As our customers rapidly embrace agentic AI, chief information officers (CIOs), chief information security officers (CISOs), and security decision makers are asking urgent questions: How do I track and monitor all these agents? How do I know what they are doing? Do they have the right access? Can they leak sensitive data? Are they protected from cyberthreats? How do I govern them?

Agent 365 and Microsoft 365 E7: The Frontier Suite, generally available on May 1, 2026, are designed to help answer these questions and give organizations the confidence to go further with AI.

Agent 365—the control plane for agents

As organizations adopt agentic AI, growing visibility and security gaps can increase the risk of agents becoming double agents. Without a unified control plane, IT, security, and business teams lack visibility into which agents exist, how they behave, who has access to them, and what potential security risks exist across the enterprise. With Microsoft Agent 365 you now have a unified control plane for agents that enables IT, security, and business teams to work together to observe, govern, and secure agents across your organization—including agents built with Microsoft AI platforms and agents from our ecosystem partners—using new Microsoft Security capabilities built into their existing flow of work.

Here is what that looks like in practice:

As we are now running Agent 365 in production, Avanade has real visibility into agent activity, the ability to govern agent sprawl, control resource usage, and manage agents as identity-aware digital entities in Microsoft Entra. This significantly reduces operational and security risk, represents a critical step forward in operationalizing the agent lifecycle at scale, and underscores Microsoft’s commitment to responsible, production-ready AI.

—Aaron Reich, Chief Technology and Information Officer, Avanade

Key Agent 365 capabilities include:

Observability for every role

With Agent 365, IT, security, and business teams gain visibility into all Agent 365 managed agents in their environment, understand how they are used, and can act quickly on performance, behavior, and risk signals relevant to their role—from within existing tools and workflows.

• Agent Registry provides an inventory of agents in your organization, including agents built with Microsoft AI platforms, ecosystem partner agents, and agents registered through APIs. This agent inventory is available to IT teams in the Microsoft 365 admin center. Security teams see the same unified agent inventory in their existing Microsoft Defender and Purview workflows.
• Agent behavior and performance observability provides detailed reports about agent performance, adoption and usage metrics, an agent map, and activity details.
• Agent risk signals across Microsoft Defender*, Entra, and Purview* help security teams evaluate agent risk—just like they do for users—and block agent actions based on agent compromise, sign-in anomalies, and risky data interactions. Defender assesses risk of agent compromise, Entra evaluates identity risk, and Purview evaluates insider risk. IT also has visibility into these risks in the Microsoft 365 admin center.
• Security policy templates, starting with Microsoft Entra, automate collaboration between IT and security. They enable security teams to define tenant-wide security policies that IT leaders can then enforce in the Microsoft 365 admin center as they onboard new agents.

*These capabilities are in public preview and will continue to be on May 1.

Secure and govern agent access

Unmanaged agents may create significant risk, from accessing resources unchecked to accumulating excessive privileges and being misused by malicious actors. With Microsoft Entra capabilities included in Agent 365, you can secure agent identities and their access to resources.

• Agent ID gives each agent a unique identity in Microsoft Entra, designed specifically for the needs of agents. With Agent ID, organizations can apply trusted access policies at scale, reduce gaps from unmanaged identities, and keep agent access aligned to existing organizational controls.
• Identity Protection and Conditional Access for agents extend existing user policies that make real-time access decisions based on risks, device compliance from Microsoft Intune, and custom security attributes to agents working on behalf of a user. These policies help prevent compromise and help ensure that agents cannot be misused by malicious actors.
• Identity Governance for agents enables identity leaders to limit agent access to only resources they need, with access packages that can be scoped to a subset of the users permissions, and includes the ability to audit access granted to agents.

Prevent data oversharing and ensure agent compliance

Microsoft Purview capabilities in Agent 365 provide comprehensive data security and compliance coverage for agents. You can protect agents from accessing sensitive data, prevent data leaks from risky insiders, and help ensure agents process data responsibly to support compliance with global regulations.

• Data Security Posture Management provides visibility and insights into data risks for agents so data security admins can proactively mitigate those risks.
• Information Protection helps ensure that agents inherit and honor Microsoft 365 data sensitivity labels so that they follow the same rules as users for handling sensitive data to prevent agent-led sensitive data leaks.
• Inline Data Loss Prevention (DLP) for prompts to Microsoft Copilot Studio agents blocks sensitive information such as personally identifiable information, credit card numbers, and custom sensitive information types (SITs) from being processed in the runtime.
• Insider Risk Management extends insider risk protection to agents to help ensure that risky agent interactions with sensitive data are blocked and flagged to data security admins.
• Data Lifecycle Management enables data retention and deletion policies for prompts and agent-generated data so you can manage risk and liability by keeping the data that you need and deleting what you don’t.  
• Audit and eDiscovery extend core compliance and records management capabilities to agents, treating AI agents as auditable entities alongside users and applications. This will help ensure that organizations can audit, investigate, and defensibly manage AI agent activity across the enterprise.
• Communication Compliance extends to agent interactions to detect and enable human oversight of risky AI communications. This enables business leaders to extend their code of conduct and data compliance policies to AI communications.

Defend agents against emerging cyberthreats

To help you stay ahead of emerging cyberthreats, Agent 365 includes Microsoft Defender protections purpose-built to detect and mitigate specific AI vulnerabilities and threats such as prompt manipulation, model tampering, and agent-based attack chains.

• Security posture management for Microsoft Foundry and Copilot Studio agents* detects misconfigurations and vulnerabilities in agents so security leaders can stay ahead of malicious actors by proactively resolving them before they become an attack vector.
• Detection, investigation, and response for Foundry and Copilot Studio agents* enables the investigation and remediation of attacks that target agents and helps ensure that agents are accounted for in security investigations.
• Runtime threat protection, investigation, and hunting** for agents that use the Agent 365 tools gateway, helps organizations detect, block, and investigate malicious agent activities.

Agent 365 will be generally available on May 1, 2026, and priced at $15 per user per month. Learn more about Agent 365.

*These capabilities are in public preview and will continue to be on May 1.

**This new capability will enter public preview in April 2026 and continue to be on May 1.

Microsoft 365 E7: The Frontier Suite

Microsoft 365 E7 brings together intelligence and trust to enable organizations to accelerate Frontier Transformation, equipping employees with AI across email, documents, meetings, spreadsheets, and business application surfaces. It also gives IT and security leaders the observability and governance needed to operate AI at enterprise scale.

Microsoft 365 E7 includes Microsoft 365 Copilot, Agent 365, Microsoft Entra Suite, and Microsoft 365 E5 with advanced Defender, Entra, Intune, and Purview security capabilities to help secure users, delivering comprehensive protection across users and agents. It will be available for purchase on May 1, 2026, at a retail price of $99 per user per month. Learn more about Microsoft 365 E7.

End-to-end security for the agentic era

Frontier Transformation is anchored in intelligence and trust, and trust starts with security. Microsoft Security capabilities help protect 1.6 million customers at the speed and scale of AI.¹ With Agent 365, we are extending these enterprise-grade capabilities so organizations can observe, secure, and govern agents and delivering comprehensive protection across agents and users with Microsoft 365 E7.

Secure your Frontier Transformation today with Agent 365 and Microsoft 365 E7: The Frontier Suite. And join us at RSAC Conference 2026 to learn more about these new solutions and hear from industry experts and customers who are shaping how agents can be observed, governed, secured, and trusted in the real world.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Fiscal Year 2026 Second Quarter Earnings Conference Call.

The post Secure agentic AI for your Frontier Transformation appeared first on Microsoft Security Blog.

