What happened
Announced June 30, 2026 as part of the Microsoft Security June 2026 update, Defender for Endpoint now auto-discovers 25+ types of local AI agents (Claude Code, GitHub Copilot CLI, etc.) and MCP server configurations across onboarded devices, and adds a three-mode runtime protection feature (Audit/Block) that hooks into agent execution at the user-prompt, pre-tool-call, and post-tool-response stages to detect and block prompt injection attacks. Requires Defender for Endpoint Plan 2 / M365 E5 and Beta channel updates; currently public preview.
Why it matters
First endpoint-level, inline prompt-injection blocking from a major platform vendor — covers the exact attack path (indirect prompt injection via files, web pages, MCP tool output) behind the DuneSlide/Agentjacking disclosures in the same week. Reaches the entire Defender for Endpoint installed base (~1B+ managed devices) once GA.
Applicability
Enterprise security teams running Defender for Endpoint Plan 2 should enable agent discovery in audit mode now; evaluate Block mode on test devices using Beta update channel.