News
Microsoft Unveils Security Copilot Agents Preview at RSA Conference 2025
Microsoft has announcing the public preview of new AI-powered agents at RSA Conference 2025, currently taking place in San Francisco, Calif.
The company introduced Security Copilot last year to help security teams manage escalating cyber threats with fewer resources. Since its launch, the AI assistant has been integrated across Microsoft's security stack, helping organizations streamline detection, investigation and response.
At this year's event, Microsoft showcased several new Copilot agents now available in phased public preview. Each agent is designed to automate security tasks and adapt to an organization's unique workflows.
Available agents, which were first announced last month, include a Conditional Access Optimization Agent for Microsoft Entra, a Vulnerability Remediation Agent for Microsoft Intune and a Threat Intelligence Briefing Agent for Security Copilot. Microsoft said additional agents, including phishing and alert triage tools for Microsoft Defender and Microsoft Purview, will roll out in the coming weeks.
The company also announced new partner-built agents from Performanta, aimed at investigating email threats and identity access risks.
At the event and in a follow-up blog post, Microsoft also announced that Security Copilot support for Microsoft Sentinel scenarios via Azure Lighthouse is now generally available. Managed security service providers can now use Security Copilot's natural language prompts and automation capabilities across customer environments without requiring customers to purchase separate Copilot licenses.
Partner Plugins
Microsoft introduced several new plugins in preview to extend Copilot's capabilities, including integrations with Censys, HP's Workforce Experience Platform, Splunk and Quest Security Guardian. A CheckPhish plugin for URL threat analysis is now generally available.
AI Governance
To address data protection risks in AI environments, Microsoft introduced Microsoft Purview integrations for Security Copilot, currently in preview. These capabilities help organizations detect sensitive data exposure, investigate insider threats involving AI, and apply retention and audit policies to AI-generated data.
Meanwhile, Copilot enhancements in Microsoft Defender for Cloud, now generally available, offer AI-driven risk remediation summaries and delegation tools for cloud environments. Microsoft also announced that enriched incident summaries for Microsoft Sentinel are now in public preview.
Flexible Consumption Model Introduced
To support scalability, Microsoft unveiled a new overage Security Compute Unit (SCU) model, allowing organizations to extend their Copilot capacity beyond their initial provisioned limits.