Welcome to the Microsoft Security Community!
Microsoft Security Community Hub | Protect it all with Microsoft Security Eliminate gaps and get the simplified, comprehensive protection, expertise, and AI-powered solutions you need to innovate and grow in a changing world. The Microsoft Security Community is your gateway to connect, learn, and collaborate with peers, experts, and product teams. Gain access to technical discussions, webinars, and help shape Microsoft’s security products. Get there fast To stay up to date on upcoming opportunities and the latest Microsoft Security Community news, make sure to subscribe to our email list. Find the latest skilling content and on-demand videos – subscribe to the Microsoft Security Community YouTube channel. Catch the latest announcements and connect with us on LinkedIn – Microsoft Security Community and Microsoft Entra Community. Read the latest in the the Microsoft Security Community blog. Upcoming Community Calls April 2026 Apr. 23 | 8:00am | Security Copilot Skilling Series | Getting started with Security Copilot New to Security Copilot? This session walks through what you actually need to get started, including E5 inclusion requirements and a practical overview of the core experiences and agents you will use on day one. RESCHEDULED Apr. 28 | 8:00am | Security Copilot Skilling Series | Security Copilot Agents, DSPM AI Observability, and IRM for Agents This session covers an overview of how Microsoft Purview supports AI risk visibility and investigation through Data Security Posture Management (DSPM) and Insider Risk Management (IRM), alongside Security Copilot–powered agents. This session will go over what is AI Observability in DSPM as well as IRM for Agents in Copilot Studio and Azure AI Foundry. Attendees will learn about the IRM Triage Agent and DSPM Posture Agent and their deployment. Attendees will gain an understanding of how DSPM and IRM capabilities could be leveraged to improve visibility, context, and response for AI-related data risks in Microsoft Purview. Apr. 30 | 8:00am | Microsoft Security Community Presents | Purview Lightning Talks Join the Microsoft Security Community for Purview Lightning Talks; quick technical sessions delivered by the community, for the community. You’ll pick up practical Purview gems: must-know Compliance Manager tips, smart data security tricks, real-world scenarios, and actionable governance recommendations all in one energizing event. Hear directly from Purview customers, partners, and community members and walk away with ideas you can put to work right immediately. Register now; full agenda coming soon! May 2026 May 12 | 9:00am | Microsoft Sentinel | Hyper scale your SOC: Manage delegated access and role-based scoping in Microsoft Defender In this session we'll discuss Unified role based access control (RBAC) and granular delegated admin privileges (GDAP) expansions including: How to use RBAC to -Allow multiple SOC teams to operate securely within a shared Sentinel environment-Support granular, row-level access without requiring workspace separation-Get consistent and reusable scope definitions across tables and experiences How to use GDAP to -Manage MSSPs and hyper-scaler organizations with delegated- access to governed tenants within the Defender portal-Manage delegated access for Sentinel. Looking for more? Join the Security Advisors! As a Security Advisor, you’ll gain early visibility into product roadmaps, participate in focus groups, and access private preview features before public release. You’ll have a direct channel to share feedback with engineering teams, influencing the direction of Microsoft Security products. The program also offers opportunities to collaborate and network with fellow end users and Microsoft product teams. Join the Security Advisors program that best fits your interests: www.aka.ms/joincommunity. Additional resources Microsoft Security Hub on Tech Community Virtual Ninja Training Courses Microsoft Security Documentation Azure Network Security GitHub Microsoft Defender for Cloud GitHub Microsoft Sentinel GitHub Microsoft Defender XDR GitHub Microsoft Defender for Cloud Apps GitHub Microsoft Defender for Identity GitHub Microsoft Purview GitHubSecurity Copilot Skilling Series
Security Copilot joins forces with your favorite Microsoft Security products in a skilling series miles above the rest. The Security Copilot Skilling Series is your opportunity to strengthen your security posture through threat detection, incident response, and leveraging AI for security automation. These technical skilling sessions are delivered live by experts from our product engineering teams. Come ready to learn, engage with your peers, ask questions, and provide feedback. Upcoming sessions are noted below and will be available on-demand on the Microsoft Security Community YouTube channel. Coming Up Apr. 23 | Getting started with Security Copilot New to Security Copilot? This session walks through what you actually need to get started, including E5 inclusion requirements and a practical overview of the core experiences and agents you will use on day one. Apr. 28 | Security Copilot Agents, DSPM AI Observability, and IRM for Agents This session covers an overview of how Microsoft Purview supports AI risk visibility and investigation through Data Security Posture Management (DSPM) and Insider Risk Management (IRM), alongside Security Copilot–powered agents. This session will go over what is AI Observability in DSPM as well as IRM for Agents in Copilot Studio and Azure AI Foundry. Attendees will learn about the IRM Triage Agent and DSPM Posture Agent and their deployment. Attendees will gain an understanding of how DSPM and IRM capabilities could be leveraged to improve visibility, context, and response for AI-related data risks in Microsoft Purview. Now On-Demand Apr. 2 | Current capabilities of Copilot in Intune Speakers: Amit Ghodke and Carlos Brito This session on Copilot in Intune & Agents explores the current embedded Copilot experiences and AI‑powered agents available through Security Copilot in Microsoft Intune. Attendees will learn how these capabilities streamline administrative workflows, reduce manual effort, and accelerate everyday endpoint management tasks, helping organizations modernize how they operate and manage devices at scale. March 5 | Conditional Access Optimization Agent: What It Is & Why It Matters Speaker: Jordan Dahl Get a clear, practical look at the Conditional Access Optimization Agent—how it automates policy upkeep, simplifies operations, and uses new post‑Ignite updates like Agent Identity and dashboards to deliver smarter, standards‑aligned recommendations. February 19 | Agents That Actually Work: From an MVP Speaker: Ugur Koc, Microsoft MVP Microsoft MVP Ugur Koc will share a real-world workflow for building agents in Security Copilot, showing how to move from an initial idea to a consistently performing agent. The session highlights how to iterate on objectives, tighten instructions, select the right tools, and diagnose where agents break or drift from expected behavior. Attendees will see practical testing and validation techniques, including how to review agent decisions and fine-tune based on evidence rather than intuition to help determine whether an agent is production ready. February 5 | Identity Risk Management in Microsoft Entra Speaker: Marilee Turscak Identity teams face a constant stream of risky user signals, and determining which threats require action can be time‑consuming. This webinar explores the Identity Risk Management Agent in Microsoft Entra, powered by Security Copilot, and how it continuously monitors risky identities, analyzes