We’re entering a new era of AI-powered business applications, and today we’re excited to publish the 2026 release wave 1 plans for Microsoft Dynamics 365, Microsoft Power Platform, and role-based agents in Microsoft 365 Copilot, outlining a broad set of capabilities slated for release between April 2026 and September 2026. These updates reflect our ongoing commitment to making AI an essential partner in how organizations operate, innovate, and grow.
Dynamics 365 leads this wave with AI-powered, agentic innovations across sales, service, finance, supply chain, human resources (HR), and commerce—helping organizations unify data, automate processes, and elevate customer and employee experiences. Microsoft Power Platform continues to expand modern app development, intelligent automation, and enterprise-grade governance to empower makers and developers to innovate with confidence. Role-based agents in Microsoft 365 Copilot further evolve into intelligent daily command centers, helping to deliver richer, data-grounded insights and extensibility that help teams work smarter across every role.
To help you stay current on the most important and innovative capabilities, we’re moving beyond bi-annual launch events to lighter, more frequent business applications updates, featuring expert insights and demonstrations from Microsoft product leaders and engineers.
Watch the Dynamics 365 Business Applications Update March 18 at 9 AM PDT
Register for the Power Platform and Copilot Studio update April 15at 9 AM PDT
Be sure to stay updated on the latest features and create your personalized release plan using the release planner.
Highlights from Dynamics 365
2026 release wave 1 updates for Dynamics 365 deliver AI-powered, agentic experiences across sales, service, finance, supply chain, commerce, HR, projects, sustainability, and enterprise resource planning (ERP)—bringing deeper Copilot integration, intelligent automation, unified customer and operational data, and enhanced cross-app capabilities to help organizations drive efficiency, elevate customer and employee experiences, and operate with greater agility and confidence.
Dynamics 365 Sales
Dynamics 365 Sales brings the power of AI to help sellers build their pipeline, enrich opportunities, and accelerate deal closure, while helping sellers easily access accurate, up-to-date information and recommending high-impact actions that sellers can take. Copilot experiences in Dynamics 365 Sales can draw on data spanning customer relationship management (CRM) and Microsoft 365 signals, like email and meeting recaps, to deliver actionable insights across Dynamics 365 and Microsoft 365 experiences.
Dynamics 365 Customer Service
Dynamics 365 Customer Service will continue to enhance agentic capabilities across case management, email, customer intent, quality evaluation, and knowledge management. AI-infused admin and supervisor help to provide more transparency and quicker time-to-value. These investments strengthen end-to-end service orchestration, from helping identify customer intent to driving autonomous workflows that elevate service quality and responsiveness.
Dynamics 365 Contact Center
Dynamics 365 Contact Center advances the agentic contact center in 2026 release wave 1 with new AI-powered capabilities that improve self-service, support accelerate assisted service, and help organizations run contact center operations more intelligently in 2026 release wave 1. It expands to include emerging channels, supervisor insights, and extensibility, giving organizations a unified, AI-powered system to elevate the customer experience.
Dynamics 365 Field Service
Dynamics 365 Field Service strengthens service execution across technician productivity, resource scheduling, and work order management. Investments focus on mobile usability and reliability, intelligent scheduling through the Scheduling Operations Agent, and end‑to‑end execution across assets, projects, and financial operations in this release wave. Together, these updates help organizations manage service complexity and deliver consistent service outcomes.
Dynamics 365 Sustainability
Dynamics 365 Sustainability introduces more intuitive reporting navigation, advanced calculation versioning, and granular data‑locking to reinforce governance and regulatory confidence in this wave. Expanded finance integration, streamlined workflows, and updated templates and factor libraries will further empower organizations to make informed decisions and support progress toward their sustainability goals.
Dynamics 365 Finance
Dynamics 365 Finance delivers continued global scale enhancements that drive greater financial automation, strengthen global regulatory compliance posture, and enhance financial planning and analytics—helping organizations operate more efficiently and achieve their financial and operational goals with confidence.
