Identity Security Insights 25.09.1

This release turns AI from a black box into an accountable part of your security posture with unified visibility, risk insight, and guided remediation – plus two new reports that strengthen your overall identity security strategy.

AI Security now in Insights

We’ve added a new AI Security section to the Insights. It provides direct access to AI Agents and Agent Inventory for monitoring and managing agent activity and privileges in one place.

Why it matters

As AI agents become more common across development and business workflows, security teams need clear visibility into how these agents operate. Without oversight, agents interacting with tools, or even other agents, can unintentionally create complex privilege chains that pose real security risks. The new AI Security section helps surface and manage these risks before they escalate.

Supported providers: Azure (AI Foundry, Copilot Studio), AWS (Bedrock), and Salesforce (Agentforce). (Details in Connector Coverage below.)

Availability & Rollout

Currently available in the US region. Rollout to all deployed Insights regions is planned.

The new AI Agents page provides a centralized view of agent activity and risk posture across integrated platforms:

• Summary: Visual breakdown of all detected AI agents across connected platforms, helping teams quickly assess coverage and distribution.
• Risky AI Agents: Flags agents with elevated privileges, multiple connections, or MCP usage – surfacing those most likely to introduce security risk.
• Privileged AI Agents by Provider: Displays privilege levels across providers, helping teams identify and review agents with elevated permissions or potential overprovisioning.
• Top Findings: Highlights critical and high‑severity issues such as an Agent has excessive privileges, giving security teams actionable insights to prioritize remediation.

The Agent Inventory page provides a comprehensive, filterable table of all AI agents across your environment. It’s designed for deep inspection and fast triage:

• Top‑level metrics show total agents, privileged agents, and provider distribution for quick situational awareness.
• Filters (Provider, Privilege Level, Model, Instruction Content) help you zero in on specific agent types or risk profiles.
• At‑a‑glance columns include Agent Name, Privilege Level, Connections, Model, and Instructions.
• Risk cues help identify agents with elevated access or vague instructions that may pose security risks.
• One‑click drill‑down opens the side panel for full context, including entitlements, recommendations, and a security graph.

Purpose‑built for security teams and platform owners who need to audit agent behavior, review privilege exposure, and take action quickly.

Selecting an agent from either AI Agents or Agent Inventory opens a dynamic side panel with actionable insights. The panel adapts based on the agent’s provider and configuration and may include:

• Details: Common metadata (e.g., name, status, model) plus provider‑specific fields (e.g., Azure subscription details) for quick identification and context.
• Security Graph: Visualizes the agent’s relationships showing which accounts can access it and how it connects across the environment.
• Agent Privileges: Lists permissions granted to the agent, helping teams spot overprovisioned or risky access.
• Tools: Shows callable tools such as MCP servers, Power BI integrations (for Copilot), or custom/third‑party actions (for Agentforce via AgentExchange).
• Knowledge Sources: Lists the data grounding the agent – useful for spotting unintended access to sensitive content.
• Instructions: Displays the prompts or task definitions that guide the agent’s behavior.
• Recommendations: Highlights prioritized security recommendations based on privilege level and severity
• Entitlements: Enumerates entitlements with privilege level and type to assess exposure and control.

This side panel makes agent inspection fast and intuitive – delivering depth without leaving the page.

Insights ingests core security and configuration data – model metadata, instructions, privileges, connections, entitlements – plus provider‑specific fields where available:

• Azure: Agents from AI Foundry and Copilot Studio, with full visibility into privileges, connections, and configurations.
• AWS: Agents from Bedrock (e.g., Claude, Titan) with visibility into privileges, connections, and model details.
• Salesforce: Salesforce is a leading platform for managing customer relationships and driving connected business processes. This brand‑new connector in Insights brings in:
  • Agentforce agents with deep context including agent privileges, instructions, tools, and more for full visibility.
  • Visibility into Salesforce accounts and entitlements, with identity mapping where possible so you can see which accounts tie to known identities and review their access in context.
  • Available in the Connectors area with a setup guide that provides step‑by‑step instructions for creating a secure connection.

🚧

Important information

To access the latest features, make sure your connectors are updated. You’ll find update and setup instructions in our documentation for a secure and seamless configuration.

With these connectors listed above, Insights can surface the following new recommendations:

Azure (Copilot Studio)

• Azure Copilot Studio Agent with Privileged Directory Role: The agent has been assigned a privileged Entra ID directory role.
• Azure Copilot Studio Agent with RBAC Role: The agent has been assigned an Azure RBAC role that grants access to Azure resources.
• Azure Copilot Studio Agent with API Permissions: The agent has been granted API permissions that allow access to external services or APIs.
• Azure Copilot Studio Agent with Privilege Escalation: The agent has a configuration that creates a privilege escalation path.
• Azure Copilot Studio Agent with No Authentication: The agent is configured without authentication requirements.
• Azure Copilot Studio Agent in Environment with Privileged Connections: The agent is deployed in an environment that contains privileged Power Platform connections.

AWS (Bedrock)

• A Bedrock Agent has excessive privileges via an inline, customer, or AWS policy attached via an IAM Role: The agent’s IAM role includes overly broad permissions.
• IAM Role has the ability to invoke any agents within this AWS account: The role can invoke any Bedrock agent or model in the account.
• Excessive InvokeModel Calls: An AWS principal made over 2,000 model invocation calls within a 5‑minute window.
• Bedrock Agent with overprivileged lambda function: The agent calls a Lambda function that has overly broad permissions.

Salesforce (Agentforce)

• Salesforce Agent User Not Using Digital Agent License: The agent is running under a user account without a Digital Agent license, which may grant broader access than intended.
• Default Agentforce Agent Detected: A legacy Agentforce (Default) Agent is in use with overly broad permissions.
• AI Agent has access to an external service: The agent can connect to external APIs or services, potentially exposing Salesforce data to third-party endpoints.

A centralized dashboard to help you manage and secure non‑human identities such as service principals, bots, and automation accounts across platforms.

Key highlights:

• Unified inventory: View all non‑human identities in one place for complete visibility.
• Breakdown by provider: Understand distribution across directories and cloud platforms to assign ownership and close gaps.
• Effective access insights: Identify accounts with the highest potential impact using True Privilege™.
• Risk and findings view: Map issues to security frameworks like MITRE ATT&CK for faster triage and reporting.
• Actionable remediation: Get clear recommendations and drill‑downs to reduce risk quickly and consistently.

Get early access to a focused view of password health across your environment as we fine‑tune this report.

Key highlights:

• Password health snapshot: Instantly see the percentage of accounts meeting hygiene standards.
• Critical issues surfaced: Identify compromised, shared, blank, and non‑expiring passwords for quick remediation.
• High‑risk accounts prioritized: Highlight accounts with elevated privileges and recurring password collisions.
• Continuous improvement: Track audit history and monitor password age trends to strengthen security posture.