Microsoft Copilot Studio - Strengthen security of Copilot Studio agents with additional threat protection

Message Center ID: MC1180712
Power Platform
Stay Informed
New feature
December 2025

Details

Update: Release of this feature has been updated.

We are announcing the ability to strengthen security of Copilot Studio agents with additional threat protection in Microsoft Copilot Studio. This feature will reach general availability on December 10, 2025.

How does this affect me?
This feature allows you to configure external threat detection systems for enhanced oversight. These tools operate during the agent's run-time, continuously evaluating agent activity. If the system detects any tools or actions it deems suspicious, it can intervene to approve or block their execution, providing an extra layer of real-time protection and compliance enforcement.

With the flexibility provided by this feature, users can select Microsoft Defender, integrate with other trusted security partners, or develop and connect your own custom monitoring solutions. Admins can enable this feature using the following steps:
  1. Register a Microsoft Entra application: A Power Platform Administrator creates an Entra app to securely authenticate between Copilot Studio and the chosen external monitoring provider. This can be done using a provided PowerShell script or manually through the Azure portal.
  2. Configure integration in Power Platform Admin Center: The administrator enters the Entra app details and the REST API endpoint from the security partner in the Admin Center’s threat detection settings.
Once enabled, Copilot Studio shares only the necessary runtime data with the external provider for real-time decision-making. The integration can be disabled at any time if requirements change. External threat detection is available only for generative agents using generative orchestration (not classic agents).

Organizations are responsible for ensuring their chosen provider’s data handling and compliance standards meet internal and regulatory requirements.

What action do I need to take?
This message is for awareness, and no action is required.

If you would like more information on this feature, please visit the Enable external threat detection and protection for Copilot Studio custom agents (preview).

Change History

Published: October 27, 2025
Last Updated: November 3, 2025
November 3, 2025 at 4:30 PM Updated
Last Updated Date
Previous
2025-10-27T14:32:55.513Z
New
2025-11-03T15:01:32.403Z
Body Content
Previous
We are announcing the ability to strengthen security of Copilot Studio agents with additional threat protection in Microsoft Copilot Studio. This feature will reach general availability on November 28, 2025.

How does this affect me?
This feature allows you to configure external threat detection systems for enhanced oversight. These tools operate during the agent's run-time, continuously evaluating agent activity. If the system detects any tools or actions it deems suspicious, it can intervene to approve or block their execution, providing an extra layer of real-time protection and compliance enforcement.

With the flexibility provided by this feature, users can select Microsoft Defender, integrate with other trusted security partners, or develop and connect your own custom monitoring solutions. Admins can enable this feature using the following steps:
  1. Register a Microsoft Entra application: A Power Platform Administrator creates an Entra app to securely authenticate between Copilot Studio and the chosen external monitoring provider. This can be done using a provided PowerShell script or manually through the Azure portal.
  2. Configure integration in Power Platform Admin Center: The administrator enters the Entra app details and the REST API endpoint from the security partner in the Admin Center’s threat detection settings.
Once enabled, Copilot Studio shares only the necessary runtime data with the external provider for real-time decision-making. The integration can be disabled at any time if requirements change. External threat detection is available only for generative agents using generative orchestration (not classic agents).

Organizations are responsible for ensuring their chosen provider’s data handling and compliance standards meet internal and regulatory requirements.

What action do I need to take?
This message is for awareness, and no action is required.

If you would like more information on this feature, please visit the Enable external threat detection and protection for Copilot Studio custom agents (preview).
New
Update: Release of this feature has been updated.

We are announcing the ability to strengthen security of Copilot Studio agents with additional threat protection in Microsoft Copilot Studio. This feature will reach general availability on December 10, 2025.

How does this affect me?
This feature allows you to configure external threat detection systems for enhanced oversight. These tools operate during the agent's run-time, continuously evaluating agent activity. If the system detects any tools or actions it deems suspicious, it can intervene to approve or block their execution, providing an extra layer of real-time protection and compliance enforcement.

With the flexibility provided by this feature, users can select Microsoft Defender, integrate with other trusted security partners, or develop and connect your own custom monitoring solutions. Admins can enable this feature using the following steps:
  1. Register a Microsoft Entra application: A Power Platform Administrator creates an Entra app to securely authenticate between Copilot Studio and the chosen external monitoring provider. This can be done using a provided PowerShell script or manually through the Azure portal.
  2. Configure integration in Power Platform Admin Center: The administrator enters the Entra app details and the REST API endpoint from the security partner in the Admin Center’s threat detection settings.
Once enabled, Copilot Studio shares only the necessary runtime data with the external provider for real-time decision-making. The integration can be disabled at any time if requirements change. External threat detection is available only for generative agents using generative orchestration (not classic agents).

Organizations are responsible for ensuring their chosen provider’s data handling and compliance standards meet internal and regulatory requirements.

What action do I need to take?
This message is for awareness, and no action is required.

If you would like more information on this feature, please visit the Enable external threat detection and protection for Copilot Studio custom agents (preview).

Never Miss a Microsoft 365 Update

Join thousands of IT professionals who rely on DeltaPulse for real-time Microsoft 365 change intelligence, automated notifications, and community insights.

View Full Details Sign Up Free