correlated sign‑in and behavior signals, and explains why a user is considered risky. Attendees will see how the agent provides guided remediation recommendations—such as password resets or risk dismissal—at scale and supports natural‑language interaction for faster investigations. The session also covers how the agent learns from administrator instructions to apply consistent, policy‑aligned responses over time. January 28 | Security Copilot in Purview Technical Deep Dive Speakers: Patrick David, Thao Phan, Alexandra Roland Discover how AI-powered alert triage agents for Data Loss Prevention (DLP) and Insider Risk Management (IRM) are transforming incident response and compliance workflows. Explore new Data Security Posture Management (DSPM) capabilities that deliver deeper insights and automation to strengthen your security posture. This session will showcase real-world scenarios and actionable strategies to help you protect sensitive data and simplify compliance. January 22 | Security Copilot Skilling Series | Building Custom Agents: Unlocking Context, Automation, and Scale Speakers: Innocent Wafula, Sean Wesonga, and Sebuh Haileleul Microsoft Security Copilot already features a robust ecosystem of first-party and partner-built agents, but some scenarios require solutions tailored to your organization’s specific needs and context. In this session, you'll learn how the Security Copilot agent builder platform and MCP servers empower you to create tailored agents that provide context-aware reasoning and enterprise-scale solutions for your unique scenarios. December 18 | What's New in Security Copilot for Defender Speaker: Doug Helton Discover the latest innovations in Microsoft Security Copilot embedded in Defender that are transforming how organizations detect, investigate, and respond to threats. This session will showcase powerful new capabilities—like AI-driven incident response, contextual insights, and automated workflows—that help security teams stop attacks faster and simplify operations. Why Attend: Stay Ahead of Threats: Learn how cutting-edge AI features accelerate detection and remediation. Boost Efficiency: See how automation reduces manual effort and improves SOC productivity. Get Expert Insights: Hear directly from product leaders and explore real-world use cases. Don’t miss this opportunity to future-proof your security strategy and unlock the full potential of Security Copilot in Defender! December 4 | Discussion of Ignite Announcements Speakers: Zineb Takafi, Mike Danoski and Oluchi Chukwunwere, Priyanka Tyagi, Diana Vicezar, Thao Phan, Alex Roland, and Doug Helton Ignite 2025 is all about driving impact in the era of AI—and security is at the center of it. In this session, we’ll unpack the biggest Security Copilot announcements from Ignite on agents and discuss how Copilot capabilities across Intune, Entra, Purview, and Defender deliver end-to-end protection. November 13 | Microsoft Entra AI: Unlocking Identity Intelligence with Security Copilot Skills and Agents Speakers: Mamta Kumar, Sr. Product Manager; Margaret Garcia Fani, Sr. Product Manager This session will demonstrate how Security Copilot in Microsoft Entra transforms identity security by introducing intelligent, autonomous capabilities that streamline operations and elevate protection. Customers will discover how to leverage AI-driven tools to optimize conditional access, automate access reviews, and proactively manage identity and application risks - empowering them into a more secure, and efficient digital future. October 30 | What's New in Copilot in Microsoft Intune Speaker: Amit Ghodke, Principal PM Architect, CxE CAT MEM Join us to learn about the latest Security Copilot capabilities in Microsoft Intune. We will discuss what's new and how you can supercharge your endpoint management experience with the new AI capabilities in Intune. October 16 | What’s New in Copilot in Microsoft Purview Speaker: Patrick David, Principal Product Manager, CxE CAT Compliance Join us for an insider’s look at the latest innovations in Microsoft Purview —where alert triage agents for DLP and IRM are transforming how we respond to sensitive data risks and improve investigation depth and speed. We’ll also dive into powerful new capabilities in Data Security Posture Management (DSPM) with Security Copilot, designed to supercharge your security insights and automation. Whether you're driving compliance or defending data, this session will give you the edge. October 9 | When to Use Logic Apps vs. Security Copilot Agents Speaker: Shiv Patel, Sr. Product Manager, Security Copilot Explore how to scale automation in security operations by comparing the use cases and capabilities of Logic Apps and Security Copilot Agents. This webinar highlights when to leverage Logic Apps for orchestrated workflows and when Security Copilot Agents offer more adaptive, AI-driven responses to complex security scenarios. All sessions will be published to the Microsoft Security Community YouTube channel - Security Copilot Skilling Series Playlist __________________________________________________________________________________________________________________________________________________________________ Looking for more? Keep up on the latest information on the Security Copilot Blog. Join the Microsoft Security Community mailing list to stay up to date on the latest product news and events. Engage with your peers one of our Microsoft Security discussion spaces.Security Community Spotlight: Fabrício Assumpção
Meet Fabrício Assumpção, a Technical Specialist Architect for a Microsoft Security and Compliance Certified Partner, based in Brazil. Fabrício considers his involvement with the Microsoft Security Community defined by a dual approach: architectural innovation and technical enablement. As a Microsoft Certified Trainer (MCT) since 2021, he has been dedicated to bridging the gap between theory and real-world implementation for security professionals globally. What do you find most rewarding about being a member of the Microsoft Security Community? The most rewarding part of being a member of the Microsoft Security Community is the direct access to the pulse of cybersecurity innovation. As a Microsoft Certified Trainer (MCT) and a developer/engineer/architect focused on Cloud Security/M365 Security and SIEM, being in this ecosystem allows me to bridge the gap between complex architectural challenges and AI-driven solutions. Developing security agents for Microsoft Security Copilot is particularly fulfilling because I can see how the community’s collective knowledge shapes the future of automated defense. For me, it’s not just about the tools, but about being part of a global movement that empowers defenders to stay ahead of sophisticated threats through intelligence and automation. How would you describe your Microsoft Community involvement? In my role as a Security Architect and Engineer at adaQuest, I advocate for Microsoft’s vision by designing and deploying complex security infrastructures. My work spans the entire Microsoft Security stack, from high-level XDR (Microsoft Defender) strategies and SIEM (Microsoft Sentinel) deployments to the cutting edge of AI-driven defense. Currently, alongside my other activities, I'm focused on developing custom security agents for Microsoft Security Copilot, a task that allows me to push the boundaries of how automation and AI can empower modern SOCs. While my primary involvement has been focused on technical architecture and developing security Copilot agents, my ideal community experience would be centered on deep-tier technical co-creation. I envision a community space that facilitates direct architectural