding across local files and Microsoft 365. You don’t need exact names, just describe what you remember. For example, this broad search here for project updates pulls up relevant files and folders of content using hybrid semantic search, and they might contain the word project or maybe synonyms, or contain related content in context of the files or even images within the files.

-Next, Click to Do lets you interact with anything on your screen. You can take actions on content or ask Microsoft 365 Copilot a question about what’s on your screen without needing to switch context. So in this case, I’ll going to pull up this PDF file and you’ll see that it opens the file in the Edge browser. Now, if I scroll down, you can see that I have a stylized table on my screen, which by the way, could be text or an image. So I’ll hit the Windows Key + left mouse click to open Click to Do. And you can also use Windows key + Q. Now you’ll see that it’s recognizing all of the text in the screenshot. I can copy it as a CSV, Save or Share it. I’ll use Convert to table with Excel. And it instantly opens Excel and becomes a usable table and you can work directly with the data.

-From here, if you also use Microsoft 365 at work or school with a Copilot+ PC, even more powerful capabilities light up. Writing Assistance with Microsoft 365 Copilot helps you quickly craft content with AI-powered rewriting and proofreading, and because it runs locally, it even works offline. This enables you to use generative AI from any app with text field input. So I’m going to go ahead and use our line-of-business app here for project planning. There’s a description and business justification field, and I’ll add a bit more detail here.

-And this works everywhere, kind of like your clipboard, so when I select text, the Writing Assistance button appears. Now with it, I can choose options to rewrite it in different ways. In this case, I’ll choose professional. It rewrites my text entry and then gives me three options. So I’ll go ahead and choose the third option here, I like that one, so I’ll go ahead and replace my previous text with it. And that can be used on any line-of-business or other app without any code changes because it’s just built into Windows.

-And finally, if you are a developer, new native support in the Model Context Protocol in Windows gives your agents a standardized way to connect with apps, tools, and files to automate tasks. You can use built-in agent connectors for File Explorer and Windows Settings, allowing your agents to manage local file operations and to modify defined device configurations.

-Windows 11’s built-in AI moves the intelligence closer to you right in the flow of your work. To learn more, check out aka.ms/Windows11AI and keep watching Microsoft Mechanics for the latest updates and thanks for watching.

AI with Zero Trust Security

Zachary-Cavanell — Tue, 17 Feb 2026 21:09:55 GMT

Adopt a Zero Trust approach that lets you verify every access request — human, machine, or AI — before it reaches your most critical resources. As AI agents, semantic search, and automation accelerate how work gets done, you can reduce risk by explicitly validating identity, enforcing least-privilege access, and assuming breach across every step of your environment. Apply layered, continuous protection across identities, endpoints, networks, data, AI resources, applications, and infrastructure so attackers can’t exploit any weak links.

Michael Madrigal, Security Product Manager, shares how you can protect productivity and keep pace with an evolving threat landscape, by continuously assessing risk, securing resources at runtime, and adapting policies as conditions change.

Govern AI agents like identities.

Apply visibility, scoped access, and controls to limit blast radius. Take a look at Zero Trust for AI.

Connect only trusted endpoints.

Block non-compliant devices and VMs from accessing resources by enforcing endpoint health and policy checks. Get started with Zero Trust for AI.

Build security that adapts by design.

Continuously assess risk and automate response across identities, endpoints, apps, data, and infrastructure. Get started with Zero Trust for AI.

