Discover and protect your AI Agents (Preview)

Microsoft Defender detects all Copilot Studio custom AI agents in your tenant and provides tools to identify misconfigured or potentially risky agents, and collects data from Copilot Studio for use in advanced hunting.

Prerequisites

To enable AI agent inventory and detection you must opt in to the Microsoft Defender preview features of:

• Microsoft Defender for Cloud Apps
• Microsoft Defender for Cloud
• Microsoft Defender XDR

Enable the Copilot Studio AI agent inventory

To enable the Copilot Studio AI agent inventory, follow these steps:

1. Sign in to the Microsoft Defender portal as the System Administrator.

2. Go to System > Settings > Cloud Apps > Copilot Studio AI Agents.

3. Turn on Copilot Studio AI Agents. Enabling Copilot Studio AI Agents confirms that you read the disclaimer and agree to use the Microsoft Defender AI agent protection features.

   

4. Work together with the Power Platform administrator to complete these steps in the Power Platform Portal:

   1. Go to Security -> Threat Protection.
   2. Select Microsoft Defender - Copilot Studio AI Agents.
   3. Turn on Enable Microsoft Defender - Copilot Studio AI Agents.

When Copilot Studio AI Agents are connected, a green indicator appears in the AI Agents Inventory section in the Microsoft Defender system settings. It can take up to 30 minutes for the initial connection status to update. Depending on the size and complexity of your environment, it might take longer to see the full deployment of the AI agent inventory.

Identify misconfigured or risky AI agents using advanced hunting

After you give Microsoft Defender access to your custom agents, you can use advanced hunting to help identify misconfigured or risky agents and minimize organizational exposure to potential threats.

See Proactively hunt for threats with advanced hunting in Microsoft Defender to learn how to use queries to proactively hunt for threats.

We recommend that you reach out to the owners of the risky agents for more information, and that you consider quarantining or deleting risky agents.

1. Sign in to the Defender portal, and go Investigation & response -> Hunting -> Advanced hunting.
2. In the Apps & identities section, the AIAgentsInfo table contains data for all your custom AI agents created using Copilot Studio. You can use this data to create custom queries.
3. You can use the collection of community queries to identify misconfigured or risky agents.
   1. Sign in to the Microsoft Defender portal.
   2. Go to Investigation & response -> Hunting -> Advanced hunting.
   3. In the Queries tab, select Community queries. The AI Agents folder contains queries related to AI agents. For more information, see Sample queries.

Related articles

• Protect your Copilot Studio custom AI Agents (Preview)
• Enable real-time protection for Microsoft Copilot Studio Agents