What Changed
Microsoft released a new A365 Observability solution (version 3.0.0) that provides visibility into AI agent activity across the Microsoft ecosystem. This solution introduces a dedicated data connector for ingesting telemetry from A365, AI Foundry, and Copilot services into Microsoft Sentinel.
Data Source
The A365 Observability connector ingests AI agent telemetry from:
- A365 (Agent 365) platform
- AI Foundry services
- Microsoft Copilot operations
Ingestion Mechanism
This connector uses a custom ingestion type (connectivity criteria type: “A365”) that appears to be a Microsoft-managed stream for unified agent observability data. The connector requires Global Administrator or Security Administrator permissions and ingests data into the “UnifiedAgentObservability” stream.
Detection Surface Unlocked
This connector enables security teams to:
- Monitor AI agent behavior patterns and execution flows
- Investigate agent tool usage and interaction patterns
- Track agent activity across hunting, graph, and MCP (Model Context Protocol) workflows
- Analyze potential misuse or abuse of AI agent capabilities
The connector description specifically notes that deactivating it will prevent investigations into AI agent behavior, tool usage, and execution - indicating this is critical infrastructure for AI security monitoring.
Security Impact (Visibility & Fidelity)
Organizations gain new visibility into AI agent operations that were previously outside the security monitoring scope. This addresses the growing need to monitor AI system behavior as these tools become more integrated into enterprise workflows. SOC teams can now investigate AI-related incidents and understand the security implications of automated agent actions.
Affected Files
Logos/A365.svg
Solutions/A365 Observability/Data Connectors/A365_DataConnectorDefinition.json
Solutions/A365 Observability/Package/testParameters.json
(packaging artefacts: 3.0.0.zip, ReleaseNotes.md, SolutionMetadata.json, Solution_A365.json, createUiDefinition.json, mainTemplate.json)