That is why we are making security agents available in the everyday flow of work of security teams, embedded right in the tools they love and use. At Microsoft Ignite 2025, we are not just announcing new features—we are redefining what’s possible, empowering security teams to shift from reactive responses to proactive strategies.

Unlocking AI-first security with Microsoft Security Copilot

A Microsoft 365 E5 subscription delivers security across your organization, including threat protection with Microsoft Defender, identity and access management through Microsoft Entra, endpoint device management via Microsoft Intune, and data security provided by Microsoft Purview. Microsoft Security Copilot amplifies these capabilities with built-in agents that act as a force multiplier across the security stack. Security teams are empowered with adaptive agents, running side by side with them to accelerate investigations, streamline tasks and deliver faster, smarter outcomes.

To make it easier to harness the power of these agents and get started more quickly, we are excited to announce that Microsoft Security Copilot will be included for all Microsoft 365 E5 customers.* The rollout begins today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers.

Existing Security Copilot customers with Microsoft 365 E5 subscriptions can get started with the agents today at no additional cost*:

• Security operations in Microsoft Defender
• Data security in Microsoft Purview
• Identity and access in Microsoft Entra
• Endpoint management in Microsoft Intune

All other Microsoft 365 E5 customers will receive a 30-day advanced notification before activation and can learn more in the documentation.

Welcome to a new era of cybersecurity: where agents are built in, easy to use, and ready to help your team stay ahead of cyberthreats.

Expanding our agent portfolio for stronger security outcomes

We’re not only making these agents more easily accessible, we’re extending the ecosystem even further. Adding to the 37 Security Copilot agents already available, we’re introducing more than 40 new Microsoft and partner-built agents.

12 new Microsoft-built agents across Microsoft Defender, Entra, Intune, and Purview are available today in preview. Additionally, more than 30 new partner-built agents extend protection end-to-end. These agents automate large-scale tasks, which allows security teams to dedicate more time to strategic initiatives.

Extensive portfolio with new agents

Security operations teams can harness agents that triage alerts in real time, surface actionable threat intelligence, and enable natural language threat hunting—so defenders can focus on what matters most: staying ahead of cyberattackers.

Identity and access admins can deploy new agents in Microsoft Entra to protect across layers of identity: proactively remediating risky users, optimizing Conditional Access policies, streamlining access reviews, and managing app lifecycles to reduce risk and improve efficiency.

Data security professionals can use agents in Microsoft Purview, to strengthen data security by discovering, analyzing, and remediating sensitive data risks—combining proactive posture management with intelligent triage to reduce manual work and help continuous risk reduction.

IT admins can use the new agents in Microsoft Intune to make complex tasks easier and security stronger by turning requirements into policies, assessing changes before they impact productivity, and identifying devices for removal— for smarter decisions, better compliance, and reduced risk.

Agents across all roles through partner ecosystem: additionally, there are more than 30 new partner-built agents available today in the Microsoft Security Store. These agents support security roles across the industry, with skills and capabilities like simplifying incident analysis, enhancing data protection, and ensuring security tools are aligned with industry standards. To learn more about these agent offerings, visit Microsoft Security Store.

If you don’t find exactly what you need among the dozens of ready-to-use agents, Security Copilot gives you the flexibility to create your own. Since announcing this capability in September, customers have already built more than 370 unique agents—tailored to their environments and designed for their specific use cases.

Evolving agent capabilities for deeper collaboration

With the interactive agent experience, now in public preview, security teams can engage in scoped, focused chats tailored to each agent’s expertise. Dynamic workflows and built-in starter prompts keep investigations on track, while prompt suggestions surface in real time, helping humans and agents collaborate for quicker, more effective security and IT results.

And to truly empower agents, context and data are key. Security Copilot taps into Microsoft’s threat intelligence—powered by more than 100 trillion signals processed daily—and unifies insights through Microsoft Sentinel. Now, with enterprise knowledge integration in preview, agents can reason over your organization’s internal data, delivering contextual recommendations unique to your environment. This means every interaction is informed, precise, and tailored to accelerate your security and IT operations.

