Listen to this Post
Introduction:
Effective July 1, 2026, Microsoft is transitioning all AI agent security capabilities for Microsoft Copilot Studio and Microsoft Foundry agents to the new Microsoft Agent 365 license. Organizations without this license will lose critical discovery, posture management, threat detection, and real-time protection for their AI agents, with existing block rules automatically ceasing to function. This article provides a comprehensive technical guide to navigate this transition, including KQL migration, real-time protection reconfiguration, and third-party agent synchronization.
Learning Objectives:
- Master the migration of advanced hunting queries from the deprecated `AIAgentsInfo` table to the new `AgentsInfo` table in Defender XDR.
- Reconfigure real-time protection block policies under the new Security for AI Agents settings to prevent service disruption.
- Implement registry sync for third-party AI agents from platforms like AWS Bedrock and Google Vertex AI.
- Understanding the Scope: What’s Moving Under the Agent 365 License
Effective July 1, 2026, a Microsoft Agent 365 license is required for specific AI agent security capabilities. Tenants without this license will have these functionalities fully disabled.
Microsoft Copilot Studio Agents (previously via Defender for Cloud Apps (MDCA)):
– Agent discovery, security posture assessment, threat detection, real-time protection, and advanced hunting on agent activity will move to Agent 365.
Microsoft Foundry Agents (previously via Defender for Cloud):
- Discovery and security posture for cloud-hosted agents (including multi-cloud) and threat protection will require the Agent 365 license.
Important Clarifications:
- Defender CSPM will continue to discover Foundry accounts and projects, but agent-level discovery and posture require the new license.
- The Defender for AI Services plan continues to cover Foundry models like Azure OpenAI.
- Kusto Query Language (KQL) Migration: From AIAgentsInfo to AgentsInfo
The advanced hunting schema is undergoing a major change. The `AIAgentsInfo` table, originally built for Copilot Studio scenarios, is being deprecated and replaced by the new `AgentsInfo` table. This new table provides a unified schema for all agent types, including third-party agents.
Step‑by‑Step Migration Guide:
Step 1: Identify Affected Queries
- Log into the Microsoft Defender Portal.
- Navigate to Advanced Hunting.
- Review all saved queries, custom detection rules, and workbooks that reference
AIAgentsInfo. - Pay close attention to automation scripts or API calls that run queries externally.
Step 2: Understand Schema Changes
The column names have changed. Here are critical mappings:
– `AIAgentsInfo.AgentName` → `AgentsInfo.AgentName`
– `AIAgentsInfo.AgentId` → `AgentsInfo.AgentId`
– The new `AgentsInfo` table includes expanded fields like EntraAgentId, Permissions, Guardrails, and a `RawAgentInfo` JSON column for extensibility.
Step 3: Rewrite Your KQL Queries
Example of a legacy query:
// Old query on deprecated table AIAgentsInfo | where Timestamp > ago(7d) | project AgentName, Platform, AuthType
Updated query for the new `AgentsInfo` table:
// New query for AgentsInfo table AgentsInfo | where Timestamp > ago(7d) | project AgentName, Platform, ToolsAuthenticationType
Example of a more complex query to monitor agents with risky permissions:
// Identify agents with high-risk permissions
AgentsInfo
| where Timestamp > ago(1d)
| where PublishedStatus == "Published"
| mv-expand Permissions
| where Permissions.ApprovedStatus has_any ("HighRisk", "AdminConsent")
| project AgentName, Platform, Owners, Permissions
| take 100
Step 4: Validate and Update
- In-Defender Queries: Saved queries and custom detection rules within the Microsoft Defender portal will be automatically updated by Microsoft.
- External Queries: You must manually update all queries run via the API, Logic Apps, Power Automate, or any third-party SIEM tools that ingest Defender XDR data.
Verification Command (PowerShell):
Example: Use Graph API to test updated query (authenticate first)
$query = "AgentsInfo | take 10"
$body = @{ Query = $query } | ConvertTo-Json
Invoke-MgGraphRequest -Method POST -Uri "https://api.security.microsoft.com/api/advancedhunting/run" -Body $body -ContentType "application/json"
- Real-Time Protection (RTP) Gotcha: Rebuilding Your Block Rules
This is the most critical operational change. If you currently have real-time protection rules configured to Block malicious AI agent actions, these rules will stop blocking on July 1, 2026. Alerts from these legacy rules will move to the `BehaviorInfo` table in advanced hunting.
How to Preserve Blocking Capabilities:
Step 1: Wait for the New Policy Experience
- Do not delete your old rules yet. They will continue to function in Audit mode until the deadline.
- The new policy location will be available starting July 1, 2026.
