Microsoft Security Copilot Dynamic Threat Detection Agent Now in Public Preview
The AI-powered agent delivers smarter alerts and actionable insights in Microsoft Defender with no extra setup.
Key Takeaways:
- The Security Copilot Dynamic Threat Detection Agent that was announced at Ignite 2025 is now available in preview.
- This AI-powered agent detects hidden threats and gives actionable alerts.
- It offers zero-touch deployment with alerts integrated into existing Microsoft security tools.
Microsoft has launched the public preview of the new Security Copilot Dynamic Threat Detection Agent in Microsoft Defender. This new AI-powered tool strengthens cybersecurity by delivering smarter, context-rich alerts with actionable insights, with no additional setup required.
“Security teams often face the risk of false negatives—threats that go undetected by traditional, rule-based detection systems. The Dynamic Threat Detection Agent uses AI to identify gaps and uncover false negatives by correlating alerts, events, anomalies, and threat intelligence. When the agent identifies a gap, it generates a dynamic alert with the full context in the alert details, including natural language explanations, mapped MITRE ATT&CK techniques, and tailored remediation steps,” Microsoft explained.
AI-powered threat detection for smarter alerts
The Security Copilot Dynamic Threat Detection Agent offers significant benefits to security teams by identifying threats that traditional systems often overlook through continuous analysis of signals from Microsoft Defender and Sentinel. It reduces alert noise and enhances analyst clarity by providing rich context and actionable insights.
With zero-touch deployment, the agent runs seamlessly in the background without requiring onboarding or manual tuning. Its deep integration with Microsoft security tools (such as Security Copilot, Defender, and Sentinel) enables it to correlate signals across multiple sources for more comprehensive and effective threat detection.
How to use the Security Copilot Dynamic Threat Detection Agent?
Microsoft notes that using the Dynamic Threat Detection Agent is simple and requires no extra configuration. It automatically triages incidents and alerts within the Microsoft Defender portal. All new alerts appear in the standard incident queue and are clearly marked with “Security Copilot” as the detection source. Security teams can click on any alert to access AI-generated summaries along with recommended actions directly on the alert details page.
The Security Copilot Dynamic Threat Detection Agent is currently available in preview at no additional cost for commercial customers. Once this feature reaches general availability, its usage will be billed based on Security Compute Units (SCUs). Microsoft advises security teams to review the AI-powered recommendations for remediation to ensure their accuracy and relevance before implementation.
Rabia has a master's degree in Software Engineering and she has years of experience writing professionally about Microsoft products and other technologies. Rabia has also written for OnMSFT.com as well as Windows Report. She is always up to date on t...
