Merge pull request #4581 from DeCohen/WI448647-ao-agents-real-time-protection

new article protect AI agents in real time

Author: aditisrivastava07

CloudAppSecurityDocs/media/protect-agents-real-time/turn-on-real-time-agent-protection.png

@@ -0,0 +1,79 @@
+---
+title: Real-time protection during agent runtime for Microsoft Copilot Studio AI agents (Preview)
+description: Learn how to enable and manage real-time runtime protection for Microsoft Copilot Studio AI agents using Microsoft Defender.
+ms.date: 08/12/2025
+ms.topic: how-to
+ms.service: defender-for-cloud-apps
+ms.reviewer: gayasalomon
+#customer-intent: As a security administrator, I want my Copilot Studio AI agents to be protected against suspicious or harmful actions during runtime so that I can reduce security risks to my organization.
+---
+
+# Real-time protection during agent runtime for Microsoft Copilot Studio AI agents (Preview)
+
+
+## Overview
+
+As AI agents become increasingly accessible through low-code/no‑code (LCNC) platforms like Microsoft Copilot Studio, organizations face new types of security risks at scale. These platforms empower non‑technical users to build and deploy custom agents without centralized security review or controls in place. Attackers can attempt to manipulate these agents by injecting malicious prompts, triggering unintended tool executions, or exploiting data sources to escalate privileges or exfiltrate data.
+
+## Capabilities
+
+Real-time protection during agent runtime in Microsoft Defender reduces these risks by inspecting user messages before the agent runs any actions. 
+
+If Microsoft Defender determines that a prompt is suspicious:
+
+- The tool invocation is blocked before it runs.
+- The user gets notified that their message was blocked.
+- An informative alert is created and appears in the Microsoft Defender portal under XDR Incidents and Alerts.
+
+
+This capability adds another security layer on top of Microsoft Copilot Studio, helping ensure AI agents remain resilient against evolving threats.
+
+> [!NOTE]
+> Real-time protection during agent runtime currently supports only AI agents created with Microsoft Copilot Studio custom engine.
+
+
+## Prerequisites
+
+Before enabling real-time agent protection during runtime, make sure:
+
+- You have a valid Microsoft Defender for Cloud Apps license (included in Microsoft 365 E5 Security).
+
+- You have Security Administrator privileges in the Microsoft Defender portal.
+
+
+> [!NOTE]
+> The onboarding process for real-time protection during agent runtime involves configuration in Power Platform and collaboration with other administrators.
+
+
+## Turn on real-time protection during agent runtime
+
+The following steps describe the Security Administrator’s required actions to enable real-time protection during agent runtime.
+
+1. **Sign in to the [Microsoft Defender portal](https://security.microsoft.com)**:
+1. Navigate to **System > Settings > Cloud Apps > Copilot Studio AI Agents**.
+1. Check the Microsoft 365 App Connector status:
+   - **If the connector is already connected:** Continue to step 5.
+   - **If the connector isn’t connected:**
+      - Under **Microsoft 365 connector**, select **Connect** or **Edit**.
+      - Select **Microsoft Entra ID Management events** and **Microsoft 365 activities**. 
+      - Select **Connect Microsoft 365**
+
+    > [!IMPORTANT]
+    > If the Microsoft 365 connector isn’t properly connected, real-time agent protection during runtime continues to block suspicious activity on the AI agent. Alerts and incidents related to these actions won't show in the Microsoft Defender portal.
+
+1. Make sure to collaborate with the following administrators:
+
+   - The **Microsoft Entra Administrator** needs to create [a Microsoft Entra ID application](/microsoft-copilot-studio/external-security-provider?branch=main&branchFallbackFrom=pr-en-us-1020#step-1-configure-microsoft-entra-application) and configure a Federated Identity Credential (FIC) using the URL provided in the Microsoft Defender portal. For more information, see: [Authorize the Microsoft Entra application with your provider of choice](/microsoft-copilot-studio/external-security-provider?branch=main&branchFallbackFrom=pr-en-us-1020#authorize-the-microsoft-entra-application-with-your-provider-of-choice).
+
+   - The **Power Platform Administrator** needs to  enter the Application ID and URL in the Power Platform settings page. For more information see: [Enable external threat detection and protection for Copilot Studio custom agents](/microsoft-copilot-studio/external-security-provider?branch=main&branchFallbackFrom=pr-en-us-1020#authorize-the-microsoft-entra-application-with-your-provider-of-choice).
+1. Enter the App ID provided by your Power Platform administrator. The Application (client) ID, uniquely identifies your application and is used in your application's code as part of validating the security tokens it receives from the Microsoft identity platform.
+1. Select **Save**.
+1. Copy the URL provided.
+1. Share the URL with the Power Platform administrator. 
+
+:::image type="content" source="media/protect-agents-real-time/turn-on-real-time-agent-protection.png" alt-text="Screenshot that shows how to turn on Real time agent protection during runtime in the Defender portal." lightbox="media/protect-agents-real-time/turn-on-real-time-agent-protection.png":::
+
+
+## Related articles
+
+- [Quickstart: Create and deploy an agent](/microsoft-copilot-studio/fundamentals-get-started)

