Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Applies to: Microsoft Defender for Cloud Apps
This article is updated frequently to let you know what's new in the latest release of Microsoft Defender for Cloud Apps.
For more information on what's new with other Microsoft Defender security products, see:
- What's new in Microsoft Defender XDR
- What's new in Microsoft Defender for Endpoint
- What's new in Microsoft Defender for Identity
For news about earlier releases, see Archive of past updates for Microsoft Defender for Cloud Apps.
January 2026
Workday connector updated to least-privilege permission model
The Workday connector now requires only “View” permissions to function. We have removed the “Modify” permission requirement to better align with the principle of least privilege. While existing configurations will continue to work, admins are encouraged to update the Workday account settings to remove these unnecessary rights as a security best practice.
For more information see: How Defender for Cloud Apps helps protect your Workday environment
December 2025
Microsoft Defender for Cloud Apps permissions are now integrated with Microsoft Defender XDR Unified RBAC
Integration of Microsoft Defender for Cloud Apps permissions with Microsoft Defender XDR Unified RBAC is now available worldwide. For more information, see Map Microsoft Defender for Cloud Apps permissions to the Microsoft Defender XDR Unified RBAC permissions. To activate the Defender for Cloud Apps workload, see Activate Microsoft Defender XDR Unified RBAC.
Increased availability of App governance unused app insights feature (Preview)
The Microsoft Defender for Cloud Apps app governance unused app insights feature helps administrators identify and manage unused Microsoft 365-connected OAuth apps, enforce policy-based governance, and use advanced hunting queries for better security. This feature is now available for most commercial cloud customers. For more information, see Secure apps with app hygiene features.
November 2025
AI Agent Protection (Preview)
Microsoft Defender delivers comprehensive protection for AI agents, combining proactive exposure management with advanced threat detection. It automatically discovers AI agents created in Microsoft Copilot Studio and Azure AI Foundry, collects audit logs, continuously monitors for suspicious activity, and integrates detections and alerts into the XDR Incidents and Alerts experience with a dedicated Agent entity.
Copilot Studio AI agents
Defender ingests data from Copilot Studio agents into Advanced Hunting, enabling you to create custom queries and proactively hunt for threats. It also provides real-time protection by monitoring agent runtime and blocking harmful or suspicious actions, fully integrated with XDR incidents and alerts.
Azure AI Foundry AI agents
Defender monitors agents for misconfigurations and vulnerabilities, identifies potential attack paths, and delivers actionable security recommendations through Exposure Management to strengthen your AI security posture.
For more information, see Protect your AI agents (Preview).
September 2025
Real time protection during agent runtime for Microsoft Copilot Studio AI agents (Preview)
Microsoft Defender offers real-time protection during runtime for AI agents built with Microsoft Copilot Studio. This capability automatically blocks the agent’s response during runtime if a suspicious behavior like a prompt injection attack is detected, and notifies security teams with a detailed alert in the Microsoft Defender portal.
For more information, see Real-time protection during agent runtime for Microsoft Copilot Studio AI agents (Preview).
Next steps
- For a description of releases prior to those listed here, see Archive of past updates for Microsoft Defender for Cloud Apps
If you run into any problems, we're here to help. To get assistance or support for your product issue, please open a support ticket.