Real-time protection during agent runtime for Microsoft Copilot Studio AI agents (Preview)

2025-10-16

Overview

As AI agents become increasingly accessible through low-code/no‑code (LCNC) platforms like Microsoft Copilot Studio, organizations face new types of security risks at scale. These platforms empower non‑technical users to build and deploy custom agents without centralized security review or controls in place. Attackers can attempt to manipulate these agents by injecting malicious prompts, triggering unintended tool executions, or exploiting data sources to escalate privileges or exfiltrate data.

Capabilities

Real-time protection during agent runtime in Microsoft Defender reduces these risks by inspecting user messages before the agent runs any actions.

If Microsoft Defender determines that a prompt is suspicious:

The tool invocation is blocked before it runs.
The user gets notified that their message was blocked.
An informative alert is created and appears in the Microsoft Defender portal under XDR Incidents and Alerts.

This capability adds another security layer on top of Microsoft Copilot Studio, helping ensure AI agents remain resilient against evolving threats.

Note

Real-time protection during agent runtime currently supports only AI agents created with Microsoft Copilot Studio custom engine.

Prerequisites

Before enabling real-time agent protection during runtime, make sure:

You have a valid Microsoft Defender for Cloud Apps license.
You have Security Administrator privileges in the Microsoft Defender portal.

Note

The onboarding process for real-time protection during agent runtime involves configuration in Power Platform and collaboration with other administrators.

Important

This feature is currently in preview and included with your Microsoft Defender for Cloud Apps license at no extra cost. Licensing requirements may change when the feature becomes generally available. If that happens, the feature will be disabled, and you will be notified should you wish to re-enable it under the new license.

Turn on real-time protection during agent runtime

The following steps describe the Security Administrator’s required actions to enable real-time protection during agent runtime.

Sign in to the Microsoft Defender portal:
Navigate to System > Settings > Cloud Apps > Copilot Studio AI Agents.
Check the Microsoft 365 App Connector status:
- If the connector is already connected: Continue to step 5.
- If the connector isn’t connected:
  - Under Microsoft 365 connector, select Connect or Edit.
  - Select Microsoft Entra ID Management events and Microsoft 365 activities.
  - Select Connect Microsoft 365.
Important

If the Microsoft 365 connector isn’t properly connected, real-time agent protection during runtime continues to block suspicious activity on the AI agent. Alerts and incidents related to these actions won't show in the Microsoft Defender portal.
Make sure to collaborate with the following administrators:
- The Microsoft Entra Administrator needs to create a Microsoft Entra ID application and configure a Federated Identity Credential (FIC) using the URL provided in the Microsoft Defender portal. For more information, see: Authorize the Microsoft Entra application with your provider of choice.
- The Power Platform Administrator needs to enter the Application ID and URL in the Power Platform settings page. For more information, see: Enable external threat detection and protection for Copilot Studio custom agents.
Enter the App ID provided by your Power Platform administrator. The Application (client) ID, uniquely identifies your application and is used in your application's code as part of validating the security tokens it receives from the Microsoft identity platform.
Select Save.
Copy the URL provided.
Share the URL with the Power Platform administrator.

Quickstart: Create and deploy an agent

Feedback

Was this page helpful?