That is why we are making security agents available in the everyday flow of work of security teams, embedded right in the tools they love and use. At Microsoft Ignite 2025, we are not just announcing new features—we are redefining what’s possible, empowering security teams to shift from reactive responses to proactive strategies.

Unlocking AI-first security with Microsoft Security Copilot

A Microsoft 365 E5 subscription delivers security across your organization, including threat protection with Microsoft Defender, identity and access management through Microsoft Entra, endpoint device management via Microsoft Intune, and data security provided by Microsoft Purview. Microsoft Security Copilot amplifies these capabilities with built-in agents that act as a force multiplier across the security stack. Security teams are empowered with adaptive agents, running side by side with them to accelerate investigations, streamline tasks and deliver faster, smarter outcomes.

To make it easier to harness the power of these agents and get started more quickly, we are excited to announce that Microsoft Security Copilot will be included for all Microsoft 365 E5 customers.* The rollout begins today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers.

Existing Security Copilot customers with Microsoft 365 E5 subscriptions can get started with the agents today at no additional cost*:

• Security operations in Microsoft Defender
• Data security in Microsoft Purview
• Identity and access in Microsoft Entra
• Endpoint management in Microsoft Intune

All other Microsoft 365 E5 customers will receive a 30-day advanced notification before activation and can learn more in the documentation.

Welcome to a new era of cybersecurity: where agents are built in, easy to use, and ready to help your team stay ahead of cyberthreats.

Expanding our agent portfolio for stronger security outcomes

We’re not only making these agents more easily accessible, we’re extending the ecosystem even further. Adding to the 37 Security Copilot agents already available, we’re introducing more than 40 new Microsoft and partner-built agents.

12 new Microsoft-built agents across Microsoft Defender, Entra, Intune, and Purview are available today in preview. Additionally, more than 30 new partner-built agents extend protection end-to-end. These agents automate large-scale tasks, which allows security teams to dedicate more time to strategic initiatives.

Extensive portfolio with new agents

Security operations teams can harness agents that triage alerts in real time, surface actionable threat intelligence, and enable natural language threat hunting—so defenders can focus on what matters most: staying ahead of cyberattackers.

Identity and access admins can deploy new agents in Microsoft Entra to protect across layers of identity: proactively remediating risky users, optimizing Conditional Access policies, streamlining access reviews, and managing app lifecycles to reduce risk and improve efficiency.

Data security professionals can use agents in Microsoft Purview, to strengthen data security by discovering, analyzing, and remediating sensitive data risks—combining proactive posture management with intelligent triage to reduce manual work and help continuous risk reduction.

IT admins can use the new agents in Microsoft Intune to make complex tasks easier and security stronger by turning requirements into policies, assessing changes before they impact productivity, and identifying devices for removal— for smarter decisions, better compliance, and reduced risk.

Agents across all roles through partner ecosystem: additionally, there are more than 30 new partner-built agents available today in the Microsoft Security Store. These agents support security roles across the industry, with skills and capabilities like simplifying incident analysis, enhancing data protection, and ensuring security tools are aligned with industry standards. To learn more about these agent offerings, visit Microsoft Security Store.

If you don’t find exactly what you need among the dozens of ready-to-use agents, Security Copilot gives you the flexibility to create your own. Since announcing this capability in September, customers have already built more than 370 unique agents—tailored to their environments and designed for their specific use cases.

Evolving agent capabilities for deeper collaboration

With the interactive agent experience, now in public preview, security teams can engage in scoped, focused chats tailored to each agent’s expertise. Dynamic workflows and built-in starter prompts keep investigations on track, while prompt suggestions surface in real time, helping humans and agents collaborate for quicker, more effective security and IT results.

And to truly empower agents, context and data are key. Security Copilot taps into Microsoft’s threat intelligence—powered by more than 100 trillion signals processed daily—and unifies insights through Microsoft Sentinel. Now, with enterprise knowledge integration in preview, agents can reason over your organization’s internal data, delivering contextual recommendations unique to your environment. This means every interaction is informed, precise, and tailored to accelerate your security and IT operations.

Agents accelerating cybersecurity outcomes

This is not just vision—it’s reality. Security Copilot agents are already delivering transformative outcomes:

• SOC analysts have detected malicious emails up to 550% faster with the Phishing Triage Agent in Microsoft Defender—based on controlled comparisons of detection speed in simulated phishing scenarios.²
• Identity admins have achieved up to 204% greater accuracy in identifying missing Zero Trust policies with the Conditional Access Optimization Agent in Microsoft Entra—measured against baseline policy audits in enterprise environments.³

Shape the future of security with Microsoft

Microsoft is committed to helping organizations become true “Frontier Firms”—pioneers who harness agentic AI to transform security and IT operations. Microsoft Ignite is your invitation to be part of this movement: connect with our experts, experience the future firsthand, and discover how Security Copilot can help you realize your boldest ambitions.

Visit our Meet the Experts booths (#2330 and #2320), attend security sessions, and visit the Microsoft Security Store to explore available Microsoft and partner-built agents. The future of defense is not just about keeping up—it’s about leading the way.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

Security in the agentic era:

The core primitive

Envision a future where defenders and AI agents work together. Hear Charlie Bell and Vasu Jakkal share how leading organizations are securing AI innovation at scale—plus get demos and actionable steps.

Watch now

* Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.

¹ Bridging the Cyber Skills Gap, World Economic Forum. 2025.

²Randomized Controlled Trial for Phishing Triage Agent, James Bono, Microsoft Corporation. October 2025.

³ Randomized Controlled Trial for Conditional Access Optimization Agent, James Bono, Beibei Cheng, Joaquin Lozano, Microsoft Corporation. October 2025.

The post Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 appeared first on Microsoft Security Blog.

As agents become ubiquitous, security leaders are asking urgent questions: How do we onboard, manage, and govern these agents? How do we protect the data they access and create? How do we protect them from cyberthreats? How do we monitor them to ensure their trustworthiness, and ensure they are not double agents? And how can we use agents to protect, defend, and respond at the speed of AI?

The answer starts with trust and security has always been, and will always be, the root of trust. In the agentic era, security must be ambient and autonomous, like the AI it protects. It must be woven into and around everything we build—from silicon to operating systems, to agents, apps, data, platforms, and clouds—and throughout everything we do. This is our vision for security, where security becomes the core primitive.

At Microsoft Ignite 2025, we’re delivering on that vision with solutions that help customers observe, secure, and govern AI agents and apps, protect the platforms and clouds they are built on, and put agentic AI to work for security and IT teams. We are announcing new innovations across Microsoft Defender, Microsoft Entra, Microsoft Intune, Microsoft Purview, and Microsoft Sentinel—solutions used by more than 1.5 million customers today—to help customers secure every layer of the AI stack with industry-leading offerings.^1,2

Securing AI agents and apps

Let’s start with the first layer of that stack: the AI agents and apps that are helping us across our work, and how we are securing them end to end.

Microsoft Agent 365

Today we announced Microsoft Agent 365, the control plane for AI agents. Agent 365 brings observability at every level of the AI stack. Whether you create agents with Microsoft tools, open-source frameworks, or third-party platforms, Agent 365 helps you observe, manage, secure, and govern them. Security teams can now address agent sprawl, detect shadow agents, and protect agents comprehensively.

Agent 365 capabilities include:

• Registry: With Microsoft Entra registry, IT leaders get the complete inventory of all agents that are being used in their organization, including agents with Microsoft Entra Agent ID, agents that they decide to register themselves, and—coming soon—shadow agents. The registry also allows IT admins to quarantine unsanctioned agents to help ensure that they cannot be discovered by users or connect to other agents and organizational resources.