Dynamics 365 Supply Chain Management
Dynamics 365 Supply Chain Management’s 2026 wave 1 enhances supply and demand planning with price-demand correlation and capacity-to-promise (CTP) date protection. Supplier communication and engagement are streamlined, while warehousing gains AI-powered picking, inventory rebalancing, and hands-free scanning—driving supply chain efficiency.
Dynamics 365 Project Operations
Dynamics 365 Project Operations brings rich capabilities in 2026 release wave 1—from change order support and smarter project planning to smoother quoting, budgeting, and contract workflows. New enhancements streamline item consumption, mobile expense management, subscription billing, and modern-architecture migration—delivering connected project experience.
Dynamics 365 Commerce
Dynamics 365 Commerce strengthens business-to-business (B2B) with multi-outlet ordering, unified sign-in, outlet-specific catalogs, and built-in credit management to help reduce friction and protect cash flow. It modernizes order management and assisted-selling workflows in retail stores, helping to improve associate productivity, and customer experiences across channels. It also enables cross-legal-entity inventory lookup and flexible, attribute-based pricing to help accelerate mass updates and help drive higher sales.
Dynamics 365 Human Resources
Dynamics 365 Human Resources continues to advance in areas such as recruitment, onboarding, reporting, and integrated workforce management. By merging enhanced user experiences with broader ecosystem integration and expanding regional payroll collaborations, the platform enables organizations to optimize employee engagement, support operational accuracy, and confidently achieve their workforce objectives.
Finance and operations cross-app capabilities
Finance and operations cross-app capabilities will introduce new enhancements that strengthen the foundation for AI experiences across Dynamics 365. These updates include improvements to Model Context Protocol (MCP) servers, as well as the general availability of immersive home, which is an AI-powered workspace designed to help users stay focused and prioritize what matters most.
Dynamics 365 Customer Insights – Data
Dynamics 365 Customer Insights – Data acts as the grounding layer for CRM copilots and AI agents, delivering real‑time, unified customer profiles that help power accurate decisions. With enriched data, teams can act on insights directly in their workflow to deliver timely, personalized experiences that deepen engagement and drive better outcomes. The result is an AI-ready data core that elevates agents and helps deliver more connected, intelligent CRM experiences.
Dynamics 365 Customer Insights – Journeys
Dynamics 365 Customer Insights – Journeysempowers end-to-end, agentic customer engagements across sales, marketing, and service, allowing businesses to proactively react to customer behavior using Copilot and AI agents. With smarter orchestration tools, teams can deliver impactful campaigns at scale to drive stronger relationships, higher efficiency, and revenue growth. Part of Dynamics 365, every interaction within your organization benefits from shared data and consistent intelligence across Microsoft CRM applications.
Dynamics 365 Business Central
Dynamics 365 Business Central accelerates the move to agentic ERP with enhancements to our AI‑powered agents that automate sales and purchase scenarios in 2026 release wave 1. Alongside new business capabilities, we invest heavily in developer productivity to support extensibility—improving advanced language (AL) testing, debugging, Copilot extensibility, and agent design.
Highlights from Microsoft Power Platform and Microsoft Copilot Studio
2026 release wave 1 updates for Microsoft Power Platform deliver modernized app experiences across Power Apps and Power Pages, AI-powered automation and agent innovation in Power Automate and Copilot Studio, enhanced Dataverse intelligence and programmability, and strengthened governance, security, and cost management capabilities to help organizations build, scale, and manage intelligent solutions with confidence.
Power Apps
Power Apps continues to modernize app experiences with a refreshed model-driven user interface (UI), improved mobile and offline capabilities, streamlined search, and expanded AI features. This release brings standardized modern theming to everyone, real-time Dataverse access for offline-first canvas apps, enhanced search in grids and lookups, and broader availability and extensibility of generative pages to help teams build and scale intelligent apps faster.
