At RSA Conference (RSAC) 2026, Microsoft showcased its evolving strategy for AI-powered cybersecurity and protection for AI ecosystems through announcements focused on five key strategic areas.
In agentic AI-driven security operations, Microsoft expanded Security Copilot with agentic capabilities across Defender, Sentinel, Entra, and Purview to automate investigation, triage, and response workflows. Microsoft also introduced Security Alert Triage Agent and Security Analyst Agent to support autonomous analysis and multi-step investigations across phishing, identity, and cloud alerts. It also embedded Copilot chat experiences within Defender to improve contextual investigation and Security Operations Center (SOC) productivity.
In security for AI and AI agent governance, Microsoft introduced Agent 365 as a centralized control plane for AI agents, along with a new Security Dashboard for AI that provides visibility into AI-related risks. Microsoft also expanded Purview and Entra capabilities to prevent sensitive data exposure in AI prompts, detect shadow AI use, and secure AI interactions across enterprise environments.
In AI-powered detection and cloud security, Microsoft Defender enhancements included agentic triage across identity and cloud alerts, expanded multi-cloud visibility across Amazon Web Services (AWS) and Google Cloud Platform (GCP), AI model scanning, predictive security capabilities, and Copilot-driven SOC workflows to accelerate detection and response. These updates reflect Microsoft’s continued emphasis on AI-assisted and cloud-native security operations.
In AI-driven security information and event management and data integration, Microsoft Sentinel introduced AI-powered automation and natural-language playbook generation, along with enhancements in data federation and integration through Microsoft Fabric. Microsoft also expanded multi-tenant management, delegated access capabilities, and connector integrations to improve SOC efficiency and centralized operations.
In identity security and cyber resilience, Microsoft Entra introduced external multifactor authentication support for third-party authentication providers, prompt injection protection for AI interactions, tenant governance and identity resilience enhancements, and expanded passkey and passwordless authentication support.
Collectively, these launches position Microsoft to address growing enterprise priorities around agentic AI security, AI-driven SOC automation, and governance of AI agents and workloads through an integrated security ecosystem. Enterprises will continue to expect greater clarity on operational readiness, data-residency implications, licensing complexities, and interoperability across heterogeneous multi-cloud environments.
Some reports are complimentary and others require a qualifying membership.