CloudAppSecurityDocs/real-time-agent-protection-during-runtime.md

@@ -20,11 +20,21 @@ For more information on what's new with other Microsoft Defender security produc
 
 For news about earlier releases, see [Archive of past updates for Microsoft Defender for Cloud Apps](release-note-archive.md).
 
+
+## September 2025 
+
+### Real time protection during agent runtime for Microsoft Copilot Studio AI agents (Preview)
+
+Microsoft Defender offers real-time protection during runtime for AI agents built with Microsoft Copilot Studio. This capability automatically blocks the agent’s response during runtime if a suspicious behavior like a prompt injection attack is detected, and notifies security teams with a detailed alert in the Microsoft Defender portal.
+
+For more information, see [Real-time protection during agent runtime for Microsoft Copilot Studio AI agents (Preview)](real-time-agent-protection-during-runtime.md).
+
+
 ## July 2025
 
 ### App Governance available in 8 new regions
 
-App Governance is now also available in Brazil, Sweden, Norway, Switzerland, South Africa, South Korea, Arab Emirates and Asia Pacific. For more details, see [Turn on app governance for Microsoft Defender for Cloud Apps](/defender-cloud-apps/app-governance-get-started).
+App Governance is now also available in Brazil, Sweden, Norway, Switzerland, South Africa, South Korea, Arab Emirates, and Asia Pacific. For more information, see [Turn on app governance for Microsoft Defender for Cloud Apps](/defender-cloud-apps/app-governance-get-started).
 
 ### Updated network requirements for GCC and Gov customers
 
@@ -58,7 +68,7 @@ For more information, see:
 
 ### New Dynamic Threat Detection model
 
-Microsoft Defender for Cloud Apps new dynamic threat detection model continuously adapts to the ever-changing SaaS apps threat landscape. This approach ensures your organization remains protected with up-to-date detection logic without the need for manual policy updates or reconfiguration. Several legacy anomaly detection policies have already been seamlessly transitioned to this adaptive model, delivering smarter and more responsive security coverage.
+Microsoft Defender for Cloud Apps new dynamic threat detection model continuously adapts to the ever-changing SaaS apps threat landscape. This approach ensures your organization remains protected with up-to-date detection logic without the need for manual policy updates or reconfiguration. Several legacy anomaly detection policies have already been seamlessly transitioned to this adaptive model, delivering smarter, and more responsive security coverage.
 
 For more information, see [Create Defender for Cloud Apps anomaly detection policies](anomaly-detection-policy.md).
 
@@ -68,7 +78,7 @@ For more information, see [Create Defender for Cloud Apps anomaly detection poli
 
 ### Revamped Cloud Discovery Executive Summary report
 
-The Cloud Discovery Executive Summary report has been updated with a modernized design and streamlined format. The new version reduces the report from 26 pages to 6 pages, focusing on the most relevant and actionable insights while improving readability and usability. For more details, see [How to generate a Cloud Discovery executive report](discovered-apps.md#generate-a-cloud-discovery-executive-report).
+The Cloud Discovery Executive Summary report has been updated with a modernized design and streamlined format. The new version reduces the report from 26 pages to 6 pages, focusing on the most relevant and actionable insights while improving readability and usability. For more information, see [How to generate a Cloud Discovery executive report](discovered-apps.md#generate-a-cloud-discovery-executive-report).
 
