Solutions  ·  2026-07-01

Microsoft Sentinel June 2026: ASIM AI Agent Events Schema GA + Agent Identities Connector (Preview) + MCP Graph Tools (Preview)

SolutionsHigh impactGlobal
Microsoft shipped three AI-agent security capabilities in Sentinel on June 30, 2026. First, the ASIM 'AI Agent Events' schema reached GA, normalizing telemetry from AI-driven workflows and autonomous agents into common form so a single analytic rule covers all sources. Second, the Agent Identities Asset Connector (public preview) adds four identity tables — agent owners, identities, blueprints, and service principals — enabling full owner-to-permissions-to-resource traceability for AI agents. Third, Sentinel MCP graph tools (public preview) let analysts visualize relationships across identities, devices, and alerts starting from a single alert.
Enterprises deploying AI agents now have a native SIEM data plane for agent activity: normalized telemetry, identity context, and graph-based investigation in one stack. The Agent Identities connector directly closes the 'who owns this agent and what can it touch?' gap that has left most SOCs blind to agentic workloads.
Microsoft Sentinel customers running AI agents or Copilot workflows should enable the ASIM AI Agent Events schema and Agent Identities connector immediately; the MCP graph tools are preview but functional now.
Sources
Microsoft Tech Community — What's new in Microsoft Sentinel: June 2026
See this in the live feed Explore related AI security and governance findings — updated every morning.
Open the feed →