Last Updated on June 11, 2025 by Arnav Sharma
Building trust in the age of AI
Security was front and center at Build this year and not just as a checkbox. Microsoft showed that itโs taking AI governance, compliance, and protection seriously, especially now that AI agents are doing real work across apps and infrastructure.
From agent IDs to data loss prevention to runtime threat detection, this yearโs security updates werenโt flashy but they were critical.
Letโs dive into what stood out.
Microsoft Purview gets smart about AI
Purview is no longer just about tracking sensitive files now itโs watching your AI too.
Some key updates:
- Data Security Posture Management (DSPM) for AIย lets security teams monitor what AI agents are doing with sensitive data.
- Audit logs for AI interactionsย track prompts, responses, and how data is being used inside custom agents.
- Insider Risk Managementย now includes detection of risky AI usage, like someone exfiltrating sensitive info using a Copilot.
Itโs clear Microsoft wants security teams to have full visibility into how GenAI is touching business data.
Defender for Cloud now protects AI workloads
Microsoft Defender for Cloud now integrates directly with Azure AI Foundry, providing:
- Posture recommendations: surfacing misconfigurations and risky setups in your AI services
- Runtime threat detection: real-time alerts for jailbreak attempts, sensitive data exposure, or API abuse
This is a big win for teams trying to balance fast AI development with actual security practices.
AI agents now have identities โ meet Entra Agent ID
One of the most quietly powerful announcements was Microsoft Entra Agent ID. Every AI agent created using Azure AI Foundry or Copilot Studio now gets a unique, trackable identity.
Admins can:
- View all agents across the environment
- See what data and systems they have access to
- Apply access controls just like they would with users or service principals
Itโs the beginning of treating AI agents like digital employees with the same level of accountability.
Data loss prevention reaches Copilot
A much-needed addition: Microsoft Purview DLP is now integrated with Microsoft 365 Copilot agents.
This means:
- Sensitive content (like legal documents) can be excluded from summaries or responses
- Admins can prevent AI from grounding responses on “internal only” content
- Labels and policies already in place now extend into Copilot usage
This update helps make Copilot safer to use in regulated industries or highly sensitive roles.
Security from development to deployment
Security isnโt just about alerts. Microsoft emphasized secure-by-default development practices:
- Purview SDKย allows developers to bake in data protection from the start
- AI Evaluation Toolย from Azure AI Foundry integrates with Purviewย Compliance Manager, helping teams meet regulations like theย EU AI Act
- Reports from AI evaluations can be shared with auditors and compliance teams
Itโs a full-stack approach build securely, ship securely, prove it later.
Posture and privacy improvements for Windows
A few quick but important updates on the Windows front:
- Administrator protectionย now requires biometric verification for privileged actions
- Default access to camera, mic, and locationย is now off users must explicitly allow it
- Developers are encouraged to register package identities to make apps more privacy-compliant
These changes aim to make user privacy a first-class concern โ not just something buried in settings.
Final thoughts
AI is moving fast, but so are the risks. The standout message from Microsoft Build 2025 is that governance, observability, and identity need to evolve along with the technology.
Microsoftโs approach feels practical give developers the tools to build amazing AI, but give security teams the tools to watch, evaluate, and protect those systems at scale.
If youโre leading AI transformation in your org, this yearโs security announcements are worth more than just a glance.