QUICK LINKS:

00:00 — Zero Trust for AI

01:41 — Overview of Zero Trust

02:43 — Identities

04:38 — Endpoints

04:50 — How Zero Trust applies to your network

06:51 — How Zero Trust applies to your data

07:31 — How Zero Trust applies to AI resources

08:24 — App Layer

08:31 — Infrastructure

09:49 — Security

10:23 — Wrap up

Link References

Check out https://aka.ms/GoZeroTrust

Watch our series at https://aka.ms/ZTMechanics

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-Zero Trust security is all about one simple idea. Never assume trust, always verify. Whether it’s a person, an AI agent, or an app trying to access your resources, nothing is trusted by default. Equally, protections should be designed to work seamlessly behind the scenes, keeping your business operations secure without impacting productivity. By design, it follows three core principles to guard entry to your network and protect critical assets, you need to first verify explicitly, which means always confirm who, in terms of a person or a device, or what in the case of AI or other processes, is requesting access to your environment. Second, enforce least privilege access means granting only the permissions needed to specific resources to get work done, and then only for as long as necessary. And third, assume breach is where you assume that your environment has already been compromised, so that you have proactive defenses in place to protect your most critical assets.

-In fact, whether you’ve already adopted Zero Trust or are just starting to consider it, with AI now working alongside of us, the need for this approach has never been greater. For example, if data isn’t properly classified and protected, AI which uses powerful semantic search can quickly surface information that was once hard to find and potentially share it with the wrong people.

-Additionally ungoverned AI agents can often have extensive permissions across systems, enabling agents to move through your organization at unparalleled speed to complete tasks. But if compromised, they can cause significant damage before anyone even notices. And as AI reshapes both work and the risk landscape, this series will show how Microsoft helps you to implement Zero Trust seamlessly. Today, I’ll start with an overview of the Zero Trust architecture. We’ll look at the vulnerabilities that can arise and the core defenses, both new and existing, that you can deploy to mitigate them. Think of your IT environment as a flow.

-From the identities, including system processes, and endpoints trying to gain access, all the way across your network, to the sensitive data, AI resources, applications and infrastructure they need to reach. Along that path, every step introduces risk, and attackers don’t need to compromise everything. They only need to exploit one weak link. That’s why protection must be layered across identities, endpoints, your entire network layer, data, AI resources, your apps, and infrastructure, because each introduce unique risks and act as a potential entry point. At every layer, real-time policy enforcement and protections are essential to ensure that any entity requesting access is thoroughly assessed and verified before gaining access to requested resources.

-Let’s go deeper, starting with identities across human users, agents, and your workloads. Human identities are a prime target for phishing, impersonation, and credential theft. So you need to start by limiting access to what each person needs then adding phishing-resistant authentication to confirm users are who they say they are and only reach what they’re authorized for.

-That’s where, for example, Conditional Access in Microsoft Entra comes in, verifying every request using passkeys and other strong methods. Microsoft Purview’s Data Security Posture Management additionally helps you track how users interact with data and AI, so you can spot risks early and strengthen your posture. Integration with Defender for Cloud Apps mean you can block risky apps from being used, and with Global Secure Access in Entra, you can also enforce identity-integrated network controls to keep unsafe requestors out. Non-human identities like agents, on the other hand, don’t fall for phishing, but they’re still vulnerable. They can be hijacked through user or agent interactions, and if they have broad access, a single misconfiguration or excess permissions can open the door to major breaches.

-Here, the new Entra Agent ID gives each AI agent its own unique, manageable identity, letting you apply the same visibility, governance, and Zero Trust controls you use for human users, but now for non-human actors too. For example, Conditional Access can evaluate agent risk in real time for each authorization request to resources and defined access packages using ID governance with human agent sponsor approval, can scope agents for just enough access to what they need to carry out authorized tasks.

-Then, similar to human identities, Insider Risk Management in Purview will also automatically assign risk levels to agents in your environment based on their data activities so you can prioritize investigations and apply targeted controls. This way, every identity is verified with real-time access controls and strict policies under Zero Trust. Of course, identities are only part of the picture. Device endpoints, whether corporate or personally owned, can also pose serious risks if compromised or are non-compliant due to missing updates or policies. That’s because they can act as vectors for lateral movement or data exfiltration.

-Additionally, AI means that endpoint considerations now also extend to computer-using agents, where this type of agent can interact using endpoints like full virtual machines to temporarily access resources within your network or from your cloud service providers. Regardless of the person or entity interacting with the endpoint as access requests move inward, as part of conditional access, they also pass through control layers to evaluate context and behavior. In real time, the policy engine can detect anomalies and enforce policy boundaries based on detected real-time risks and other conditions.