dialogues between Microsoft product teams and the engineers who are building on top of those platforms. For me, the most valuable community experience is one that prioritizes 'early-access' feedback loops and specialized hackathons where we can stress-test new features—like advanced XDR integrations or AI agent capabilities—before they hit the mainstream. My ideal is a community that functions as a high-octane R&D hub, where the collective expertise of architects and developers directly influences the roadmap of the security tools we use every day Editor’s note: The scenario Fabrício describes above is much like the Security Advisors program, which gives you early access to products, features, and private previews. Your feedback to engineering has the power to directly influence Microsoft Security products. If this interests you, consider joining! How long have you been working with Microsoft Security products? My Microsoft security journey is a story of evolution—from a cloud support engineer resolving complex L3/L4 infrastructure issues to a Security Architect leading global SOC operations. I have spent the last decade mastering the transition to the cloud, starting with identity and endpoint management (Entra ID and Intune) and progressing to end-to-end administration of the Microsoft 365 and Azure security stack. A turning point was joining adaQuest, where I took the lead on SOCaaS and began bridging the gap between governance and hands-on engineering and Sentinel. Today, my journey has reached its most exciting phase: pioneering the use of Generative AI in security to build scalable, automated solutions that protect clients worldwide. What features or products have provided the most impact? Please describe how it has helped you or your customers. The most impactful solution has been the integration of Microsoft Sentinel with Security Copilot through custom-developed security agents. This combination has revolutionized how our customers manage their security posture, allowing them to orchestrate and query the entire Defender XDR, Entra ID, and Purview stack through natural language automation. The most direct benefit for our clients has been a drastic reduction in Mean Time to Respond (MTTR) and a significant increase in operational efficiency, transforming complex security data into proactive defense. This unified approach ensures that our customers maximize their investment in the Microsoft ecosystem while maintaining high-speed resilience against sophisticated threats. You’ve indeed been instrumental in building with Microsoft Security. What can you share with us, and can you tell us about your journey? I am incredibly proud of being a pioneer in the Microsoft Security Copilot ecosystem. In early 2025, before official documentation was fully available or the feature had reached General Availability (GA), I conceptualized and developed six custom security agents designed to enhance automated defense and incident response. These agents were the result of a deep dive into the underlying architecture of AI-driven security, where I had to materialize complex ideas into functional, real-world tools without a predefined roadmap. My work was officially showcased and published during the historic announcement of the Microsoft Security Store in 2025, marking the debut of third-party security agents. Seeing these agents evolve from initial concepts to essential tools for the SOC of the future—enabling faster, more intelligent decision-making—is my most rewarding professional achievement. It represents my commitment to pushing the boundaries. Fabricio’s agents are available in the Microsoft Security Store. Here’s what he’s built (so far…) Admin Guard Insight An agent focused on privileged identity and access analysis. It reviews administrative roles, sensitive changes, and risk signals to identify exposure, misuse of privileges, and opportunities to strengthen security posture. Login Investigator An agent designed to investigate suspicious sign-in activity. It correlates authentication details, IPs, locations, devices, user risk, and related incidents to determine whether a login is legitimate or potentially malicious. Entity Guard An entity-centric investigation agent for users, devices, applications, or service principals. It consolidates signals from multiple sources to enrich entity context and identify abnormal behavior, exposure, and associated risks. Data Leak Agent An agent specialized in investigating potential data leakage and sensitive information exposure. It validates and correlates incidents across Microsoft Defender XDR and Microsoft Sentinel to produce a more reliable and contextualized investigation. L1 SOC Triage An agent built to support first-level SOC alert and incident triage. It helps classify events, enrich context, prioritize severity, and recommend next steps or escalation paths for analysts. Ransomware Kill Chain Investigator An agent focused on ransomware investigations. It correlates evidence and maps observed activity to the ransomware kill chain to help teams understand the attack, impacted assets, and priority response actions. EWS Sunset Readiness Assessor An agent that assesses an organization’s readiness for Exchange Web Services (EWS) deprecation. It identifies application and service principal dependencies and supports planning for migration to more modern and secure alternatives. What impact has integrating with Microsoft Security had on your business or your customers? Integrating with Microsoft Security has had a significant impact on both our business and our customers. For our business, it has enabled us to build higher-value security services and differentiated solutions, such as Security Copilot agents tailored to real operational challenges in identity protection, incident triage, data leakage investigations, ransomware analysis, and legacy dependency assessments. For our customers, the impact has been: improved speed, consistency, and depth in security operations. By leveraging Microsoft Security signals and platforms such as Microsoft Defender, Microsoft Sentinel, and Entra, we help teams investigate incidents faster, reduce manual effort, improve decision-making, and strengthen overall security posture. In practice, this means customers gain more actionable insights, better prioritization, and more efficient use of their security resources. What advice do you have for others who would like to get involved in the Microsoft Community? My advice is to bridge the gap between learning and building. Don’t just consume content; start creating solutions for real-world challenges, such as AI-driven automation in Security Copilot or Microsoft Sentinel. Use your practical experience to help others, and remember that teaching is one of the most powerful ways to contribute. In an era of rapid AI evolution, being a proactive 'early adopter' who shares insights is the best way to grow within the Microsoft Community and help protect the global digital landscape. Fabrício beyond Microsoft Security Beyond my technical career, I am a lifelong learner with a deep passion for understanding how the world works, from the complexities of Quantum Computing—which I studied at the University of Coimbra—to the fundamental principles of Physics, Astronomy, and Philosophy. I am currently pursuing two Master’s degrees, as I believe that diverse knowledge fuels creativity. I am also a polyglot at heart, teaching myself Italian, Spanish, Russian, and Chinese using open-source materials. My creative side is expressed through music, as I play both the violin and the piano. In my spare time, I enjoy the discipline of sports; I have a history as both a player and coach of Rugby, and I am a fan of Ice Hockey. My future plans include completing my Doctorate and embracing a nomadic lifestyle to experience different cultures and perspectives. For me, life is about the continuous pursuit of wisdom and the belief that we can always expand the boundaries of our own understanding. Connect with Fabrício on LinkedIn. ____________________________________________________________________________________________ Learn and Engage with the Microsoft Security Community Log in and follow this Microsoft Security Community Blog. Follow = Click the heart in the upper right when you're logged in 🤍. Join the Microsoft Security Community and be notified of upcoming events, product feedback surveys, and more. Get early access to Microsoft Security products and provide feedback to engineers by joining the Microsoft Security Advisors. Join the Microsoft Security Community LinkedIn Group and follow the Microsoft Entra Community on LinkedInData Security Posture Reports (Custom Workspace and Charts)
