The next frontier in endpoint security: Securing local AI agents with Microsoft Defender
AI agents are now doing real work on the endpoint — reading files, running commands, browsing the web, and acting on behalf of the users they run under. That same power is also what makes them dangerous: agents act on whatever content they take in, and much of it comes from outside the user's control — a web page, a repository, a command's output. A single malicious instruction hidden in that content can turn an agent against the very environment it's trusted to work in. With access to source code, secrets, and the corporate resources, its identity can reach — from cloud infrastructure to SharePoint, email, and internal apps — a compromised agent becomes a path to everything that identity is trusted with. Yet most security teams can't see this activity at all. Local AI agents run as ordinary processes, with little of the visibility or context SOC teams need to understand — let alone investigate — what an agent actually did. That’s why today, we're extending Microsoft Defender to secure AI agents running locally on devices. Security teams now have the visibility, context, and control needed to manage this new frontier of endpoint risk without slowing down the developers driving innovation forward. This includes: Discover 20+ types of local AI agents running on managed Windows and macOS devices Block malicious AI agent activity on the device in real time Assess local agent exposure across identities and reachable resources Investigate local AI agent activity in Advanced Hunting In preview, Defender now discovers these agents across the endpoint — AI coding agents, AI assistants, local AI runtimes, agentic IDE extensions, and Model Context Protocol (MCP) servers — and adds runtime protection for popular coding agents, with coverage expanding over time. Just as important, it brings them into the same security platform teams already use for endpoints, identities, email, and cloud, so local agents are no longer running unseen alongside the tools security teams already protect, but part of one coordinated defense. Discover local AI agents on managed devices Security Operation Center (SOC) teams can now identify AI agents running locally as first-class assets, not just operating system (OS) processes. In the Defender portal, security teams can view a dedicated inventory of AI agents across their environment, spanning categories such as: Coding CLIs and terminal agents: GitHub Copilot CLI, Codex CLI, Claude Code CLI, Gemini CLI, Antigravity CLI, OpenCode Agentic IDEs and VS Code extensions: Cursor, Windsurf, Antigravity, Claude Code, Codex, Cline, Gemini, GitHub Copilot, Roo Code Desktop AI assistants: ChatGPT Desktop, Claude Desktop, Codex Desktop, Poe Desktop, Antigravity Desktop, GitHub Copilot App Local AI runtimes and autonomous platforms: OpenClaw, Nanobot, ZeroClaw, Ollama Desktop Each agent is surfaced as a security asset, with runtime context including user identity, device and process relationships, trust indicators, and integrity level. Security teams can also see configuration signals, such as “auto-approve” settings and connected services via MCP servers. Defender discovers more than 20 supported local AI agents across Windows and macOS, with coverage continuing to expand. ord in the Microsoft Defender portal. Block malicious AI agent activity in real time Discovery is the starting point. Once SOC teams know which agents are present, they need confidence that malicious behavior will be stopped to reduce impact to their organization’s environment. For popular coding agents, Defender now provides runtime protection that helps block malicious behavior inline and in real time. This capability starts with Claude Code and GitHub Copilot CLI, with OpenClaw and OpenAI Codex coming soon. When Defender identifies that an agent activity is malicious, it can automatically block it. As with other threats, the user can be notified, and the activity is logged in the protection history. The SOC analyst receives a detailed alert with agent and session context for investigation, including details on the detected threat. At the same time, the user sees a notification on the device that the activity was blocked. The corresponding security alert in the Defender portal, with the process tree and session context for investigation Assess local agent exposure Knowing an agent exists is only half the picture. The next step is mapping the potential blast radius: the resources the agent touches, the identities it can use, and the assets exposed to its next moves. That’s why every agent discovered is automatically mapped to the device it runs on, the identity associated with that device, the MCP servers it’s connected to, and the cloud resources the identity can reach. The exposure graph turns "this agent exists" into “this agent can do these things” by providing an understanding of the agent’s connectivity across your environment. As an example, in the map below, the SOC analyst can see that a ChatGPT Desktop agent is tied to a single AWS account, and from that identity its reach extends to S3 buckets, an AWS KMS key, EC2 instances, and an AWS Bedrock agent. The agent has no cloud permissions of its own, but it inherits the account's — so if it were compromised or misused, that reach becomes a path to encrypted data and key material. This view gives security teams a clear picture of the agent's blast radius, so they can decide how to contain it before it's abused. Investigate local AI agent activity in Advanced Hunting Beyond the inventory and exposure views, security teams often need to hunt across the environment — to ask which agents are behaving unusually, and what else they touch. Every AI agent discovery event, MCP server connection, and configuration signal is queryable in Advanced Hunting, alongside the endpoint, identity, email, and cloud security telemetry your team already uses every day. This capability unlocks two use cases that security teams have been asking for: Correlate agent activity with process, file, network, identity, and cloud telemetry to see the full picture of what the agent did Hunt for risky configurations – for example, agents running in auto-approve mode under an identity with privileged access to production, source code, or CI/CD systems Security teams can turn any of these queries into a custom detection rule — for instance, raising an alert whenever a newly discovered agent appears with a risky configuration on a device tied to a privileged identity. Securing the next frontier of endpoint activity The risk that opened this post — an agent acting on a malicious instruction and reaching everything its identity can touch — is exactly what this protection is built to contain. By bringing local AI agents into the same platform teams already use for endpoints, identities, and cloud, Defender turns that blind spot into something security teams can see, investigate, and stop — without getting in the developer's way. Developers keep the AI tools accelerating their work. Defenders get the visibility and real-time protection to stay ahead of attackers as they turn to this new surface. That balance — speed for builders, control for defenders — is what securing the AI era actually requires. Learn more Discover local AI agents with Microsoft Defender Block malicious AI agent behavior with runtime protection Manage and secure your agents with Microsoft Agent 365Organize your multitenant view with Tenant Groups in Microsoft Defender