-And endpoint management controls using Microsoft Intune can ensure that any connecting device or VM passes compliance checks before it can access your resources. As a rule, all endpoints should be continually assessed for health and configuration compliance, with non-compliant, stale, or unused devices automatically revoked from access. Here, native controls in Microsoft Defender for Threat Protection and continuous assessment use threat intelligence and forensics to expose patterns, automatically respond and raise defenses against trending attacks. We’ll dive deeper on what you can do to protect identities and endpoints in a another episode of this series.

-For now, let’s switch gears for an overview of the resources that can be targeted by compromised identities and endpoints and how Zero Trust applies. In other words, your network, sensitive data, AI resources, internal and cloud applications, as well as infrastructure components, which are often the ultimate objective for attackers. Your network importantly serves as a bridge between malicious actors and your most valuable resources. Here, your first layer of defense uses network and device-based firewalls to filter traffic and help prevent unwanted connections. Network segmentation then adds protections in case of breach to limit lateral movement to other internal resources. These can be combined and are stronger when tied directly with identity controls in Entra using Global Secure Access for strengthened security.

-Next, the ultimate target of any security breach is your data, which can fall risk to theft, manipulation, or leakage. Here, Microsoft Purview delivers a unified Zero Trust control set. For unstructured data in Microsoft 365 and beyond, it identifies sensitive data and applies sensitivity labels that act as protection guidance, driving consistent enforcement such as encryption access controls and DLP across collaboration and AI experiences. And for structured data across Fabric and other clouds, the same sensitivity labels extend protection intent to data stores, enabling consistent access controls and policy enforcement so sensitive data is protected wherever it’s used, including AI workloads. Equally, AI resources, models, agents, APIs, data pipelines, and compute, are critical components of your Zero Trust architecture. If compromised, they can leak sensitive data, generate malicious outputs, or enable lateral movement across systems. Protection means securing the resources themselves, not just access, by assessing prompts and outputs with Microsoft Foundry’s Prompt Shields and runtime protections. Securing compute environments like GPU-enabled virtual machines used for AI with isolation and compliance controls using Microsoft Defender for Cloud. And continuously monitoring agent behavior for anomalies and assigning risk scores with Agent 365 for centralized governance.

-Together, capabilities like these and more create a layered defense so your AI resources remain secure across the lifecycle. From here in our architecture, the app layer is where AI meets data. That’s because this layer is increasingly powered by AI and semantic search. It enables users to retrieve information with more efficiency. These capabilities are now common in productivity tools, including collaboration platforms and business systems. While these experiences enhance user productivity, they also amplify attacker capabilities if access is compromised, whether through a stolen credential or a risky insider.

-This is where Microsoft Defender for Cloud Apps plays a critical role. With visibility into all apps in use, risk-based controls to govern app behavior, and data protection policies to prevent misuse and data exfiltration. And at the foundation of everything in the Zero Trust architecture is infrastructure, spanning cloud environments, servers, containers, and orchestration systems. The consequences of compromised infrastructure can be severe, with service outages, ransomware, instability, and more. Microsoft Defender for Cloud delivers comprehensive workload protection across Azure, AWS, and GCP, including vulnerability scanning and advanced threat detection for your infrastructure. And you can leverage Azure Confidential Computing infrastructure for your most sensitive workloads, which encrypts data while in use in memory using hardware-based trusted execution environments and processes that only after requests are explicitly verified.

-And of course, as we go across each layer, security configurations should not be set and forgotten. Continuous validation with constant monitoring and adaptive policies is a critical part of maintaining Zero Trust. Across all layers in the Zero Trust architecture, SecOps needs to be continuously assessed, monitored and optimized with controls to minimize and detect risks. Here, Microsoft Defender with Sentinel as its integrated SIEM extends detection and response across endpoints, identities, SaaS apps, email and collaboration tools, and more.

