Ignite 2025: New Security Copilot Agents Boost Threat Detection and Compliance

Microsoft unveils new AI-powered Security Copilot agents and tools to strengthen enterprise security.

Microsoft Security image

Key Takeaways:

  • Microsoft expands Security Copilot with 12 new agents across Defender, Entra, Intune, and Purview.
  • Adaptive AI agents now assist security teams in triage, identity governance, compliance, and device management.
  • New tools and integrations include a Security Store, AI risk dashboard, and GitHub partnership.

Microsoft has launched twelve new Security Copilot agents in preview in Microsoft Defender, Microsoft Entra, Microsoft Intune, and Microsoft Purview. The company has also introduced over 30 new partner agents that are designed to offer end-to-end protection to organizations.

Security Copilot is an AI-powered cybersecurity assistant designed to help organizations detect, investigate, and respond to threats faster and more effectively. It integrates advanced threat intelligence, contextual reasoning, and automation into tools like Defender, Entra, Intune, and Purview. Security Copilot leverages Microsoft’s vast data signals and enterprise knowledge to deliver precise insights and recommendations.

These adaptive agents work side by side with security teams to triage incidents, optimize conditional access policies, surface threat intelligence, and maintain secure, compliant endpoints more easily,” explained Vasu Jakkal, Corporate Vice President, Microsoft Security.

Ignite 2025: New Security Copilot Agents Boost Threat Detection and Compliance
Security Copilot Agents (Image Credit: Microsoft)

How do the new Security Copilot agents work?

For SOC teams, new Microsoft Defender agents automate alert triage, prioritize threat intelligence, enable natural-language threat hunting capabilities, and detect missed threats to close visibility gaps and speed up incident response. Moreover, Microsoft Entra agents are designed to help identity teams manage risky users, optimize conditional access policies, streamline access reviews, as well as govern application lifecycles.

With Microsoft Purview agents, data security teams can discover and remediate sensitive data exposure, provide contextual risk insights, and enable proactive compliance. The new Microsoft Intune agents also help IT teams convert requirements into policies, analyze changes before rollout, and detect devices for removal.

Microsoft also announced today that Security Copilot will be available to all Microsoft 365 E5 customers, with rollout starting for Frontier customers and expanding in the coming months. The new interactive agent experience (preview) enhances collaboration by allowing scoped, focused chats tailored to each agent’s expertise. The Enterprise Knowledge Integration also lets agents reason over internal organizational data, as well as provide context-aware recommendations and improve decision-making.

Microsoft Security Store

The new Microsoft Security Store makes it easier for organizations to discover, purchase, and deploy trusted security solutions and AI agents that integrate with Microsoft Security products. This release brings three major enhancements, including embedded access within Defender and Entra for familiar workflows, an expanded catalog of over 100 third-party solutions, and the ability for partners to offer security services like managed detection and threat hunting directly through the Store.

Other security updates

Microsoft introduced Foundry Control Plane, a new feature in Microsoft Foundry that simplifies building, managing, and securing large-scale agent fleets. It integrates security tools like Entra, Defender, and Purview for unified policies and real-time risk insights, and lets developers publish agents directly to Microsoft Agent 365.

The new Security Dashboard for AI is a centralized hub that gives security teams full visibility into the risks, compliance status, and posture of AI agents, apps, and platforms. It aggregates signals from Defender, Entra, and Purview to help organizations monitor their entire AI estate, correlate threats, and quickly address issues like data oversharing or identity risks.

Microsoft has expanded Purview capabilities for Microsoft 365 Copilot to strengthen data security and compliance. The update adds oversharing reports in the Admin Center, automated link remediation, DLP for Copilot and chat prompts, scheduled deletion of sensitive Teams transcripts, and controls for government cloud environments.

Additionally, Microsoft announced a new integration between Defender and GitHub Advanced Security to streamline collaboration between developers and security teams. This partnership lets security teams detect vulnerabilities, developers fix them using Copilot Autofix, and Defender to validate the changes.

Last but not least, Baseline Security Mode (BSM) applies Microsoft-recommended settings to reduce legacy risks and strengthen cloud security. It offers a guided experience for identifying gaps, simulating changes, and deploying protections.