For more insights on OOB Reports, check out this article. Overview: NOW IN PUBLIC PREVIEW Microsoft Purview Posture Reports provide a clear, outcome‑based view of how effectively data protection controls, such as Sensitivity Labels and Data Loss Prevention (DLP) policies, are working across Microsoft 365. Rather than focusing on individual alerts or isolated events, Posture Reports help organizations answer a higher‑level, executive‑ready question: Are our data protection controls consistently applied and actually reducing risk at scale? Posture Reports transform complex telemetry from Audit logs, Activity Explorer, and policy enforcement into measurable, defensible insights that security, compliance, and business leaders can act on with confidence. Building on the out‑of‑the‑box experience, Custom Posture Reports enable teams to create scenario‑specific views tailored to their organization’s risk priorities. Key capabilities include: Custom dashboards with drag‑and‑drop sections and cards Built‑in and custom metric or chart cards powered by Activity Explorer data Flexible filtering to support focused investigations and reporting Tips: Start with clear questions, then choose cards that answer them Avoid overcrowding reports; fewer, well‑chosen cards are more effective Use metric cards for status, analytics cards for understanding Treat custom reports as living assets, iterate as needs evolve This allows security teams to move beyond one‑size‑fits‑all reporting and build views aligned to their unique data protection strategy. Preview note: As this feature is in Preview, capabilities, terminology, and UX may change, and not all scenarios are fully documented yet. Key Concepts Where can I access these reports? Three Locations: Purview.microsoft.com -> Information Protection -> Reports Purview.microsoft.com -> Data Loss Prevention -> Posture Reports Purview.microsoft.com -> DSPM -> Reports (CUSTOM COMING) What is a Custom Report? A Custom Report is a user‑created report container where you assemble one or more cards to visualize Information Protection–related data (for example, labeling, classification, or protection activity). Unlike the built‑in reports, custom reports are designed to be adaptable to different audiences and questions. Typical use cases include: Tracking adoption of sensitivity labels over time Monitoring where sensitive data is most concentrated Creating executive‑friendly, KPI‑style summaries Building analyst views for deeper investigation Core Actions in the Custom Reports Experience Add Report creates a new, empty report canvas. This is the starting point where you define: The report name and purpose Create custom reports with your preferred cards and analytics. Add section is used to create a logical grouping within a custom report. A section acts as a container that helps organize cards on the report canvas into meaningful groupings based on purpose, audience, or storyline. What a section does How sections are used Provides structure to a report by grouping related cards together Improves readability and navigation, especially in reports with multiple cards Helps separate different analytical themes within the same report A report can contain one or more sections Each section can include multiple cards (metric cards, chart cards, analytics cards, or custom cards) Sections are added before cards, serving as the layout framework for the report Add Card lets you place a visualization or metric onto the report canvas. Each card answers a specific question, such as “How much data is labeled Confidential?” or “Where is sensitive content growing fastest?” Cards are the building blocks of custom reports and can be mixed and matched within the same report. Permissions: in order to create these reports, you must have permissions to create labels and DLP policies. Built‑in (OOB – Out of the Box) cards: Custom reports include two built‑in card types that can be added to sections: Metric cards – predefined cards used to display key metrics and trends Analytics cards – predefined cards that provide deeper analytical insights Note: In addition to built‑in cards, you can add custom cards (such as metric‑based or chart‑based custom cards) to tailor the report to your scenario. What is a Metric Card? What is an Analytic Card? Metric cards are designed to highlight a single, high‑level value or KPI and are also the foundation for building custom cards that combine metrics with trend context. Analytics cards provide richer visualizations that help users explore patterns and trends in the data. What they do: A Metric card is used to create a card that pairs a primary metric with its historical trend This allows users to answer not just “What is the value?” but also “Is it improving or declining?” Metric cards are commonly used for adoption, growth, and compliance health indicators These cards focus on showing trends over time What they do: Show distributions, breakdowns, or trends over time Enable comparison across locations, labels, or workloads Support investigation and analysis rather than just reporting These are useful when you need a visual representation rather than a single metric. Display data using charts such as bars, lines, or other visual formats Custom cards allow you to define tailored views aligned to your organization’s unique questions. What they do: Focus on specific scenarios not covered by default cards Combine dimensions or filters relevant to your business context Adapt reporting to regulatory, regional, or operational needs When to use them: Organization‑specific KPIs Regulatory or audit‑driven reporting Advanced scenarios that go beyond standard dashboards Custom cards are especially useful for mature programs where built‑in reports are no longer sufficient on their own. Custom Card Configuration The following example illustrates how a metric‑based custom card can be configured to track adoption trends. Scenario: Track adoption of the Confidential sensitivity label over the last 30 days. Card type: Custom card (built from a Metric card) Metric configuration Filters applied What this card shows Metric: Number of items labeled Confidential Time range: Last 30 days (custom) Display format: Compound (shows total count with trend direction) Sensitivity label: Confidential Workload: SharePoint The current total number of items labeled Confidential Whether labeling activity is increasing or decreasing over the last 30 days A focused view of adoption for a specific label and workload This type of custom card is well‑suited for adoption tracking, executive summaries, and ongoing compliance health monitoring. Metric card configuration: Metric cards currently