Week 26 · 7 min read
June 22 – June 29, 2026
Act by
-
1 Jul 2026 — Account-entity naming standardization takes effect in Sentinel. Account Name is resolved by precedence (UPN prefix → Name → Display Name) and defaults to the UPN prefix (the part before "@"), so analytics rules, automation rules, playbooks, workbooks, and hunting queries that pin entities on the strict full UPN will silently stop matching. Audit any content that compares against the full UPN and switch to a precedence-aware pattern — Microsoft recommends
coalesce(Account.UPNprefix, Account.Name, Account.DisplayName)andContains/Starts withinstead of strict equality — before midweek, or expect entity conditions to fail, automation to skip, and duplicate entities to appear. (Microsoft Learn) -
1 Jul 2026 — The
AIAgentsInfoadvanced-hunting table is being retired in favor of the new unifiedAgentsInfotable in Microsoft Defender.AIAgentsInfostays accessible only until 1 July; any custom detections, hunting queries, or workbooks that read it need to move toAgentsInfo, which carries a single schema across Copilot Studio, Microsoft Foundry, Microsoft 365 Copilot, third-party, and endpoint-discovered agents. Update queries this week to avoid broken agent-governance content. (Microsoft Learn)
What changed
Microsoft published a hands-on guide to threat hunting with Sentinel custom graph, showing how to turn the relationship-first graph experience (in public preview) into working investigations instead of stitching evidence together with complex table joins. Entities — users, devices, emails, IPs, applications — and their activities become a navigable structure you traverse across multiple hops to surface blast radius, non-obvious pivots, and attack paths, with visualization to communicate findings. Graphs are authored in Visual Studio Code using the Microsoft Sentinel extension's graph-authoring tool and GitHub Copilot, and out-of-the-box samples (for example, a compromised-account blast-radius graph over SignInLogs, non-interactive sign-ins, DeviceLogon, on-prem AD, IdentityInfo, and risky-user signals) give a starting point. It needs the Sentinel data lake enabled plus read/write on the lake and Security Operator or Security Admin to save a graph in the tenant. For a SOC this turns lateral-movement and exposure questions that used to be multi-query investigations into a single traversal. (Microsoft Sentinel Blog)
Sentinel's MCP server gained a graph-tool collection for reasoning over graphs (Preview). Where custom graph is authored in VS Code, the new graph tools in the Microsoft Sentinel Model Context Protocol server let an agent — or an analyst working through natural language — explore relationships across identities, devices, threats, and signals to assess detection coverage, dependencies, and configuration gaps. Starting from an alert, you can follow the exposure path across connected entities, trace lateral movement, and identify where controls are missing, all from one interactive workspace rather than hand-writing joins. It's the same graph substrate surfaced to the agentic tooling layer, which is where Microsoft is steering investigation workflows. (Microsoft Learn)
UEBA behavior results can now be linked to incidents in advanced hunting (Preview). You can take a behavior-based query result from the BehaviorInfo table and attach it to a new or existing incident directly from advanced hunting; the wizard auto-populates alert metadata and entities from the selected behavior record. This closes a gap in the UEBA behaviors workflow — the human-readable "who did what to whom" summaries that Sentinel derives from raw logs can now feed incident context instead of living only in hunting queries, so a hunter who spots an anomalous behavior can escalate it into a tracked investigation in one step. (Microsoft Learn)
An Agent Identities Asset Connector reached public preview for the Sentinel data lake. Activity connectors like Agent 365 and Microsoft 365 Copilot already show what AI agents do, but not who owns an agent, what permissions it holds, or how it is governed. The new connector fills that gap with four asset tables covering agent owners, agent identities, agent blueprints, and the service principals tied to those blueprints — the identity context a SOC needs when an agent shows up in an investigation. As AI agents accumulate standing access to mailboxes, files, and Graph, this is the inventory layer for treating them as first-class identities in hunting and detection. (Microsoft Sentinel Blog)
Sentinel's Advanced Security Information Model (ASIM) expanded its normalization coverage. In the June updates, ASIM broadened so a single analytic rule can reach more sources with less per-source work, and two new schemas bring asset inventory and AI-agent telemetry into normalized form. For detection engineers this is the unglamorous but high-leverage kind of change: parser-level normalization means one well-written rule generalizes across vendors instead of being rewritten per connector, and it extends that leverage to the newer asset and agent data now landing in the lake. (Microsoft Sentinel Blog)
