Skip to main content

Review AI agent, model, and app inventory

Implementation Effort: Low – Uses the AI inventory page in Microsoft Security Dashboard for AI to review already-discovered assets; no new deployment required.
User Impact: Low – Admin review activity; end users are not affected.

Overview

AI assets proliferate quickly. Teams deploy Copilot Studio agents, provision Azure OpenAI models, integrate third-party AI applications, and stand up MCP servers — often without centralized security oversight. If the security team cannot see what AI assets exist, who owns them, and what data they access, it cannot assess whether those assets meet organizational security and compliance requirements. Shadow AI — agents and apps operating outside governed channels — is particularly dangerous because it bypasses every control the organization has established.

The AI inventory page in Microsoft Security Dashboard for AI consolidates discovered AI agents, models, MCP servers, and other AI applications into a single view. For each asset, the inventory surfaces key details: agent activities, sensitivity of data interactions, security configuration status, and user access patterns. Security teams can filter by asset type or risk level, select any asset for detailed configuration and compliance review, and export filtered views for reporting. The inventory draws from Agent 365 Registry for agent metadata and Microsoft Purview DSPM for AI for data interaction insights.

This supports Verify explicitly by making the full population of AI assets visible so security teams can validate each one against access and data handling policies. It supports Assume breach by ensuring that no AI workload operates undetected, which is the prerequisite for every subsequent risk assessment and remediation step. Without reviewing this inventory, the organization cannot know what it needs to protect, and unmanaged AI assets become blind spots that threat actors can exploit without triggering any alert.

For organizations that build and deploy agents through Microsoft Foundry, the Foundry Control Plane Assets pane provides a complementary inventory focused on Azure-hosted AI assets across Foundry projects within a subscription. While the Microsoft Security Dashboard for AI surfaces inventory through a security lens — risk findings, configuration gaps, and compliance status — the Foundry Control Plane Assets pane surfaces inventory through an operational lens — health scores, cost, token usage, evaluation results, and drift metrics. An agent built in Foundry and published to Microsoft 365 users appears in both views, but each view answers different questions. The Security Dashboard answers whether the agent is secure. Foundry Control Plane answers whether the agent is healthy, compliant, and cost-efficient. Organizations running agents at scale across multiple Foundry projects should review both views to get complete visibility into their AI estate.

Reference