Agent 365 AgentsInfo Migration: MSP Query Audit Before July 1
July 1 is not an AI strategy deadline. It is a break-your-detections deadline.
Microsoft's Agent 365 AgentsInfo migration moves AI agent inventory in Defender Advanced Hunting from AIAgentsInfo to AgentsInfo. Microsoft says AIAgentsInfo stays accessible until July 1, 2026, and Agent 365 customers should use AgentsInfo today. That is enough to make every saved query, custom detection, workbook, SIEM export, and client report worth checking before the calendar does the checking for you.
MSPs do not need to sell every SMB a grand AI security program by Monday. They do need to know which client tenants have AI agent detections, which ones depend on Copilot Studio or Foundry agent visibility, and which reports will fail when an old table name disappears.
Quick answer: MSPs should treat the Agent 365 AgentsInfo migration as a billable query audit. Search every client tenant for AIAgentsInfo, migrate those references to AgentsInfo, review Agent 365 license readiness, recheck alert workflows, and document any real-time protection block rules that need to be rebuilt after July 1.
What changes on July 1, 2026?
Microsoft's transition guidance says AI agent security capabilities for Microsoft Copilot Studio and Microsoft Foundry agents require a Microsoft Agent 365 license starting July 1, 2026. Tenants without an Agent 365-eligible license lose access to those capabilities.
The Advanced Hunting change is the most visible technical task. Microsoft says the old AIAgentsInfo table is transitioning to AgentsInfo. The new table includes agent properties such as AgentId, AgentName, Platform, Permissions, PublishedStatus, LifecycleStatus, Owners, DeclaredDataSources, DeclaredTools, McpServers, Guardrails, and ObservabilityId.
That is not a harmless rename. It changes how MSPs should think about the work:
| Area | What changes | Why MSPs care |
|---|---|---|
| Advanced Hunting | AIAgentsInfo references need to move to AgentsInfo | Saved queries and detections can fail if nobody updates them |
| Licensing | Copilot Studio and Foundry agent security capabilities require Agent 365 | Clients without an eligible license can lose security visibility |
| Alerts | Legacy threat detection alerts move to Agent 365 observability logs for licensed tenants | SOC workflows and downstream tickets may need a new source |
| Real-time protection | Some legacy rule alerts move to BehaviorInfo, and existing Agent 365 block rules stop blocking unless rebuilt in the new policy experience | A rule that looked protective on June 30 may be documentation-only on July 1 |
| Third-party cloud agents | Defender for Cloud connectors no longer discover third-party cloud agents | Registry sync becomes the visibility path for supported platforms |
Augmentt's June 2026 M365 roundup called out the same MSP problem: custom detection rules, hunting queries, and automation that still reference the old table can fail.
What to audit before the deadline
Do not start in the Microsoft announcement. Start in the client work product.
A client does not care which table Microsoft prefers. They care whether the monthly security report still runs, whether a detection still creates a ticket, and whether the MSP can explain why Agent 365 now appears in a licensing conversation.
Audit these eight places:
- Saved Advanced Hunting queries. Search for
AIAgentsInfoin each tenant's saved query library. Replace table references, then inspect column names. The newAgentsInfoschema is not a copy-paste swap for every query. - Custom detections. Anything scheduled off old AI agent inventory needs a test run. Do not update syntax and assume the detection still means the same thing.
- Workbooks and dashboards. If a workbook powers a QBR chart or SOC review, test the visual and the underlying query. Broken visuals are client-visible breakage.
- SIEM exports and automation. Check Logic Apps, Sentinel rules, ticketing connectors, Power Automate flows, and scripts that reference old query text.
- Client reports. Search report templates for AI agent inventory, Copilot Studio agent risk, Foundry agent visibility, and query snippets copied from Defender.
- Agent 365 license readiness. Microsoft's Agent 365 overview says at least one user must be licensed with a qualifying Agent 365 license to enable Agent 365, and the product is licensed per user. Confirm the client's actual eligibility before promising coverage.
- Real-time protection rules. Microsoft says existing Agent 365 rules set to Block stop blocking on July 1 unless rebuilt in the new Policies experience. If alerts move into
BehaviorInfo, test the downstream workflow too. Find these before a client assumes blocking still works. - Third-party agent visibility. If a client has agents in Amazon Bedrock, Google Vertex AI, Salesforce Agentforce, or Databricks Genie, review Microsoft's registry sync preview before treating Defender for Cloud visibility as complete.
