The modern cybersecurity landscape is experiencing a historic inflection point. As cyberattackers deploy Artificial Intelligence (AI) to automate sophisticated attacks at unprecedented speed and scale, the challenge for defenders is not simply to keep up; it is to leap ahead. Given the reported deficit of over four million cybersecurity jobs globally, depending solely on human-scale resources is no longer enough to secure the digital future.
The path forward requires empowering security professionals and augmenting human expertise with intelligent agents and AI collaborators designed to help transform organizational security.
At Microsoft Ignite 2025, announcements focused on delivering this transformative vision. The core principle driving these innovations is that security must be the core primitive. This means security must be ambient and autonomous, woven into everything built from silicon and operating systems to agents, apps, data, platforms, and clouds. By embedding security in the everyday flow of work, these solutions empower teams to shift from reactive responses to proactive security strategies.
Table of Contents
Unlocking AI-First Security: Security Copilot Inclusion for Microsoft 365 E5
To make harnessing the power of intelligent agents easier and quicker, an important announcement was made regarding accessibility: Microsoft Security Copilot will be included for all Microsoft 365 E5 customers. The rollout of this inclusion begins immediately for existing Security Copilot customers with Microsoft 365 E5 subscriptions and will continue in the upcoming months for all eligible customers.
A Microsoft 365 E5 subscription already delivers security across key organizational components, including threat protection with Microsoft Defender, identity and access management through Microsoft Entra, endpoint management via Microsoft Intune, and data security provided by Microsoft Purview. Microsoft Security Copilot acts as a powerful multiplier, amplifying these existing capabilities with built-in agents.
Capacity and Licensing Details
Eligible Microsoft 365 E5 customers will receive 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to a maximum of 10,000 SCUs per month. This capacity is expected to support typical scenarios. Customers will later have the option to pay for scaling capacity beyond the allocated amount at $6 per SCU on a pay-as-you-go basis.
Agentic Defense in Action: New Agents and Proven Security Outcomes
The ecosystem of intelligent agents supporting security teams is rapidly expanding. Adding to the 37 Security Copilot agents already available, the solutions are introducing more than 40 new Microsoft and partner-built agents.
This expansion includes 12 new Microsoft-built agents (available in preview) across Microsoft Defender, Entra, Intune, and Purview, and over 30 new partner-built agents available in the Microsoft Security Store. These specialized agents automate large-scale tasks, allowing security teams to dedicate valuable time to strategic initiatives.
Transformative Outcomes by Role
Security Operations (SecOps):
Agents are available that triage alerts in real time, surface actionable threat intelligence, and enable natural language threat hunting. This capability helps defenders focus on proactive measures. The Phishing Triage Agent in Microsoft Defender has enabled SOC analysts to detect malicious emails up to 550% faster in controlled, simulated phishing scenarios.
Identity and Access Admins:
New agents in Microsoft Entra protect across multiple identity layers. They proactively remediate risky users, optimize Conditional Access policies, streamline access reviews, and manage app lifecycles. The Conditional Access Optimization Agent in Microsoft Entra has achieved up to 204% greater accuracy in identifying missing Zero Trust policies when measured against baseline audits in enterprise environments.
Data Security Professionals:
Agents in Microsoft Purview strengthen data security by discovering, analyzing, and remediating sensitive data risks. They combine proactive posture management with intelligent triage to reduce manual work and help maintain continuous risk reduction.
IT Admins:
Agents in Microsoft Intune simplify complex tasks. They convert requirements into policies, assess changes before they impact productivity, and identify devices for removal for smarter decisions, improved compliance, and reduced risk.
Deeper Collaboration and Customization
Security Copilot provides the flexibility for customers to create their own agents tailored to specific use cases, with customers already having built over 370 unique agents since the capability’s announcement.
Additionally, the interactive agent experience, now in public preview, allows security teams to engage in focused chats tailored to each agent’s expertise. The agents are further enhanced by enterprise knowledge integration (in preview), which allows them to reason over an organization’s internal data, delivering contextual and precise recommendations unique to that environment. This agent intelligence is fueled by Microsoft’s threat intelligence, which processes more than 100 trillion signals daily and unifies insights through Microsoft Sentinel.