• Access control: With Agent Policy Templates, customers can enforce standard security policies from day one. As agents integrate into organizational workflows, Microsoft Entra enforces adaptive access policies that respond to real-time context and risk, and blocks agents that may have been compromised from accessing organization resources.

• Visualization: A unified dashboard and advanced analytics provide a complete map of connections among agents and users, other agents, and resources in your organization. Role-based reporting with tailored metrics and analytics helps IT, security, and business leaders see what matters most, right in their flow of work.

• Interop: Agents don’t just automate tasks for users, they amplify the work. With Work IQ, agents help accelerate time to value by accessing your organization’s unique data and context. Integrated with Microsoft 365 apps such as Outlook, Word, and Excel, agents take actions, build content, and collaborate seamlessly alongside users. Agent 365 works across Microsoft platforms, open-source frameworks and partner ecosystems.

• Security: Security is non-negotiable which is why Agent 365 uses Microsoft Defender, Microsoft Entra, and Microsoft Purview to deliver comprehensive protection from external and internal threats. Security leaders can proactively assess posture and risk, detect vulnerabilities and misconfigurations, protect against AI cyberattacks such as prompt injections, prevent agents from processing or leaking sensitive data, identify risky behaviors, and give organizations the ability to audit agent interactions, assess compliance readiness, policy violations, and recommend controls for evolving regulatory requirements.

Microsoft Foundry Control Plane

We announced Foundry Control Plane, a new experience in Microsoft Foundry, which makes it easier for developers to build, manage, and secure agent fleets at scale. Microsoft Defender, Microsoft Entra, and Microsoft Purview capabilities are natively integrated into Foundry Control Plane, so developers and security teams can share unified security controls, policies, and real-time risk insights, ensuring that agents and apps are protected from code development to runtime. Developers can also use Foundry Control Plane to publish agents directly to Agent 365 for IT enablement and activation, ensuring the same shared security foundations.

Microsoft Security Dashboard for AI

As AI adoption accelerates, the need for unified visibility into the security posture, risks, and regulatory compliance of their AI agents, apps, and platforms becomes more important than ever for security teams. The Security Dashboard for AI, announced today, centralizes discovery, protection, and governance by aggregating signals from Microsoft Defender, Microsoft Entra, and Microsoft Purview. This helps chief information security officers (CISOs) and AI risk leaders to manage security posture and mitigate risks across their entire AI estate. For example, you can see your full AI inventory and get visibility into a quarantined agent, flagged for high data risk due to oversharing sensitive information in Microsoft Purview. The dashboard then correlates that signal with identity insights from Microsoft Entra and threat protection alerts from Microsoft Defender to provide a complete picture of exposure.

Microsoft Purview expansion for Microsoft 365 Copilot

Microsoft Purview expanded data security and compliance controls for Microsoft 365 Copilot to include comprehensive data oversharing reports within the Microsoft 365 admin center, automated bulk remediation of overshared links, and data loss prevention for Microsoft 365 Copilot and chat prompts. Organizations can also benefit from automated deletion schedules for Microsoft Teams transcripts containing sensitive data, and enhanced controls to exclude processing of sensitive files in government cloud environments. These capabilities empower security and compliance teams to rapidly detect, protect, and remediate data risks in real time, and at scale.

All of these new solutions add to existing tools that help you secure and govern your AI estate.

Securing platforms and clouds

Now let’s look at the second layer of the stack: the platforms and clouds your agents and AI apps run on, and the innovations we announced to protect them.

Microsoft Defender and GitHub Advanced Security

Developers are under pressure to deliver rapid innovation while security teams are inundated with alerts and growing risk. New integration between Microsoft Defender and GitHub Advanced Security helps developers and security teams work together to secure code and infrastructure, using familiar tools. Security can recommend that developers address vulnerable code and developers can remediate with Copilot Autofix. Security can then validate fixes in Microsoft Defender, closing the loop and accelerating the “shift left” approach to security.

Microsoft Baseline Security Mode

As cyberattackers increasingly use AI to exploit legacy configurations, Baseline Security Mode, now generally available, uses Microsoft-recommended settings to help mitigate legacy risks and improve cloud security posture. A guided admin experience helps to identify potential gaps, simulate changes with “What If” analysis, and deploy broad protections designed to minimize disruption to business-critical workflows. It helps support compliance and audit readiness, provides greater visibility through built-in dashboards and telemetry, and promotes predictability with major updates approximately every six to 12 months.

Microsoft Intune and Windows Security

Windows, built to harness AI and the cloud, helps employees be more productive while you remain secure and in control. Support for post-quantum cryptography helps future-proof your organization against emerging cyberthreats while hardware-accelerated BitLocker protects data without performance trade-offs. And with the Windows Resilience Initiative, we’re making recovery faster and more reliable so when issues occur, you can return to business quickly.

Managing Windows at scale just got easier—and more secure—with new capabilities in Microsoft Intune. These enhancements give IT and security leaders the confidence to embrace AI while minimizing risk. Phased deployments simplify AI rollouts by reducing risk and validating security before scaling, ensuring smooth adoption without disruption. Recovery is faster and more reliable, transforming manual, device-by-device fixes into remote management of the Windows Recovery Environment at scale, with hardware-bound certificates guaranteeing every action is authenticated and authorized. Maintenance windows provide precise control over update timing for operating systems, drivers, and firmware, helping organizations maintain patch compliance while minimizing disruption and keeping productivity high.

Securing with agentic AI

To defend in the agentic age, we need agentic defense. This starts with having an agentic platform and security agents built into the flow of work. Microsoft Sentinel has evolved from its traditional role as a cloud security information and event management (SIEM) to an agentic security platform, powering Microsoft Security Copilot agents and new predictive protection in Microsoft Defender.

Agents built into your everyday flow of work with Security Copilot

With more than four million open roles in cybersecurity, it’s clear: human-scale defense alone cannot secure our digital future.³ The answer? Empowering every security professional with intelligent agents—AI partners that amplify human expertise and transform the very fabric of organizational security.

At Microsoft Ignite, we are introducing a dozen new and enhanced Microsoft Security Copilot agents, available in Microsoft Defender, Microsoft Entra, Microsoft Intune, and Microsoft Purview, to empower security teams to shift from reactive responses to proactive strategies and help transform every aspect of organizational security.

These adaptive agents run side by side with security teams to triage incidents, optimize conditional access policies, surface threat intelligence, and maintain secure, compliant endpoints more easily. Our partner community also released more than 30 new Security Copilot agents, extending protection end-to-end.

To make it easier than ever for organizations to harness the power of Security Copilot agents to protect at the speed and scale of AI, we are thrilled to announce that Security Copilot will be included for all Microsoft 365 E5 customers.* The rollout starts today for Security Copilot customers with Microsoft 365 E5 and continues for all Microsoft 365 E5 customers in the upcoming months.

Predictive shielding with Microsoft Defender

Cyberattackers are using AI to increase the speed and scale of attacks, unleashing a barrage on defenders. Defender predictive shielding goes beyond automated cyberattack disruption and introduces a new capability that can anticipate cyberattacker movement and proactively harden attack pathways to protect critical assets. It forecasts likely attacker pivots using graph insights and threat intelligence from the 100 trillion signals Microsoft analyzes daily. Then, it applies targeted, just-in-time hardening actions to block exploitation of adjacent resources. This strategic and coordinated response minimizes business disruption and gives security teams a powerful advantage over increasingly sophisticated cyberthreats.

Securing with a new suite of expert-led services

To help organizations easily access security expertise, we’re introducing the Microsoft Defender Experts Suite, a new offering that brings together human-led, AI-powered managed extended detection and response, end-to-end proactive incident response services, and direct access to designated Microsoft security advisors. The expert-led services will help you defend against cyberthreats, build cyber resilience, and transform your security operations. Defender Experts Suite will be available early 2026 to help you accelerate security outcomes. We are also announcing that Microsoft is now an approved incident response partner of Beazley, a specialist insurer. The collaboration will provide Microsoft customers with a streamlined claims process and faster action following a cyber event.

