Ignite 2025: Microsoft Defender Gets Security Tools for AI, Cloud, and Multicloud Environments

Microsoft is redefining cybersecurity with a new suite of AI-driven advancements built to shift security operations from manual workflows to a fully agentic SOC. These new capabilities enable autonomous defense that can detect and neutralize threats far faster than human teams.

Microsoft has introduced four new Security Copilot agents in Microsoft Defender to enhance different stages of the SOC lifecycle. The Phishing Triage Agent, which launched in March 2025, is getting new triage capabilities that extend beyond phishing to handle identity and cloud alerts. Microsoft is also adding a new agentic email grading system to its phish admin reporting process.

The new Threat Hunting agent uses natural language commands to help security teams accelerate hunting, improve context, and recommend next steps. Moreover, the Dynamic Threat Detection Agent is designed to find blind spots and false negatives proactively. The Threat Intelligence (TI) Briefing Agent can now generate tailored threat briefings within the Defender portal.

Microsoft also announced today that Security Copilot has started rolling out to Frontier Security Copilot customers with Microsoft 365 E5 subscriptions. This AI-powered tool is expected to become generally available for Microsoft 365 E5 customers in the coming months.

New automatic attack disruption capabilities

Microsoft is also expanding the automatic attack disruption capabilities in Microsoft Defender, which isolate endpoints and disable compromised accounts during active attacks. After initial containment of a compromised asset, the Predictive Shielding feature leverages threat intelligence and graph insights to predict an attacker’s next move and applies proactive hardening (e.g., disabling SafeBoot and enforcing Group Policy Objects).

Microsoft Defender now supports third-party attack disruption capabilities for AWS, Proofpoint, and Okta to block phishing and identity compromise attacks across federated accounts and cloud boundaries. These new automatic attack disruption features are currently available in preview for commercial customers.

Unified posture management and threat protection for AI agents

Microsoft Defender now offers unified posture management and threat protection for AI agents through Microsoft Agent 365. These preview features provide a centralized view of AI assets to reduce shadow agents, strengthen security posture with proactive recommendations, and perform attack path analysis. They also enable detection and response to threats like prompt injections and data exposure.

Microsoft Defender correlates AI security signals with contextual alerts and applies a build-to-runtime approach to deliver comprehensive protection for AI models, agents, SaaS apps, and cloud infrastructure.

Microsoft Defender for Cloud updates

Posture management for serverless resources

Later this month, Microsoft Defender for Cloud is getting preview support for posture management of serverless resources. This update will provide visibility into serverless compute and application platforms, integrate posture insights into attack paths, and strengthen end-to-end protection for workloads like Azure Functions, Azure Web Apps, and AWS Lambda. Moreover, security teams will gain tools to identify risks, analyze attack paths, monitor misconfigurations, and detect vulnerabilities.

Unified security posture management

Lastly, Microsoft Defender for Cloud now offers unified security posture management in preview, giving organizations a single, integrated view of risks across hybrid and multicloud environments. Microsoft has embedded MDC into the Defender portal to let security teams access a centralized dashboard that combines posture management, threat protection, asset inventory, and exposure insights for Azure, AWS, and Google Cloud.

This new integration enables visibility into vulnerabilities, attack paths, and prioritized recommendations. Moreover, granular role-based access control (RBAC) simplifies compliance and reduces operational risk across multicloud environments.