Defender XDR added a Threat Intelligence Insights tab to entity pages (Preview). Entity pages for IP addresses, domains, URLs, and files now surface Microsoft Threat Intelligence enrichment inline — reputation scores, attributed threat reports, infrastructure relationships, and sandbox analysis — so an analyst investigating an indicator no longer has to pivot to a separate TI tool mid-investigation. Having attribution and infrastructure links one click from the entity keeps triage in a single pane and shortens the loop between "is this IOC bad?" and the evidence behind the verdict. (Microsoft Learn)
Four cloud-focused advanced-hunting tables reached GA in Defender XDR. DisruptionAndResponseEvents (automatic attack-disruption block and policy actions), CloudAuditEvents, CloudDnsEvents, and CloudProcessEvents (audit, DNS, and process telemetry from multicloud environments protected by Defender for Cloud) are now generally available in advanced hunting. Two practical wins: you can build production detections and custom detection rules on top of these tables without preview caveats, and DisruptionAndResponseEvents gives the SOC an auditable record of exactly what attack disruption blocked or isolated, which matters when you have to reconstruct or justify an automated response after the fact. (Microsoft Learn)
Defender began discovering and protecting local AI agents on endpoints (Preview). Microsoft's June updates extended the Defender AI-agent experience down to Windows endpoints: Defender now automatically discovers supported local AI agents — coding agents and IDE extensions, desktop assistants, local runtimes, and agent platforms (Microsoft cites more than 25 types, including GitHub Copilot CLI and Claude Code) — and surfaces them as assets in the AI-agent inventory, exposure map, and advanced hunting. Runtime protection inspects the agent loop (user prompts, tool calls, tool responses) and can block risky activity such as prompt injection before it executes, with blocked and audited events raised as alerts for correlation. For SOCs, agents now doing real work on the endpoint become a monitored, huntable surface rather than a blind spot. (Microsoft Security Blog)
Worth knowing
Microsoft's Digital Crimes Unit disrupted the infrastructure behind the StealC and Amadey infostealers, seizing or blocking more than 200 command-and-control domains and IPs through court orders and provider notifications. StealC harvests passwords, stored credentials, and digital identities for resale and fraud, while Amadey acts as a first-stage loader that pulls in follow-on malware; in the first two weeks of May 2026 the pair were linked to over 140,000 infected machines worldwide. Notably, DCU used Microsoft Copilot to accelerate binary analysis and generate string-decryption tooling. Infostealer credentials feed directly into identity-based intrusions, so refresh detections for these families and watch for stolen-credential sign-ins even as the infrastructure goes dark. (Microsoft Security Blog)
Part 4 of Microsoft's six-part "USX Transition" series on moving Sentinel into the Defender portal focuses on the governance mechanics that quietly decide whether a unified SOC works as designed. The key reassurance: everything is normal on day one — existing Azure RBAC assignments keep functioning, Sentinel data stays where it is, and MSSP delegations remain intact. The substance is what changes as you adopt Unified RBAC (URBAC) — role mapping, data-tiering, and multi-tenant operation — and the sequencing traps around service principals and automation roles, which is the groundwork practitioners flag before any portal cutover. Worth reading if your team owns the migration runbook, especially with the Azure portal for Sentinel now on a March 2027 retirement clock. (Microsoft Sentinel Blog)
The recurring theme across the month's releases is AI agents becoming both a defended surface and a governed identity class — Defender discovering agents on endpoints, Sentinel's Agent Identities connector inventorying who owns them, the unified AgentsInfo table, and new ASIM schemas for agent telemetry all point the same way. Microsoft's end-of-June security roundup rounds out the picture with adjacent items a Microsoft-estate SOC should note: Entra ID Backup and Recovery reached GA (Microsoft-managed, always-on identity backups with point-in-time restore), Defender for Cloud's expanded multicloud coverage went GA on 30 June (about 90 new AWS/GCP resource types and 200+ recommendations, which will move Cloud secure scores as scope widens), and Microsoft previewed "MDASH," a multi-agent system for discovering and validating software vulnerabilities. If you own detections or scorecards, expect the agent-identity data and the widened cloud-posture scope to change what your dashboards show over the coming weeks. (Microsoft Security Blog)