Security is the core primitive

In the agentic AI era, digital trust is paramount: security, safety, ethics, and privacy will underpin progress, and security has been, and always will be, the root of trust. This is why we prioritize security above all else through the Microsoft Secure Future Initiative—an ongoing effort to improve security for Microsoft, our customers, and the ecosystem. It is also why we believe security must be ambient and autonomous, woven into and around everything we build—from silicon to operating systems, to agents, apps, data, platforms, and clouds—and throughout everything we do. This is our vision for security as the core primitive.

Security in the agentic era:

The core primitive

Envision a future where defenders and AI agents work together. Hear Charlie Bell and Vasu Jakkal share how leading organizations are securing AI innovation at scale—plus get demos and actionable steps.

Watch now

We are excited to connect with you, the defenders, at Ignite to explore these innovations and more throughout the week. And we look forward to working together to build a safer future for all.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security Blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

* Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.

¹ Microsoft is a recognized leader in cybersecurity, Microsoft Security. 2025.

² Microsoft FY25 Fourth Quarter Earnings Conference Call, Jonathan Neilson, Satya Nadella, Amy Hood. July 30, 2025

³ Bridging the Cyber Skills Gap, World Economic Forum. 2025.

The post ​​Ambient and autonomous security for the agentic era​​  appeared first on Microsoft Security Blog.

That’s why we’re focused on delivering deeply integrated, scenario-based experiences that align with Zero Trust principles, making it easier for IT and security professionals to ask questions, take action, and gain insights directly within their existing workflows. These experiences not only reduce friction but also help IT teams stay in flow, making smarter decisions faster and with greater confidence. And the impact is real: organizations using Security Copilot have seen a 54% reduction in time to resolve device policy conflicts, and a 22.8% drop in alerts per incident within three months of adoption, freeing up teams to focus on more strategic work.

We’re excited to announce the Security Copilot capabilities in Microsoft Intune and Microsoft Entra have moved from preview to general availability. This milestone reflects the critical role Intune and Entra play in modern security strategies, serving as the foundation for implementing a Zero Trust model. Intune enforces device compliance, app protection, and endpoint privilege management, while Entra governs identity access with Conditional Access policies and granular authentication controls. Together, they create a unified security posture that aligns with Zero Trust principles across devices, users, applications, and even agents. Security Copilot amplifies this foundation by providing AI-assisted guidance, autonomous agents, and insights accessible through natural language, helping IT teams scale operations, accelerate skilling, and proactively remediate threats at machine speed.

Reimagining IT workflows with Security Copilot in Intune

IT administrators often face a daily flood of data, alerts, and configuration details, making it difficult to quickly find the right information and act with confidence. AI is changing how people work, and Copilot in Intune is evolving how IT admins interact with and act on their endpoint management data. The Security Copilot in Intune general availability release introduces a brand new, Copilot-assisted data exploration capability. IT admins now have a dedicated page in the Intune admin center to ask Copilot for the data they need, take action, and complete endpoint management tasks, all without leaving their workflow. This capability allows admins to extract insights across Intune domains—devices, apps, security policies, users, compliance data, app configurations, and more—and act on it using its deep integration into the Intune functionality they are familiar with. It represents the first step in a foundational shift from traditional reporting and queries to Copilot-powered investigation and IT-empowered action.

This new Security Copilot capability is designed to simplify the most time-consuming IT workflows, like assessing security posture, managing updates, troubleshooting issues, and generating custom reports. Whether it’s identifying non-compliant devices, tracking patch failures, previewing policy impact, or automating remediation, Copilot brings together the data and actions IT needs in one place.

Admins can ask natural language questions like, “Show me devices that are not on the latest version of Windows and Office,” or “Which of my Endpoint Privilege Management rules are in conflict and what are the source profiles?” and take action instantly, without switching context.

Figure 1. New experience to explore your Intune data with Copilot assistance across workloads.

The new Explorer experience also includes support for Windows 365 Cloud PCs, giving IT administrators a consistent way to view and act on device details across both cloud and physical endpoints. We are excited to share that in the coming weeks, we’ll introduce additional AI capabilities in Intune with Copilot assistance for Windows 365, offering insights into Cloud PC connectivity and connection quality, licensing optimization, and performance issues tied to compute resources. These capabilities build on the momentum of virtual computing and the ability to stream Windows from the Cloud, enhancing the IT experience and delivering even more endpoint management value—especially for Windows-based environments.

The general availability release of Security Copilot in Intune also provides chat-based contextual assistance and includes integration with core and Microsoft Intune Suite solutions. Intune Advanced Analytics multiple device query (MDQ), and Copilot help admins write detailed Kusto Query Language (KQL) queries and Endpoint Privilege Management with Copilot assesses app risks for admins to make informed decisions before approving Windows users’ elevation requests. And with the Surface Management Portal in Intune, Copilot provides unified visibility and controls for IT across Surface devices, further strengthening security posture and streamlining operations.

Just as Security Copilot is transforming endpoint management in Intune, it’s also reshaping how identity is managed in Microsoft Entra.

Security Copilot in Entra brings clarity and speed to identity security

Identity environments evolve daily—new user, apps, and permissions are constantly introduced, making it difficult for IT and identity admins to keep policies up to date and user access properly governed. Manual investigations done the traditional way can be very time-consuming and reactive, giving cyberattackers more time to exploit gaps. With more than 600 million identity-based attacks happening daily, organizations can’t afford slow, manual investigations or infrequent policy reviews.¹

Security Copilot in Microsoft Entra, now generally available, brings AI-assisted reasoning, natural language prompts, and real-time insights across your identity and access estate, all within the Microsoft Entra admin center. We’ve made major enhancements to improve performance, scalability, and accuracy, enabling Security Copilot to better understand user intent, handle more complex questions, and deliver clearer answers.

 We’ve also expanded coverage to support a broader set of real-world identity scenarios. Copilot in Entra now helps admins investigate users, troubleshoot sign-ins, manage access reviews and entitlements, monitor tenant health and service-level agreement (SLAs), optimize license usage, and analyze role assignments and recommendations—all grounded in Microsoft Graph data.

Admins can now ask natural language questions like, “Which enterprise applications have credentials about to expire?” and “What role does the user have?” to quickly surface insights and take action. Whether it’s reviewing access packages, identifying risky apps, or checking license availability, Security Copilot in Entra helps teams move faster, stay ahead of cyberthreats, and focus on what matters most.

Purpose-built agents for real-world IT challenges

At Microsoft Secure 2025, as part of our vision to deliver an AI-first, end-to-end security platform, Microsoft announced 11 AI-powered Security Copilot agents that are seamlessly integrated with Microsoft Security and partner solutions. These agents autonomously handle high-volume, high-value tasks, learn from feedback, adapt to workflows, and operate securely, reflecting our commitment to helping organizations achieve what was previously impossible—at machine speed.

Today marks a meaningful milestone in our journey toward an AI-first, end-to-end security platform: we’re announcing the general availability of the Conditional Access Optimization Agent in Microsoft Entra. This launch brings AI-powered automation to IT and security operations, helping teams bring proactive protection directly into identity workflows.

The Conditional Access Optimization Agent runs autonomously, scanning your environment for gaps, overlaps, and outdated policy assignments. It then recommends precise, one-click remediations to help close the gaps fast, turning reactive cleanup into proactive defense.

