News

Microsoft Expands Security Copilot with AI Agents

• By Chris Paoli
• 03/26/2025

Microsoft this week announced that it is adding security-focused Copilot agents to Microsoft Security, designed to bolster organizational defenses against escalating cyber threats.

The announcement coincides with new additions to Microsoft Defender, Entra and Purview, all designed to strengthen protections for generative AI deployments. It also marks the first anniversary of Microsoft Security Copilot.

"In this age of AI, securing AI and using it to boost security are crucial for every organization," said Vasu Jakkal, Microsoft Security corporate vice president, in a blog post. "At Microsoft, we are dedicated to helping organizations secure their future with our AI-first, end-to-end security platform."

Microsoft is now expanding the platform with six new built-in AI agents, along with five developed by partners, to automate high-volume tasks such as phishing response, vulnerability remediation, data loss prevention and identity protection.

Microsoft's native agents will help automate security in the following areas:

• Alert Triage Agents in Microsoft Purview to prioritize insider risk alerts
• Conditional Access Optimization Agent in Entra to flag gaps in identity policies
• Vulnerability Remediation Agent in Intune to streamline patch management
• Threat Intelligence Briefing Agent to generate threat summaries tailored to an organization's threat landscape

These agents, set to enter public preview in April, are designed to learn from feedback, adapt to existing workflows and operate under Microsoft's Zero Trust security framework.

In addition to Microsoft-built agents, five partners are contributing AI-powered tools to the Security Copilot ecosystem. Among them:

• OneTrust: Privacy Breach Response Agent helps navigate regulatory requirements
• Aviatrix: Network Supervisor Agent troubleshoots VPN and gateway issues
• BlueVoyant: SecOps Tooling Agent improves SOC effectiveness and compliance
• Tanium: Alert Triage Agent provides deeper context for incident analysts
• Fletch: Task Optimizer Agent reduces alert fatigue by prioritizing threats

"An agentic approach to privacy will be game-changing for the industry. Autonomous AI agents will help our customers scale, augment and increase the effectiveness of their privacy operations," said Blake Brannon, chief product and strategy officer at OneTrust.

Along with the in-house and third-party agents, Microsoft has announced a handful of AI tools to address AI governance and data protection. They include:

• AI security posture management extending to Google Vertex AI and all models in Azure AI Foundry, available in preview in May.
• Defender threat detection enhancements targeting prompt injection, wallet abuse and other OWASP-identified risks in AI apps.
• Microsoft Entra’s AI web category filters to block unauthorized access to unapproved "shadow AI" applications.
• Microsoft Purview’s browser-based data loss prevention to prevent data entry into generative AI tools like ChatGPT and Gemini via Edge for Business.

Finally, starting in April 2025, Microsoft Defender for Office 365 will offer expanded protection for Teams, defending against phishing and other advanced threats. The update includes inline safeguards such as real-time scanning of URLs and detonation of suspicious attachments and links. Security operations center teams will also gain full visibility, with alerts and incident data integrated into Microsoft Defender.