Managing security across many tenants shouldn’t mean drowning in a single, flat list. We’re excited to share a new capability, now in public preview in the Microsoft Defender multitenant (MTO) portal: Tenant Groups—a flexible way to organize the tenants you manage and switch your view between them with a single click. If you’re a managed security service provider (MSSP), a cloud service provider (CSP), or a security team operating across multiple Entra ID tenants, this one’s for you. What’s new Tenant Groups let you create logical groupings of tenants (by customer segment, geography, criticality, onboarding stage—whatever fits how you work) and seamlessly switch the Defender MTO view to show data from only the tenants in that group. NOTICE: The feature previously called Tenant groups—used for content distribution—has been renamed to Deployment profiles. The name “Tenant Groups” now refers to this new grouping experience. Why it matters Focus, faster – Investigate incidents, hunt threats, and review posture against just the tenants you care about right now—without noise from the rest. Operational clarity – Group tenants the way your team actually works (e.g., Tier 1 customers, EMEA, Pilot rollout). Permissions-aware – Even if a Tenant Group contains more tenants, you’ll only see the ones where you have B2B/GDAP (granular delegated admin privileges) access. Your existing access controls stay in charge. Permissions you’ll need To work with Tenant Groups, your account needs one of the following: Entra ID roles Security Administrator Security Operator Global Administrator Product-specific (MDE, MDI, etc.) role-based access control (RBAC) Global Administrator Security Administrator Plus, any custom RBAC roles required to see data across products Unified RBAC (URBAC) Security/read—to view Tenant Groups Security/manage—to create Tenant Groups Remember: A Tenant Group can include tenants you don’t have access to. You’ll only ever see the ones your permissions allow. Getting started 1. Open Tenant Groups Sign in to the Microsoft Defender portal with administrative credentials, then navigate to Multitenant Management > Tenant Groups. You’ll find a built-in group called My private group that contains all the tenants from your previous setup. You can add or remove tenants from it, but it can’t be deleted. 2. Create a Tenant Group Select + Create tenant group. Give it a descriptive name (e.g., Healthcare customers, EMEA Tier 1). Optionally, add a description so teammates know the group’s intent. Select the tenants you want to include. That’s it—your group is ready. 3. Switch between Tenant Groups In the top-left corner of the portal, select Open multitenant management. Choose the group you just created. Navigate around the Defender MTO portal—incidents, alerts, devices, hunting—and you’ll see only data from the tenants in that group. Switch groups anytime to refocus. Live change detection: If a teammate edits a Tenant Group (adds or removes tenants) while you’re viewing it, the portal surfaces a notification so you know the underlying scope has changed. No stale views, no surprises. 4. Edit a Tenant Group Go back to Multitenant Management > Tenant Groups. Select the group and choose Edit. Add or remove tenants as your environment evolves, then re-test your views. Tips for getting the most out of Tenant Groups Start with how your team triages – Name groups after the workflows you actually run (On-call queue, Customer A—production). Keep groups small and purposeful – Overlapping, focused groups beat one giant catch-all. Pair with Deployment profiles – Use Tenant Groups for viewing, and Deployment profiles for distributing content—two clean, complementary concepts. Audit access regularly – Because group membership is independent of B2B/GDAP access, periodic reviews keep expectations aligned. We want your feedback Tenant Groups are designed around real multitenant operations work—and we’d love to hear how you’re using them. Try it out in your environment, share what’s working (and what isn’t), and let us know what you’d like to see next.Monthly news - January 2026
Microsoft Defender Monthly news - January 2026 Edition This is our monthly "What's new" blog post, summarizing product updates and various new assets we released over the past month across our Defender products. In this edition, we are looking at all the goodness from December 2025. Defender for Cloud has its own Monthly News post, have a look at their blog space. 🚀 New Virtual Ninja Show episode: Advancements in Attack Disruption Vulnerability Remediation Agent in Microsoft Intune Microsoft Defender (Public Preview) The following advanced hunting schema tables are now available for preview: The CampaignInfo table contains contains information about email campaigns identified by Microsoft Defender for Office 365 The FileMaliciousContentInfo table contains information about files that were processed by Microsoft Defender for Office 365 in SharePoint Online, OneDrive, and Microsoft Teams General Availability of the Security Alert Triage Agent (previously named Phishing Triage Agent): this agent autonomously analyzes user‑reported phishing emails to determine whether they’re true threats or false positives, dramatically reducing manual triage workload. It continuously learns from analyst feedback and provides clear, natural‑language explanations for every verdict, giving SOC teams both speed and transparency. We're excited to share it is now generally available and, very soon, will expand to also triage cloud and identity alerts! Learn more on our docs. Public Preview of Dynamic Threat Detection Agent: Announced at Ignite, this always‑on agent hunts for unseen threats by continuously correlating telemetry and creating new, context‑aware detections on the fly—closing gaps traditional rules can’t see. We're excited to share it is now in Public Preview! Learn more on our docs. Public Preview of Threat Hunting Agent: Announced at Ignite, this agent gives every analyst the power to investigate like an expert by turning natural‑language questions into guided, real‑time hunts that surface hidden patterns, reveal meaningful pivots, and eliminate the need to write complex queries. We're excited to share it is now in Public Preview! Learn more on our docs. General Availability of the Threat Intelligence Briefing Agent: this agent delivers daily, tailored intelligence briefings directly in Microsoft Defender—automatically synthesizing Microsoft’s global threat insights with your organization’s context to surface prioritized risks, clear recommendations, and relevant assets so teams can shift from reactive research to proactive defense in minutes. We're excited to share it is now generally available! Learn more on our docs. (General Availability) The hunting graph in advanced hunting is now generally available. It also now has two new predefined threat scenarios that you can use to render your hunts as interactive graphs. (General Availability) Advanced hunting now supports custom functions that use tabular parameters. With tabular parameters, you can pass entire tables as inputs. This approach lets you build more modular, reusable, and expressive logic