-Please stayed tuned to Microsoft Mechanics to watch the rest of our series with hands-on guidance for implementing Zero Trust across identities and endpoints, data, AI resources, and apps, and your network and infrastructure, at aka.ms/ZTMechanics. And for additional resources, check out aka.ms/GoZeroTrust with free workshops and more. Subscribe to our channel if you haven’t already, and thanks for watching.

Microsoft Entra Agent ID explained

Zachary-Cavanell — Thu, 12 Feb 2026 19:13:02 GMT

See every agent in one place, understand what it can access, detect agent sprawl early, and apply least-privilege permissions using the same Microsoft Entra tools you already use for users — without introducing new governance models.

Approve and scope agent access with accountability, enforce agent-specific Conditional Access in real time, automatically block risky behavior, and ensure every agent always has an owner, even as people change roles or leave.

Leandro Iwase, Microsoft Entra Senior Product Manager shows how to keep agents operating securely, transparently, and predictably across their entire lifecycle.

AI agents get real identities.

See how to apply permissions, protections, and policies. Treat agents like human users with Microsoft Entra Agent ID.

Gain full visibility for each agent in your tenant.

See how many agents exist, which are active or unmanaged, and where sprawl is starting — before it becomes a risk. Check out Microsoft Entra Agent ID.

Control what agents can access in real time.

Apply Conditional Access policies directly to agents using Microsoft Entra Agent ID. Start here.

QUICK LINKS:

00:00 — Treat AI Agents Like Real Identities

00:42 — Stop Agent Sprawl

02:26 — Least Privilege with Agent Blueprints

03:39 — Scope Agent Access

05:10 — Create agent specific Conditional Access policies

06:12 — Protect against a sponsor account

07:01 — Agents flagged as risky

07:50 — Ownerless agents

09:00 — Wrap up

Link References

Check out https://aka.ms/EntraAgentID

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-As more AI agents become active in your environment, you need control over them and what they can access. That’s where Microsoft Entra Agent ID comes in. It lets you treat agents like you would treat human users with their own built-in identities. Agent ID lets you define permissions and extend new and existing protections to them. You stay in control across their entire life cycle, from initial creation to monitoring the day-to-day activities where we continuously check for risk and protect access to resources, to switching their ownership if their sponsors no longer around, and disabling them when they’re no longer needed. The good news is that you can use the same tools in Microsoft Entra that they use to manage human identities today. Let me show you. Here in the Entra Domain Center, you see a new type under Entra ID called Agent ID. In the overview, you’ll find a summary with key metrics. These insights highlight what you need to know about your agents.

-For example, how many agents are in your tenant, the number of agents recently created, how many are active or unmanaged and without identities. Each are starting point for understanding agent activity and spotting early signs of agent sprawl. Moving to the agent registry, you get visibility for each agent in your tenant and what platform they were built on and whether they have an Agent ID or not. The agents here are mixture of Microsoft-built agents, agents that you built in Microsoft Foundry, Copilot Studio, as well as Security Copilot. And no Microsoft agents using APIs and SDK supporting Agent ID. In fact, Agent Registry in Microsoft Entra is a shared center registry also used by the Agent 365 control plane. Next, in our agent identities, we can see all AI agents with an agent ID. Here, each agent automatically gets identity record, which is immutable object ID, just like a user or app registration would. It can quickly filter the list of the agents I want to manage. And by clicking into an agent like this one for HR self-service, we can see each details like the agent status, sponsor, permissions, roles, and associated policies.