The Conditional Access Optimization Agent provides:

• Autonomous protection, every day—Automatically detects newly created users or apps not covered by Conditional Access policies, reducing risk between manual audits.
• Real-time, explainable decisions—Every recommendation includes a plain-language summary and visual activity map showing how the agent reached its conclusion.
• Continuous adaptability to your organization’s needs—Support for custom business rules, the agent can learn based on your natural-language feedback (for example, excluding break-glass accounts).
• Full auditability—Agent actions like install, enable and disable, and recommendations are recorded in the audit log for compliance and operational transparency.

With the Conditional Access Optimization Agent, policy coverage becomes continuous. You gain daily protection, policy clarity, and built-in expertise without the manual lift. As one security leader put it:

“The Conditional Access Optimization Agent is like having a security analyst on call 24/7. It proactively identifies gaps in our Conditional Access policies and ensures every user is protected from day one, and with report-only mode and AI-driven recommendations, we can test and refine access policies without disruption. It’s a secure path to innovation that every chief information security officer can trust.”

—Julian Rasmussen, Senior consultant and Partner, Point Taken, Microsoft MVP

Step into the future of IT with Security Copilot

We’re in a new era of AI that has implications for IT operations and security. Now with Microsoft Security Copilot in Intune and Entra, you can make your organization future-ready with AI solutions that help organizations transform IT and security at machine speed.

As part of our ongoing commitment to enhancing the embedded experience of Security Copilot across Microsoft Security products, we’re excited to introduce a new in-portal capacity calculator available in the Security Copilot standalone experience (Azure account required). This tool allows organizations to estimate the number of Security Compute Units (SCUs) they may need based on the number of Security Copilot users in each Microsoft Security product. Users can generate a quick estimate, providing a practical starting point for capacity planning. SCU allocations can be adjusted at any time as real-world usage patterns emerge. Learn more.

Explore more use cases for IT and identity admins in the Security Copilot adoption hub. Explore Copilot in Intune and Entra and take these steps to learn more:

• Get started with Microsoft Security Copilot.
• Learn more about how to apply Microsoft Intune and Microsoft Entra to your program.
• Connect with your Microsoft representative to schedule a demo or get more information.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Microsoft Digital Defense Report 2024.

The data, insights, and events in this report represent July 2023 through June 2024 (Microsoft fiscal year 2024), unless otherwise noted.

The post Improving IT efficiency with Microsoft Security Copilot in Microsoft Intune and Microsoft Entra appeared first on Microsoft Security Blog.

With so many strong vendors and solutions in the Zero Trust space, you need solid data to make the right choice for your organization. That’s why Forrester’s analysis matters. They provide detailed comparisons of vendor capabilities and strategic vision, helping security leaders evaluate which platforms are best equipped to meet today’s evolving challenges.

Your decision matters now more than ever. The security landscape is evolving rapidly with the rise of generative and agentic AI—where intelligent agents can create and collaborate with other agents, collaborate autonomously, and scale faster than traditional models can keep up. Systems once built for human identities must now manage a growing web of machine identities, each with its own access and risk profile.

In this landscape, adhering to the principles of Zero Trust is critical for protecting sensitive resources, so you can:

• Expand visibility across your digital environment to reduce security vulnerabilities.
• Secure your most critical assets while ensuring compliance.
• Deploy generative AI with confidence.

Microsoft’s end-to-end, integrated approach to Zero Trust

The Forrester report cited our vision for proactive security architecture powered by innovative AI agents that automate complex security, IT, and productivity tasks. But what we believe really caught their attention was our integrated approach—how we bring together capabilities across security, compliance, identity, device management, and privacy, all informed by more than 84 trillion threat signals a day.¹ As they noted, “Microsoft excels at tool consolidation and integration, helping reduce costs and overhead.”

Customers interviewed for the report recognized that our “deep cross-platform integration” delivers “real business value” without making customers stitch different solutions together manually. This integration spans the entire Microsoft Security portfolio—Microsoft Defender, Microsoft Purview, Microsoft Intune, Microsoft Sentinel, and Microsoft Entra—to provide a unified platform that secures identities, endpoints, data, apps, infrastructure, and AI. At the heart of this integration are the strong identity management capabilities of Microsoft Entra, which Forrester noted for “deliver[ing] effective least-privilege access enforcement” while enabling data security controls and endpoint management.

Picture a typical attack pattern. Malicious activity in an on-premises system might be detected by Defender for Identity, a compromised device flagged by Defender for Endpoint, and risky insider behavior identified by Purview. These signals converge in Entra conditional access, your centralized policy engine, enabling real-time, risk-based access controls that adapt to emerging threats and, when necessary, block access automatically.

Powered by AI and threat intelligence, our unified security platform surfaces high-priority incidents and recommends next actions, transforming security from a collection of tools into a cohesive defense. You can work within our unified platform to prevent, detect, and respond to incidents across a single integrated system—no jumping between dashboards or correlating signals manually. All of this comes together with Microsoft Security Exposure Management to give full visibility into all your assets and help you proactively reduce risk.

An integrated approach doesn’t mean using only Microsoft solutions. We believe security is a team sport. In fact, the Forrester report recognized the maturity and scale of our global partner ecosystem. We’ve invested heavily in these partnerships because they provide additional signals and specialized protections that make the entire security community stronger. The report also cited our standout community, which provides education, training, and guidance on building Zero Trust architectures to ensure customers have the support they need at every step.

Our commitment to customers and the industry

Through our Secure Future Initiative, we continuously evaluate and strengthen our own security posture, improve the security of our products to better protect customers, and share progress and learnings with the industry. We are also committed to standards, guidelines, and best practices from the National Institute of Standards and Technology (NIST), The Open Group, the Cybersecurity and Infrastructure Security Agency (CISA), and MITRE—not as compliance checkboxes, but because they provide proven frameworks and common vocabulary for implementing effective security.

Take action to improve your security posture

Threats are evolving faster than ever, but so are defenses. With the right Zero Trust security strategy, you can embrace AI’s transformative power while keeping your organization secure. Microsoft’s leadership in Zero Trust, as reflected for us in the latest Forrester Wave™, highlights our commitment to helping you meet these security demands.

For more information on this recognition, check out the full Forrester Wave™: Zero Trust Platforms, Q3 2025 report.

Ready to evaluate your Zero Trust readiness for the AI era? Start with our Zero Trust assessment, host an implementation workshop, or dive into our step-by-step implementation guides.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The Forrester Wave™: Zero Trust Platforms, Q3 2025, Joshep Blankenship, Faith Born, and Peter Harrison. July 10, 2025. 

Forrester does not endorse any company, product, brand, or service included in its research publications and does not advise any person to select the products or services of any company or brand based on the ratings included in such publications. Information is based on the best available resources. Opinions reflect judgment at the time and are subject to change. For more information, read about Forrester’s objectivity here .

¹Based on Microsoft internal data. Accurate as of July 2025.

The post ​​Forrester names Microsoft a Leader in the 2025 Zero Trust Platforms Wave™ report appeared first on Microsoft Security Blog.

For chief technology officers (CTOs), this raises important questions: How can frontline devices enhance productivity and responsiveness? And just as critically, how can organizations ensure those devices are secure, compliant, and ready to go at a moment’s notice?

Healthcare isn’t alone in these challenges. Industries like retail, where frontline teams also engage directly with the public in fast-paced, high-stakes environments, face similar pressures around device management, security, and scalability. This blog focuses on how modern endpoint management supports care and delivery at the frontline, with parallel insights drawn from the retail world to highlight shared strategies and solutions.

Learn how Microsoft Intune can help your organization securely manage frontline devices.

Microsoft Intune

Secure and manage every device from one place.