across your hunting queries. Learn more Note: The Phishing Triage Agent has since been expanded and is now called the Security Alert Triage Agent. Learn more at aka.ms/SATA Microsoft Defender for Endpoint (Public Preview) Triage collection: Use triage collection to prioritize incidents and hunt threats with the Sentinel Model Context Protocol (MCP) server. Microsoft Defender for Identity New ADWS LDAP search activity is now available in the 'IdentityQueryEvents' table in Advanced Hunting. This can provides visibility into directory queries performed through ADWS, helping customers track these operations and create custom detection based on this data. (Public Preview) New properties for 'sensorCandidate' resource type in Graph-API. Learn more here. Microsoft Defender for Cloud Apps Integration of Defender for Cloud Apps permissions with Microsoft Defender XDR Unified RBAC is now available worldwide. For more information, see Map Microsoft Defender for Cloud Apps permissions to the Microsoft Defender XDR Unified RBAC permissions. To activate the Defender for Cloud Apps workload, see Activate Microsoft Defender XDR Unified RBAC. (Public Preview) The Defender for Cloud Apps app governance unused app insights feature helps administrators identify and manage unused Microsoft 365-connected OAuth apps, enforce policy-based governance, and use advanced hunting queries for better security. This feature is now available for most commercial cloud customers. For more information, see Secure apps with app hygiene features.Security Copilot for SOC: bringing agentic AI to every defender
Cybersecurity has entered an era of relentless complexity. As threat actors increasingly leverage artificial intelligence to automate attacks, evade detection, and scale their tactics, defenders are challenged to keep up. In this new era, security operations centers (SOCs) must transform to not just react, but to anticipate, disrupt, and outpace the next wave of cyberthreats. Microsoft’s goal is to empower every organization to meet this challenge head-on by transforming how security operates. We believe the future of the SOC is more than just agentic: it’s predictive and proactive. This means moving beyond fragmented tools and manual processes, and instead embracing a unified, intelligent approach where AI-driven skills and agents work in concert with human expertise. To bring this vision to life, it’s essential to look at the SOC through the lens of its lifecycle—a dynamic continuum that spans from anticipation and prevention through to recovery and optimization—and to recognize the unique challenges and opportunities within each stage. With Security Copilot’s GenAI and agentic capabilities woven across this lifecycle, Microsoft is delivering an integrated defense platform that enables defenders to move faster, act smarter, and stay ahead of adversaries. Introducing agentic innovation across the SOC lifecycle At Ignite, our agentic innovations are concentrated in three of the five SOC lifecycle pillars, and each one represents a leap forward in how analysts anticipate, detect, triage and investigate threats. Predict and prevent Threat Intelligence Briefing Agent: Introduced in March, this agent has already helped security teams move from reactive to anticipatory defense. At Ignite, we’re announcing that the Threat Intelligence Briefing Agent is now fully embedded in the Microsoft Defender portal, delivering daily, tailored briefings that synthesize Microsoft’s unparalleled global intelligence with organization-specific context in just minutes. Teams no longer need to spend hours gathering TI from disparate sources—the agent automates this process, offering the most current and relevant insights. Analysts can reference the summary to prioritize action, using the agent’s risk assessments, clear recommendations, and links to vulnerable assets to proactively address exposures. Detect and disrupt Dynamic Threat Detection Agent: Detections have long been bottlenecked by the limitations of traditional alerting systems, which rely on predefined logic that can’t scale fast enough to match the speed and variability of modern attacks— resulting in blind spots and missed threats. The Dynamic Threat Detection Agent addresses this challenge head-on. Instead of depending on static rules or isolated input, it continuously analyzes incidents and telemetry, searching for gaps in coverage and correlating signals across the entire security stack. For example, this is how it surfaced a recent AWS attack: a threat actor used an EntraID account to federate into an AWS admin account to exfiltrate sensitive data. The Dynamic Threat Detection Agent generated an alert before the intruder even authenticated into the single sign-on flow, driven by a correlated signal from Sentinel. That alert didn’t exist beforehand; the agent created it on the fly to stop the attack. The result is an adaptive system that extends Microsoft’s industry-leading, research-based detections with context-aware alerts tailored to each organization, closing gaps and revealing threats that legacy systems miss. Triage and investigate Security Alert Triage Agent (previously named Phishing Triage Agent): In March 2025, we introduced the Security Alert Triage Agent, built to autonomously handle user-submitted phishing reports at scale. The agent classifies incoming alerts and resolves false positives, escalating only the malicious cases that require human expertise. At Microsoft Ignite, we’re announcing its general availability, backed by strong early results: the agent identifies 6.5 times more malicious alerts, improves verdict accuracy by 77%, and frees analysts to spend 53% more time investigating real threats. St. Luke’s even said it’s saving their team nearly 200 hours each month. Coming soon, we’ll be extending these autonomous triage capabilities beyond phishing to identity and cloud alerts, bringing the same precision and scale to more SOC workflows. Note: The Phishing Triage Agent has since been expanded and is now called the Security Alert Triage Agent. Learn more at aka.ms/SATA Threat Hunting Agent: this agent reimagines the investigation process. Instead of requiring analysts to master complex query languages or sift through mountains of data, Threat Hunting Agent enables natural language investigations with contextual insight. Analysts can vibe with the agent by asking questions in plain English, receive direct answers, and be guided through comprehensive hunting sessions. It levels up the existing Security Copilot NL2KQL capability by enabling teams to explore patterns, pivot intuitively and uncover hidden signals in real time for a fluid, context-aware experience. This not only accelerates investigations but makes advanced threat hunting accessible to every member of the SOC, regardless of experience level. Agents built into your workflows To make the agents easily accessible and help security teams get started more quickly, we are excited to announce that Security Copilot will be available to all Microsoft 365 E5 customers. Rollout starts today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers. Customers will receive 30-day advanced notice before activation. Learn more: https://aka.ms/SCP-Ignite25 Discover more: the Security Store The Security Store, now generally available, is the central hub for discovering, deploying, and