Agents accelerating cybersecurity outcomes

This is not just vision—it’s reality. Security Copilot agents are already delivering transformative outcomes:

• SOC analysts have detected malicious emails up to 550% faster with the Phishing Triage Agent in Microsoft Defender—based on controlled comparisons of detection speed in simulated phishing scenarios.²
• Identity admins have achieved up to 204% greater accuracy in identifying missing Zero Trust policies with the Conditional Access Optimization Agent in Microsoft Entra—measured against baseline policy audits in enterprise environments.³

Shape the future of security with Microsoft

Microsoft is committed to helping organizations become true “Frontier Firms”—pioneers who harness agentic AI to transform security and IT operations. Microsoft Ignite is your invitation to be part of this movement: connect with our experts, experience the future firsthand, and discover how Security Copilot can help you realize your boldest ambitions.

Visit our Meet the Experts booths (#2330 and #2320), attend security sessions, and visit the Microsoft Security Store to explore available Microsoft and partner-built agents. The future of defense is not just about keeping up—it’s about leading the way.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Security in the agentic era:

The core primitive

Envision a future where defenders and AI agents work together. Hear Charlie Bell and Vasu Jakkal share how leading organizations are securing AI innovation at scale—plus get demos and actionable steps.

Watch now

* Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.

¹ Bridging the Cyber Skills Gap, World Economic Forum. 2025.

²Randomized Controlled Trial for Phishing Triage Agent, James Bono, Microsoft Corporation. October 2025.

³ Randomized Controlled Trial for Conditional Access Optimization Agent, James Bono, Beibei Cheng, Joaquin Lozano, Microsoft Corporation. October 2025.

The post Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 appeared first on Microsoft Security Blog.

Security Store: Your gateway to stronger security

Released to public preview on September 30, 2025, Microsoft Security Store brings together a diverse catalog of security solutions and AI-powered agents from Microsoft and leading partners—all in one unified experience. Whether you’re looking for advanced threat protection, identity management, compliance automation, or cloud security, you’ll find offerings from these categories and many more tailored to your organization’s needs.

Security professionals can browse a wide range of software as a service (SaaS) solutions, from endpoint protection and data governance to cloud security and compliance. Increasingly, organizations are also turning to AI-powered agents—many of which are built on Microsoft Security Copilot—to automate triage, accelerate investigations, and deliver real-time insights. Security Store has you covered here too, with agents that represent a fast-growing area of innovation, helping security teams respond to cyberthreats with greater speed and precision.

Solutions and agents are organized by industry frameworks like the National Institute of Standards and Technology (NIST) Cybersecurity Framework, making it easy to filter by function, such as threat protection, identity management, or compliance automation. You can also browse by integration type (Microsoft Defender, Microsoft Sentinel, Microsoft Entra, Microsoft Purview) and see at a glance which solutions fit your environment and needs.

Because Security Store is built on the Microsoft Marketplace, customers can take advantage of unified billing—purchasing solutions and agents with their existing Microsoft account, and consolidating spend on a single invoice. Eligible purchases can contribute to Microsoft Azure Consumption Commitment (MACC), helping make your organization’s dollars go further. Deployment is guided and streamlined: admins can deploy solutions and agents directly from the store in just a few steps, with automatic provisioning of resources and clear visibility into where solutions have been installed.

Being able to tailor by framework or goals and see relevant solutions in one place is really valuable. The marketplace can be overwhelming, so having a focused, security-centric experience like this is a big win for us.”

—Sean Vaden, Vice President (VP), Security, Irth Solutions

For partners, the benefits are just as strong. Security Store leverages Microsoft’s global commerce infrastructure, enabling partners to transact in local currencies, access built-in billing and entitlement management, and reach new customers through in-app discovery and mainstream marketplace motions. Partners can monetize both SaaS solutions and AI agents, tap into Microsoft’s go-to-market incentives, and grow their business alongside a rapidly expanding ecosystem.

We’re inspired to be part of Security Store, empowering Microsoft customers with easier access to Akamai’s advanced security and agentic solutions to help them strengthen their overall security posture.”

