News
Microsoft Intune and Entra Receives Security Copilot Enhancement
Microsoft this week announced an expansion of its Security Copilot assistant across Microsoft Entra and Intune, which includes new AI-powered features aimed at managing endpoints and ID infrastructure.
"This milestone reflects the critical role Intune and Entra play in modern security strategies, serving as the foundation for implementing a Zero Trust model," wrote Microsoft. "Intune enforces device compliance, app protection, and endpoint privilege management, while Entra governs identity access with Conditional Access policies and granular authentication controls."
In Intune, Security Copilot comes packed with a dedicated Explorer pane within the admin center, allowing users to request information and take action without switching tools. Administrators can ask questions such as, "Show me devices not on the latest version of Windows and Office," and receive actionable results.
The Explorer experience stretches across many Intune domains, including devices, apps, security policies, users and compliance data. It also supports Windows 365 Cloud PCs, offering visibility into connectivity, licensing and performance. Microsoft said additional capabilities for Cloud PCs, such as diagnostics and licensing optimization, will be introduced in future updates.
Security Copilot can now also assist with writing Kusto Query Language (KQL) queries, generating custom reports and evaluating app risks for privilege elevation requests. Integration with the Surface Management Portal provides unified visibility across Surface devices, said the company.
In Entra, Security Copilot now can help admins review conditional access policies, spot security gaps or overlaps and explain identity governance decisions. A new Conditional Access Optimization Agent scans for policy issues and suggests improvements, supports custom rules via natural-language prompts and logs all activity for auditing.
The assistant uses Microsoft Graph data and built-in system tools to generate responses. Sessions are saved for later review, and access is controlled through role-based permissions. Microsoft noted that all actions require admin approval -- Security Copilot does not act without user permission.
Security Copilot was first released in April and is also available in Defender, Purview and Sentinel. Microsoft said the tool is intended to help IT teams manage hybrid environments more efficiently. A company-sponsored study found that users working with Security Copilot completed tasks nearly 30 percent faster and with greater accuracy compared to traditional methods.
Security Copilot is available as an add-on license for customers using Microsoft 365 E5, Enterprise Mobility + Security E5 or Defender for Endpoint Plan 2.