managing first-party and third-party security agents. Today, it provides instant access to 20+ agents deployable directly in the Microsoft Defender portal, all within a broader ecosystem of 100+ trusted security solutions. Whether you're investigating incidents, hunting threats, or automating response, the Security Store extends Defender with vetted, scenario-aligned tools that can be set up in minutes. Learn more in this blog. Introducing new GenAI embedded capabilities Security Copilot isn’t just growing through agents—it’s also gaining new embedded capabilities: GenAI skills that help SOC teams work faster, operate at greater scale, and get upleveled directly inside Microsoft Defender. Today, we’re excited to introduce new innovations: Analyst Notes represent a meaningful shift in how investigation work is captured and shared. For organizations that choose to opt into this capability, Copilot automatically reconstructs an analyst’s investigation session—from the moment they open an incident to the moment they close it—and turns that activity into clear, structured notes. The system can even track multiple sessions in parallel and attribute actions to the right incident, and analysts can fully review and edit the generated notes before saving them. This not only saves teams valuable time and effort, it preserves the actual investigation path with far greater accuracy and consistency than manual documentation ever could. The result is a living, cumulative record of how the SOC investigates threats: easier handoffs, stronger auditability, faster onboarding, and a deeper shared understanding of how incidents unfold across multiple SecOps members and phases. Standard Operating Procedures (SOPs) for guided response allows organizations to upload their own internal procedures so Security Copilot can align its recommendations with established guidebooks and compliance requirements. Guided response is one of the ways Copilot helps analysts navigate an incident: it offers one-click actions across triage, containment, investigation and remediation that teams can take immediately. With SOPs uploaded, these recommendations draw directly from organizational workflows and policy standards, ensuring they are contextually relevant and trusted. For defenders, this translates into greater confidence and faster, more consistent decision-making. We’re also eager to share that we’re introducing auto-generated content configuration for Security Copilot’s incident summaries. This new feature allows security admins to decide how and when summaries are produced, choosing between always auto-generating, manual trigger only, or auto-generating based on incident severity. The configuration is managed directly in the Microsoft Defender portal, giving organizations flexibility to fine-tune Copilot’s outputs to their operational needs. Join us at Ignite We invite you to learn more and see these innovations in action at Microsoft Ignite. Don’t miss our featured sessions: Microsoft Defender: Building the agentic SOC with guest Allie Mellen on Wednesday, November 19 th with Allie Mellen, Corina Feuerstein, and Rob Lefferts. Learn more. Empowering the SOC: Security Copilot and the rise of Agentic Defense on Friday, November 21 st with Corina Feuerstein and Cristina da Gama. Learn more. Join us to discover how Microsoft is shaping the future of cybersecurity—making intelligent, agentic defense accessible to every organization.What’s new in Microsoft Defender XDR at Secure 2025
Protecting your organization against cybersecurity threats is more challenging than ever before. As part of our 2025 Microsoft Secure cybersecurity conference announcements, we’re sharing new product features that spotlight our AI-first, end-to-end security innovations designed to help - including autonomous AI agents in the Security Operations Center (SOC), as well as automatic detection and response capabilities. We also share information on how you can expand your protection by bringing data security and collaboration tools closer to the SOC. Read on to learn more about how these capabilities can help your organization stay ahead of today’s advanced threat actors. Expanding AI-Driven Capabilities for Smarter SOC Operations Introducing Microsoft Security Copilot’s Security Alert Triage Agent (previously named Phishing Triage Agent) Today, we are excited to introduce Security Copilot agents, a major step in bringing AI-driven automation to Microsoft Security solutions. As part of this, we’re unveiling our newest innovation in Microsoft Defender: the Security Alert Triage Agent. Acting as a force multiplier for SOC analysts, it streamlines the triage of user-submitted phishing incidents by autonomously identifying and resolving false positives, typically cleaning out over 95% of submissions. This allows teams to focus on the remaining incidents – those that pose the most critical threats. Phishing submissions are among the highest-volume alerts that security teams handle daily, and our data shows that at least 9 in 10 reported emails turn out to be harmless bulk mail or spam. As a result, security teams must sift through hundreds of these incidents weekly, often spending up to 30 minutes per case determining whether it represents a real threat. This manual triage effort not only adds operational strain but also delays the response to actual phishing attacks, potentially impacting protection levels. The Security Alert Triage Agent transforms this process by leveraging advanced LLM-driven analysis to conduct sophisticated assessments –such as examining the semantic content of emails– to autonomously determine whether an incident is a genuine phishing attempt or a false alarm. By intelligently cutting through the noise, the agent alleviates the burden on SOC teams, allowing them to focus on high-priority threats. Figure 1. A phishing incident triaged by the Security Copilot Security Alert Triage Agent To help analysts gain trust in its decision-making, the agent provides natural language explanations for its classifications, along with a visual representation of its reasoning process. This transparency enables security teams to understand why an incident was classified in a certain way, making it easier to validate verdicts. Analysts can also provide feedback in plain language, allowing the agent to learn from these interactions, refine its accuracy, and adapt to the organization’s unique threat landscape. Over time, this continuous feedback loop fine-tunes the agent’s behavior, aligning it more closely with organizational nuances and reducing the need for manual verification. The Security Copilot Security Alert Triage Agent is designed to transform SOC operations with autonomous, AI-driven capabilities. As phishing threats grow increasingly sophisticated and SOC analysts face mounting demands, this agent alleviates the burden of repetitive tasks, allowing teams to shift their focus to proactive security measures that strengthen the organization’s overall defense. Note: The Phishing Triage Agent has since been expanded and is now called the Security Alert Triage Agent. Learn more at aka.ms/SATA Security Copilot Enriched Incident Summaries and Suggested Prompts Security Copilot Incident Summaries in Microsoft Defender now feature key enrichments, including related threat intelligence and asset risk –enhancements driven by customer feedback. Additionally, we are introducing suggested prompts following incident summaries, giving analysts quick access to common follow-up questions for deeper context on devices, users, threat intelligence, and more. This marks a step towards a more interactive experience, moving beyond predefined inputs to a more dynamic, conversational workflow. Read more about Microsoft Security Copilot agent announcements here. New protection across Microsoft Defender XDR workloads To strengthen core protection across Microsoft Defender XDR workloads, we're introducing new capabilities while building upon existing integrations for enhanced protection. This ensures a more comprehensive and seamless defense against evolving threats. Introducing collaboration security for Microsoft Teams Email remains a prevalent entry point for attackers. But the fast adoption of collaboration tools like Microsoft Teams has opened new attack surfaces for cybercriminals. Our advancements within Defender for Office 365 allow organizations to continue to protect users in Microsoft Teams against phishing and other emerging cyberthreats with inline protection against malicious URLs, safe attachments, brand impersonation protection, and more. And to ensure seamless investigation and response at the incident level, everything is centralized across our SOC workflows in the unified security operations platform. Read the announcement here. Introducing Microsoft Purview Data Security Investigations for the SOC Understanding the extent of the data that has been impacted to better prioritize incidents has been a challenge for security teams. As data remains the main target for attackers it’s critical to dismantle silos between security and data security teams to enhance response times. At Microsoft, we’ve made significant investments in bringing SOC and data security teams closer together by integrating Microsoft Defender XDR and Microsoft Purview. We are continuing to build upon the rich set of capabilities and today, we are excited to announce that Microsoft Purview Data Security Investigations (DSI) can be initiated from the incident graph in Defender XDR. Ensuring robust data security within the SOC has always been important, as it helps protect sensitive information from breaches and unauthorized access. Data Security Investigations significantly accelerates the process of analyzing incident related data such as emails, files, and messages. With AI-powered deep content analysis, DSI reveals the key security and sensitive data risks. This integration allows analysts to further analyze the data involved in the incident, learn which data is at risk of compromise, and take action to respond and mitigate the incident faster, to keep the organization’s data protected. Read the announcement here. Figure 2. An incident that shows the ability to launch a data security investigation. OAuth app insights are now available in Exposure Management In recent years, we’ve witnessed a substantial surge in attackers exploiting OAuth applications to gain access to critical data in business applications like Microsoft Teams, SharePoint, and Outlook. To address this threat, Microsoft Defender for Cloud Apps is now integrating OAuth apps and their connections into Microsoft Security Exposure Management, enhancing both attack path and attack surface map experiences. Additionally, we are introducing a unified application inventory to consolidate all app interactions into a single location. This will address the following use cases: Visualize and remediate attack paths that attackers could potentially exploit using high-privilege OAuth apps to access M365 SaaS applications or sensitive Azure resources. Investigate OAuth applications and their connections to the broader ecosystem in Attack Surface Map and Advanced Hunting. Explore OAuth application characteristics and actionable insights to reduce risk from our new unified application inventory. Figure 3. An attack path infused with OAuth app insights Read the latest announcement here AI & TI are critical for effective detection & response To effectively combat emerging threats, AI has become critical in enabling faster detection and response. By combining this with the latest threat analytics, security teams can quickly pinpoint emerging risks and respond in real-time, providing organizations with proactive protection against sophisticated attacks. Disrupt more attacks with automatic attack disruption In this era of multi-stage, multi-domain attacks, the SOC need solutions that enable both speed and scale when responding to threats. That’s where automatic attack disruption comes in—a self-defense capability that dynamically pivots to anticipate and block an attacker’s next move using multi-domain signals, the latest TI, and AI models. We’ve made significant advancements in attack disruption, such as threat intelligence-based disruption announced at Ignite, expansion to OAuth apps, and more. Today, we are thrilled to share our next innovation in attack disruption—the ability to disrupt more attacks through a self-learning architecture that enables much earlier and much broader disruption. At its core, this technology monitors a vast array of signals, ranging from raw telemetry data to alerts and incidents across Extended Detection and Response (XDR) and Security Information and Event Management (SIEM) systems. This extensive range of data sources provides an unparalleled view of your security environment, helping to ensure potential threats do not go unnoticed. What sets this innovation apart is its ability learn from historical events and previously seen attack types to identify and disrupt new attacks. By recognizing similar patterns across data and stitching them together into a contextual sequence, it processes information through machine learning models and enables disruption to stop the attack much earlier in the attack sequence, stopping significantly more attacks in volume and variety. Comprehensive Threat Analytics are now available across all Threat Intelligence reports Organizations can now leverage the full suite of Threat Analytics features (related incidents, impacted assets, endpoints exposure, recommended actions) on all Microsoft Threat Intelligence reports. Previously only available for a limited set of threats, these features are now available for all threats Microsoft has published in Microsoft Defender Threat Intelligence (MDTI), offering comprehensive insights and actionable intelligence to help you ensure your security measures are robust and responsive. Some of these key features include: IOCs with historical hunting: Access IOCs after expiration to investigate past threats and aid in remediation and proactive hunting. MITRE TTPs: Build detections based on threat techniques, going beyond IOCs to block and alert on specific tactics. Targeted Industries: Filter threats by industry, aligning security efforts with sector-specific challenges. We’re proud of our new AI-first innovations that strengthen security protections for our customers and help us further our pledge to customers and our community to prioritize cyber safety above all else. Learn more about the innovations designed to help your organization protect data, defend against cyber threats, and stay compliant. Join Microsoft leaders online at Microsoft Secure on April 9. We hope you’ll also join us in San Francisco from April 27th-May 1 st 2025 at the RSA Conference 2025 to learn more. At the conference, we’ll share live, hands-on demos and theatre sessions all week at the Microsoft booth at Moscone Center. Secure your spot today.Introducing AI-powered incident prioritization in Microsoft Defender
