Listen to this Post
Introduction:
The Microsoft Agent 365 license includes an undervalued gem—the Security for AI → AI Security Posture feature—which allows organizations to verify agent risk across authentication, sharing, HTTP requests, hard-coded credentials, and orphaned agents. A critical table name change from `AIAgentsInfo` to `AgentsInfo` takes effect July 1st, making now the ideal time to master this posture management tool before existing queries break.
Learning Objectives:
- Enable and configure the AI Security Posture feature in Microsoft 365 Defender or Purview
- Query the `AgentsInfo` table (post‑July 1st) to identify unauthenticated, dormant, and overly permissive agents
- Mitigate top AI agent risks using PowerShell, KQL, Azure Policy, and Graph API
You Should Know:
- Enabling AI Security Posture & Understanding the Table Name Change
Step‑by‑step guide:
- Navigate to Microsoft 365 Defender → Settings → Cloud Apps → AI Security. Toggle “AI Posture Management” to On.
- For PowerShell automation, connect to Security & Compliance Center:
Connect-IPPSSession Get-AIComplianceSetting | Select-Object EnableAIPosture
- July 1st critical update: Any saved queries or custom detections referencing `AIAgentsInfo` must be updated to
AgentsInfo. Example KQL (Kusto Query Language) for hunting:AgentsInfo | where Timestamp >= datetime(2026-07-01) | project AgentName, RiskType, LastSeen
- Verify your environment’s table name now:
search "" | where $table has "Agent" | distinct $table
2. Hunting for Unauthenticated and Maker‑Credential Agents
Step‑by‑step guide:
- Agents with “No Authentication” or “Maker‑credentials” bypass proper identity controls. Query the posture table:
AgentsInfo | where RiskType in ("No Authentication", "Maker-credentials") | summarize Count = count() by AgentName, Owner - On Windows, use Microsoft Graph PowerShell to list service principals lacking authentication requirements:
Connect-MgGraph -Scopes "Application.Read.All" Get-MgServicePrincipal -Filter "appId eq 'null'" | Format-Table DisplayName, AppId
- Linux CLI (using `curl` with Graph API):
token=$(curl -X POST -d "client_id=...&scope=https://graph.microsoft.com/.default" ... | jq -r '.access_token') curl -X GET -H "Authorization: Bearer $token" "https://graph.microsoft.com/v1.0/servicePrincipals?$filter=appId eq null"
- Remediate by enforcing Azure AD Conditional Access policies requiring MFA for all agent service accounts.
3. Detecting Hard‑Coded Credentials in Agent Configurations
Step‑by‑step guide:
- The AI Security Posture feature flags agents with hard‑coded secrets. Enrich detection by scanning agent source code or environment variables:
Windows PowerShell - search for common credential patterns in agent folders Get-ChildItem -Path "C:\Agents\" -Recurse -Include .json,.env,.config | Select-String -Pattern "password|secret|key|token" -CaseSensitive
- Linux:
grep -r -E "password|secret|api_key|token" /opt/agents/ --include=".yaml" --include=".json"
- Use Azure Key Vault to rotate secrets:
az keyvault secret set --vault-1ame MyVault --1ame "AgentCredential" --value "NewSecret"
- Automate remediation: create an Azure Policy that denies agent deployment unless all secrets are referenced via Key Vault URI.