surface up to 7 days of data, providing recent context for the selected metric. Custom surfaces up to the last 30 days of data. You can choose different display formats, such as: Number – a raw count or value Percentage – a proportional view of the metric Compound – a combination of value and trend for quick interpretation You can apply filters to limit the data set to specific criteria (for example, a particular label, location, or workload), allowing the metric to reflect a targeted scenario rather than all data Chart cards are used to visualize data as a graphical chart and can be created as custom cards when you need a visual representation rather than a single metric. Click on Chart Card and under Chart card configuration, select the primary activities: Sensitivity Label Then define the Chart Type Based on the configuration options shown in the UI, the following chart types are available: Vertical bar – compares values across categories using vertical bars; commonly used for side‑by‑side comparisons Horizontal bar – compares values across categories using horizontal bars; useful when category labels are long Pie – shows proportional distribution of values across categories Donut – similar to a pie chart, with a central area that improves readability Line chart – visualizes trends or changes over time Selecting the appropriate chart type helps ensure the custom card clearly communicates the intended insight and improves overall report readability. These cards are commonly used for trend analysis, distribution views, and comparative reporting. Both make patterns easier to understand. Real World Example The business goal this report is addressing is to prove security value and risk reduction, especially to leadership and stakeholders, by tying data protection investments to measurable outcomes. Primary Business Goal: demonstrate that the organization’s data protection controls are effective in reducing financial data risk. The report shows that sensitive financial data is not only being found, but consistently labeled and enforced through DLP, validating that controls are working as intended. Supporting Business Objectives Executive assurance & trust Provide leadership with evidence that compliance and security controls are actively protecting financial data, not just configured. Risk reduction validation Show that financial SITs are being systematically identified and governed, reducing exposure and improper data handling. Value justification for security investments Correlate auto labeling and DLP outcomes to demonstrate ROI on Purview, labeling, and policy investments. Operational confidence Confirm that auto‑labeling policies are accurately detecting sensitive data at scale and triggering appropriate DLP enforcement. Audit and compliance readiness Establish defensible proof that sensitive financial data is discovered, classified, and protected consistently across the environment. Step 1: Create a report, add a name, and description Step 2: Add a section called Key Outcomes (title and description) and add metric cards to show the data at a glance. Step 3: Add another section. Include the following two out of the box charts available. Step 4: Add another section with the out of the box charts Step 5: Add the last section that ties everything together. One out of the box chart and another custom chart. Step 6: for the custom chart above, Do a vertical bar, pivot (the groupings at the bottom of the chart) to Activity. Then, add filters (Sensitive info type: the SITs and Activity: DLPRuleMatch. The report highlights key outcomes, label adoption, application areas, and auto labeling policies. It identifies the main SITs used in labeling and connects them to DLP, demonstrating that the admin's data security measures are effective, particularly with financial information. Using AI to simplify insights This AI integration builds on Microsoft Purview’s existing reporting stack (Posture Reports, Activity Explorer and Audit) and introduces AI-assisted interpretation, summarization, and report composition to reduce manual analysis and accelerate decision-making. To access the report AI Summary: Click on the report and open “View Details” AI will prepare and summarize the report. AI Report Components Executive Summary Delivers a high level, leadership friendly narrative of the most important insights. Highlights overall posture, major risks, and notable improvements or regressions. Summarizes overall activity (for example, total labeled items and dominant platforms) Calls out major observations and limitations (such as lack of trend comparison due to retention) Provides a concise interpretation of what the data means at a point in time This section answers: “What happened, and what should I know without reading the full report?” Key metrics This section provides the essential quantitative data that forms the foundation of the report. Establishes a baseline that can be tracked over time Quantitative measures such as: Number of policy triggers or Label adoption rates Lists the primary counts, categories, and time range used for analysis Clarifies what measurements are available and which are not (such as trends) This section answers: “What are the exact numbers this report is based on?” Distribution Breakdown This section shows how activity is distributed across categories or dimensions. Breaks total activity into meaningful segments (for example, Mac vs. Web Browser) Displays proportional impact using counts and percentages Helps identify concentration areas or imbalances across platforms This section answers: “Where is activity happening the most?” Trend Analysis Evaluates changes over time when historical data is available. Compares current activity to prior periods Highlights increases, decreases, or stability in behavior Clearly calls out when trend analysis is not possible due to data limitations This section answers: “is behavior improving, worsening, or staying the same over time?” Key Findings Synthesizes insights derived from metrics, distributions, and trends. Interprets the data rather than restating it Identifies notable patterns, gaps, or risks (for example, platform skew or low adoption) Connects observations to possible operational or policy implications. This section answers: “What stands out as important or concerning?” Assessment Provides an overall evaluation of the security or compliance posture Combines findings into a holistic judgment Assesses scope, coverage, and effectiveness of current practices Describes whether the posture is sufficient or limited This section answers: “How healthy is our current posture?” Status Summarizes the assessment into a simple outcome indicator. Recommendations Guides next steps based on observed gaps and risks. Suggests practical actions to improve coverage or effectiveness. Aligns recommendations to best practices and product capabilities. Prioritizes changes that reduce risk and improve consistency. This section answers: “What should we do nex References Provides traceability and supporting documentation. Links to authoritative Microsoft documentation used to inform recommendations Allows readers to validate guidance or explore implementation details This section answers: “Where can I verify or learn more?” Full AI Report Summary Summary Posture Reports represent a shift from security configuration to security outcomes. They empower organizations to confidently answer critical questions about risk, readiness, and return on security investment, especially in an AI‑driven world. As reporting continues to evolve, Posture Reports will play a foundational role in how customers prove, improve, and communicate their data security posture.