-Then, agent blueprints are templates for how agent identities are created. They ensure that any agent created has the right controls and is aligned with organizational policies. In the blueprint, we can see that it has one linked agent identity, which is actually itself. That said, this blueprint could be used for other agents as they are created. In fact, let me show you how this works with a blueprint that has more linked agent IDs. Back in our agent identities view, I’ll take a look at this HR Test agent to verify its agent blueprint. Here’s one has two linked agent identities. One has been named an Actor agent and is active. I’ll click into its access details. Here, I can see the details for each permissions. It has Application.ReadWrite.All permissions in the Microsoft Graph, which means it’s over permission, so it’s potentially dangerous. If I go back to the agent page, I can disable this agent. And if I confirm, this will block the agent to improve security and prevent and authorize access to it. So as an administrator, you have full visibility into your agent details and their correspondent permissions for accessing your resources.

-Next, for scoping access to just what an agent needs to perform his tasks, we use access packages in Microsoft Entra. Let me show you. We start under Identity Governance, from Entitlement management and Access packages. You can see that I’ve already got one for a sponsor-initiated access package created. This includes the resources to help automate HR-related tasks for our agents. In Resource roles, you can see the specific Microsoft Graph API-related roles. Under Policies, that is just one initial policy. And clicking into it, we can see who can request access. I can choose from Admin, Self, Agent Sponsor, or Owner.

-Importantly, these access package requires agent sponsor to approve any agent requests for access and it requires a business justification as well. Let me show you how the access request process works. I’m logged in as a human agent sponsor with the My Access portal open. I’ll browse Available access package. And here, the Sponsor-Initiated Agent Access package that we saw before. Clicking to exposes which identity I’m requesting access for, and I’ll keep the Sponsor agent option, and I’ll choose our HR Actions Agent. Next, I just need to enter a business justification. I’ll enter Timebound access for HR agents, then submit the request. Once the request has been approved, the agent will work according to my policies. And now, I can even create specific conditional access policies that will assess this realtime as agents try to access resources.

-Here, I’ve created a Conditional Access policy to prevent agents from requesting sensitive information. In Assignments, there is now an option to apply the policy to agents. Under Grant, you see that this policy blocks all access requests by default, and you can see all agent identities are in scope. In my case, I want to make one exception. I want to make sure only approve HR agents can access HR information and stop our other agents. We can do that using an exclusion for HR-approved agents. Back in my policy, if I move over to Exclude, I can exclude one or more agent IDs from the policy. Using filter rules, this is how I can only allow the agents that were approved by HR to get access to dedicated HR resources, as you can see here. Under Target resources and in the filter, you also see that this policy covers all resources. So that was a very target Conditional Access policy.

-We can also apply broader policies for all agents at risk to protect against a sponsor accounting being compromised and giving the agent malicious instructions. I move over to another Conditional Access policy that I’ve started. Just notice the identities in scope are, again, all agents. Target resources are all resources. But under Conditions, there is a new one called Agent risk. And when I’m look at what’s configured, you see the now we have High, Medium, and Low risk level options. I’ve chosen High. And once that’s enabled, condition access, you assess agent risk in realtime based on its likelihood of compromise and automatically block access to any resource per this policy scope.

-Now, we’ve protected from risk agents when they request access to resources. And from Microsoft Entra, you can see which agents are currently flagged as risky in your tenant. Right from Identity Protection, you find your risky agents. So let’s take a look. We have three of them here. Our HR Actor agent from before shows high risk. By clicking in, you can see why. It looks like this agent tried to access resources that it does not usually access. Remember, this policy was a scoped to all agents without any exclusions, so if you block our HR agents too in case high risk is detected. So now our agents are running with their own identities and our resources are protected.

-Since agents have one or more human sponsor, let’s move on to what happens if a sponsor leaves or change roles and makes the agent ownerless. For that, using lifecycle workflows, we can automatically notify the right people when agents become ownerless. Work workflows are a great way to automate routine tasks like employee onboarding and offboarding, and they work for agents too. I will narrow my list down by searching for a sponsor. There’s my workflow for AI agents to configure their sponsor in the event of a job profile change. Drilling into the workflow and then into its tasks, you see that we have two tasks defined for the what happens when the job profile changes. The first is an email to notify the manager of the user move, and I’ll click into the second task, which sends an email to the manager to notify them about agent identity sponsorship change they will need to action.