Co-Authored by: Scott Freitas & Maayan Magenheim Every SOC analyst knows the moment when the incident queue fills up fast. Multiple alerts arrive with the same severity but different sources. When everything looks equally urgent, the real question becomes what do you investigate first? And how do you address it consistently across shifts, analysts, and tool stacks? At Microsoft Ignite last November, we announced a new capability in Microsoft Defender designed to solve exactly this problem: AI-powered incident prioritization. Today, we’re excited to share that AI-powered incident prioritization is now available in public preview for all Microsoft Defender customers. This is about helping SOC teams cut through noise, focus on what matters most, and move faster with confidence. A new and improved incident queue experience Microsoft Defender aggregates related alerts and automated investigations into an incident. That correlation matters because some activity is only clearly malicious when you connect the dots across multiple products and telemetry sources. Instead of chasing isolated alerts, analysts get the broader narrative: what happened, what it touched, and how it progressed. Prior to the new incident queue experience, incidents were prioritized using factors like alert severity, tags, and MITRE techniques. We’ve since expanded this approach to incorporate additional high‑signal inputs which include automatic attack disruption signals, high‑profile threats (such as ransomware or nation‑state activity), asset criticality, threat analytics, and more. This enhanced prioritization model is designed to work across signals from Defender, Sentinel, and custom alerts, ensuring a more accurate and comprehensive assessment of incident priority. To help teams act on that story quickly, the incident queue now includes AI-powered incident prioritization (see Figure 1). It applies a machine learning prioritization model to surface the incidents that matter most, assigning each incident a priority score from 0–100 and explains the key factors behind the ranking. That explainability is what turns a score into something analysts can trust and use to drive consistent triage decisions. To make the queue scannable at a glance, score ranges are color-coded: Red: Top priority (> 85%) Orange: Medium priority (15–85%) Gray: Low priority (< 15%) This makes it easy to focus immediately on the highest-impact work, while still keeping medium/low priority incidents visible for coverage and hygiene. Built for analyst flow, not just ranking. Selecting an incident row opens a summary pane that keeps analysts in the moment of triage (see Figure 2). It shows the factors that went into prioritization such as: The priority assessment The factors influencing the priority score Key incident details Recommended actions Related threats By default, the queue shows incidents from the last week, but the time selector above the queue lets you switch time frames—for shift handoffs, retrospectives, validation after detection changes, or responding to a specific time-bound campaign. What prioritization done well delivers for a SOC When prioritization is done well, it’s not automation for automation’s sake, it’s a force multiplier, delivering: Faster triage: less time sorting, more time investigating Higher confidence: analysts understand why an incident rose to the top Better outcomes: high-impact incidents involving critical assets, rare signals, or active threat campaigns get attention first Effective prioritization enhances SOC protection. It ensures analysts see high impact incidents, can disrupt attacks earlier in the kill chain, reduce dwell time, and avoid getting blindsided by fast‑moving or stealthy threats. The AI-powered incident queue experience is designed to make the unified Defender portal not only a place where incidents are aggregated—but a place where analysts can reliably decide what to do next, even under heavy volume. Learn more and get started Check out our resources to learn more about our new incident queue experience: Check out Microsoft Ignite announcement and demo Read the documentationRSA 2026: What’s new in Microsoft Defender?
Modern attacks increasingly exploit the sprawl of today’s digital environments. In the identity space alone, over half of today’s organizations say each person now has more than 21 distinct accounts. Each one of these accounts is a potential entry point that an attacker can exploit. As organizations adopt cloud, SaaS, AI, and autonomous agents, the rapid growth of non‑human identities accelerates sprawl, expanding the attack surface and increasing gaps in protection. At the same time, agents help accelerate the SOC by automating high‑volume tasks, reducing noise, and enabling analysts to act faster and more consistently. This shift demands a new approach: comprehensive identity security paired with agentic AI to help the SOC better reason across signals, predict risk, and act earlier, while augmenting human analysts to keep pace with increasingly fast and complex attacks. At RSA, we’re excited to announce innovations in Microsoft Defender and Security Copilot to help customers defend against the latest threats. These include: Identity Security: expanded capabilities and enhanced experiences to help the SOC better prepare for, detect and autonomously respond to identity-related threats. Collaboration Security: protect against voice‑based attacks in Teams with real‑time user warnings, SOC‑ready investigation, and new threat & posture insights reporting. Accelerate the SOC with Security Copilot: expansion of the Security Triage Agent to identity and cloud alerts, a new Security Analyst agent to uncover risk and a new chat experience directly in Microsoft Defender. Cloud Security: expansion of multi-cloud visibility to new AWS and GCP services, near real-time container runtime protection to eliminate binary drift, and introducing AI model scanning. Learn more here. Reshaping Identity Security Today’s identity landscape is no longer defined by a single directory and a single set of users. It’s a fast-changing fabric of human, non-human, and emerging agentic identities spread across cloud services, SaaS apps, and on-premises infrastructure—that attackers actively target. To meet this new reality, we’re reshaping identity security in Microsoft Defender to move beyond point defenses and reactive investigation to an autonomous, end-to-end approach that continuously strengthens identity posture, stops active threats while they’re happening, and helps the SOC act faster with less manual effort. To start, we’re broadening our coverage across modern identity fabrics, making posture and activity easier to understand quickly, and tightening the operational loop between identity and the SOC. To do this were delivering new detections, a unified risk score that assesses risk across all accounts and identity types, and updated experiences like the new identity security dashboard that brings your most important