—Rami Katz, VP Business Development, Akamai

By bringing discovery, purchase, and deployment together in a single place, Security Store empowers organizations to rapidly expand capabilities, respond to new risks, and drive continuous improvement. It’s more than a marketplace—it’s your one-stop shop for building a resilient, future-ready security ecosystem.

Solutions and agents for every challenge

From day one, Security Store is focused on providing a broad selection that brings together the best of Microsoft and its partners to tackle the most pressing security challenges facing organizations today.

From threat protection and incident response to identity management, data security, compliance, and cloud security, Microsoft Security Store offers solutions and agents for every scenario. Offerings are tailored for security operations center (SOC) teams, IT administrators, privacy and compliance leaders, and more—each designed to integrate seamlessly with Microsoft Security products.

• Threat protection and AI agents: Partners like BlueVoyant, Darktrace, and Illumio deliver agents that automate threat hunting, triage alerts, and provide real-time insights. For example, BlueVoyant’s Watchtower agent continuously monitors Microsoft Sentinel environments, while Darktrace’s Email Analysis Agent helps SOC teams detect and respond to phishing attacks with self-learning AI.
• Identity and access management: Solutions from Invoke and Netskope empower organizations to discover, secure, and govern workload identities, enforce Zero Trust policies, and streamline compliance. Invoke’s Identity Workload ID agent flags misconfigurations and recommends best practices, while Netskope’s SSE platform integrates with Microsoft Entra and Microsoft Defender for unified, context-rich protection.
• Data security, governance, compliance, and privacy: Solutions aligned with Microsoft Purview help organizations safeguard sensitive data, automate compliance, and manage privacy requirements. These offerings support robust governance and help organizations meet evolving regulatory standards.
• Endpoint and cloud security: Tanium’s Autonomous Endpoint Management pairs real-time endpoint visibility with AI-powered automation, keeping IT environments healthy and secure at scale. Illumio’s breach containment agent integrates with Microsoft Sentinel to isolate cyberthreats across hybrid and multicloud environments.

Through Security Store, we’re accelerating our ability to turn extended detection and response innovation into customer impact. This is more than a marketplace. We see a new operating system for security transactability, where deployment, automation, and agentic value converge in one seamless experience.”

—Milan Patel, Co-founder, BlueVoyant (former FBI Cyber Division Chief Technology Officer)

Importantly, Security Store features many of the most popular and widely adopted security solutions in the industry. Whether you’re looking for trusted names in endpoint protection, advanced threat intelligence, or innovative AI-powered agents, you’ll find options that are already proven in organizations around the world. This means customers can choose from both established leaders and emerging innovators, all in one place.

Building momentum

In just the first two weeks since launch, Security Store has already brought together a fast-growing catalog of solutions and AI agents from leading partners and innovators. Each week, new offerings are added, ever expanding the choices available to organizations and fueling our momentum to help build safer businesses. For a more detailed walk through of the current security solutions and AI agents available from Microsoft and our partners in Security Store, read our Tech Community post.

The Microsoft Security Store has allowed us to reach new customers who are looking for trusted, ready-to-use security innovations. It makes it easy for organizations to discover and deploy our Security Copilot agents directly within their Microsoft environment, allowing them to quickly benefit from automation, faster investigations, and stronger operational resilience across their security operations.”

—Christian Kanja, Chief Executive Officer, glueckkanja AG

Learn more

The Microsoft Security Store journey is just beginning. With your help, together, we’re building momentum for a safer, more innovative future in security. Whether you’re looking to strengthen your security posture or reach new customers, the Security Store is built for you.

Ready to explore what’s possible? Visit the Security Store to discover, compare, and deploy trusted solutions and agents for your organization. And partners interested in joining can head to the Security Store partner page to get started.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post The new Microsoft Security Store unites partners and innovation appeared first on Microsoft Security Blog.

That’s why we’re focused on delivering deeply integrated, scenario-based experiences that align with Zero Trust principles, making it easier for IT and security professionals to ask questions, take action, and gain insights directly within their existing workflows. These experiences not only reduce friction but also help IT teams stay in flow, making smarter decisions faster and with greater confidence. And the impact is real: organizations using Security Copilot have seen a 54% reduction in time to resolve device policy conflicts, and a 22.8% drop in alerts per incident within three months of adoption, freeing up teams to focus on more strategic work.

