Copilot Studio Adds Near-Real-Time Security Controls for AI Agents -- Visual Studio Magazine

Copilot Studio Adds Near-Real-Time Security Controls for AI Agents

By David Ramel
09/08/2025

Microsoft has introduced advanced near-real-time protection for AI agents in Copilot Studio, now in public preview, enabling organizations to monitor and control agent actions as they execute.

Copilot Studio is part of Microsoft's Power Platform. It's a low-code tool for creating and customizing AI copilots and agents that can integrate into business workflows.

**[Click on image for larger view.]** Microsoft Copilot Studio *(source: Microsoft).*

Strengthening AI Agent Security
Copilot Studio already includes built-in protections against prompt injection attacks, but Microsoft said some organizations require "deeper oversight and proactive, responsive control." The new capability lets organizations connect their own monitoring systems -- such as Microsoft Defender, third-party security providers, or custom-built tools -- to evaluate and block unsafe agent actions during runtime.

How It Works
When a user prompt is received, the agent formulates a plan that includes the tools and actions it will use. Before execution, Copilot Studio sends this plan to the connected monitoring system via API call, including prompt and chat history, tool inputs, and metadata such as agent ID and tenant ID. The system has one second to approve or block the action. If blocked, the agent stops and informs the user; if approved, the agent continues without disruption. If no response is returned in time, the agent assumes approval.

Admins can configure monitoring through the Power Platform Admin Center and apply protections across multiple environments without code. Copilot Studio also produces detailed audit logs of each interaction with the external system, which can be used to track attempted breaches, refine policies, and improve agent security strategies.

Default and Advanced Protections
Copilot Studio agents are "secure by default," with defenses against cross prompt injection attacks (XPIA) and user prompt injection attacks (UPIA). The new near-real-time protection adds an extra layer of oversight for organizations with advanced compliance or industry requirements.

Availability
The public preview is rolling out worldwide and will be available to all customers by Sept. 10, 2025. Setup guidance is available in the Sept. 8 announcement, along with additional resources including:

About the Author

David Ramel is an editor and writer at Converge 360.

Printable Format

comments powered by Disqus

Featured

Infragistics Puts MCP Toolchain at Center of Ultimate 26.1

Infragistics Ultimate 26.1 introduces the Ignite UI Enterprise MCP toolchain for AI-assisted app development across Angular, React, Web Components and Blazor.
VS Code 1.125 Adds Copilot Spend Meter After Billing Shock

VS Code 1.125 adds in-editor visibility into additional Copilot budget usage as GitHub's AI-credit billing model continues to draw developer scrutiny.
TypeScript 7.0 RC Moves Microsoft's Go Rewrite Into the Mainline Compiler

Microsoft's Go-based TypeScript rewrite has reached Release Candidate status, moving from a separate native-preview package into the regular TypeScript npm package while leaving some ecosystem-facing API work for TypeScript 7.1 or later.
Microsoft Highlights Visual Studio Live! Event Lineup and Longtime Developer Community Role

A Microsoft MVP Blog post on Visual Studio Live!'s longevity arrives as the 2026 conference series continues with upcoming stops at Microsoft HQ, San Diego and Orlando.