Learn more

Why endpoint management matters at the frontline

Every frontline interaction is a potential brand moment that impacts trust and outcomes. A poor experience can ripple quickly, but the right tools in the hands of frontline staff can lead to faster, more personalized service. To deliver those experiences at scale, CTOs should consider three foundational principles for frontline device strategy:

1. Recognize that many devices are shared. With shift-based work, secure and seamless sign-on backed by a Zero Trust approach helps provide the right person access to the right tools, without delay.
2. Use a cloud-native approach to manage all devices. Whether company-issued or bring-your-own device (BYOD), cross-platform management keeps devices are up-to-date and ready to go, reducing setup times and support tickets.
3. Embrace innovations like Microsoft Copilot and Microsoft 365. AI-powered tools and Cloud PCs help organizations scale faster, enhance security, and give workers access to the latest experiences, without disruption.

Now let’s explore what this looks like in practice, starting with healthcare.

Healthcare in focus: Modern management for care delivery

In healthcare, frontline workers rely on shared devices that must be secure, personalized, and compliant. Microsoft Intune has helped hospitals like Milton Keynes University Hospital implement endpoint management for shared tablets used in nurse stations—tools that support real-time monitoring and communication.

Because staff rotate across shifts, easy sign-in is essential, and devices must only receive updates during defined maintenance windows. These shared tablets also require network restrictions and strict access controls to meet security standards without interrupting care.

Intune also supports iPad OS and configuration, helping frontline staff access patient information quickly and securely at the bedside, reducing friction and improving the overall care experience.

With AI-powered tools like Microsoft Copilot in Intune, healthcare IT teams can proactively identify issues, troubleshoot devices, and maintain compliance, all while reducing operational burden. As new AI agent capabilities emerge, they’ll enable even faster remediation of vulnerabilities, protecting sensitive patient data in an evolving cyberthreat landscape.

And with Windows 365 Frontline, healthcare organizations can provide scalable, secure access to virtual desktops for rotating clinical staff, delivering performance without the need to deploy and manage a physical device for every user.

Retail in focus: Elevating service and speed on the store floor

In retail environments, every frontline interaction is a brand opportunity, and device performance can make or break that moment.

At the National Retail Federation (NRF) conference in January 2025, companies like IKEA and Levi’s showcased how giving employees access to personalized devices helps them visualize products with customers and provide more tailored service.

Retail staff often rely on shared devices across shifts, so it’s critical that sign-in is fast, interfaces are familiar, and access is secure but streamlined. Temporary session PINs and pre-configured apps let employees start working, and serving customers, immediately.

At Schwarz Group (which includes 575,000 employees across 13,900 stores in 32 countries, including the Lidl and Kaufland retail brands) Intune supports staging and managing tens of thousands of employee devices. IT can remotely provision new devices with pre-defined configurations, eliminating time-consuming setups and ensuring tools are ready before the employee even logs in.

Retailers can also take advantage of Windows 365 Cloud PCs and Windows 365 Frontline to give employees secure access to key tools across locations and shifts, while simplifying management and keeping costs down.

A better frontline experience leads to better outcomes

Whether it’s a customer shopping in store or a patient receiving care, the frontline experience shapes how people perceive your organization. When frontline tools are secure, responsive, and tailored to the user, staff can serve with confidence—and people feel the difference.

Now is the time to reassess your endpoint strategy. For healthcare organizations, secure, cloud-native device management can be one of the most powerful levers for improving patient outcomes and operational efficiency. And for industries with similar frontline demands, like retail, the same principles can deliver meaningful gains in speed, security, and customer satisfaction.

Explore how other leading organizations are benefiting from modern, cloud-native endpoint management. For more, check out Intune’s recent “From the frontlines” blog for retail or for healthcare, or other examples of Intune customer stories.

Learn more

Learn more about Microsoft Intune.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

The post Faster, more personalized service begins at the frontline with Microsoft Intune appeared first on Microsoft Security Blog.

A multi-pronged approach to securing remote assistance with Zero Trust

For too long, remote assistance security has been presumed rather than intentionally designed into its architecture. The rise in sophisticated cyberthreats demands a fundamental shift in our approach. Organizations must rethink remote assistance security through the lens of Zero Trust, using the three key principles of verify explicitly, use least privilege, and assume breach as a guide and ensuring that every session, user, and device is verified, compliant, and monitored before access is granted. 

Discover how implementing Zero Trust can fortify your remote assistance security by visiting our Zero Trust Workshop, where you’ll find an interactive guide to embedding security into your IT operations.  

This requires a structured approach with a foundation of: 

1. Identity and access control—ensuring that only authenticated, compliant users and devices can initiate or receive remote assistance. 
2. Endpoint security and compliance—enforcing security baselines and conditional access across all managed devices. 
3. Embedded security in remote assistance—building security into the very foundation of remote assistance tools, eliminating gaps that cyberattackers can exploit. 

Identity and access control: The first line of cybersecurity defense

Identity security is the cornerstone of any secure remote assistance strategy. A compromised identity is often the first step in a cyberattack, making it critical to ensure only verified users and devices can initiate or receive remote assistance sessions. Organizations must enforce: 

• Explicit identity verification—using multi-factor authentication (MFA) and risk-based conditional access to ensure only authorized users gain access. 
• Least privilege access—ensuring remote assistance is granted only for the necessary duration and with minimal privileges to reduce the risk of exploitation. 
• Real-time risk assessment—continuously evaluating access requests for anomalies or suspicious activity to prevent unauthorized access. 

By shifting the security perimeter to identity, organizations create an environment where trust is earned dynamically, not assumed.  

Closing the gaps with endpoint security and compliance with Microsoft Intune

Cyberattackers frequently exploit outdated, misconfigured, or non-compliant endpoints to gain a foothold in enterprise environments. IT and security leaders must ensure that remote assistance is built on a strong endpoint security foundation, where every device connecting to corporate resources meets strict compliance standards. This highlights the need for organizations to establish consistent security policies across all devices, ensuring they are up to date and compliant before being granted remote access.  

Microsoft Intune provides the necessary tools to: 

• Enforce compliance policies—restrict remote assistance to managed, up-to-date, and policy-compliant devices. 
• Apply security baselines—standardize configurations across endpoints to minimize security gaps. 
• Integrate with Microsoft’s security ecosystem—connecting remote assistance workflows with Microsoft Entra, Microsoft Defender product family, and other security tools for real-time monitoring and cyberthreat mitigation.  

Remote Help: Secure remote assistance built for Zero Trust 

As organizations work toward a Zero Trust model, secure remote assistance must align with core security principles. This means moving beyond reactive security measures and embedding proactive, policy-driven controls into every remote session. Microsoft Intune Remote Help was designed with these imperatives in mind, providing a robust solution that enhances IT support while minimizing security risks. 

While legacy remote assistance tools can lack enterprise-grade security controls, Remote Help is built to align with Zero Trust principles. Unlike traditional solutions, Remote Help: 

• Integrates directly with Microsoft Entra ID—enhancing security where authentication and access controls can consistently take place. 
• Provides session transparency—IT teams can track and monitor remote assistance activity in real time. 
• Enforces compliance requirements—only compliant, managed devices can participate in remote assistance sessions.  

For highly regulated industries, Remote Help offers an alternative to third-party tools that may introduce security blind spots. By embedding security directly into remote assistance workflows, organizations can significantly reduce the risk of unauthorized access.  

Engaging customers and partners to strengthen cyber resilience 

Cybersecurity is a team sport. As cyberthreat actors grow more sophisticated, collaboration across industries is essential. Microsoft is committed to engaging with customers and partners to drive security innovation and resilience. Initiatives such as the Windows Resiliency Initiative (WRI) focus on: 

• Reducing the need for admin privileges—helping organizations adopt a least privilege approach at scale.
• Enhancing identity protection—strengthening defenses against phishing and identity-based attacks.
• Quick machine recovery—empowering IT teams with tools to rapidly store compromised devices remotely.