-Let me show you an example when an agent sponsor leaves their role. Here, we’re seeing the manager’s mobile device. There’s a come in for an Outlook. And when we open it, in the mail, we can see that the manager needs to identify a sponsor for the two HR agents listed. This way, you can ensure the agents always have assigned sponsors.

-Microsoft Entra Agent ID provides comprehensive identity, access, and lifecycle management for agents, with the same familiar tools you leverage already for users. To learn more, checkout aka.ms/EntraAgentID. Keep checking back to Microsoft Mechanics for the latest tech updates, and thanks for watching.

New Agents in Microsoft Purview

Zachary-Cavanell — Thu, 18 Dec 2025 16:39:36 GMT

Use the Data Security Triage Agent to cut through alert overload, eliminate false positives, and immediately understand which Insider Risk or DLP incidents need your attention. Stay in control with automated user outreach and clear, contextual reasoning behind every alert.

Use the Data Security Posture Agent to uncover risks that hide behind context with natural-language queries. When issues are found, apply labels and trigger security policies right from the insight, helping you proactively prevent data loss. Powered by Security Copilot, these agents give you a faster, smarter, more efficient way to manage data security.

Cut through alert overload with AI-driven triage.

Elevate only alerts that matter to save time and sharpen focus. Get started with the Data Security Triage Agent in Microsoft Purview.

Pinpoint where sensitive data needs immediate protection.

Ask natural-language questions to reveal data risks across Outlook, Teams, Copilot, SharePoint, OneDrive, and AI interactions. Check it out.

QUICK LINKS:

00:00 — Agents in Microsoft Purview

00:44 — Data Security Triage Agent

01:48 — Data Security Posture Agent

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

Whether you’re an admin focused on strengthening your organization’s data security posture, or an analyst concerned with mitigating immediate data risks, the new AI-powered Data Security Agents in Microsoft Purview simplify the process. They work alongside you to ease the burden of identifying and addressing the increased risks from the growing volumes of human and automated agentic activity that use your organization’s data. Guided by your feedback, they don’t just react, they help you proactively improve your security posture while enabling more rapid identification and mitigation as data risks unfold.

As you start your day, the Data Security Triage Agent is your AI-powered assistant for managing insider risk management and data loss prevention alerts. It sifts through your alert queue, using advanced reasoning to establish context, assessing sensitive information flagged by policies, and eliminating false positives, taking care of the busy work for you. It surfaces the highest-priority alerts that truly need your attention, and provides clear reasoning behind its decisions, including details about the data owner, or last user involved in the incident.

Then it goes a step further, autonomously contacting associated users in Microsoft Teams with details on the sensitive information found, and recommended actions. It tracks progress intelligently, nudging users as often as you define, helping you to remediate imminent risks faster. And as an analyst, you maintain full control with visibility into agent impact, and the actions taken over time.

Next, the Data Security Posture Agent lets you explore, in natural language, how well your high-value data is protected across sources like Outlook Mailboxes, including Teams Chats, as well as SharePoint and OneDrive. When you submit a query, AI-powered intent analysis goes beyond keywords and predefined data types to uncover risk factors rooted in context, revealing where data is truly at risk, and needs protection. Built-in policy control then lets you apply human logic to label files and trigger corresponding security policies to proactively prevent data loss. These agents in Microsoft Purview are powered by the Security Copilot platform, and are ready for you to try today.

How Microsoft Agent 365 works

Zachary-Cavanell — Wed, 10 Dec 2025 19:12:26 GMT

Agents can now have their own identity, email, OneDrive and Teams accounts, and collaborate just like coworkers.

Microsoft Agent 365 lets you onboard agents, give them the policies and knowledge they need, and let them work in parallel with you to handle tasks like procurement, approvals, research, and updates using the same Microsoft 365 tools you already rely on.

As your use of agents grows, keep full visibility and control. See what they've worked on and understand their impact across your organization as an agent manager.