Securing the AI Stack: Governance, Control, and Predictive Platform Defense
As AI agents become ubiquitous, security leaders need clear answers on how to onboard, manage, and govern them. The solutions announced at Ignite address securing the AI stack end-to-end.
Governing AI Agents
Microsoft Agent 365 has been introduced as the control plane for AI agents. It brings observability to every level of the AI stack, helping organizations observe, manage, secure, and govern all agents regardless of whether they are built with Microsoft tools, open-source frameworks, or third-party platforms.
Key governance capabilities include
Registry
The Microsoft Entra registry provides a complete inventory of all agents, including the ability to identify and quarantine unsanctioned “shadow agents”.
Security
Agent 365 integrates Microsoft Defender, Microsoft Entra, and Microsoft Purview to deliver comprehensive protection, helping security leaders assess posture, defend against AI cyberattacks like prompt injections, and prevent agents from processing or leaking sensitive data.
For unified risk management, the Security Dashboard for AI centralizes discovery, protection, and governance. It aggregates signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview to give CISOs and AI risk leaders visibility into the security posture, risks, and regulatory compliance of their entire AI estate.
Furthermore, Microsoft Purview expanded data security and compliance controls for Microsoft 365 Copilot. These enhancements include comprehensive data oversharing reports, automated bulk remediation of overshared links, and Data Loss Prevention (DLP) for Copilot and chat prompts.
Platform and Cloud Security Innovations
To defend in the agentic age, an agentic defense platform is necessary. Microsoft Sentinel has evolved into an agentic security platform, powering Security Copilot agents and new predictive protection in Microsoft Defender.
Predictive Shielding
Microsoft Defender introduces predictive shielding, a new capability designed to anticipate cyberattacker movement. It forecasts likely attacker pivots using graph insights derived from the 100 trillion signals analyzed daily. This capability then applies targeted, just-in-time hardening actions to proactively protect critical assets and block the exploitation of attack pathways.
Code Security
New integration between Microsoft Defender and GitHub Advanced Security allows security teams to recommend code fixes, which developers can remediate using Copilot Autofix.
Code Security
New integration between Microsoft Defender and GitHub Advanced Security allows security teams to recommend code fixes, which developers can remediate using Copilot Autofix.
Cloud Hardening
Baseline Security Mode, now generally available, uses Microsoft-recommended settings to help mitigate legacy risks and improve cloud security posture.
Windows and Intune Security
New capabilities in Microsoft Intune simplify managing Windows at scale, including phased deployments for AI rollouts, remote management of the Windows Recovery Environment, and maintenance windows for update timing. Windows also includes support for post-quantum cryptography.
Expert-Led Services
The Microsoft Defender Experts Suite has been announced to help organizations easily access security expertise. Available early 2026, this new offering will combine human-led, AI-powered managed Extended Detection and Response (XDR), end-to-end proactive incident response services, and direct access to designated Microsoft security advisors.
Conclusion
In the agentic AI era, trust is the foundational element, and security has always been the root of trust. The commitment to security is realized through the Microsoft Secure Future Initiative, an ongoing effort to improve security for customers and the broader ecosystem. The innovations announced at Microsoft Ignite 2025 help organizations accelerate their journey to becoming “Frontier Firms” pioneers who utilize agentic AI to transform security operations.
Customers are encouraged to visit the Microsoft Security Store to explore the available Microsoft and partner-built agents and discover how Security Copilot can help security teams lead the way in defense.
Key Takeaways
– Security Copilot Accessibility:Microsoft Security Copilot will be included for all Microsoft 365 E5 customers. Eligible customers receive 400 SCUs per month per 1,000 users, up to 10,000 SCUs.
– Agent Expansion and Performance: More than 40 new agents (Microsoft and partner-built) are being introduced. Agents are proven to accelerate outcomes, such as SOC analysts detecting threats up to 550% faster with the Phishing Triage Agent.
– AI Agent Governance:Microsoft Agent 365 is the announced control plane for AI agents, providing observability, inventory via the Entra registry, and security integration with Defender, Entra, and Purview.