Power Pages
Power Pages will further empower pro-developers and low-code makers to build intelligent business portals for your employees, customers, citizens, and partners through better integration with market leading AI tools. Additionally, enhanced security agent features will further support low-code makers, pro-developers, and admins with actionable insights and abilities for securing their websites.
Power Automate
Power Automateis Microsoft’s comprehensive automation platform for cloud flows, desktop flows, and process mining. This release introduces AI agent authoring, optimization, and self-healing capabilities for desktop flows, Copilot Studio-powered actions in cloud flows, enhanced maker and collaboration tools across both, general availability of object-centric process mining, and consolidated governance reporting.
Microsoft Copilot Studio
Microsoft Copilot Studiocontinues its journey to make agent and agentic workflows even easier to build and more powerful. Now you can further customize agents built with Agent Builder in Microsoft 365 Copilot, and power your automation with high value AI actions. Deeper governance, multi-agent orchestration, and evaluations enable further scaling. With connections to Microsoft Foundry and Work IQ, your agents can use the latest AI technology in coordination with your organizational data.
Microsoft Dataverse
Microsoft Dataversecontinues to invest in enterprise-ready agentic and low-code data platform capabilities. The spotlight is on Work IQ and Copilot integration, delivering organization-specific decisions with adaptive learning and full auditability. We’re also enhancing agent programmability with Dataverse APIs, MCP servers, and Python SDK, plus new storage management tools for enterprise-grade compliance at scale.
Microsoft Power Platform governance and administration
Microsoft Power Platform governance and administrationintroduces admin controls for agent security, real-time risk assessment in Copilot Studio, and AI-powered governance agents that automate tenant monitoring and remediation in this release. Enhanced visibility into usage patterns, granular Copilot credit consumption with pay-as-you-go (PAYG) caps, and connector dependencies help you optimize costs, demonstrate return on investment (ROI), and enforce compliance with organizational policies using features within the Power Platform Admin Center. GitHub integration and deploy from Git mature your application lifecycle management (ALM) practices with full audit trails.
Updates to role-based agents in Microsoft 365 Copilot
2026 release wave 1 updates for Microsoft role-based agents transform Sales Agent and Finance Agent in Microsoft 365 Copilot into intelligent daily command centers, helping to deliver richer, data-grounded insights, enhanced chat and mobile experiences, contextual support across Outlook and Teams, and strengthened governance and extensibility to help organizations drive productivity and scale AI responsibly.
Sales Agent
Sales Agentbecomes the seller’s daily command center with richer Sales Chat and Sales Home experiences across desktop and mobile in 2026 release wave 1. Sellers will gain streamlined access to deal and account insights through configurable record summaries, contextual support in Outlook and Teams, and improved email and meeting intelligence. New governance and extensibility controls will also help organizations scale AI responsibly.
Finance Agent
Finance Agenthelps finance professionals and their stakeholders interact with financial information from their ERP within the flow of work. In 2026 release wave 1, we continue expanding how this financial assistant supports common finance tasks such as reconciliation, variance analysis, and data preparation in Excel, as well as customer communications in Outlook. By bringing financial insights and assistance directly into familiar productivity tools, the Finance Agent helps teams investigate issues faster, respond to stakeholders more efficiently, and spend less time manually preparing or reconciling data so they can focus more on financial analysis and decision support.
For a complete list of new capabilities, please refer to the Dynamics 365 2026 release wave 1 plan, the Microsoft Power Platform 2026 release wave 1 plan, and role-based agents 2026 release wave 1. We also encourage you to share your feedback in the community forums for Dynamics 365 and Microsoft Power Platform.
Business Applications Update
The Business Applications Update offers an early preview of new capabilities coming in the months ahead. This refreshed structure is designed to reflect the reality of our time: innovation does not happen twice a year; it is constant. Whether you are a strategic leader or a hands-on practitioner, this new cadence is built to get you quickly up to speed.