4. Analyzing HTTP Requests and Send Mail Risks
Step‑by‑step guide:
- Agents that send mail or make arbitrary HTTP requests can exfiltrate data. Query the `AgentsInfo` table for these risk types:
AgentsInfo | where RiskType in ("Send Mail", "HTTP Requests") | extend Endpoint = tostring(parse_json(Details).url) | project AgentName, Endpoint, LastActivity - Enable Microsoft 365 Defender alerts for anomalous outbound traffic:
New-M365DAlertRule -1ame "Agent HTTP Exfiltration" -Severity High -Query "EmailEvents | where SenderFrom contains '@agent' | where EmailDirection == 'Outbound'"
- For network isolation on Linux agents, use `iptables` to restrict outbound connections except to approved IPs:
iptables -A OUTPUT -p tcp -d 10.0.0.0/8 -j ACCEPT iptables -A OUTPUT -p tcp -j DROP
5. Managing Dormant or Orphaned Agents
Step‑by‑step guide:
- Identify agents inactive for >30 days:
AgentsInfo | where RiskType == "Dormant or Orphaned Agents" | where LastSeen < ago(30d) | project AgentName, Owner, LastSeen
- Automatically disable orphaned agents using Azure Automation runbook (PowerShell):
$orphaned = Invoke-AzKqlQuery "AgentsInfo | where RiskType == 'Orphaned' | project AgentId" foreach ($id in $orphaned) { Disable-AzAgent -AgentId $id } - On Windows, schedule a task to check agent heartbeat:
schtasks /create /tn "AgentHealthCheck" /tr "powershell -File C:\Scripts\Check-AgentHeartbeat.ps1" /sc daily /st 09:00
6. Securing Orchestration and MCP Server Usage
Step‑by‑step guide:
- MCP (Model Context Protocol) servers introduce supply chain risks. Query for agents using MCP:
AgentsInfo | where RiskType == "MCP Server usage" | extend ServerURL = tostring(parse_json(Details).mcp_endpoint)
- Harden orchestration by restricting agent-to-agent communication via Azure Private Link and NSG rules:
az network nsg rule create --1sg-1ame AgentNSG --1ame BlockMCPOutbound --priority 100 --direction Outbound --protocol TCP --destination-port-ranges 8080 --access Deny
- For Linux, use `auditd` to monitor MCP server invocations:
auditctl -w /usr/bin/mcp-server -p x -k mcp_execution ausearch -k mcp_execution
7. Remediation & Continuous Monitoring
Step‑by‑step guide:
- Deploy Azure Policy to enforce “no authentication” agents are automatically flagged and quarantined:
"policyRule": { "if": { "field": "Microsoft.Agent/riskType", "equals": "No Authentication" }, "then": { "effect": "deny" } } - Integrate Defender for Cloud’s AI workload protections:
az security workspace-setting create --1ame default --target-workspace "/subscriptions/.../workspaces/aiSecurity"
- Set up daily KQL reports emailed to SOC:
AgentsInfo | where Timestamp > ago(1d) | summarize Risks = make_set(RiskType) by AgentName | where array_length(Risks) > 0
What Undercode Say:
- Key Takeaway 1: The AI Security Posture feature is a game‑changer for agent visibility, but the July 1st table rename from `AIAgentsInfo` to `AgentsInfo` can break existing queries and dashboards—update them immediately.
- Key Takeaway 2: Hard‑coded credentials remain the 1 risk; even sophisticated AI agents are vulnerable without proper secret management using Azure Key Vault or similar.
- Analysis: Organizations rushing to deploy AI agents often overlook basic security hygiene. The Microsoft feature shifts left by embedding posture checks into the agent lifecycle. However, the name change suggests an evolving schema—teams must treat this as a live threat feed, not a one‑time audit. Combining this with CI/CD secret scanning, Conditional Access policies, and automated remediation workflows creates a defense‑in‑depth strategy. The real value lies in real‑time alerts for orphaned agents and MCP server usage, which are frequently missed in traditional CSPM tools.
Expected Output:
Introduction:
Microsoft’s Security for AI feature provides an overlooked but powerful posture management capability for Agent 365 licenses. By enabling the AI Security Posture feature and correctly querying the `AgentsInfo` table (renamed from `AIAgentsInfo` on July 1st), security teams can detect unauthenticated agents, hard‑coded secrets, and dangerous HTTP/Send Mail behaviors before they lead to a breach.
What Undercode Say:
- Key Takeaway 1: The table rename is a silent breaker; test all detection rules before July 1st.
- Key Takeaway 2: Dormant and orphaned agents often have outdated secrets—automate their removal.
Expected Output:
Prediction:
+N AI agent sprawl will drive demand for posture management as a standard feature in every enterprise license by 2027.
+N Microsoft will likely expand `AgentsInfo` to include real‑time risk scoring and integration with Copilot for Security.
-1 Failure to adapt queries by July 1st will lead to temporary blind spots for early adopters, potentially allowing undetected malicious agent activity.
+N Tooling like KQL queries and Azure Automation will become as fundamental for AI security as vulnerability scanners are for traditional assets.
-1 Attackers will increasingly target MCP servers and orchestration layers; expect supply chain attacks against popular agent frameworks within 12 months.
▶️ Related Video (76% Match):
🎯Let’s Practice For Free:
🎓 Live Courses & Certifications:
Join Undercode Academy for Verified Certifications
🚀 Request a Custom Project:
Secure, high-velocity infrastructure and disruptive technological engineering. Contact our engineering team for high-tier development and proprietary systems:
[email protected]
💎 Smart Architecture | 🛡️ Secure by Design | ⭐ Trusted by Thousands
IT/Security Reporter URL:
Reported By: Derkvanderwoude One – Hackers Feeds
Extra Hub: Undercode MoN
Basic Verification: Pass ✅