By fostering collaboration and continuously evolving security measures, Microsoft is helping organizations stay ahead of emerging cyberthreats. These on-going conversations with our customers and partners are crucial in shaping resilient security strategies that adapt to an ever-changing cyberthreat landscape.   

A security-first approach for the future 

The increasing reliance on remote assistance demands a security-first mindset. Organizations must recognize that every remote access session presents an opportunity for exploitation from an ever-evolving cast of cyberattackers. Rather than treating security as an afterthought, it must be deeply integrated into the architecture of the remote assistance solutions. A modern approach requires proactive risk mitigation, continuous verification, and seamless security controls that support productivity without compromising protection.  

Now is the time for IT and security leaders to: 

• Evaluate your current remote assistance tools—identifying the gaps and areas for improvement. 
• Adopt Zero Trust principles—ensuring the access is verified and explicitly and continuously monitored. 
• Leverage solutions like Microsoft Intune and Remote Help—deploying secure, enterprise-grade remote assistance capabilities. 

By taking these steps, you can strengthen your security posture, minimize risk, and ensure that remote assistance remains a tool for operational efficiency rather than a gateway for cyberthreats.  

To explore how Zero Trust can enhance your remote assistance security, visit the Zero Trust Workshop, an interactive, step-by-step guide to embedding security into every layer of IT operations, ensuring a comprehensive and measurable approach to security transformation. 

Learn more with Microsoft Security

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity. 

The post Rethinking remote assistance security in a Zero Trust world appeared first on Microsoft Security Blog.

Microsoft has embraced Zero Trust principles—both in the way we secure our own enterprise environment and for our customers. We’ve been helping thousands of organizations worldwide transition to a Zero Trust security model, including many United States government agencies. In this blog, we’ll preview the new guidance and share how it helps United States government agencies and their partners implement their Zero Trust strategies. We’ll also share the Microsoft Zero Trust platform and relevant solutions that help meet CISA’s Zero Trust requirements, and close with two examples of real-world deployments.

CISA Zero Trust Maturity Model

Use this guidance to help meet the goals for ZTMM functions and make progress through maturity stages.

Learn more

Microsoft supports CISA’s Zero Trust Maturity Model

CISA’s Zero Trust Maturity Model provides detailed guidance for organizations to evaluate their current security posture and identify necessary changes for transitioning to more modernized federal cybersecurity.

The CISA Zero Trust Maturity Model includes five pillars that represent protection areas for Zero Trust:

1. Identity: An identity refers to an attribute or set of attributes that uniquely describes an agency user or entity, including non-person entities.
2. Devices: A device refers to any asset (including its hardware, software, and firmware) that can connect to a network, including servers, desktop and laptop machines, printers, mobile phones, Internet of Things (IoT) devices, networking equipment, and more.
3. Networks: A network refers to an open communications medium including typical channels such as agency internal networks, wireless networks, and the internet as well as other potential channels such as cellular and application-level channels used to transport messages.
4. Applications and workloads: Applications and workloads include agency systems, computer programs, and services that execute on-premises, on mobile devices, and in cloud environments.
5. Data: Data includes all structured and unstructured files and fragments that reside or have resided in federal systems, devices, networks, applications, databases, infrastructure, and backups (including on-premises and virtual environments) as well as the associated metadata.

The model also integrates capabilities that span across all pillars, to enhance cross-function interoperability—including visibility and analytics, automation and orchestration, and governance. The model further includes the four maturity stages of the Zero Trust Maturity Model:

• Traditional: The starting point for many government organizations, where assessment and identification of gaps helps determine security priorities.
• Initial: Organizations will have begun implementing automation in areas such as attribute assignment, lifecycle management, and initial cross-pillar solutions including integration of external systems, least privilege strategies, and aggregated visibility.
• Advanced: Organizations have progressed further along the maturity journey including centralized identity management and integrated policy enforcement across all pillars. Organizations build towards enterprise-wide visibility including near real time risk and posture assessments.
• Optimal: Organizations have fully automated lifecycle management implementing dynamic just-enough access (JEA) with just-in-time (JIT) controls for access to organization resources. Organizations implement continuous monitoring with centralized visibility. 

Microsoft’s Zero Trust Maturity Model guidance serves as a reference for how government organizations should address key aspects of pillar-specific functions for each pillar, across each stage of implementation maturity, using Microsoft cloud services. Microsoft product teams and security architects supporting government organizations worked in close partnership to provide succinct, actionable guidance that aligns with the CISA Zero Trust Maturity Model and is organized by pillar, function, and maturity stage, with product guidance including linked references.

The guidance focuses on features available now (including public preview) in Microsoft commercial clouds. As cybersecurity threats continue to evolve, Microsoft will continue to innovate to meet the needs of our government customers. We’ve already launched more features aligned to the principles of Zero Trust—including Microsoft Security Exposure Management (MSEM) and more. Look for updates and announcements in the Microsoft Security Blog and check Microsoft Learn for Zero Trust guidance for Government customers to stay up to date with the latest information.

Microsoft’s Zero Trust platform

Microsoft is proud to be recognized as a Leader in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report.¹ The Microsoft Zero Trust platform is a modern security architecture that emphasizes proactive, integrated, and automated security measures. Microsoft 365 E5 combines best-in-class productivity apps with advanced security capabilities and innovations for government customers that include certificate-based authentication in the cloud, Conditional Access authentication strength, cross-tenant access settings, FIDO2 provisioning APIs, Azure Virtual Desktop support for passwordless authentication, and device-bound passkeys. Microsoft 365 is a comprehensive and extensible Zero Trust platform that spans hybrid cloud, multicloud, and multiplatform environments, delivering a rapid modernization path for organizations.

Microsoft cloud services that support the five pillars of the CISA Zero Trust Maturity Model include:

Microsoft Entra ID is an integrated multicloud identity and access management solution and identity provider that helps achieve capabilities in the identity pillar. It is tightly integrated with Microsoft 365 and Microsoft Defender XDR services to provide a comprehensive suite of Zero Trust capabilities including strict identity verification, enforcing least privilege, and adaptive risk-based access control. Built for cloud-scale, Microsoft Entra ID handles billions of authentications every day. Establishing it as your organization’s Zero Trust identity provider lets you configure, enforce, and monitor adaptive Zero Trust access policies in a single location. Conditional Access is the Zero Trust authorization engine for Microsoft Entra ID, enabling dynamic, adaptive, fine-grained, risk-based, access policies for any workload.

Microsoft Intune is a multiplatform endpoint and application management suite for Windows, MacOS, Linux, iOS, iPadOS, and Android devices. Its configuration policies manage devices and applications. Microsoft Defender for Endpoint helps organizations prevent, detect, investigate, and respond to advanced cyberthreats on devices. Microsoft Intune and Defender for Endpoint work together to enforce security policies, assess device health, vulnerability exposure, risk level, and configuration compliance status. Microsoft Intune and Microsoft Defender for Endpoint help achieve capabilities in the device pillar.

GitHub is a cloud-based platform where you can store, share, and work together with others to write code. GitHub Advanced Security includes features that help organizations improve and maintain code by providing code scanning, secret scanning, security checks, and dependency review throughout the deployment pipeline. Microsoft Entra Workload ID helps organizations use continuous integration and continuous delivery (CI/CD) with GitHub Actions. GitHub and Azure DevOps are essential to the applications and workloads pillar.