Watch the Dynamics 365 Business Applications Update March 18 at 9 AM PDT
Register for the Power Platform and Copilot Studio update April 15 at 9 AM PDT
Agentic Secret Finder (ASF) is an AI-powered capability in Microsoft Security Copilot that detects leaked credentials in unstructured content, such as emails, chat logs, documents, and screenshots, where traditional pattern-matching tools struggle. Agentic Secret Finder (ASF) is “agentic” because it relies on a multi‑step, multi‑agent reasoning workflow rather than a single pass detector. Detection, verification, and contextual analysis are handled by distinct reasoning stages, allowing ASF to find real credentials without flooding users with false positives. Unlike regex-based scanners, ASF uses reasoning to identify not just credentials, but the systems they unlock, helping security teams understand exposure and respond faster. In benchmark testing on synthetic datasets, ASF achieved 98.33% true credential detection with zero false alarms on realistic emails, chats, notes, and documents—while traditional regex scanners detected only about 40% of the same credentials. ASF is now generally available in Security Copilot, supporting 20+ credential types with high precision and actionable context.
The Problem: Credentials Hide Where Traditional Tools Can’t See
When security incidents happen, leaked credentials don’t always appear in clean, predictable formats. They show up buried in email threads, pasted into Teams messages, embedded in Word documents, or captured in screenshots of logs and terminals. These are exactly the places where security teams spend the most time and where traditional credential scanning tools fail.
Most existing tools rely on regular expressions or simple pattern matching. This works reasonably well for structured environments like source code repositories, where credentials follow predictable formats. But in real-world incidents, credentials look different. A storage key might be split across multiple messages in an email thread. A credential could be reformatted, partially redacted, or embedded alongside explanatory text.
In these situations, pattern matching produces two painful outcomes: it misses real credentials because the format doesn’t match a known rule, or it floods analysts with false positives that waste time. Security teams are left manually reviewing content, guessing which findings are real, and piecing together what systems might actually be at risk. In practice, this failure mode has a real human cost that security analysts end up reviewing thousands of alerts, manually inspecting email threads and chat logs, and trying to determine whether a suspicious string actually unlocks a storage account, API, or production service. Teams can spend days reconstructing context across messages and documents just to understand what a credential grants access to, slowing containment and increasing risk during active incidents.
This is the gap Agentic Secret Finder was built to close.
The Solution: ASF Brings Reasoning to Credential Detection
Agentic Secret Finder approaches credential detection as a reasoning problem, not a string-matching exercise. Instead of asking “does this text match a pattern?” ASF asks human-like questions: Is this text describing a credential or access mechanism? Does the value look real and usable? What system or resource could this access?
This shift is subtle but powerful. ASF doesn’t just detect credentials, it connects them to doors: the specific targets those credentials unlock, such as API endpoints, storage accounts, applications, or services. This is critical for triage. Instead of stopping at “this looks like a credential,” ASF tells analysts what that credential actually opens. Without context, a credential triggers manual follow‑up. When it’s linked to a specific target, analysts can immediately assess impact and act.
By understanding messy, real-world content the way a human investigator would, ASF delivers findings that security teams can trust and act on immediately. It’s designed specifically for the unstructured, noisy environments where incidents actually unfold.
Why ASF Outperforms Traditional Pattern Matching
Traditional credential scanners are built for clean data. ASF is built for reality.
Traditional tools struggle when:
Credentials appear in natural language descriptions rather than code
Context determines whether a string is sensitive or benign
Credentials are incomplete, malformed, or partially redacted
ASF excels because it:
Reasons through context, understanding surrounding text to identify what’s truly sensitive
Detects credentials and their associated resources together, providing the “what” and the “where” in a single pass
Handles noisy, unstructured inputs like emails, chat logs, documents
Assigns confidence scores to help teams prioritize findings and reduce alert fatigue
What ASF Can Do Today
ASF is now generally available in Microsoft Security Copilot, with capabilities shaped directly by real security workflows across incident response, red teaming, and SOC operations.