posture gaps, active exposures, and identity risk into one place - so security teams can move from fragmented signals to shared context and coordinated action. On top of this improved foundation we are also unveiling autonomous ITDR in two complementary ways. First, we’re extending Security Copilot’s agentic triage capabilities to identity. With the new Security Alert Triage Agent, Defender can autonomously evaluate high‑volume identity alerts, distinguish true threats from noise, and surface clear, explainable verdicts so analysts can focus immediately on what requires action. Second, we’re bringing the AI-powered just-in-time hardening of predictive shielding to identity allowing Defender to not only disrupt threats but also anticipate an attacker’s next move and automatically enforces targeted controls to block credential- and token-driven pivots before they succeed. Together, these innovations empower security teams to understand their identity footprint, prioritize what matters most, and stop identity-driven attacks earlier: Expanded coverage across modern identity fabrics with new identity-specific detections Identity-level insights that turn sprawl into clarity via an updated dashboard that provides a unified inventory and improved correlation across SaaS apps and identity types—elevating the SOC view from accounts to the identity. Streamlined protections and aligned workflows across Defender and Entra, including a new identity-level risk score to help identity and SOC teams prioritize and act from shared signals. Predictive shielding applies precise, just-in-time hardening actions used during identity attacks including RemoteOps hardening and Remote Registry hardening —helping prevent lateral movement. Autonomous triage for identity alerts with Security Copilot, expanding the Security Triage Agent so identity alerts can be investigated consistently and at scale, with clear verdicts and explainable reasoning to speed up response. Learn more about these innovations here. Protect collaboration threats and prove security outcomes As collaboration platforms become a new front door for attackers, Microsoft Defender extends protection beyond email to detect and respond to voice‑based social engineering in Microsoft Teams. New Teams calling protection surfaces suspicious and malicious calls, enables SOC teams to investigate and correlate call activity using Advanced Hunting, and delivers real‑time in‑call warnings when a call appears to impersonate a trusted contact, closing the gap between what users experience and what analysts can investigate. To help organizations clearly measure and communicate the impact of these protections, Microsoft Defender is introducing the Protection & Posture Insights report. It gives customers a tenant‑specific view of the threats targeting their environment, highlighting spam, phishing, and malware campaigns observed against users. The report delivers personalized insights and policy recommendations to reduce exposure, while enabling teams to validate results, and share credible, executive‑ready security outcomes—without manual data assembly. Read more here. Accelerate your security operations at scale with Security Copilot Adversaries are using AI to accelerate attacks and increase sophistication. At RSA Conference 2026, we’re expanding our innovation around autonomous and assistive AI in Microsoft Defender with Security Copilot—helping defenders operate with the speed, scale, and intelligence required to stay ahead of modern threats across the entire SOC lifecycle. In addition to expanding agentic triage to identity alerts, we’re extending that same capability to cloud—bringing phish, identity and cloud triage together within a single agent. The Security Alert Triage Agent helps analysts autonomously determine whether these alerts represent real threats or false alarms, delivering natural language verdicts and transparent, step-by-step decision reasoning. We’re also announcing the Security Analyst Agent, designed to help security teams uncover hidden risk. This agent performs deep, multi-step investigations across Microsoft Defender and Sentinel telemetry to surface high-impact threats, cut through the noise, and deliver prioritized insights in minutes. Every finding is accompanied by transparent reasoning and supporting evidence. Lastly, we’re bringing a chat experience for Security Copilot directly within Microsoft Defender. Analysts can ask questions, explore hypotheses, and follow investigative threads across incidents, alerts, identities, devices, IPs, and other evidence without switching tools or manually piecing together context. You can learn more about Microsoft Security Copilot news at RSA Conference 2026 here. Looking ahead The Microsoft Defender announcements at RSA 2026 reflect a clear shift toward agentic and autonomous security, while augmenting the SOC with Security Copilot–driven workflows. Together, these capabilities give defenders clearer context, tighter control, and the ability to stop attacks earlier, before adversaries can escalate privileges or move laterally. Microsoft’s continued investment signals a longer-term evolution toward agentic security operations that anticipate attacker behavior, adapt in real time, and steadily reduce risk as environments and threats continue to evolve. Learn more at RSA Conference 2026! To learn more about Microsoft Defender and Security Copilot, visit us at booth # at RSA Conference 2026. Our team will be demonstrating how autonomous agents and assistive AI experiences are helping SOC teams move faster through alert triage, investigation, and response. You can join our booth sessions: Empowering the SOC with assistive and autonomous AI with Yuval Derman | March 23rd at 5.15PM Predictive Shielding: Protecting identities before attackers pivot | March 24th at 4.30PM Identity Security with Microsoft | March 25 at 3:30PM For a full list of all the ways to connect with us at RSA, check out our dedicated RSAC 2026 page.Announcing public preview: Uncovering hidden threats with the Dynamic Threat Detection Agent
Co-author: Amir Gharib At Ignite, we announced the Security Copilot Dynamic Threat Detection Agent in Microsoft Defender: an always on, adaptive backend agent that uncovers hidden threats across Defender and Microsoft Sentinel environments. Today we are excited to share that the customers who meet the prerequisites will now enter public preview of this agent. Running in the Defender backend, the agent delivers Copilot-sourced alerts directly into familiar workflows—complete with natural language explanations, mapped MITRE techniques, and tailored remediation steps. Why adaptive AI-driven detection changes the game Traditional rule-based and machine learning (ML) systems struggle to keep pace with ever-evolving threats. Attackers now leverage AI to evade detection, leaving organizations exposed. The Dynamic Threat Detection Agent addresses this through: Adaptive AI that finds what rules miss – GenAI-driven detection continuously investigates across Defender and Sentinel telemetry to uncover false negatives and blind spots, providing always-on protection with clear risk context and concrete next steps (see Figure 1 below). Reduce noise, increase confidence – The agent minimizes SOC noise and boosts analyst confidence, with customer-validated precision above 85% in