Enable Defender real-time agent protection during runtime
Implementation Effort: Medium – Requires coordination between security administrators in the Defender portal and Power Platform administrators to complete the onboarding, including configuring a Microsoft Entra ID application and connecting the Microsoft 365 app connector.
User Impact: Low – Agents are protected transparently; users interacting with agents see blocked responses only when malicious prompts are detected.
Overview
Low-code and no-code platforms like Microsoft Copilot Studio allow non-technical users to build and deploy custom agents without centralized security review. These agents can access organizational data, invoke external tools, and execute actions on behalf of users. Threat actors can exploit this by injecting malicious prompts that trigger unintended tool executions, escalate privileges, or exfiltrate data through the agent's own capabilities. The challenge is that the agent creators often lack the security expertise to anticipate these attack vectors, and the security team has no visibility into what agents are doing at runtime.
Defender real-time agent protection addresses this by inspecting tool invocations before the agent executes them. If the request is determined to be suspicious, the tool invocation is blocked before it runs, the user is notified, and a security alert is generated in the Defender portal. This shifts the protection from the agent builder — who may not know how to implement input validation — to the platform layer, where the security team controls the policy.
This supports Assume breach by intercepting malicious agent activity at runtime, preventing a compromised or manipulated agent from executing harmful actions even if its configuration was not designed to resist prompt injection. It supports Verify explicitly by evaluating each tool invocation against threat signals before allowing execution, rather than trusting that the agent's own logic will reject malicious inputs. Without this protection, agents built on low-code platforms operate with no runtime security inspection, and threat actors can weaponize them as execution vectors within the organization.