Security Copilot Clinic: AI‑Driven Agentic Defense for Healthcare
Healthcare security teams are operating under unprecedented pressure. Ransomware continues to target clinical environments, identity‑based attacks are increasing in sophistication, and the risk of PHI exposure remains a constant concern — all while SOC teams face chronic staffing shortages. Microsoft Security Copilot is now available for organizations using Microsoft 365 E5, bringing generative AI assistance directly into the security tools healthcare teams already rely on. This clinic series is designed to show how Security Copilot changes day‑one operations — turning noisy alerts into clear, actionable investigations and faster containment. Why attend this clinic For healthcare CISOs, SOC leaders, and security architects, Security Copilot represents more than an AI assistant — it’s a shift in how investigations are conducted across endpoint, identity, email, data, and cloud workloads. In this session, you’ll see how Security Copilot helps healthcare security teams: Move faster with confidence by summarizing complex evidence across security signals Reduce investigation fatigue by standardizing analyst workflows Communicate risk clearly by translating technical findings into leadership‑ready insights Protect patient data without adding new tools or headcount All examples and demonstrations are grounded in real healthcare security scenarios. What we’ll explore See the full incident picture in one place Microsoft‑built Security Copilot agents embedded across Defender, Entra, Intune, and Purview automatically correlate signals from endpoint, identity, email, data, and cloud applications into a single investigation view — eliminating manual pivoting between tools. Move from alert to action faster Embedded agents analyze related signals in real time and surface prioritized investigation paths along with recommended containment actions directly in the analyst workflow. Standardize investigations and reduce noise Agent‑driven prompts and investigation structure help standardize analyst response, reduce alert fatigue, and create repeatable workflows that scale in lean SOC environments. Protect PHI and communicate risk with confidence Security Copilot uses embedded data and threat intelligence to produce leadership‑ready summaries that clearly articulate potential PHI exposure, attack progression, and business impact. Session format and audience Format 60‑minute live session End‑to‑end demo Interactive Q&A Who should attend CISOs and Security Leaders SOC Managers and Analysts Security and Cloud Architects Clinical IT and Infrastructure Leaders Upcoming sessions Date Time (ET) Registration March 13, 2026 12:00 – 1:00 PM Session #1 March 20, 2026 12:00 – 1:00 PM Session #2 March 27, 2026 12:00 – 1:00 PM Session #3 Secure healthcare — together Security Copilot enables healthcare organizations to respond faster, investigate smarter, and communicate risk more effectively — all within the Microsoft security ecosystem teams already trust. If you’re evaluating how AI‑driven, agentic defense can support your healthcare SOC, this clinic will give you practical insight you can apply immediately.Crawl, Walk, Run: A Practitioner's Guide to AI Maturity in the SOC
Every security operations center is being told to adopt AI. Vendors promise autonomous threat detection, instant incident response, and the end of alert fatigue. The reality is messier. Most SOC teams are still figuring out where AI fits into their existing workflows, and jumping straight to autonomous agents without building foundational trust is a recipe for expensive failure. The Crawl, Walk, Run framework offers a more honest path. It's not a new concept. Cloud migration teams, DevOps organizations, and Zero Trust programs have used it for years. But it maps remarkably well to how security teams should adopt AI. Each phase builds organizational trust, governance maturity, and technical capability that the next phase depends on. Skip a phase and the risk compounds. This guide is written for SOC leaders and practitioners who want a practical, phased approach to AI adoption, not a vendor pitch.Authorization and Identity Governance Inside AI Agents
Designing Authorization‑Aware AI Agents Enforcing Microsoft Entra ID RBAC in Copilot Studio As AI agents move from experimentation to enterprise execution, authorization becomes the defining line between innovation and risk. AI agents are rapidly evolving from experimental assistants into enterprise operators—retrieving user data, triggering workflows, and invoking protected APIs. While many early implementations rely on prompt‑level instructions to control access, regulated enterprise environments require authorization to be enforced by identity systems, not language models. This article presents a production‑ready, identity‑first architecture for building authorization‑aware AI agents using Copilot Studio, Power Automate, Microsoft Entra ID, and Microsoft Graph, ensuring every agent action executes strictly within the requesting user’s permissions. Why Prompt‑Level Security Is Not Enough Large Language Models interpret intent—they do not enforce policy. Even the most carefully written prompts cannot: Validate Microsoft Entra ID group or role membership Reliably distinguish delegated user identity from application identity Enforce deterministic access decisions Produce auditable authorization outcomes Relying on prompts for authorization introduces silent security failures, over‑privileged access, and compliance gaps—particularly in Financial Services, Healthcare, and other regulated industries. Authorization is not a reasoning problem. It is an identity enforcement problem. Common Authorization Anti‑Patterns in AI Agents The following patterns frequently appear in early AI agent implementations and should be avoided in enterprise environments: Hard‑coded role or group checks embedded in prompts Trusting group names passed as plain‑text parameters Using application permissions for user‑initiated actions Skipping verification of the user’s Entra ID identity Lacking an auditable authorization decision point These approaches may work in demos, but they do not survive security reviews, compliance audits, or real‑world misuse scenarios. Authorization‑Aware Agent Architecture In an authorization‑aware design, the agent never decides access. Authorization is enforced externally, by identity‑aware workflows that sit outside the language model’s reasoning boundary. High‑Level Flow The Copilot Studio agent receives a user request The agent passes the User Principal Name (UPN) and intended action A Power Automate flow validates permissions using Microsoft Entra ID via Microsoft Graph Only authorized requests are allowed to proceed Unauthorized requests fail fast with a deterministic outcome Authorization‑aware Copilot Studio architecture enforces Entra ID RBAC before executing any business action. The agent orchestrates intent. Identity systems enforce access. Enforcing Entra ID RBAC with Microsoft Graph Power Automate acts as the authorization enforcement layer: Resolve user identity from the supplied UPN Retrieve group or role memberships using Microsoft Graph Normalize and compare memberships against approved RBAC groups Explicitly deny execution when authorization fails This keeps authorization logic: Centralized Deterministic Auditable Independent of the AI model Reference Implementation: Power Automate RBAC Enforcement Flow The following import‑ready Power Automate cloud flow demonstrates a secure RBAC enforcement pattern for Copilot Studio agents. It validates Microsoft Entra ID group membership before allowing any business action. Scenario Trigger: User‑initiated agent action Identity model: Delegated user identity Input: userUPN, requestedAction Outcome: Authorized or denied based on Entra ID RBAC { "$schema": "https://schema.management.azure.com/providers/Microsoft.Logic/schemas/2016-06-01/workflowdefinition.json#", "contentVersion": "1.0.0.0", "triggers": { "Copilot_Request": { "type": "Request", "kind": "Http", "inputs": { "schema": { "type": "object", "properties": { "userUPN": { "type": "string" }, "requestedAction": { "type": "string" } }, "required": [ "userUPN" ] } } } }, "actions": { "Get_User_Groups": { "type": "Http", "inputs": { "method": "GET", "uri": "https://graph.microsoft.com/v1.0/users/@{triggerBody()?['userUPN']}/memberOf?$select=displayName", "authentication": { "type": "ManagedServiceIdentity" } } }, "Normalize_Group_Names": { "type": "Select", "inputs": { "from": "@body('Get_User_Groups')?['value']", "select": { "groupName": "@toLower(item()?['displayName'])" } }, "runAfter": { "Get_User_Groups": [ "Succeeded" ] } }, "Check_Authorization": { "type": "Condition", "expression": "@contains(body('Normalize_Group_Names'), 'ai-authorized-users')", "runAfter": { "Normalize_Group_Names": [ "Succeeded" ] }, "actions": { "Authorized_Action": { "type": "Compose", "inputs": "User authorized via Entra ID RBAC" } }, "else": { "actions": { "Access_Denied": { "type": "Terminate", "inputs": { "status": "Failed", "message": "Access denied. User not authorized via Entra ID RBAC." } } } } } } } This pattern enforces authorization outside the agent, aligns with Zero Trust principles, and creates a clear audit boundary suitable for enterprise and regulated environments. Flow Diagram: Agent Integrated with RBAC Authorization Flow and Sample Prompt Execution: Delegated vs Application Permissions Scenario Recommended Permission Model User‑initiated agent actions Delegated permissions Background or system automation Application permissions Using delegated permissions ensures agent execution remains strictly within the requesting user’s identity boundary. Auditing and Compliance Benefits Deterministic and explainable authorization decisions Centralized enforcement aligned with identity governance Clear audit trails for security and compliance reviews Readiness for SOC, ISO, PCI, and FSI assessments Enterprise Security Takeaways Authorization belongs in Microsoft Entra ID, not prompts AI agents must respect enterprise identity boundaries Copilot Studio + Power Automate + Microsoft Graph enable secure‑by‑design AI agents By treating AI agents as first‑class enterprise actors and enforcing authorization at the identity layer, organizations can scale AI adoption with confidence, trust, and compliance.