ASF detects over 20 major credential categories, spanning cloud provider credentials like Azure Storage Keys and AWS Access Keys, authentication credentials including Microsoft Entra passwords and OAuth tokens, database connection strings, SSH private keys, API keys, and generic credentials that don’t fit predefined patterns. This broad coverage means analysts can scan investigation artifacts without worrying whether the credential type is supported.
What makes ASF particularly effective is where it works. Email threads where credentials are discussed across multiple messages. Teams chats where credentials are pasted quickly during troubleshooting. Word documents and internal wikis where credentials are documented for operational handoffs. Incident reports and post-mortem notes written under pressure. These are the environments where traditional pattern-matching tools fail, and where ASF delivers the most value.
In benchmark evaluations, ASF achieved 100% recall with 0% false positives on synthetic datasets containing embedded Azure Storage credentials, compared to 40% recall from traditional regex‑based tools such as CredScan. In more complex scenarios involving multiple credential types and noisy email content, ASF maintained 98.33% recall with 0% false positives. These results were observed on synthetically generated evaluation datasets spanning emails, chats, notes, and documents, designed to reflect how engineers communicate and how credentials may be inadvertently shared in real‑world workflows.
Scenario
Precision
Recall
Single credential type
100%
100%
Complex, multiple credential types
100%
98.33%
ASF is currently integrated into Security Copilot, actively supporting incident response workflows, and working toward deeper integrations with developer platforms such as GitHub to bring contextual credential detection to source code analysis at scale.
Using ASF in Security Copilot
ASF is available as a skill in Microsoft Security Copilot, making credential detection a seamless part of analyst workflows.
How to use ASF:
Enable the ASF skill in Security Copilot via “Manage Sources” → “Manage Plugins” (Figure 1)
Select “FindSecretInText” from Promptbook (Figure 2)
Submit unstructured content directly in the Copilot prompt: paste the text blob that might contain credentials (Figure 3)
ASF analyzes the content using its multi-agent workflow, detecting credentials and associated doors (Figure 4)
Review actionable findings with contextual details
Figure 1. Enabling the Agentic Secret Finder (ASF) skill in Microsoft Security Copilot
Figure 2. Selecting the FindSecretInText prompt, which invokes ASF’s multi‑step credential detection and verification workflow
Figure 3. Submitting a text blob containing embedded credentials for analysis (example is synthetic)
Figure 4. ASF output with detected credentials and associated doors (example credentials and associated doors are synthetic)
What’s Next for ASF
ASF is a living capability. Over the next six months, we are working towards coverage and deepening integrations:
Exploring integrations with GitHub to reduce false positives in credential scanning for code repositories
Optimizing for large-scale analysis to handle enterprise-wide scans efficiently with reduced latency
Exploring graph-based risk modeling to map relationships between credentials, services, and attack paths
Our long-term vision goes beyond detection: we want to help security teams understand how credentials are used, what risks exist if they’re exposed, and what the impact of rotation or revocation would be. By moving from “what’s leaked” to “what does it mean,” ASF will enable smarter prioritization, faster response, and more confident decision-making.
A Unified Control Center for Queue Monitoring and SLA Tracking
Work queues in Power Automate are structured lists that let you assign, track, and manage work items across users or automations in an organized, scalable way.
We’re excited to announce powerful new enhancements to work queues in the automation center that will transform how your teams manage and monitor automated workflows. With the introduction of work queue alerts and the new aggregated operator view, we’re giving businesses unprecedented visibility and control over their automation operations.
What’s New
Work Queue Alerts for Admin in Monitoring Hub
With monitoring in the Power Platform Admin Center (PPAC), you can track the health and the performance of your automation queues. View real-time metrics on items pending action, exceptions requiring resolution, and queue status to maintain visibility across your automation operations.
