Listen to this Post
Introduction:
Microsoft’s deprecation of the `AIAgentsInfo` Advanced Hunting table on July 1, 2026, is not a simple table rename—it is a complete schema overhaul that will render existing security queries, custom detections, and automated playbooks inoperable. The new `AgentsInfo` table, powered by Microsoft Agent 365, introduces a unified schema for Copilot Studio, Microsoft Foundry, third-party agents, and endpoint-discovered agents, but its column names, data types, and primary key have fundamentally changed. Security teams that fail to validate and rewrite their queries before the cutoff will face blind spots in AI agent inventory, compliance gaps, and broken detection rules—a risk that demands immediate technical action.
Learning Objectives:
- Understand the architectural differences between `AIAgentsInfo` and the new `AgentsInfo` table, including column mappings, data type changes, and the shift to a unified schema.
- Master Kusto Query Language (KQL) migration patterns to rewrite existing queries, with specific examples for inventory, risk assessment, and attack-surface review.
- Identify licensing and configuration prerequisites for Microsoft Agent 365, including preview feature toggles and the new Security for AI policy engine.
You Should Know:
1. The Schema Shock: Why Find-and-Replace Will Fail
The transition from `AIAgentsInfo` to `AgentsInfo` is a structural migration, not a cosmetic update. The old table was built exclusively for Copilot Studio during Microsoft’s AI agent security preview, with platform-specific columns like UserAuthenticationType, IsGenerativeOrchestrationEnabled, and AgentTopicsDetails. The new table consolidates data from multiple sources—Copilot Studio, Microsoft Foundry, Microsoft 365 Copilot, third-party agents, and endpoint-discovered agents—into a single schema with renamed, split, and retyped columns.
Critical column changes include:
– `AIAgentId` → `AgentId` (primary key renamed)
– `AgentStatus` → split into `PublishedStatus` (Draft/Published) and `LifecycleStatus` (Active/Blocked/Uninstalled/Deleted)
– `IsBlocked` (boolean) → removed; use `LifecycleStatus != “Blocked”` instead
– `RawAgentInfo` (string) → now a dynamic JSON column, enabling schema evolution without data loss
– `Model` → now a first-class column; previously buried in JSON
– `McpServers` → now a first-class dynamic column for Model Context Protocol servers
Microsoft has not published an official field-by-field crosswalk. The mappings provided in this guide are derived from schema comparison and community testing—many community queries failed entirely due to nonexistent columns.
Step-by-Step Migration Guide:
Step 1: Audit Your Existing Queries
Run this discovery query to list all saved custom detection rules, workbooks, and automation referencing AIAgentsInfo:
// Find all saved queries referencing the old table (run in Defender Advanced Hunting) Search "AIAgentsInfo"
Manually review each query and document which columns are used.
Step 2: Validate the New Schema
Before rewriting, inspect the new table structure:
// Preview AgentsInfo schema and sample data AgentsInfo | take 10 | project-keep
Compare column names against your old queries. Note that `RawAgentInfo` is now dynamic—use direct access (e.g., RawAgentInfo.modelNameHint) instead of parse_json().
Step 3: Rewrite Inventory Queries
Old query (breaks after July 1):
AIAgentsInfo | summarize arg_max(Timestamp, ) by AIAgentId | where AgentStatus != "Deleted" | project AIAgentName, Platform, AIModel, EntraObjectId, IsBlocked
New query (validated):
AgentsInfo | summarize arg_max(Timestamp, ) by AgentId | where LifecycleStatus != "Deleted" | project Name, Platform, Model, AgentId, LifecycleStatus, PublishedStatus
Step 4: Identify High-Risk Agents (Prompt Injection Vulnerability)
Agents with missing system prompts are at risk of prompt injection:
AgentsInfo | summarize arg_max(Timestamp, ) by AgentId | where PublishedStatus == "Published" | where LifecycleStatus != "Blocked" | where isempty(Instructions) or Instructions == "N/A" | project AgentId, Name, LifecycleStatus, PublishedStatus, Model, Platform
Step 5: Review MCP Server Attack Surface
Model Context Protocol servers introduce external connectivity risks:
AgentsInfo | summarize arg_max(Timestamp, ) by AgentId | where LifecycleStatus != "Deleted" | where array_length(McpServers) > 0 | mv-expand server = McpServers | project AgentId, Name, Platform, Server = server
Step 6: Test and Validate
After rewriting, run each query in the Defender portal’s Advanced Hunting interface. Compare result sets against historical data to ensure completeness.