recent months across thousands of alerts and 28 threat types (e.g., Initial Access, Privilege Escalation, Lateral Movement). Hyperscale TI + UEBA driven entity risk scoring – The agent fuses Threat Intelligence Tracking via Adaptive Networks (TITAN)’s hyperscale, ML-driven threat intelligence with UEBA risk signals to continuously score accounts, devices, and IPs. This combination of global TI, customer-specific context, and behavioral anomalies surfaces genuinely risky behaviors earlier while filtering noise and providing key context during the agent’s investigations. Always on, zero-touch—with customer control – Because the agent runs in the Defender backend, it automatically generates alerts into your existing XDR workflows with no tuning or onboarding required. During public preview it’s enabled by default for eligible customers, and starting in July it will be available for E5 customers through the Security Copilot inclusion. Once billing begins, customers can disable it at any time and manage usage through detailed consumption reporting. Deep integration across the Microsoft security ecosystem – The agent works with Security Copilot, Sentinel, and Defender, correlating native and third-party telemetry to surface missed behaviors and deliver richer context across your SOC workflows. Inside the Dynamic Threat Detection engine Under the hood, the Dynamic Threat Detection Agent runs a five-step investigation loop at machine scale—starting from signals you already care about, building a rich activity timeline, testing hypotheses, and closing detection gaps with explainable, actionable alerts. This loop executes across thousands of parallel investigations, delivering detections in near–real time for your SOC. Start with an incident – Running continuously in the Defender backend, the agent monitors for security activity you care about: incidents with a high priority score, critical assets, disruption signals, threat actor notifications, and more. Build a focused timeline – From that incident, it builds a unified activity timeline that stitches together alerts, events, UEBA anomalies, and threat intelligence. Iterative Q/A loop – Given the incident and its unified timeline, the agent automatically generates attack-specific hypotheses (e.g., “Was this account compromised via phishing from this IP?”) and runs its own chain of targeted questions over relevant entities and events. Without any manual prompts or intervention, the agent investigates its hypotheses, rules out alternate explanations, and autonomously converges on a single, well-supported triage decision with an explicit, transparent reasoning trace. Close detection gaps with explainable, actionable alerts – When evidence converges on a true positive, the agent automatically emits a dynamic alert—complete with title, description, severity, mapped MITRE techniques, and remediation steps—directly into your Defender workflows with Security Copilot as the detection source. Alongside the structured fields, the agent generates a natural language narrative that explains why the activity is risky, which entities and signals drove the decision, and how the attack unfolded, giving analysts a transparent window into its reasoning. Learn and improve continuously – Your grading feedback (TP/FP/BP) is leveraged to recalibrate seed points, refine table selection, tune hypothesis questions, and adjust thresholds so detection quality improves over time. This feedback continuously sharpens the agent’s ability to detect meaningful threats and reduce alert noise. Answering the questions security experts ask first Before adopting a new detection capability, security teams want more than features—they want clear answers on noise, effort, cost, explainability, and how it fits with their existing tools and compliance posture. The Dynamic Threat Detection Agent is built with those questions in mind, so from day one you know how it behaves in your SOC, how it’s governed, and what value it delivers. What’s the value? The agent uncovers hidden threats (i.e., false negative alerts), enriching investigations with context so analysts can resolve incidents faster and with greater confidence. Will this add noise? The agent is tuned for high precision—measured at 85+% over the past few months across thousands of alerts and numerous threat types (e.g., Initial Access, Privilege Escalation, Lateral Movement). How much effort is required? Zero setup—it runs in the Defender backend and delivers alerts into your current workflows. What about cost and control? Public Preview is free for Security Copilot customers. At General Availability (July 2026), the agent transitions to the Security Copilot SCU-based model; you’ll have consumption reporting and the ability to disable the agent if desired. Microsoft Security Copilot is now included for all eligible Microsoft 365 E5 customers. Learn more. Is it explainable? Every alert includes a custom description, mapped MITRE techniques, and tailored remediation actions. Alongside the structured fields, it generates a natural language narrative that explains why the activity is risky, which entities and signals drove the decision, and how the attack unfolded, giving analysts a transparent window into the agent’s reasoning Does it respect data residency? The service runs region local, ensuring that customer data and required telemetry stay inside the designated geographic boundary. How does it fit with Sentinel and Security Copilot? The agent uses Sentinel to correlate third-party and native telemetry, and runs as part of the Security Copilot platform—surfacing its alerts as Copilot-sourced detections in Defender. How fast and at what scale? The agent is built for massive scale with Azure Synapse, capable of running thousands of parallel investigations and delivering detections in near–real time for your SOC. The future of dynamic threat detection in your SOC The Dynamic Threat Detection Agent is a milestone in adaptive security—bringing GenAI to detection at scale, integrated across Defender and Sentinel, and delivered through Security Copilot. We’re just getting started: expect continued enhancements in coverage, contextual explainability, and integration with your SOC workflows. Public Preview starts now. The Dynamic Threat Detection Agent is available as a free Public Preview for Security Copilot customers. General Availability (GA) planned for late 2026, the agent will transition to the Security Copilot SCU-based consumption model. Microsoft Security Copilot is now included for all eligible Microsoft 365 E5 customers, and this agent will be included as part of that entitlement. Learn more and get started Check out our resources to learn more about the new Security Copilot Dynamic Threat Detection Agent: Check out Microsoft Ignite announcement and demo Read the documentation on the new agent experience hereUnlocking Real-World Security: Defending against Crypto mining attacks
In this anonymized case study, we explore a crypto mining attack that starts with a password spray, escalates through privilege abuse, and culminates in cloud resource exploitation. This scenario demonstrates how Defender for Cloud, in collaboration with other Microsoft Security solutions, not only detects and responds to threats but also disrupts attacks in real time to prevent further damage and lateral movement.
