Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Some of the functionality described in this release plan has not been released. Delivery timelines may change and projected functionality may not be released (see Microsoft policy). Learn more: What's new and planned
| Enabled for | Public preview | General availability |
|---|---|---|
| Users by admins, makers, or analysts | 
Sep 4, 2025 |
Dec 2025 |
Business value
Custom agents created in Copilot Studio are secure by default. They include built-in protection against various threats, such as user-injected prompt attacks (UPIA) and cross-domain prompt injection attacks (XPIA), which block attacks of these types during the agent's run, and reduce the risk of data exfiltration. To further increase the monitoring capabilities and security of custom agents, Copilot Studio lets organizations configure external threat detection systems for enhanced oversight. These tools operate during the agent's run-time, continuously evaluating agent activity. If the system detects any tools or actions it deems suspicious, it can intervene to approve or block their execution, providing an extra layer of real-time protection and compliance enforcement.
Feature details
The extended threat protection feature for Copilot Studio custom agents gives organizations the flexibility to choose how they secure their agents against advanced threats. Customers can select Microsoft Defender, integrate with other trusted security partners, or develop and connect their own custom monitoring solutions. This “bring your own protection” approach ensures that each organization can tailor threat detection to its unique compliance, operational, and regulatory requirements. During agent runtime, the external system evaluates agent activity in real time, approving or blocking actions as needed to prevent threats such as prompt injection attacks and data exfiltration.
Enabling external threat protection: There are 3 steps for enabling the feature, as described in Enable external threat detection and protection for Copilot Studio custom agents. In short, these steps are:
- Register a Microsoft Azure Entra application: A Power Platform Administrator creates an Azure Entra app to securely authenticate between Copilot Studio and the chosen external security provider. This can be done using a provided PowerShell script or manually through the Azure portal. As part of the configuration of the app, you will need to provide a unique endpoint, provided to you by your security provider of choice.
- Authorize the Entra application: Make sure the external security provider has your Azure Entra application ID, and can authenticate with it. This step varies between security providers. Ask your provider of choice how to authorize your application with their system.
- Configure integration in Power Platform Admin Center The administrator enters the Azure Entra app details and the endpoint from the security partner in the Admin Center’s threat detection settings. Once enabled, Copilot Studio shares only the necessary runtime data with the external provider for real-time decision-making. The integration can be disabled at any time if requirements change.
External threat detection is available only for generative agents using generative orchestration (not classic agents). Organizations are responsible for ensuring their chosen provider’s data handling and compliance standards meet internal and regulatory requirements. This layered security model provides robust, real-time protection and gives customers full control over their agent security ecosystem.
Geographic areas
Visit the Explore Feature Geography report for Microsoft Azure areas where this feature is planned or available.
Language availability
Visit the Explore Feature Language report for information on this feature's availability.
Additional resources
Enable external threat detection and protection for Copilot Studio custom agents (preview) (docs)