Back to Microsoft briefs

Agent 365 in Defender: Security Operations for AI Agents

Microsoft Security demonstrates Agent 365 inside Defender, combining centralized registries, incident graphs, jailbreak detection, Entra revocation, and advanced hunting for over-permissioned agents.

Processed May 30, 2026
Infographic showing Agent 365 security operations across registry alerts, Defender incident graphs, hunting queries, and Entra revocation.

Executive Summary

Microsoft Security experts demonstrate Agent 365 capabilities within Microsoft Defender, showcasing real-time protection, prompt-injection defense, and advanced hunting frameworks for over-permissioned AI agents.

Agent 365 establishes a unified control plane across security, IT, identity, and compliance systems to manage corporate machine-speed automation risks.

Microsoft Defender tracks AI agent execution in real time, actively intercepting malicious jailbreak actions and rogue tool calls.

Advanced hunting templates scan tenant networks to quickly detect risky over-permissioned setups like Model Context Protocol configurations running on creator credentials.

Key Takeaways

  • The agentic era introduces risks where autonomous actors can create expansive attack paths by chaining user-impersonated system commands.
  • The Microsoft 365 Admin Center surfaces real-time security alerts into centralized agent registries for immediate IT visibility.
  • Security operation center analysts can trace low-priority, historical, and active agent alerts in a single consolidated Incident Graph.
  • Stolen user credentials can be weaponized through agents to perform high-velocity system collection actions across networks.
  • Defender integrates with Entra conditional access frameworks to revoke compromised profiles and prompt immediate resets.
  • Model Context Protocol servers frequently introduce administrative risks by exposing deep, unvetted read and write actions.
  • Makers regularly bypass complex permissions management by applying over-permissioned standing profiles to experimental bots.

Builder Implications

  • Enforce strict least-privilege configurations for all custom enterprise agents, eliminating standing maker credentials entirely.
  • Isolate critical system connections, like email or write operations, with mandatory real-time policy block parameters.
  • Use pre-built hunting query templates to run automated, weekly configuration audits across all internal agent deployments.
  • Design corporate agent publication paths to route through centralized registries where admins can instantly drop or block risky assets.
  • Ensure agent audit logging tracks core identity parameters including originator IP, exact trigger actions, and child agent relations.

Things to Verify

  • Verify the processing latency impact when Microsoft Defender reviews high-velocity tool call streams in real time.
  • Test the security boundaries of Model Context Protocol server links when processing untrusted external prompt inputs.
  • Check how reliably jailbreak detection rules identify hidden, multi-turn prompt injection attempts inside complex payloads.
  • Evaluate the coverage consistency of unified control plane alerts across multi-tenant enterprise architectures.