This is the same pattern as every Microsoft deadline MSPs have learned to respect: the change is small until it hits a client artifact. Then it is a support ticket with a date stamp.
Turn the migration into a scoped service, not free panic work
This should not become unpaid cleanup hidden inside managed services.
The work has a clean scope:
| Deliverable | What the MSP does | Client-facing output |
|---|---|---|
| Query inventory | Search saved queries, detections, dashboards, reports, and automation for AIAgentsInfo | List of affected artifacts by tenant |
| Migration pass | Update queries to AgentsInfo where the schema supports it | Tested query set with change notes |
| Detection review | Validate scheduled detections still fire for the intended condition | Detection status: keep, rewrite, retire, or client decision needed |
| Licensing check | Confirm Agent 365 eligibility and affected experiences | Client-ready license readiness note |
| Policy review | Identify block rules that need rebuilding after July 1 | Policy action list and owner |
| Documentation | Record accepted risk and follow-up work | Assessment summary with quoteable remediation items |
That last column matters. If AI agents are becoming part of the client's security surface, the work needs an owner, a budget line, and an accepted-risk record. Otherwise the MSP silently absorbs the change, which is how urgent Microsoft notices become margin leaks.
If the same client is already asking about Copilot, connect this audit to the broader MSP AI services pricing model. Agent security work is not license resale. It is readiness, governance, detection review, reporting, and policy cleanup.
If Work IQ agents are part of the conversation, use the Microsoft Work IQ API spend-cap checklist before usage turns into an open-ended support lane. Metered AI usage and security visibility are separate scopes. Keep them separate on the quote.
How to explain it to clients without sounding like a vendor memo
Do not lead with table names unless the client is technical.
Use this instead:
Microsoft is changing how AI agent security data is licensed and queried in Defender on July 1. We are checking whether any of your saved detections, dashboards, reports, or blocking rules depend on the old data source. If they do, we will update them, test them, and give you a short summary of any licensing or policy decisions you need to make.
That message is calm because it is specific. It does not pretend every SMB needs a huge AI governance project by July 1. It also does not hide the operational risk.
For clients with no Copilot Studio agents, no Foundry agents, and no AI agent reporting, the output may be a short note: no affected artifacts found. Fine. That is still useful evidence.
For clients with detections, reports, or agent inventory workflows, this becomes paid work. Quote the migration, test the results, and separate remediation from discovery.
Where this fits in the MSP advisory stack
This topic belongs next to identity, billing, and planning work, not in an AI hype folder.
A client with weak Conditional Access is not ready for a serious agent security story. Use the M365 Conditional Access baseline before you spend time polishing AI agent posture. A client buying new Microsoft AI SKUs also needs the Microsoft 365 Business with Copilot SKU math, because licensing confusion creates bad quotes fast.
The strategic version of this work is simple: make AI agent risk visible, price the cleanup, and put the next decision on a roadmap. If the audit finds policy work, license changes, and reporting gaps, package those into the next QBR or technology planning cycle. The client should see the before state, the accepted risk, the recommended fix, and the cost.
Scopable helps MSPs turn that kind of assessment finding into roadmap, budget, quote, and approval work instead of another spreadsheet with red cells. If you want that workflow in your own client planning process, join Scopable early access.
FAQ
Is AIAgentsInfo really retired on July 1, 2026?
Microsoft says AIAgentsInfo remains accessible until July 1, 2026, and Agent 365 customers should use AgentsInfo today. MSPs should migrate saved queries before that date and test the results against the new schema.
Can MSPs just replace AIAgentsInfo with AgentsInfo in every query?
No. Start there, but do not stop there. The AgentsInfo table has different column names and richer agent properties, including permissions, tools, data sources, guardrails, endpoints, and observability identifiers. A syntax fix is not the same as a detection review.
Which client artifacts should MSPs check first?
Check custom detections, scheduled reports, workbooks, SIEM exports, and anything that creates tickets. Client-facing or automation-driven artifacts come before nice-to-have hunting queries.
Does every client need Microsoft Agent 365?
No. Clients using Copilot Studio or Foundry agent security capabilities need a licensing review because Microsoft says those capabilities require Agent 365 starting July 1. Clients with no AI agent inventory, no related detections, and no agent reporting may only need a documented no-impact check.
Is this a security project or a billing project?
Both, but do not mush them together. Query migration and detection testing are security operations work. License readiness is commercial work. Policy rebuilds and documentation are advisory work. Price each lane clearly so the MSP does not give away the messy parts.