Now, you can also configure proactive alerts to notify you when SLA violation counts exceed thresholds defined by your organization’s administrator. Receive timely notifications when queues require attention, ensuring you can respond before service level agreements are compromised.
With SLA violation alerts, you can stay informed and responsive with notifications about your automation queues. No more manual monitoring; the system comes to you.
Aggregated View for Operators in Automation Center
Operators now have a unified, comprehensive dashboard in the automation center that aggregates work queue data across your entire automation estate.
This consolidated view enables operators to monitor multiple queues simultaneously, prioritize work effectively, and respond to issues faster than ever before.
Top 5 benefits of using Work Queues in Power Automate
Increased efficiency & scalability – Work queues allow you to decouple complex processes, enabling different parts of an automation to run asynchronously and independently.
Better resource utilization – Because work items are stored centrally, you can optimize robot usage, balance load, and reduce the number of machines required.
Consistent prioritization of work – Work queues natively support priority-based execution, making sure the most important items are processed first.
Centralized monitoring & exception handling – Work queues provide a human‑in‑the‑loop monitoring experience, helping fusion teams track the status of items, manage exceptions, and take corrective actions.
Improved resiliency & fault tolerance – By decoupling work and allowing multiple robots to process items in parallel, work queues offer better fault isolation.
Transform Your Automation Operations Today
These enhancements represent our commitment to making automation not just powerful, but manageable at enterprise scale. Work queues with alerts and aggregated operator views give your teams the tools they need to run automation operations with confidence, efficiency, and complete control.
Ready to experience these capabilities? navigate to the automation center in Power Automate and discover how work queues can elevate your automation program from task execution to strategic business operations.
Today, organizations are being measured by how quickly they can innovate. Whether it’s launching new digital experiences, streamlining operations, or responding to customer needs in real time, the ability to move fast has always been a competitive differentiator. And it only grew on importance in the agentic era. But speed alone isn’t enough. Innovation must be scalable, secure, and sustainable.
Microsoft Power Platform is designed to meet that challenge. It empowers teams to build solutions faster, automate more processes, and scale across the business within a framework that puts security and governance first. With tools that are AI-ready and built for enterprise-grade environments from Copilot-assisted development to intelligent threat detection and posture management, the platform helps organizations move with both agility and control.
Let’s break down the facts about building secure, modern applications.
Fact: Low code does not mean low security
Despite the ever-growing usage and strong ROI, there are still people who think that low-code tools are not built for enterprise grade applications. Power Platform proves otherwise by delivering a comprehensive, layered security model designed to meet the demands of large organizations. As part of a managed security approach, the platform integrates governance and security controls directly into the development lifecycle ensuring that policies are consistently applied across environments.
From identity and access management to data protection and network security, Power Platform provides native capabilities that reduce risk without slowing innovation. Features like role-based access control, conditional access for individual apps, and data loss prevention policies are all included. Azure Virtual Network (VNet) helps keep apps and data private by creating a secure connection that blocks public internet access and limits traffic to only trusted sources.
Visibility and access control are central to this approach. Power Platform includes tenant-level analytics and inventory tracking that allow IT teams to monitor what’s being built, which connectors are in use, and whether apps are operating within approved environments. Advanced connector policies complement these tools by helping enforce data boundaries and prevent unauthorized connections, rather than providing direct visibility or access control. With tools like IP filtering, cookie binding, and role-based permissions, IT can ensure that only the right users have access to sensitive data. This helps prevent shadow IT before it starts giving teams a secure space to innovate while ensuring IT retains oversight.
The platform’s approach to security also extends to AIand agents. Security is enforced across all components of the platform, including apps and AI agents. As organizations adopt tools like M365 Copilot and Copilot Studio, Power Platform provides a secure foundation for building and deploying AI agents. These agents follow existing data loss prevention policies, access controls, and network protections, ensuring AI adoption does not create new exposure.