We’re excited to announce the Security Copilot capabilities in Microsoft Intune and Microsoft Entra have moved from preview to general availability. This milestone reflects the critical role Intune and Entra play in modern security strategies, serving as the foundation for implementing a Zero Trust model. Intune enforces device compliance, app protection, and endpoint privilege management, while Entra governs identity access with Conditional Access policies and granular authentication controls. Together, they create a unified security posture that aligns with Zero Trust principles across devices, users, applications, and even agents. Security Copilot amplifies this foundation by providing AI-assisted guidance, autonomous agents, and insights accessible through natural language, helping IT teams scale operations, accelerate skilling, and proactively remediate threats at machine speed.

Reimagining IT workflows with Security Copilot in Intune

IT administrators often face a daily flood of data, alerts, and configuration details, making it difficult to quickly find the right information and act with confidence. AI is changing how people work, and Copilot in Intune is evolving how IT admins interact with and act on their endpoint management data. The Security Copilot in Intune general availability release introduces a brand new, Copilot-assisted data exploration capability. IT admins now have a dedicated page in the Intune admin center to ask Copilot for the data they need, take action, and complete endpoint management tasks, all without leaving their workflow. This capability allows admins to extract insights across Intune domains—devices, apps, security policies, users, compliance data, app configurations, and more—and act on it using its deep integration into the Intune functionality they are familiar with. It represents the first step in a foundational shift from traditional reporting and queries to Copilot-powered investigation and IT-empowered action.

This new Security Copilot capability is designed to simplify the most time-consuming IT workflows, like assessing security posture, managing updates, troubleshooting issues, and generating custom reports. Whether it’s identifying non-compliant devices, tracking patch failures, previewing policy impact, or automating remediation, Copilot brings together the data and actions IT needs in one place.

Admins can ask natural language questions like, “Show me devices that are not on the latest version of Windows and Office,” or “Which of my Endpoint Privilege Management rules are in conflict and what are the source profiles?” and take action instantly, without switching context.

Figure 1. New experience to explore your Intune data with Copilot assistance across workloads.

The new Explorer experience also includes support for Windows 365 Cloud PCs, giving IT administrators a consistent way to view and act on device details across both cloud and physical endpoints. We are excited to share that in the coming weeks, we’ll introduce additional AI capabilities in Intune with Copilot assistance for Windows 365, offering insights into Cloud PC connectivity and connection quality, licensing optimization, and performance issues tied to compute resources. These capabilities build on the momentum of virtual computing and the ability to stream Windows from the Cloud, enhancing the IT experience and delivering even more endpoint management value—especially for Windows-based environments.

The general availability release of Security Copilot in Intune also provides chat-based contextual assistance and includes integration with core and Microsoft Intune Suite solutions. Intune Advanced Analytics multiple device query (MDQ), and Copilot help admins write detailed Kusto Query Language (KQL) queries and Endpoint Privilege Management with Copilot assesses app risks for admins to make informed decisions before approving Windows users’ elevation requests. And with the Surface Management Portal in Intune, Copilot provides unified visibility and controls for IT across Surface devices, further strengthening security posture and streamlining operations.

Just as Security Copilot is transforming endpoint management in Intune, it’s also reshaping how identity is managed in Microsoft Entra.

Security Copilot in Entra brings clarity and speed to identity security

Identity environments evolve daily—new user, apps, and permissions are constantly introduced, making it difficult for IT and identity admins to keep policies up to date and user access properly governed. Manual investigations done the traditional way can be very time-consuming and reactive, giving cyberattackers more time to exploit gaps. With more than 600 million identity-based attacks happening daily, organizations can’t afford slow, manual investigations or infrequent policy reviews.¹

Security Copilot in Microsoft Entra, now generally available, brings AI-assisted reasoning, natural language prompts, and real-time insights across your identity and access estate, all within the Microsoft Entra admin center. We’ve made major enhancements to improve performance, scalability, and accuracy, enabling Security Copilot to better understand user intent, handle more complex questions, and deliver clearer answers.