 ### New Applications inventory page now available in Defender XDR
 
@@ -87,7 +97,7 @@ To ensure continuity and access to data currently available through Microsoft De
 - For Microsoft Graph Security Alerts API, see: [List alerts_v2](/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http&preserve-view=true)
 - To view Microsoft Defender for Cloud Apps alerts data in the Microsoft Defender XDR incidents API, see [Microsoft Defender XDR incidents APIs and the incidents resource type](/graph/api/security-list-alerts_v2?view=graph-rest-1.0&tabs=http&preserve-view=true)
 
-For detailed guidance see: [Migrate from Defender for Cloud Apps SIEM agent to supported APIs](migrate-to-supported-api-solutions.md)
+For detailed guidance, see [Migrate from Defender for Cloud Apps SIEM agent to supported APIs](migrate-to-supported-api-solutions.md).
 
 
 ### New and improved Cloud App Catalog page
@@ -228,7 +238,7 @@ For more information, see:
 
 ### SaaS Security initiative in Exposure Management
 
-[Microsoft Security Exposure Management](/security-exposure-management/) offers a focused, metric-driven way of tracking exposure in specific security areas using security [initiatives](/security-exposure-management/initiatives). The "SaaS security initiative" provides a centralized location for all best practices related to SaaS security, categorized into 12 measurable metrics. These metrics are designed to assist in effectively managing and prioritizing the large number of security recommendations.
+[Microsoft Security Exposure Management](/security-exposure-management/) offers a focused, metric-driven way of tracking exposure in specific security areas using security [initiatives](/security-exposure-management/initiatives). The "SaaS security initiative" provides a centralized location for all best practices related to SaaS security, categorized into 12 measurable metrics. These metrics are designed to help effectively managing and prioritizing the large number of security recommendations.
 This capability is General Availability (Worldwide) - Note Microsoft Security Exposure Management data and capabilities are currently unavailable in U.S Government clouds - GCC, GCC High, and DoD
 
 For more information, see [SaaS security initiative](saas-security-initiative.md).
@@ -421,7 +431,7 @@ For more information, see [Advanced Hunting "CloudAppEvents" Data schema](/micro
 
 Defender for Cloud Apps now supports SaaS security posture management (SSPM) across multiple instances of the same app. For example, if you have multiple instances of Okta, you can configure Secure Score recommendations for each instance individually. Each instance shows up as a separate item on the **App Connectors** page. For example:
 
-:::image type="content" source="media/security-saas-choose-secure-score-main-instance.png" alt-text="Screenshot of the Turn on Secure Score recommendations option." lightbox="media/classic-security-saas-choose-secure-score-main-instance.png":::
+:::image type="content" source="media/security-saas-choose-secure-score-main-instance.png" alt-text="Screenshot of the Turn-on Secure Score recommendations option." lightbox="media/classic-security-saas-choose-secure-score-main-instance.png":::
 
 For more information, see [SaaS security posture management (SSPM)](security-saas.md).
 
@@ -574,7 +584,7 @@ For more information, see [App governance in Microsoft Defender for Cloud Apps](
 
 Defender for Cloud Apps now supports SaaS security posture management (SSPM) across multiple instances of the same app. For example, if you have multiple instances of AWS, you can configure Secure Score recommendations for each instance individually. Each instance shows up as a separate item on the **App Connectors** page. For example:
 
-:::image type="content" source="media/security-saas-choose-secure-score-main-instance.png" alt-text="Screenshot of the Turn on Secure Score recommendations option." lightbox="media/classic-security-saas-choose-secure-score-main-instance.png":::
+:::image type="content" source="media/security-saas-choose-secure-score-main-instance.png" alt-text="Screenshot of the Turn-on Secure Score recommendations option." lightbox="media/classic-security-saas-choose-secure-score-main-instance.png":::
 
 For more information, see [SaaS security posture management (SSPM)](security-saas.md).
 

CloudAppSecurityDocs/release-notes.md

@@ -430,6 +430,10 @@ items:
       href: app-activity-threat-hunting.md
   - name: App governance FAQ
     href: app-governance-faq.yml
+- name: AI agents
+  items:
+  - name: Protect Copilot Studio agents in real time
+    href: real-time-agent-protection-during-runtime.md
 - name: View and manage applications
   items:
     - name: Assets