Power Platform also provides the flexibility to extend Copilot Studio agent protection beyond default safeguards with additional runtime protection. Organizations can choose to integrate additional monitoring systems such as Microsoft Defender, custom tools, or other security platforms for a defense-in-depth approach to agent runtime security.
Centrica, the UK’s largest retailer of zero-carbon electricity, is a good example of secure low-code innovation. With over 800 Power Platform solutions and 15,000 users, Centrica maintains enterprise-grade governance by embedding security, oversight, and controls into every stage of development.
Accenture also demonstrates how Power Platform helps reduce risk at scale. By giving more than 50,000 employees the ability to build within defined guardrails, the company reduced demand for short-term IT projects by 30%. Their approach to low-code governance helped them gain visibility into platform activity while supporting global collaboration. As one Accenture executive put it, “For us, we define shadow IT as things we cannot see or control when we need to. By standing up the platform and inviting our people to create and build—at its very core we have gained visibility into what people are doing and how they are connecting, which starts governance at the platform level.”
Fact: You do not have to outsource to be compliant
There is a perception that distributed development models increase compliance risk. Power Platform addresses this with centralized administration and clear visibility into who is building, what they are building, and how data is being used.
From the Power Platform admin center, IT teams can configure environments, enforce policies, and monitor usage across the entire organization. Tools like Dataverse audit logging, Microsoft Purview integration, and Lockbox support provide deep visibility into sensitive operations and data access.
Purview enhances compliance by enabling data classification, sensitivity labeling, and activity tracking across Power Platform environments. It also helps organizations enforce retention policies and ensure data governance requirements are met supporting alignment with global regulations like GDPR and HIPAA.
AI capabilities introduce new governance needs, which Power Platform meets with built-in support for risk assessment and proactive recommendations. Copilot capabilities also assist admins in identifying misconfigurations and streamlining compliance reporting.
Power Platform also integrates with Microsoft Sentinel and solution checkers to detect anomalies, surface vulnerabilities, and alert administrators to unusual behavior. Security posture management tools help teams assess and adjust configurations over time, helping organizations scale AI responsibly while maintaining strong governance.
PG&E is a case in point. With more than 4,300 developers and 300 Power Platform solutions, the company has embedded governance and risk management into its development lifecycle. This approach has helped PG&E achieve more than $75 million in annual savings, while ensuring that compliance and oversight remain strong.
Fact: You are not alone in your administering. You have guidance and support.
Another misconception is that managing low-code platforms at scale requires external tools or consultants. Power Platform includes everything needed to govern, secure, and scale app development from within your organization.
IT admins can use Power Platform admin center and advisor to receive AI-driven, real-time recommendations tailored to their environment. These insights help assess environment health, refine governance policies, and proactively manage security posture. Advisor also provides a security score, giving teams a clear view of how well they are securing their environments and a concrete way to demonstrate progress and accountability to leadership.
The platform is designed to adapt to each organization’s structure and needs. Recommendations can be dismissed when covered by other controls, and environmental groups allow governance to be tailored to specific business units or departments. This flexibility ensures that security doesn’t get in the way of progress but works alongside it.
Advanced features like test automation, environment isolation, and integrated observability help maintain consistent performance. VNet integration allows organizations to connect securely to on-premises systems without exposing resources to the public internet.
An example of one of leading automotive manufacturers highlights these capabilities. The company used VNet support in Power Platform to securely connect AI agents to internal systems without relying on an on-premises data gateway. The result was faster deployment, better compliance with internal security policies, and more than 3,000 hours saved through improved data access.
Start building secure, scalable solutions
Foster innovation while still maintaining security and governance principles. Microsoft Power Platform gives IT leaders and developers the ability to move quickly while maintaining the control their organizations require. With built-in governance, privacy protections, and AI-powered insights, teams can confidently scale low-code development without introducing risk. You no longer have to choose between innovation and security. With Power Platform, you can deliver both.
