Artificial intelligence-enabled agents are taking the enterprise by storm, and the level of autonomy they introduce brings some serious security challenges that Microsoft Corp. is doing its best to address.

At Microsoft Ignite today, the company announced a swathe of updates across platforms including Microsoft Defender, Entra, Intune, Purview and Sentinel, designed to help enterprises observe, secure and govern agentic AI at scale.

In a blog post, Microsoft Corporate Vice President of Security Vasu Jakkal said information technology leaders have a lot of urgent questions regarding agentic AI:

“How do we onboard, manage and govern these agents? How do we protect the data they access and create? How do we protect them from threats? How do we monitor them to ensure their trustworthiness, and ensure they are not double agents? And how can we leverage agents to protect, defend, and respond at the speed of AI?”

The answer, according to Jakkal, is to make security just as ambient and autonomous as the AI agents it’s trying to protect, weaving it into every aspect of the enterprise technology stack, from the silicon to the operating system to the apps, data and platforms.

Securing the agent estate

It starts with the new Microsoft Agent 365, which is described as a “control plane for AI agents,” bringing enhanced observability to every level of the AI stack. It’s a new kind of security agent that’s meant to help teams observe, manage and govern every new agent they create, designed to address the problem of agentic sprawl.

Microsoft Agent 365 offers several useful capabilities, including a Registry that acts as a complete inventory of all AI agents up and running inside an organization. The registry divides these agents into categories, including those with Microsoft Entra identities, those that register themselves and also “shadow agents” that warrant extra special attention. Using the registry, IT admins can quarantine any sanctioned agent to prevent them from being discovered by, or connecting to other agents.

Other capabilities in Microsoft Agent 365 include controls for governing the data resources and tools agents can access, and a unified dashboard for visualizing them. According to Jakkal, it provides a complete map of all of the connections between agents and their users and other agents they’re collaborating with, along with role-based reporting and analytics to show what they’re doing. This allows security teams proactively to assess their posture and risk, detect vulnerabilities, misconfigurations, shadow agents and other risks, and do something about them.

Alongside Microsoft Agent 365, the company introduced a host of other tools for governing and securing AI agents at scale. For instance, the Microsoft Foundry Control Plane is for building, managing and securing fleets of AI agents at scale, while the Microsoft Security Dashboard for AI provides insights into the risks of agents by aggregating signals from platforms including Microsoft Defender, Entra and Purview into a single dashboard. With this, teams can share unified security controls, policies and real-time risk insights, Jakkal said, in order to manage agents across their entire technology estates.

Purview, meanwhile, is getting expanded data security and compliance controls for Microsoft 365 Copilot to prevent employees from accidentally sharing sensitive data with the popular chatbot.

Securing platforms and clouds

To secure the second layer of the stack, Microsoft is making some big changes to the platforms and clouds that AI agents run on. The new integration between Microsoft Defender and GitHub Advanced Security is one of the most important updates here. It enables developers and security teams to collaborate on securing code and infrastructure using familiar tools.

For instance, security teams can now recommend actions developers should take to fix vulnerable code, and then they’ll be able to use Copilot Autofix to implement those recommendations. These fixes will then be validated in Microsoft Defender, Jakkal said.

To protect against AI attacks that exploit legacy configurations, Microsoft announced the general availability of Baseline Security Mode, which uses recommended security settings to try and mitigate this risk and improve organization’s overall cloud posture. It offers a “guided admin experience” that makes it possible to identify gaps and simulate changes with “what if” scenario analysis, and then deploy broad protections that aim to minimize disruption to mission-critical workloads.

Microsoft is also beefing up protection for the Windows operating system, which is one of the main environments where productivity agents operate. It’s doing so with new features in Microsoft Intune, such as phased deployments that will simplify the rollout of new agents and AI applications, allowing users to validate security before scaling. It also introduces “maintenance windows,” which give admins more precise control over the timing of updates to the OS itself, drivers and firmware.

Among the most exciting additions for security teams will be the new Microsoft Security Copilot agents in Microsoft Sentinel. The company said its goal is to empower every security professional with intelligent “AI partners” that will amplify their expertise to transform the fabric of organizational security.

To that end, it’s launching more than a dozen new Security Copilot agents in platforms including Defender, Entra, Intune and Purview. The goal is to empower companies to take a more proactive stance to security, instead of a reactive one.

Microsoft said the new agents are highly adaptive and designed to work alongside human security experts, helping them to triage incidents, optimize conditional access policies, surface threat intelligence and maintain secure and compliant endpoints. There are also 34 new Security Copilot agents from Microsoft’s partner community to aid in this.

As for Microsoft Defender, it’s getting a new predictive shielding function that allows it to step up its attempts to disrupt cyberattacks. Jakkal said it works by anticipating an attacker’s movements so as to harden the most likely attack pathways they’ll pursue and protect critical assets. Its forecasts are based on graph insights and threat intelligence from more than 100 trillion signals the company analyzes each day. Once an attack pathway is predicted, it’ll take actions to prevent the attacker from exploiting adjacent resources.

Last but not least, the company announced an entirely new offering called the Defender Experts Suite, which gives organizations access to the full capabilities of the Defender platform, as well as direct access to a designated Microsoft security expert. The idea is that security pros can work hand-in-hand with Microsoft’s experts to create a more resilient cyber defense and response strategy, the company said.

Featured image: SiliconANGLE/Meta AI