If you're in IT, you have full visibility and control over access permissions and agent relationships. You can manage all agents from a single unified control plane with the same tools you use now to manage users.

Jeremy Chapman, Microsoft 365 Director, shares how you can adopt autonomous agents at scale across your organization.

Agents that work alongside you.

Assign tasks and get full visibility into what they have worked on using Microsoft 365 tools like Teams and OneDrive. See it here with Microsoft Agent 365.

Automate workflows.

Agents access your data and tools to execute complex tasks. Take a look at Microsoft Agent 365.

Understand agent impact.

Map their actions, connections, and interactions in Microsoft 365 workflows. Get started using Agent 365.

QUICK LINKS:

00:00 — Microsoft Agent 365

01:04 — Agent capabilities

02:48 — Visualize the agent’s impact

03:23 — How it works

04:48 — Agent 365 control plane

07:31 — Zero in on risks

08:18 — Agent map

09:10 — Wrap up

Unfamiliar with Microsoft Mechanics?

As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft.

Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries
Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog
Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast

Keep getting this insider knowledge, join us on social:

Follow us on Twitter: https://twitter.com/MSFTMechanics
Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/
Enjoy us on Instagram: https://www.instagram.com/msftmechanics/
Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics

Video Transcript:

-What if an AI agent was truly autonomous, working independently alongside you, with its own email and OneDrive account, capable of joining Teams meetings and conversations to get work done? It means, as a user, you can onboard and manage agents with a unique identity, the right information access, and skills to work on your behalf. These agents can perform the tasks that you define, working autonomously and work with you using the same managed apps and services in Microsoft 365 that you use. And as an IT admin, you have granular control over what agents can do, and knowledge sources they can access. Along with end-to-end visibility into agents in your environment, no matter where they’re created. In fact, with the Agent 365 control plane, we’re extending the same familiar administrative surfaces that you use now to manage people for full visibility, control, and management of agents, while introducing new capabilities.

-So, first, let’s start by looking at what Agent 365 can do from a business user’s perspective. In this case, a coworker has created a procurement agent. And our IT team has approved it, and made it available in our company’s agent store. Now, as a procurement manager, I can find the agent and also set it up with just a couple of clicks. Then once it’s up and running, it contacts me in Teams and asks what I’d like it to do and which tasks to perform. As a procurement agent, it recommends that I give it supplier policies, approved supplier lists, and a procurement playbook. So I’ll do that here with my Teams policy guidelines and just type, use this policy guide for your actions. And then / reference my Zava procurement file.

-Now the agent has what it needs to start working. For interoperability with me, other people, and other agents, it has its own suite of Microsoft 365 apps and a unique account to work on its own. In fact, as an order request comes in from a customer for new laptops, the agent reasons over that request using the instructions I provided. And it can also use contextual business information across Microsoft 365 with Work IQ to find these suppliers, their SLAs, pricing from recent orders, and related documents. Based on the fulfillment time, it even recommends a supplier and asks me if it should proceed. Once I confirm, it creates the purchase order for the laptops and logs that into our purchasing tracker Excel spreadsheet in SharePoint. And right from the comments, like I would at mention any coworker, here I’ve at mentioned the procurement agent for status updates. Agent 365 also makes it easier to visualize the agent’s connections, activities, and impact.

-As a business user, you can see details about the agent, who it’s managed by, its skills, and what it works on in the agent card. You can also see where it fits in the organization, and who it frequently interacts with. Then in the agent activity view, you’ll find its recent sessions with details on actions performed. And clicking into any session activity expands on what was done, the information that was used, and the steps performed to complete its tasks. This is a fully autonomous agent with everything it needs to be effective. In fact, let’s break down the mechanics of how the agent was able to do what it did when it used the Agent 365 control plane.

-The first behind the scenes, once created, the IT approved agent is assigned its own identity in Microsoft Entra and granted access to specific knowledge sources. It’s provided with its own email, calendar, OneDrive, and Teams account, and other services in Microsoft 365. Importantly, it’s also connected to Work IQ, which provides the agent with additional context that’s specific to the jobs it’s performing and the activities by people and other agents around it. But has what it needs to interop with you in the tools that you use every day to get work done.