 We’ve also expanded coverage to support a broader set of real-world identity scenarios. Copilot in Entra now helps admins investigate users, troubleshoot sign-ins, manage access reviews and entitlements, monitor tenant health and service-level agreement (SLAs), optimize license usage, and analyze role assignments and recommendations—all grounded in Microsoft Graph data.

Admins can now ask natural language questions like, “Which enterprise applications have credentials about to expire?” and “What role does the user have?” to quickly surface insights and take action. Whether it’s reviewing access packages, identifying risky apps, or checking license availability, Security Copilot in Entra helps teams move faster, stay ahead of cyberthreats, and focus on what matters most.

Purpose-built agents for real-world IT challenges

At Microsoft Secure 2025, as part of our vision to deliver an AI-first, end-to-end security platform, Microsoft announced 11 AI-powered Security Copilot agents that are seamlessly integrated with Microsoft Security and partner solutions. These agents autonomously handle high-volume, high-value tasks, learn from feedback, adapt to workflows, and operate securely, reflecting our commitment to helping organizations achieve what was previously impossible—at machine speed.

Today marks a meaningful milestone in our journey toward an AI-first, end-to-end security platform: we’re announcing the general availability of the Conditional Access Optimization Agent in Microsoft Entra. This launch brings AI-powered automation to IT and security operations, helping teams bring proactive protection directly into identity workflows.

The Conditional Access Optimization Agent runs autonomously, scanning your environment for gaps, overlaps, and outdated policy assignments. It then recommends precise, one-click remediations to help close the gaps fast, turning reactive cleanup into proactive defense.

The Conditional Access Optimization Agent provides:

• Autonomous protection, every day—Automatically detects newly created users or apps not covered by Conditional Access policies, reducing risk between manual audits.
• Real-time, explainable decisions—Every recommendation includes a plain-language summary and visual activity map showing how the agent reached its conclusion.
• Continuous adaptability to your organization’s needs—Support for custom business rules, the agent can learn based on your natural-language feedback (for example, excluding break-glass accounts).
• Full auditability—Agent actions like install, enable and disable, and recommendations are recorded in the audit log for compliance and operational transparency.

With the Conditional Access Optimization Agent, policy coverage becomes continuous. You gain daily protection, policy clarity, and built-in expertise without the manual lift. As one security leader put it:

“The Conditional Access Optimization Agent is like having a security analyst on call 24/7. It proactively identifies gaps in our Conditional Access policies and ensures every user is protected from day one, and with report-only mode and AI-driven recommendations, we can test and refine access policies without disruption. It’s a secure path to innovation that every chief information security officer can trust.”

—Julian Rasmussen, Senior consultant and Partner, Point Taken, Microsoft MVP

Step into the future of IT with Security Copilot

We’re in a new era of AI that has implications for IT operations and security. Now with Microsoft Security Copilot in Intune and Entra, you can make your organization future-ready with AI solutions that help organizations transform IT and security at machine speed.

As part of our ongoing commitment to enhancing the embedded experience of Security Copilot across Microsoft Security products, we’re excited to introduce a new in-portal capacity calculator available in the Security Copilot standalone experience (Azure account required). This tool allows organizations to estimate the number of Security Compute Units (SCUs) they may need based on the number of Security Copilot users in each Microsoft Security product. Users can generate a quick estimate, providing a practical starting point for capacity planning. SCU allocations can be adjusted at any time as real-world usage patterns emerge. Learn more.

Explore more use cases for IT and identity admins in the Security Copilot adoption hub. Explore Copilot in Intune and Entra and take these steps to learn more:

• Get started with Microsoft Security Copilot.
• Learn more about how to apply Microsoft Intune and Microsoft Entra to your program.
• Connect with your Microsoft representative to schedule a demo or get more information.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2024.

The data, insights, and events in this report represent July 2023 through June 2024 (Microsoft fiscal year 2024), unless otherwise noted.

The post Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra appeared first on Microsoft Security Blog.