SOC Weekly Brief The week in the Microsoft security stack, distilled

Latest issue · Week 27 · 6 min read

June 29 – July 6, 2026

Act by

  • 1 Jul 2026 — The AIAgentsInfo advanced hunting table is retired and replaced by the unified AgentsInfo table (public preview), which covers agent inventory and governance across Copilot Studio, Microsoft Foundry, M365 Copilot, third-party, and endpoint-discovered agents. Any saved hunts, custom detections, or workbooks still referencing AIAgentsInfo stop returning results after this date — repoint them to AgentsInfo. (Defender monthly, Jul 2026)
  • 1 Jul 2026 — Sentinel standardizes the Account Name entity: the Name field now consistently holds only the UPN prefix (the part before @), with the full UPN and suffix moved to dedicated fields. Analytics rules, automation rules, playbooks, and hunting queries that compare Name against a full UPN silently stop matching. Rebuild the full value from Name + UPNSuffix, or use coalesce() to set a precedence order. (Microsoft Sentinel Blog)

What changed

Custom Detections can now be managed as code in Microsoft Sentinel Repositories, the same way analytics rules, playbooks, parsers, and workbooks already are. Connect a GitHub or Azure DevOps repo to the workspace and detections placed in the repo are reconciled on every commit; a standalone Bicep path via the Microsoft Security Bicep extension supports deployment from any CI/CD pipeline. This closes the content-as-code gap for Defender-portal custom detections, so the whole detection estate lands in the same PR-reviewed, versioned workflow. (Defender monthly, Jul 2026)

Three cloud advanced-hunting schema tables reached general availability: CloudAuditEvents (control-plane audit events across platforms protected by Defender for Cloud), CloudDnsEvents (DNS activity from cloud infrastructure), and CloudProcessEvents (process events in multicloud hosted environments). For a Microsoft-stack SOC these are ready-made raw material for cloud-control-plane, DNS-exfiltration, and multicloud process hunts without standing up custom ingestion. (Defender monthly, Jul 2026)

Defender for Endpoint added two AI-agent capabilities in public preview. Local AI agent discovery automatically finds supported AI agents running on onboarded Windows and macOS devices and surfaces them in the AI agent inventory, exposure map, and advanced hunting. Local AI agent runtime protection (Windows) inspects the agent loop — user prompts, tool calls, and tool responses — and can block risky activity before it executes, targeting prompt injection and unsafe agent actions at the device level, with blocked and audited events raised as alerts for correlation. This is the endpoint-level mirror of the agent-security telemetry now flowing into Sentinel. (Defender monthly, Jul 2026)

The Salesforce connector for Defender for Cloud Apps was upgraded in response to recent ShinyHunters attacks that weaponize OAuth tokens and connected apps to bypass MFA at scale. It now delivers richer connected-app context and investigation-ready signals to detect this activity faster. Existing connector users should enable the additional events in the Salesforce console; eligible non-users are advised to connect. (Defender monthly, Jul 2026)

Defender Vulnerability Management shipped a new exposure score model to GA that incorporates EPSS exploit-prediction data and asset context (internet-facing status, criticality) for sharper risk prioritization, and Secure Score gained a "Reduce unnecessary inbound internet exposure" recommendation that flags devices reachable from the public internet. Selective Response Actions also went GA, giving precise control over how high-impact response actions apply to Tier-0 systems and other high-value assets during onboarding. Together these sharpen exposure triage and reduce the blast radius of automated response on critical hosts. (Defender monthly, Jul 2026)

Two Workbooks capabilities went GA in the unified Defender portal: an Advanced Hunting connector that builds custom dashboards directly on XDR advanced-hunting tables, and a workspace filter / multi-workspace experience that scopes workbooks by workspace from within the workbook itself. MTO Tenant Groups also arrived, letting MSSPs and large enterprises organize their multitenant Defender view by region, business unit, or customer cohort. (Defender monthly, Jul 2026)

The Identity Security dashboard gained a Human identities card (public preview) showing human identities by source — Entra ID, SaaS, and on-premises — in one view, plus an Observed column and "Show Only Observed Applications" toggle on the SaaS coverage panel. New Defender for Identity alerts were also added across Entra ID, Active Directory, and other identity providers. Useful for closing identity-coverage gaps and for the new detections landing in the MDI queue. (Defender monthly, Jul 2026)

The June "What's new in Sentinel" recap (published 30 Jun) consolidated the month's SIEM and data-lake work. ASIM parsers and schemas reached GA with broader normalization across Azure, AWS CloudTrail, and third-party firewall/identity/proxy sources, plus two new schemas — Asset Entities and AI Agent Events. In the data lake, the Agent Identities Asset Connector (preview) adds four asset tables forming an owner-to-permissions agent identity graph, and Sentinel MCP graph tools (preview) let analysts walk the exposure path across identities, devices, alerts, and signals from a single alert. (Microsoft Sentinel Blog)

Microsoft Entra Backup and Recovery reached general availability, rolling out to all workforce tenants for customers licensed for Entra ID P1 or P2. It automatically backs up core directory objects daily — users, groups, applications, service principals, managed identities, Conditional Access policies, named locations, and authentication/authorization policy — and restores them after accidental or malicious changes. For a SOC this is a concrete recovery path when an identity-tier compromise tampers with Conditional Access or privileged objects. (Microsoft Entra Blog)

Entra PIM added custom extensions (preview) that inject business logic into privileged-role activation. Extensions are invoked synchronously at the pre-approval stage, so activation can validate ticket numbers, enforce HR or compliance status, or apply dynamic approval logic in real time, with each interaction fully auditable via an evaluationId, outcome, and reason. This tightens the gate on privileged access and gives investigators a clean trail for why a given activation was allowed. (Microsoft Entra Blog)

Microsoft extended data-loss prevention to the network layer in public preview, pairing Microsoft Purview classification with identity-aware enforcement through Microsoft Entra. It detects and blocks sensitive data flowing to shadow AI tools, unmanaged SaaS apps, and personal cloud storage in real time based on identity, activity, and data context, and correlates identity, data, and insider-risk signals across Purview, Entra, and Defender. Relevant on shift as coverage for the prompt-and-paste exfiltration path into generative-AI apps that endpoint and SaaS DLP miss. (Microsoft Entra Blog)

Worth knowing

The Defender monthly flagged three actionable threat reports for the SOC: AI tools shifting from reading to acting as an agent-security concern; a Chromium extension using AI-related branding to hijack browser search; and a "photo ZIP" campaign against the hospitality industry that delivers a Node.js implant for persistent access. Each carries hunting guidance in the linked insights. (Defender monthly, Jul 2026)

The Sentinel-to-Defender migration drumbeat continues: the recap restated the 31 March 2027 deadline for all Sentinel customers to transition to the Defender portal, backed by a six-part enablement series covering the strategic shift, incident and data changes, detection and automation, the governance/RBAC shift, a readiness playbook, and the AI-first SOC. Analytics rules, playbooks, workbooks, the Log Analytics workspace, and access assignments all carry forward, but the URBAC groundwork is on the critical path — start scoping now rather than at cutover. (Microsoft Sentinel Blog)