– Predictive Defense:Microsoft Defender Predictive Shielding uses threat intelligence (100 trillion signals analyzed daily) to anticipate attacker movement and proactively harden attack pathways before exploitation.
– Data Protection: Microsoft Purview expanded controls for Microsoft 365 Copilot, including comprehensive reports and Data Loss Prevention (DLP) for Copilot and chat prompts.
Inside Microsoft Ignite 2025: How Agentic AI Is Transforming Cybersecurity
The modern cybersecurity landscape is experiencing a historic inflection point. As cyberattackers deploy Artificial Intelligence (AI) to automate sophisticated attacks at unprecedented speed and scale, the challenge for defenders is not simply to keep up; it is to leap ahead. Given the reported deficit of over four million cybersecurity jobs globally, depending solely on human-scale resources is no longer enough to secure the digital future.
The path forward requires empowering security professionals and augmenting human expertise with intelligent agents and AI collaborators designed to help transform organizational security.
At Microsoft Ignite 2025, announcements focused on delivering this transformative vision. The core principle driving these innovations is that security must be the core primitive. This means security must be ambient and autonomous, woven into everything built from silicon and operating systems to agents, apps, data, platforms, and clouds. By embedding security in the everyday flow of work, these solutions empower teams to shift from reactive responses to proactive security strategies.
Table of Contents
Unlocking AI-First Security: Security Copilot Inclusion for Microsoft 365 E5
To make harnessing the power of intelligent agents easier and quicker, an important announcement was made regarding accessibility: Microsoft Security Copilot will be included for all Microsoft 365 E5 customers. The rollout of this inclusion begins immediately for existing Security Copilot customers with Microsoft 365 E5 subscriptions and will continue in the upcoming months for all eligible customers.
A Microsoft 365 E5 subscription already delivers security across key organizational components, including threat protection with Microsoft Defender, identity and access management through Microsoft Entra, endpoint management via Microsoft Intune, and data security provided by Microsoft Purview. Microsoft Security Copilot acts as a powerful multiplier, amplifying these existing capabilities with built-in agents.
Capacity and Licensing Details
Eligible Microsoft 365 E5 customers will receive 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to a maximum of 10,000 SCUs per month. This capacity is expected to support typical scenarios. Customers will later have the option to pay for scaling capacity beyond the allocated amount at $6 per SCU on a pay-as-you-go basis.
Agentic Defense in Action: New Agents and Proven Security Outcomes
The ecosystem of intelligent agents supporting security teams is rapidly expanding. Adding to the 37 Security Copilot agents already available, the solutions are introducing more than 40 new Microsoft and partner-built agents.
This expansion includes 12 new Microsoft-built agents (available in preview) across Microsoft Defender, Entra, Intune, and Purview, and over 30 new partner-built agents available in the Microsoft Security Store. These specialized agents automate large-scale tasks, allowing security teams to dedicate valuable time to strategic initiatives.
Transformative Outcomes by Role
Security Operations (SecOps):
Agents are available that triage alerts in real time, surface actionable threat intelligence, and enable natural language threat hunting. This capability helps defenders focus on proactive measures. The Phishing Triage Agent in Microsoft Defender has enabled SOC analysts to detect malicious emails up to 550% faster in controlled, simulated phishing scenarios.
Identity and Access Admins:
New agents in Microsoft Entra protect across multiple identity layers. They proactively remediate risky users, optimize Conditional Access policies, streamline access reviews, and manage app lifecycles. The Conditional Access Optimization Agent in Microsoft Entra has achieved up to 204% greater accuracy in identifying missing Zero Trust policies when measured against baseline audits in enterprise environments.
Data Security Professionals:
Agents in Microsoft Purview strengthen data security by discovering, analyzing, and remediating sensitive data risks. They combine proactive posture management with intelligent triage to reduce manual work and help maintain continuous risk reduction.
IT Admins:
Agents in Microsoft Intune simplify complex tasks. They convert requirements into policies, assess changes before they impact productivity, and identify devices for removal for smarter decisions, improved compliance, and reduced risk.