- Licensing and Configuration Prerequisites – The Hidden Gatekeeper
Effective July 1, 2026, the `AgentsInfo` table is exclusively powered by Microsoft Agent 365. Without an eligible license (e.g., Microsoft 365 E7), queries return no results. Additionally, two critical toggles must be enabled:
- Preview features: Settings → Microsoft Defender XDR → Preview features (must be ON)
- Security for AI toggle: Post-cutover, this is the tenant-wide master switch; when OFF, `AgentsInfo` queries are disabled
Enforcement Changes Beyond the Table:
- Block mode enforcement ends: Existing real-time protection rules stop actively blocking after July 1
- Detection data moves: AI security events migrate to the new `BehaviorInfo` table
- Policies must be recreated: Existing block rules need reconfiguration in the new Security for AI policy engine
Step-by-Step Configuration Guide:
Step 1: Verify License Assignment
Run this PowerShell command (Exchange Online module) to check Agent 365 license assignment:
Get-MgUser -UserId "[email protected]" -Property LicenseDetails | Select-Object -ExpandProperty LicenseDetails
Look for `AGENT_365` or `E7` SKU.
Step 2: Enable Preview Features
Navigate to Microsoft Defender XDR portal → Settings → Microsoft Defender XDR → Preview features → Toggle ON.
Step 3: Enable Security for AI
Navigate to Settings → Security for AI → Toggle ON. This enables the `AgentsInfo` table and related detection capabilities.
Step 4: Recreate Block Rules
Access Security for AI → Policies → Create new policy. Configure block rules for suspicious agent behaviors (e.g., unauthorized data access, anomalous authentication patterns).
Step 5: Validate Data Flow
Run a test query to confirm data is populating:
AgentsInfo | where Timestamp > ago(1h) | count
If count = 0, verify license and toggles.
- The Copilot Studio Query Gap – What Cannot Be Migrated
Despite Microsoft’s auto-migration for queries saved inside the Defender portal, many specific Copilot Studio queries cannot be migrated to the new `AgentsInfo` table. Examples include queries that relied on:
– `No Authentication` – authentication type no longer represented in the unified schema
– `Maker-credentials` – credential fields restructured or removed
– Platform-specific columns like `UserAuthenticationType` and `IsGenerativeOrchestrationEnabled`
Why Auto-Migration Fails:
The migration has to map a Copilot Studio–shaped schema onto a unified one where columns were renamed, split, and retyped. Microsoft’s auto-migration treats every migrated query as suspect—many will still require validation, and some cannot be migrated at all.
Step-by-Step Validation for Auto-Migrated Queries:
Step 1: Identify Auto-Migrated Queries
In Defender portal, navigate to Hunting → Custom detection rules. Filter by rules modified after the migration date.
Step 2: Run Each Query in Isolation
Execute each auto-migrated query and compare results to pre-migration baselines. Look for:
– Empty result sets (columns missing)
– Type mismatch errors (e.g., string vs. dynamic)
– Unexpected NULL values
Step 3: Rewrite Using New Columns
Refer to the column mapping derived from schema comparison. Common replacements:
– `UserAuthenticationType` → `ToolsAuthenticationType` (structured summary of auth model)
– `IsBlocked` → `LifecycleStatus != “Blocked”`
– `AIModel` → `Model`
– `parse_json(RawAgentInfo).x` → `RawAgentInfo.x` (direct access)
Step 4: Test the “Top Risk” Copilot Studio Query
This recommended query identifies published Copilot Studio agents with elevated risk:
AgentsInfo | summarize arg_max(Timestamp, ) by AgentId | where Platform == "Copilot Studio" | where PublishedStatus == "Published" | project Name, Owners, SharedWith, ToolsAuthenticationType, Permissions, DeclaredTools, McpServers
- Command-Line and API Verification for AI Agent Security
Beyond KQL, security teams should validate agent configurations and permissions using Microsoft Graph API and PowerShell.