-Importantly, because it runs on the Agent 365 control plane, it works according to your organization’s security and compliance requirements. For example, least privilege access control ensures that the agent can only access defined content, and nothing more. Also, access can be blocked in real-time based on Conditional Access policies that you have in place. Integrated data security prevents data loss, adhering to your protection policies as it works. And there are also safeguards to keep the agent resilient to targeted attacks. That’s how agents can be onboarded and how they work. Next, as an IT admin, Agent 365 gives you more visibility and control to manage the breadth of agents in your environment, let me show you.

-The Agent 365 control plane in the Microsoft 365 admin center provides an overview of all agents in your organization, with a breakdown by publisher and platform. You can also see whether they were built internally using Copilot Studio, Microsoft Foundry, non-Microsoft platforms, and more. As well as how they’re being used. Below that are recommended top actions to take control, so that you can prioritize your time. Next, to see all of your agents in one place, there’s a complete registry, which pulls in details for security risks, activities, and agent performance into one view. Each agent has comprehensive details. In addition to configuration options, like the data and tools it can access. Information stores it can read from, provisioned compute, graph connectors, tools, and knowledge sources. Then security and compliance provides all of the details for enabled policies with that agent across Microsoft Purview, Microsoft Entra, and Defender.

-Next, in permissions, it goes a step further to display which memberships it has across groups and teams, applications it can access, the SharePoint sites it can use. And detailed permissions across graph API calls. Finally, activity displays information about the agent usage, exceptions and active users. And before agents are available for people to use, as an admin, you’re in full control of validating and approving which agents will appear in your organization’s agent store, here’s how.

-From requests, you can review agents submitted for approval. For example, drilling into this product backlog agent, you can check its configurations, the data it can access, security and compliance protections. And the detailed permissions requested. If everything checks out, you can approve and activate the agent. Then select the right users and groups to access it. In this case, I’ll just keep Mona Kane as the requester. From there, I can apply uniform guardrail policies using customizable templates, like this one, to restrict content sharing. These policy templates leverage Microsoft Entra for access controls, Microsoft Purview to secure data. As well as SharePoint policies, like this one, to enforce specific restrictions on external sharing at the agent level.

-Then I can just review and accept the permissions for the agent, and finally confirm to grant access to its requester. Next, for your running agents, as we saw in the Agent 365 overview, the service automatically and continuously evaluates potential agent risk to alert you of any actions to take. Here, I can zero in on agents with risks. For example, I can see that this comms agent has two risks identified. And when I dig in to see why, it looks like this agent has abnormal sign-in frequency, and was accessed by a user flagged as risky. It’s possible that their account was compromised. And in these cases, Microsoft Entra Conditional Access will automatically block risky agents from accessing resources. And as an admin, you can also block the agent right from here. So it’ll be disabled immediately for current users, and won’t be discoverable for new users.

-Those were single agent operations, but as more agents enter your agent ecosystem with connections to other agents, tools, and knowledge sources, you can see these relationships using the Agent Map. This helps you visually map all agents in your environment across platforms. Importantly, you can see agent connections and multi-agent workflows. Then quickly spot alerts, like this one, for high exception rates. Then drill into view its details, and also take necessary actions. And while today I focused on the experience in the Microsoft 365 admin center, the Agent 365 control plane extends to role-specific views for agents in Microsoft Entra for agent identity and access management, Microsoft Purview for data security protections. And Microsoft Defender for threat detection, investigation, and response.

-And that’s how the new Agent 365 gives you a single control plane to manage agents within the same familiar admin experiences that you’re using today. To get started, from the Microsoft 365 admin center, make sure the Frontier Program is enabled for early access to new AI capabilities. Keep watching Microsoft Mechanics for the latest updates, and thanks for watching.