Step 2: Re-create Block Rules in the New Console
– Navigate to Microsoft Defender Portal > System > Settings > Security for AI > Policies.
– Create a new Real-time protection policy.
– Select the agents or agent types you want to target (e.g., All Copilot Studio Agents).
– Define the conditions and actions. Crucially, set the action to Block.
– Enable the policy.
Step 3: Migrate Alert Monitoring to BehaviorInfo Table
Legacy RTP alerts will be logged in the `BehaviorInfo` table. Update your monitoring and SOAR playbooks to query this new source.
// Hunting for real-time protection blocks post-migration BehaviorInfo | where Timestamp > ago(1d) | where ActionType == "AgentActionBlocked" | where ServiceSource == "DefenderForCloudApps" | project Timestamp, , Description, AttackTechniques, AdditionalFields
4. Third-Party Cloud Agent Synchronization (Registry Sync)
Previously, some third-party cloud agents could be discovered via Defender for Cloud connectors. Post-transition, you must configure Registry Sync in the Microsoft 365 admin center to maintain visibility.
Supported Platforms:
- Amazon Bedrock
- Google Vertex AI
Step‑by‑Step Configuration Guide:
Step 1: Access Registry Sync
- Open the Microsoft 365 admin center.
- Navigate to Agents > All Agents.
- In the Registry sync web part, select Manage.
Step 2: Create a Platform Connection
- Select + Connect a platform.
- Enter a connection name and description.
- Select the external platform (e.g., Amazon Bedrock).
- Provide the required authentication credentials:
- For AWS: AWS Region, Access Key ID, Secret Access Key.
- Ensure the IAM user has permissions for
bedrock:ListAgents,bedrock:GetAgent,bedrock:ListAgentAliases, etc.. - Validate credentials and save the connection.
Step 3: Trigger Synchronization
- After successful validation, select the Sync agents button to perform an initial import.
- Agents from the connected environment will appear in the agent registry for centralized management.
5. Practical Preparation Checklist and Validation
Before the July 1, 2026 cutover, work through this verification list:
- License Verification: Confirm your tenant has an Agent 365-eligible license. An admin-led trial with 25 seats for 30 days is available.
- KQL Validation: Run your updated queries against the new `AgentsInfo` and `BehaviorInfo` tables to ensure they return expected data.
- Policy Audit: Review all existing real-time protection rules. Document which ones are set to `Block` and need to be recreated.
- Third-Party Sync: Test the registry sync connection for any third-party AI platforms in use.
- Monitoring Update: Ensure your SIEM or SOAR solutions are ingesting and parsing data from the new `BehaviorInfo` table for real-time protection alerts.
Verification Script (Bash):
Use Defender XDR API to test KQL queries
!/bin/bash
tenant_id="your-tenant-id"
client_id="your-client-id"
client_secret="your-client-secret"
resource="https://api.security.microsoft.com"
query="BehaviorInfo | where Timestamp > ago(1h) | take 10"
token=$(curl -s -X POST https://login.microsoftonline.com/$tenant_id/oauth2/token -d "resource=$resource&client_id=$client_id&client_secret=$client_secret&grant_type=client_credentials" | jq -r '.access_token')
curl -X POST https://api.security.microsoft.com/api/advancedhunting/run -H "Authorization: Bearer $token" -H "Content-Type: application/json" -d "{\"Query\": \"$query\"}"
What Undercode Say:
- The migration is non-1egotiable and carries risk. The deprecation of `AIAgentsInfo` is not a simple rename; the schema has evolved, requiring hands-on KQL rewriting, especially for columns like `AuthType` and
Permissions. Organizations relying on automated API queries face significant breakage if not addressed. - Real-time protection is the biggest hidden trap. Many security teams assume existing block policies will carry over. The post explicitly highlights that they will stop blocking, forcing a complete policy rebuild in a new UI. This creates a dangerous protection gap that must be filled immediately on July 1st, or organizations will run blind.
Prediction:
- -1 Service Disruptions for Unprepared Organizations: A significant number of enterprises will fail to migrate their custom KQL queries and third-party sync configurations by the deadline, leading to a temporary loss of visibility into their AI agent security posture and threat detection capabilities.
- -1 Real-Time Protection Gap Creates a Window of Vulnerability: The requirement to manually rebuild all block rules in the new “Security for AI” policy settings will catch many SOC teams off guard, creating a high-risk window where malicious agent actions may be audited but not prevented.
- +1 Acceleration of Centralized AI Governance: The consolidation of AI security under the Agent 365 license will force organizations to adopt a more formal, centralized governance model for AI agents, ultimately leading to stronger, more standardized security postures and driving adoption of Microsoft’s unified security ecosystem.
▶️ Related Video (68% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Sami Lamppu – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
