Key Takeaways:
- Microsoft is expanding Security Copilot with six in-house and five partner-developed AI agents.
- New AI agents in Microsoft Defender, Purview, Entra, and Intune assist with phishing triage, alert prioritization, access policy optimization, and vulnerability remediation.
- Microsoft plans to extend support to multiple device platforms and third-party integrations.
Microsoft has announced plans to add support for AI-powered agents to its Security Copilot solution. The company will launch six in-house security agents alongside five partner-developed agents in public preview on April 27.
“These AI-powered agents autonomously handle high-volume security and IT tasks, seamlessly integrated with Microsoft Security solutions and existing security tools. Purpose-built for security, these agents learn from feedback, adapt to organizational workflows with your team fully in control, and operate securely within Microsoft’s Zero-Trust framework,” explained Dorothy Li | CVP, Microsoft Copilot, and Marketplace.
Phishing Triage Agent in Microsoft Defender
Microsoft mentioned that SOC analysts spend most of their time manually triaging phishing alerts. The new Phishing Triage Agent in the Microsoft Defender Portal leverages AI to sort through phishing alerts to distinguish between genuine threats and false alarms. It offers clear explanations for its decisions, which makes it easier for security analysts to understand. This agent continuously enhances its detection accuracy by learning from analyst feedback.
Alert Triage Agents in Microsoft Purview
Microsoft has also introduced new Alert Triage Agents in Microsoft Purview Data Loss Prevention and Insider Risk Management. These agents help data security admins manage the high volume of daily alerts by prioritizing critical incidents. They analyze alert content and intent based on organizational policies and provide clear explanations for their categorizations. This capability allows admins to quickly assess risks and focus on critical threats, with the agents continuously improving their accuracy through feedback from security teams.
Conditional Access Optimization Agent in Microsoft Entra
Enterprise admins often face challenges in keeping access policies updated for new users and applications, which can lead to security threats. The Conditional Access Optimization Agent automates the detection and resolution of policy change, continuously monitoring new users and apps to ensure alignment with existing policies. It provides optimizations and one-click fixes to help IT admins enhance the security posture of their organization.
Vulnerability Remediation Agent in Microsoft Intune
It could be increasingly challenging for organizations to manage security vulnerabilities due to the high volume of CVEs and limited resources. Microsoft Intune addresses this problem with the Vulnerability Remediation Agent, which leverages Microsoft Defender Vulnerability Management to automatically detect, evaluate, and prioritize vulnerabilities in Windows. It continuously monitors threats, assesses risk levels, and offers actionable remediation recommendations to reduce exposure time. Microsoft plans to add support for multiple device platforms and third parties in the future.
Threat Intelligence Briefing Agent in Security Copilot
Cybersecurity analysts often struggle with data overload and resource constraints when sourcing threat intelligence. The Threat Intelligence Briefing Agent in Security Copilot streamlines this process by curating relevant and timely threat intelligence based on the unique attributes and threat exposure of an organization.
Last but not least, Microsoft has announced five new upcoming agents in partner solutions. These include Privacy Breach Response Agent by OneTrust, Network Supervisor by Aviatrix, SecOps Tooling Agent by BlueVoyant, Alert Triage Agent by Tanium, and Task Optimizer Agent by Fletch.