Evolving identity security: How the Conditional Access Optimization Agent helps you adapt
Organizations are expanding Zero Trust across more users, applications, and now a growing population of AI agent identities, making it even more challenging to maintain visibility and control at scale. As environments grow more complex and change daily, static best-practice approaches can’t keep up. Security teams are left trying to reason across dozens of access policies, shifting conditions, and evolving risks, often without clear visibility into where gaps exist. That’s exactly what we’re hearing from customers. “The recommendations are great, but they don’t always match how our organization works.” With this latest set of enhancements, the Conditional Access Optimization Agent moves beyond static guidance to continuous, context-aware identity posture optimization. The agent now understands your organization’s business context, surfaces gaps that manual reviews miss, helps you act on insights safely, and proves the impact of your improvements—all as part of a new operating model for identity security. Here’s a quick look at what’s new in the Conditional Access Optimization Agent, now in public preview: Context-aware recommendations tailored to your environment. Continuous deep gap analysis to identify persistent or emerging policy gaps. Automated least-privilege enforcement to reduce unnecessary permissions. Enhanced phased rollout for gradual, controlled deployment. Passkey deployment campaigns that streamline phishing-resistant authentication rollout. Zero Trust posture reporting that helps demonstrate measurable improvements. These new capabilities are designed to work together as part of a continuous operating model for identity security. To make this concrete, let’s walk through how the agent works in practice across four key steps – from tailoring recommendations to your environment, to identifying gaps, safely deploying changes, and measurable impact. This is a view of the agent overview dashboard, showing analyzed coverage, identified gaps, and recommended actions to strengthen your access policies. Step 1: Make recommendations match your reality Every organization runs Conditional Access a little differently. Naming conventions, policy design patterns, and exception processes – these all vary across environments. Until now, the agent's recommendations were based on industry and Microsoft best practices, sign-in data, and your Conditional Access policies. However, guidance needs to reflect how your organizations actually operate. Context-aware policy recommendations – teach the agent your standards With context-aware policy recommendations, you can upload internal documentation directly to the agent. Think about the guidance your team already relies on, such as documents that outline authentication strength requirements, device compliance baselines, and internal or external policy standards. These often live as PDFs, wiki pages, or long policy docs that admins manually cross-reference during periodic reviews. The agent securely uses that context to tailor recommendations for your organization, so they align with how your team designs and manages Conditional Access. For example, the Australian government publishes Conditional Access guidance for organizations operating in regulated environments. The agent is able to reason over this guidance and produce recommendations aligned to Australian compliance standards. In the agent’s settings page, you can upload organization-specific policies and guidance so the agent can tailor recommendations to your environment Step 2: Surface gaps humans can’t easily see As environments grow more complex, Conditional Access policies become increasingly difficult to reason over. Organizations often manage dozens, or even hundreds, of policies across user groups, applications, authentication strengths, and device requirements, making it hard to fully understand how they interact. Continuous deep gap analysis Enterprise customers average 83 Conditional Access policies. The number of possible interactions between those policies – layers, overlaps, and coverage gaps – is challenging to reason over. Manual review typically focuses on recently changed policies. But some of the most critical gaps have been there all along. They are persistent configuration issues that have existed for years. The agent evaluates how policies interact with one another, understands how authentication requirements are enforced across the policies, and identifies gaps where coverage falls short. This means it can detect: newly introduced gaps caused by policy changes or configuration drift persistent structural gaps cause by policy overlap, constantly evolving exceptions, and more Instead of reviewing policies one by one, the agent evaluates the entire access control system as a whole. The agent identifies uncovered users and policy gaps by analyzing how Conditional Access policies interact across your environment. Zero Trust least-privileged enforcement for agent identities Nowadays, access is no longer just about people. Gartner stated that by 2029, most secure access requests will come from non-human identities—up from less than 5% today. As AI agents become a rapidly growing part of the workforce, they also introduce new risks. Many of these identities can be over-privileged, making them attractive targets for attackers! The Conditional Access Optimization Agent identifies agent identities with excessive or unused permissions and recommends least-privilege adjustments. This extends continuous Zero Trust enforcement beyond workforce identities to the fastest-growing population in your environment. Step 3: Turn insight into action without breaking things Finding gaps is important. Fixing them safely is where the real operational challenge begins. We all know the risk of making access policy changes without understanding their real-world impact. A single misconfigured policy can lock out users or disrupt critical applications. These enhancements help your teams move from insight to execution with confidence. Phased rollout for any Conditional Access policy With our updated Phased Rollout capability, you can now deploy any Conditional Access policy gradually, not only agent-recommended ones like in our previous release. For each rollout, the agent proposes low-impact phases, monitors real user impact at every stage, and intelligently suggests progression or roll back so you can easily deploy policies while minimizing end-user impact. This means your team no longer needs to manually move policies from report only to enabled. The agent handles that progression for you. This allows your team to strengthen access protections in a way that works for your business, without widespread lockouts, helpdesk spikes, or disruption to critical workflows. The agent creates a phased rollout plan, allowing policies to be deployed gradually while monitoring user impact and minimizing disruption. Passkey deployment campaigns – structured adoption of phishing-resistant authentication Phishing-resistant authentication is one of the most important steps organizations can take to strengthen identity security – and passkeys deliver both security and usability. The challenge isn't whether to adopt passkeys, but how to roll them out without creating operational friction. Microsoft data shows consumer users are 3× more successful signing in with passkeys compared to legacy authentication methods. That's where the agent's passkey campaign experience comes in, helping you run structured adoption campaigns across your organization. Start with your highest-impact users such as administrators, executives, or employees most targeted by phishing. The agent tracks registration progress, identifies users that haven’t enrolled yet, communicates with them via teams, and helps you expand adoption wave by wave. No more ad hoc enforcement