What changed
Microsoft added new preview capabilities in the June 2026 Microsoft Defender XDR updates for local AI agents on endpoints.
The first change is local AI agent discovery. Microsoft Defender can automatically discover supported local AI agents and MCP servers on onboarded devices and show them in the AI agent inventory, exposure map, and advanced hunting.
The second change is local AI agent runtime protection for supported Windows endpoints. Microsoft says Defender can inspect the agent loop, including user prompts, tool calls, and tool responses, and either audit or block risky activity before it executes.
This is still preview functionality. I would treat it as visibility and pilot material first, not as a finished replacement for normal endpoint, data, and identity controls.
Why admins should care
Local AI tools are easy to introduce quietly. Coding agents, IDE extensions, desktop assistants, local runtimes, and MCP-based tooling can appear on endpoints before the security team has a clean inventory.
That creates a practical governance gap:
- Which endpoints have local AI agent tooling installed?
- Which tools are running in developer or admin-heavy groups?
- Are there MCP servers or extensions that can touch files, browsers, terminals, or internal data?
- Can security operations see risky agent activity as part of normal Defender investigation workflows?
For Microsoft 365 admins, the useful part is not the AI branding. It is the shift from asking users what they installed to checking endpoint evidence in Microsoft Defender portal.
What I would check first
I would start with discovery before blocking anything.
- Confirm the devices are onboarded to Microsoft Defender for Endpoint.
- Confirm Microsoft Defender Antivirus is active and current on the pilot devices.
- Open Microsoft Defender portal and review the AI agent inventory for discovered local agents.
- Compare findings against expected developer, automation, and test-device use cases.
- Document which agent types are acceptable, which need exception review, and which should be removed.
Microsoft’s discovery documentation also notes some important boundaries: discovery is for investigation and visibility. It does not by itself provide posture assessment or alerts for endpoint agents.
Practical rollout / validation steps
For a first pilot, I would keep the scope narrow:
- Pick a small set of Windows endpoints where local AI tooling is expected.
- Validate that discovery works without extra scripts beyond normal Defender for Endpoint onboarding requirements.
- Review discovered agents in the Defender portal and map them to known business use cases.
- If runtime protection is tested, use a separate pilot ring. Microsoft currently states that runtime protection is available only on devices configured to receive Beta platform and engine updates.
- Run runtime protection in audit mode first where possible, then review Defender alerts before considering block behavior.
- Feed the result back into endpoint standards: approved tools, unsupported tools, owner, pilot group, and review cadence.
What changed after rollout in a setup like this is simple: the discussion moves from “we think these tools exist” to “we have endpoint evidence and can decide what to allow.”
Watch-outs
A few points are worth being careful with:
- This is preview. Do not over-promise coverage.
- Runtime protection is narrower than discovery and has stricter prerequisites.
- Discovery can include supported Windows and macOS devices, but runtime protection is currently described for supported Windows devices.
- Sovereign and national clouds are not supported for discovery according to the Microsoft documentation.
- Visibility is not the same as governance. You still need policy, ownership, exception handling, and user communication.
My practical take: this is worth testing now if AI agents are already showing up in your endpoint estate. Start with inventory, then move to audit, and only then consider blocking for specific supported scenarios.