Graph API – List Entra ID Agent Applications:
List all enterprise applications (agents registered in Entra ID) Get-MgServicePrincipal -All | Select-Object DisplayName, AppId, Id
Graph API – Check Agent Permissions:
Get delegated permissions for a specific agent (service principal) Get-MgServicePrincipalAppRoleAssignment -ServicePrincipalId "agent-object-id" | Select-Object PrincipalDisplayName, ResourceDisplayName, AppRoleId
PowerShell – Validate Agent 365 License:
Check if a user has Agent 365 license assigned $user = Get-MgUser -UserId "[email protected]" -Property AssignedLicenses $user.AssignedLicenses.SkuId | ForEach-Object { Get-MgSubscribedSku -SkuId $_ }
Azure CLI – List AI Agent Resources:
List AI Foundry projects (agents) az ml project list --resource-group "rg-1ame" --workspace-1ame "workspace-1ame"
KQL – Detect Agents with Overprivileged Permissions:
AgentsInfo | summarize arg_max(Timestamp, ) by AgentId | where LifecycleStatus == "Active" | where Permissions contains "Read.All" or Permissions contains "Write.All" | project Name, Platform, Permissions, ToolsAuthenticationType
5. Post-Migration Monitoring and Continuous Validation
After the July 1 cutoff, security teams must establish continuous monitoring to detect broken queries, licensing gaps, and new attack surfaces introduced by Agent 365.
Step 1: Set Up Alerting for Empty Query Results
Create a detection rule that triggers when `AgentsInfo` queries return zero results for more than 1 hour—indicating licensing or configuration issues.
Step 2: Monitor `BehaviorInfo` for AI Security Events
AI security events now flow to the new `BehaviorInfo` table. Create hunting queries to detect anomalous agent behaviors:
BehaviorInfo | where Timestamp > ago(24h) | where ActionType contains "Agent" | summarize Count = count() by AgentId, ActionType | where Count > 100 // threshold for anomaly detection
Step 3: Validate Block Rules in the New Policy Engine
After recreating block rules in the Security for AI policy engine, test with simulated attack scenarios (e.g., prompt injection payloads, excessive data exfiltration attempts).
Step 4: Schedule Monthly Schema Reviews
The `RawAgentInfo` dynamic JSON column allows schema evolution without data loss. Review this column monthly to identify new fields that may require updated queries or detection rules.
What Undercode Say:
- Key Takeaway 1: The `AIAgentsInfo` → `AgentsInfo` migration is a schema overhaul, not a rename. Find-and-replace will fail. Every query must be manually validated and rewritten using the new column mappings and data types.
- Key Takeaway 2: Licensing is the new gatekeeper. Without Microsoft Agent 365 (E7) licenses and enabled preview features, `AgentsInfo` queries return no data—rendering AI security monitoring blind post-cutover.
Analysis:
The deprecation of `AIAgentsInfo` represents a strategic shift by Microsoft toward unified AI agent governance through Agent 365. While the unified schema improves visibility across Copilot Studio, Foundry, and third-party agents, it introduces significant migration friction. Security teams face a tight deadline with incomplete documentation—Microsoft has not published an official column crosswalk, leaving practitioners to derive mappings through schema comparison and trial-and-error. The licensing requirement effectively monetizes AI security capabilities, potentially creating budget barriers for smaller organizations. The most critical risk is the “silent failure” mode: auto-migrated queries may appear functional but return incomplete or incorrect results, creating false confidence in AI agent security posture. Organizations must treat every migrated query as suspect and establish post-migration validation workflows to detect data gaps. The transition also forces a policy rewrite—existing block rules must be recreated in the new Security for AI engine, a non-trivial effort that requires re-engineering detection logic.
Prediction:
- -1: Widespread query failures on July 1, 2026 will catch many organizations off-guard, leading to temporary blind spots in AI agent inventory and detection coverage. The lack of an official column mapping from Microsoft will exacerbate this, with many security teams scrambling to rewrite queries post-cutoff.
- +1: The unified `AgentsInfo` schema will enable cross-platform AI agent security monitoring that was previously impossible, allowing security teams to correlate threats across Copilot Studio, Foundry, and third-party agents in a single hunting interface.
- -1: Licensing costs will create a two-tier AI security landscape, where well-funded enterprises maintain visibility while smaller organizations may opt out of Agent 365, increasing their exposure to AI-specific threats.
- +1: The `RawAgentInfo` dynamic JSON column is a forward-looking design that allows Microsoft to evolve the schema without breaking queries, reducing the likelihood of future migration pain and enabling faster feature rollouts.
- -1: The transition of block rules to a new policy engine will create a temporary enforcement gap—existing rules stop blocking on July 1, and if not recreated in the Security for AI policy engine, organizations will lose real-time protection against malicious AI agent behaviors.
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Derkvanderwoude I – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