or spreadsheet-driven tracking across teams. The agent guides passkey adoption with structured campaigns, targeting users, tracking progress, and expanding rollout in stages. Step 4: Prove progress and communicate impact Closing gaps is only just a piece of the whole story. Security leaders increasingly need to demonstrate measurable progress, to both internal stakeholders and your executive leadership. The built-in reporting dashboard provides a clear summary of posture improvements driven by you and the agent. You can track: Exactly how many Conditional Access policy gaps the agent has discovered Users, Apps, and Agent IDs you have improved policy coverage for Remaining users, apps, and agent IDs requiring additional coverage This makes it easier to demonstrate the value of your Zero Trust investments and communicate progress to your leadership. The reporting dashboard tracks Conditional Access posture improvements, showing gaps closed, coverage gained, and remaining areas to address. The new operating model for identity security These enhancements aren't incremental improvements to a recommendation engine. They represent a shift in how identity security operations work. Moving from static rule management to continuous, context-aware optimization leveraging the power of AI. Identity security is no longer a periodic audit exercise. It becomes a continuous operational capability - helping you secure both human and non-human identities across authentication, access, and risk. Get started today If you have Microsoft 365 E5, the Conditional Access Optimization Agent will become available through a phased rollout. Once available in your tenant, you can enable it directly in the Microsoft Entra admin center and start using it right away. We are continuing to expand these capabilities and will evolve the agent based on your feedback. Enable the Conditional Access Optimization Agent → Security Copilot agents - Microsoft Entra admin center Swaroop Krishnamurthy Principal Product Manager, Microsoft Entra Swaroop Krishnamurthy | LinkedIn Additional resources Microsoft Entra Conditional Access optimization agent | Microsoft Learn Conditional Access Optimization Agent knowledge base (Preview) | Microsoft Learn Conditional Access Optimization Agent phased rollout | Microsoft Learn Learn more about Microsoft Entra Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds. Microsoft Entra News and Insights | Microsoft Security Blog Microsoft Entra blog | Tech Community Microsoft Entra documentation | Microsoft Learn Microsoft Entra discussions | Microsoft CommunityAccelerate connectors development using AI agent in Microsoft Sentinel
Today, we’re excited to announce the public preview of a Sentinel connector builder agent, via VS code extension, that helps developers build Microsoft Sentinel codeless connectors faster with low-code and AI-assisted prompts. This new capability brings guided workflows directly into the tooling developers already use, helping accelerate time to value as the Sentinel ecosystem continues to grow. Learn more at Create custom connectors using Sentinel connector AI agent Why this matters As the Microsoft Sentinel ecosystem continues to expand, developers are increasingly tasked with delivering high‑quality, production‑ready connectors at a faster pace, often while working across different cloud platforms and development environments. Building these integrations involves coordinating schemas, configuration artifacts, Azure deployment concepts, and validation steps that provide flexibility and control, but can span multiple tools and workflows. As connector development scales across more partners and scenarios, there is a clear opportunity to better integrate these capabilities into the developer environments teams already rely on. The new Sentinel connector builder agent, using GitHub Copilot in the Sentinel VS code extension, brings more of the connector development lifecycle -- authoring, validation, testing, and deployment into a single, cohesive workflow. By consolidating these common steps, it helps developers move more easily from design to validation and deployment without disrupting established processes. A guided, AI‑assisted workflow inside VS Code The Sentinel connector builder agent for Visual Studio Code is designed to help developers move from API documentation to a working codeless connector more efficiently. The experience begins with an ISVs API documentation. Using GitHub Copilot chat inside VS Code, developers can describe the connector they want to build and point the extension to their API docs, either by URL or inline content. From there, the AI‑guided workflow reads and extracts the relevant details needed to begin building the connector. Open the VS Code chat and set the chat to Agent mode. Prompt the agent using sentinel. When prompted, select /create-connector and select any supported API. For example in Contoso API, enter the prompt as: @sentinel /create-connector Create a connector for Contoso. Here are the API docs: https://contoso-security-api.azurewebsites.net/v0101/api-doc Next, the agent generates the required artifacts such as polling configurations, data collection rules (DCRs), table schemas, and connector definitions, using guided prompts with built‑in validation. This step‑by‑step experience helps ensure configurations remain consistent and aligned as they’re created. Note: During agent evaluation, select Allow responses once to approve changes, or select the option Bypass Approvals in the chat. It might take up to several minutes for the evaluations to finish. As the connector takes shape, developers can validate and test configurations directly within VS Code, including testing API interactions before deployment. Validation of the API data source and polling configuration are surfaced in context, supporting faster iteration without leaving the development environment. When ready, connectors can be deployed directly from VS Code to accessible Microsoft Sentinel workspaces, streamlining the path from development to deployment without requiring manual navigation of the Azure portal. Key capabilities The VS Code connector builder experience includes: AI‑guided connector creation to generate codeless connectors from API documentation using natural language prompts. Support for common authentication methods, including Basic authentication, OAuth 2.0, and API keys. Automated validation to check schemas, cross‑file consistency, and configuration correctness as you build. Built‑in testing to validate polling configurations and API interactions before deployment. One‑click deployment that allows publishing connectors directly to accessible Microsoft Sentinel workspaces from within VS Code. Together, these capabilities support a more efficient path from API documentation to a working Microsoft Sentinel connector. Testimonials As partners begin using the Sentinel connector builder agent, feedback from the community will help shape future enhancements and refinements. Here is what some of our early adopters have to say about the experience: “The connector builder agent accelerated our initial exploration of the codeless connector framework and helped guide our connector design decisions.” -- Rodrigo Rodrigues, Technology Alliance Director “The connector builder agent helped us quickly explore and validate connector options on the codeless connector framework while developing our Sentinel integration.” --Chris Nicosia, Head of Cloud and Tech Partnerships Start building This public preview represents an important step toward simplifying how ISVs build and maintain integrations with Microsoft Sentinel. If you’re ready to get started, the Sentinel connector builder agent is available in public preview for all participants. In the unlikely event that an ISV encounters any issues in building or updating a CCF connector, App Assure is here to help. Reach out to us here.