Explore real-world success stories and best practices. Visit the Power Platform site and follow this blog for the next article in the series breaking down the facts of the modern development.
At Microsoft, we believe that security is a team sport. That’s why we are committed to meeting customers where they are, integrating with the solutions they already use to ensure that everyone can take advantage of the agentic capabilities of Security Copilot.
And it’s not just an idea—it’s a reality. We’re excited to share why partners such as BlueVoyant, OneTrust, and Tanium chose to build agents with Security Copilot—and the value this brings to their customers.
By watching the videos featuring BlueVoyant, OneTrust, and Tanium, you’ll see firsthand how collaboration drives innovation and empowers security teams to tackle today’s threats with agility and confidence. Together, these partner-built agents show how organizations and partners can transform Security Copilot into an integrated force multiplier—proving that security is a team sport.
Partner-built agents power smarter protection
BlueVoyant – Specializing in comprehensive cyber risk management, BlueVoyant provides a suite of services to protect organizations from cyberattacks. In this video, we learn about BlueVoyant Watchtower and how their agents help customers get the most out of their Sentinel and Defender products by using an agent to always review the environment and recommend updated rules, configurations, and policies that catch bad actors Security Copilot gives us the advantage of moving more quickly.” – Micah Heaton, Executive Director, Microsoft Product & Innovation Strategy at BlueVoyant
OneTrust – OneTrust, a privacy and consent management platform, specializes in helping customers responsibly use data and AI. By partnering with Microsoft—specifically Microsoft’s Sentinel platform—OneTrust is able to provide their customers with a full view of their data estate. The Privacy Breach Response Agent by OneTrust combines the deep privacy and regulatory expertise of OneTrust with the robust generative AI capabilities of Microsoft Security Copilot, automating privacy risk assessments improving their accuracy.
Tanium – Specializing in endpoint management and security, Tanium gives IT teams visibility and control over every device in their environment. Tanium’s partnership with Microsoft provides Tanium with seamless integration into Microsoft’s Security products via Copilot, which combined with Tanium’s real-time environment insights, power powerful end to end workflows across Defender, Entra, Tanium, and Intune. The Security Triage Agent by Tanium accelerates alert triage, providing security teams with the context they need to make informed decisions on Tanium Threat Response alerts swiftly.
The work of partners like BlueVoyant, OneTrust, and Tanium is shaping a new security ecosystem—one where the Microsoft Security Store is a launchpad for partner innovation to drive real-world customer impact. The Store turns partner-built agents into enterprise-ready solutions by providing Microsoft-validated certification, high‑quality metadata, consistent deployment flows, secure authentication and transactions, and in‑product visibility inside Defender, Entra, and Security Copilot. These deployed agents run securely in your Security Copilot zero-trust environment.
The power of the Security Store is that it doesn’t just distribute agents—it amplifiesthem. It gives partners a unified, trusted surface where their solutions are discoverable directly within Microsoft Security products; where customers can compare capabilities through standardized metadata; where installation is guided and repeatable; and where Microsoft’s AI foundation elevates the value of every partner-built capability. For customers, this means direct access to the best of partner-driven security innovation. Partner-built agents deliver value at every stage of the security journey: proactively monitoring sensor health, surfacing actionable insights, accelerating investigations, and automating incident response. These capabilities help organizations strengthen their security posture, respond faster to threats, and stay ahead of attackers.
For partners, success begins with identifying the unique value their agent brings to customers and designing real security outcomes—such as improved detection, automated investigations, and measurable risk reduction. As more partners publish agents, the ecosystem expands- unlocking advanced scenarios like phishing and identity alert triage, incident enrichment, policy optimization, and automated remediation. By combining Microsoft’s AI foundation with specialized partner expertise, Security Copilot agents deliver differentiated solutions that address a wide range of security challenges—from privacy and compliance workflows to vulnerability management and forensics—helping customers strengthen their security posture and respond faster to threats.