Deeper Collaboration and Customization
Security Copilot provides the flexibility for customers to create their own agents tailored to specific use cases, with customers already having built over 370 unique agents since the capability’s announcement.
Additionally, the interactive agent experience, now in public preview, allows security teams to engage in focused chats tailored to each agent’s expertise. The agents are further enhanced by enterprise knowledge integration (in preview), which allows them to reason over an organization’s internal data, delivering contextual and precise recommendations unique to that environment. This agent intelligence is fueled by Microsoft’s threat intelligence, which processes more than 100 trillion signals daily and unifies insights through Microsoft Sentinel.
Securing the AI Stack: Governance, Control, and Predictive Platform Defense
As AI agents become ubiquitous, security leaders need clear answers on how to onboard, manage, and govern them. The solutions announced at Ignite address securing the AI stack end-to-end.
Governing AI Agents
Microsoft Agent 365 has been introduced as the control plane for AI agents. It brings observability to every level of the AI stack, helping organizations observe, manage, secure, and govern all agents regardless of whether they are built with Microsoft tools, open-source frameworks, or third-party platforms.
Key governance capabilities include
Registry
The Microsoft Entra registry provides a complete inventory of all agents, including the ability to identify and quarantine unsanctioned “shadow agents”.
Security
Agent 365 integrates Microsoft Defender, Microsoft Entra, and Microsoft Purview to deliver comprehensive protection, helping security leaders assess posture, defend against AI cyberattacks like prompt injections, and prevent agents from processing or leaking sensitive data.
For unified risk management, the Security Dashboard for AI centralizes discovery, protection, and governance. It aggregates signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview to give CISOs and AI risk leaders visibility into the security posture, risks, and regulatory compliance of their entire AI estate.
Furthermore, Microsoft Purview expanded data security and compliance controls for Microsoft 365 Copilot. These enhancements include comprehensive data oversharing reports, automated bulk remediation of overshared links, and Data Loss Prevention (DLP) for Copilot and chat prompts.
Platform and Cloud Security Innovations
To defend in the agentic age, an agentic defense platform is necessary. Microsoft Sentinel has evolved into an agentic security platform, powering Security Copilot agents and new predictive protection in Microsoft Defender.
Predictive Shielding
Microsoft Defender introduces predictive shielding, a new capability designed to anticipate cyberattacker movement. It forecasts likely attacker pivots using graph insights derived from the 100 trillion signals analyzed daily. This capability then applies targeted, just-in-time hardening actions to proactively protect critical assets and block the exploitation of attack pathways.
Code Security
New integration between Microsoft Defender and GitHub Advanced Security allows security teams to recommend code fixes, which developers can remediate using Copilot Autofix.
Code Security
New integration between Microsoft Defender and GitHub Advanced Security allows security teams to recommend code fixes, which developers can remediate using Copilot Autofix.
Cloud Hardening
Baseline Security Mode, now generally available, uses Microsoft-recommended settings to help mitigate legacy risks and improve cloud security posture.
Windows and Intune Security
New capabilities in Microsoft Intune simplify managing Windows at scale, including phased deployments for AI rollouts, remote management of the Windows Recovery Environment, and maintenance windows for update timing. Windows also includes support for post-quantum cryptography.
Expert-Led Services
The Microsoft Defender Experts Suite has been announced to help organizations easily access security expertise. Available early 2026, this new offering will combine human-led, AI-powered managed Extended Detection and Response (XDR), end-to-end proactive incident response services, and direct access to designated Microsoft security advisors.
Conclusion
In the agentic AI era, trust is the foundational element, and security has always been the root of trust. The commitment to security is realized through the Microsoft Secure Future Initiative, an ongoing effort to improve security for customers and the broader ecosystem. The innovations announced at Microsoft Ignite 2025 help organizations accelerate their journey to becoming “Frontier Firms” pioneers who utilize agentic AI to transform security operations.
Customers are encouraged to visit the Microsoft Security Store to explore the available Microsoft and partner-built agents and discover how Security Copilot can help security teams lead the way in defense.
Key Takeaways
Categories
Recent Posts