Microsoft Purview aligns to the data pillar activities, with a range of solutions for unified data security, data governance, and risk and compliance management. Microsoft Purview Information Protection lets you define and label sensitive information types. Auto-labeling within Microsoft 365 clients ensures data is appropriately labeled and protected. Microsoft Purview Data Loss Prevention integrates with Microsoft 365 services and apps, and Microsoft Defender XDR components to detect and prevent data loss.

Azure networking services include a range of software-defined network resources that can be used to provide networking capabilities for connectivity, application protection, application delivery, and network monitoring. Azure networking resources like Microsoft Azure Firewall Premium, Azure DDoS Protection, Microsoft Azure Application Gateway, Azure API Management, Azure Virtual Network, and network security groups, all work together to provide routing, segmentation, and visibility into your network. Azure networking services and network segmentation architectures are essential to the network pillar.

Microsoft Defender XDR plays key roles across multiple pillars, critical to both the automation and orchestration and visibility and analytics cross-cutting capabilities. It is a unified pre-breach and post-breach enterprise defense suite that natively coordinates detection, prevention, investigation, and response actions. It correlates millions of signals across endpoints, identities, email, and applications to automatically disrupt cyberattacks. Microsoft Defender XDR’s automated investigation and response and Microsoft Sentinel playbooks are used to complete security orchestration, automation, and response (SOAR) activities.

Microsoft Sentinel is essential to both automation and orchestration and visibility and analytics cross-cutting capabilities, along with any activities requiring SIEM integration. It is a cloud-based security information and event management (SIEM) you deploy in Azure. Microsoft Sentinel operates at cloud scale to accelerate security response and save time by automating common tasks and streamlining investigations with incident insights. Built-in data connectors make it easy to ingest security logs from Microsoft 365, Microsoft Defender XDR, Microsoft Entra ID, Azure, non-Microsoft clouds, and on-premises infrastructure.

Real-world pilots and implementations utilizing Microsoft guidance

The United States Department of Agriculture (USDA) implements multifaceted solution for phishing-resistance initiative—In this customer story, the USDA implements phishing-resistant multifactor authentication (MFA)—which is important aspect of the identity pillar of the CISA Zero Trust Maturity Model. By selecting Microsoft Entra ID, the USDA was able to scale these capabilities to enforce phishing-resistant authentication with Microsoft Entra Conditional Access for their four main enterprise services—Windows desktop logon, Microsoft M365, VPN, single sign-on (SSO). By integrating their centralized WebSSO platform with Microsoft Entra ID and piloting more than 600 internal applications, the USDA incrementally and rapidly deployed the capability to support the applications and services relevant to most users. Read more about their experience making incremental improvements towards stronger phishing resistance with Microsoft Entra ID.

The United States Navy collaborates with Microsoft on CISA Zero Trust implementation—In this customer story, the United States Navy was able to utilize Zero Trust activity-level guidance to meet or exceed the Department of Defense (DoD) Zero Trust requirements with Microsoft Cloud services. And now with Microsoft guidance tailored for the United States government agencies, the aim is to help civilian agencies and their industry partners to do the same—meeting the CISA ZTMM recommendations at each maturity stage with Microsoft Cloud services. Together with Microsoft, the Navy developed an integrated model of security to help meet their ZT implementation goals. Read more about their collaboration with Microsoft.

Access Microsoft guidance for the United States Government customers and their partners. Embrace proactive and proven security with Zero Trust.

Learn more

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

¹Forrester Wave™: Zero Trust Platform Providers, Q3 2023, Carlos Rivera and Heath Mullins, September 19^th, 2023.

The post New Microsoft guidance for the CISA Zero Trust Maturity Model appeared first on Microsoft Security Blog.

Across many sessions and demos, we’ll address the top security pain points related to AI and empower you with practical, actionable strategies. Keep reading this blog for a guide of highlighted sessions for security professionals of all levels, whether you’re attending in-person or online.

And be sure to register for the digital experience to explore the Microsoft Security sessions at Microsoft Ignite.

Be among the first to hear top news

Microsoft is bringing together every part of the company in a collective mission to advance cybersecurity protection to help our customers and the security community. We have four powerful advantages to drive security innovation: large-scale data and threat intelligence; end-to-end protection; responsible AI; and tools to secure and govern the use of AI.

Microsoft Chairman and Chief Executive Officer Satya Nadella said in May 2024 that security is the top priority for our company. At the Microsoft Ignite opening keynote on Tuesday, November 19, 2024, Microsoft Security Executive Vice President Charlie Bell and Corporate Vice President (CVP), Microsoft Security Business Vasu Jakkal will join Nadella to discuss Microsoft’s vision for the future of security. Other well-known cybersecurity speakers at Microsoft Ignite include Ann Johnson, CVP and Deputy Chief Information Security Officer (CISO); Joy Chik, President, Identity, and Network Access; Mark Russinovich, Chief Technology Officer and Deputy CISO; and Sherrod DeGrippo, Director of Threat Intelligence Strategy.

For a deeper dive into security product news and demos, join the security general session on Wednesday, November 20, 2024, at 11:00 AM CT. Hear from Vasu Jakkal; Joy Chik; Rob Lefferts, CVP, Microsoft Threat Protection; Herain Oberoi, General Manager, Microsoft Data Security, Privacy, and Compliance; and Michael Wallent, CVP; who will share exciting security innovations to empower you with AI tools designed to help you get ahead of attackers.

These news-breaking sessions are just the start of the value you can gain from attending online.

Benefit from insights designed for your role

While cybersecurity is a shared concern of security professionals, we realize the specific concerns are unique to role. Recognizing this, we developed sessions tailored to what matters most to you.

• CISOs and senior security leaders: If you’ll be with us in Chicago, kick off the conference with the Microsoft Ignite Security Forum on November 18, 2024 from 1 PM CT to 5 PM CT. Join this exclusive pre-day event to hear from Microsoft security experts on threat intelligence insights, our Secure Future Initiative (SFI), and trends in security. Go back to your registration to add this experience on. Also for those in Chicago, be sure to join the Security Leaders Dinner, where you can engage with your peers and provide insights on your greatest challenges and successes. If you’re joining online, gain firsthand access to the latest Microsoft Security announcements. Whether you’re in person or online, don’t miss “Proactive security with continuous exposure management” (BRK324), which will explore how Microsoft Security Exposure Management unifies disparate data silos for visibility of end-to-end attack surface, and “Secure and govern data in Microsoft 365 Copilot and beyond” (BRK321), which will discuss the top concerns of security leaders when it comes to AI and how you can gain the confidence and tools to adopt AI. Plus, learn how to make your organization as diverse as the threats you are defending in “The Power of Diversity: Building a stronger workforce in the era of AI” (BRK330).
• Security analysts and engineers: Join actionable sessions for information you can use immediately. Sessions designed for the security operations center (SOC) include “Microsoft cybersecurity architect lab—Infrastructure security” (LAB454), which will showcase how to best use the Microsoft Secure Score to improve your security posture, and “Simplify your SOC with the unified security operations platform” (BRK310), which will feature a fireside chat with security experts to discuss common security challenges and topics. Plus, learn to be a champion of safe AI adoption in “Scott and Mark learn responsible AI” (BRK329), which will explore the three top risks in large language models and the origins and potential impacts of each of these.
• Developers and IT professionals: We get it—security isn’t your main focus, but it’s increasingly becoming part of your scope. Get answers to your most pressing questions at Microsoft Ignite. Sessions that may interest you include “Secure and govern custom AI built on Azure AI and Copilot Studio” (BRK322), which will dive into how Microsoft can enable data security and compliance controls for custom apps, detect and respond to AI threats, and managed your AI stack vulnerabilities, and “Making Zero Trust real: Top 10 security controls you can implement now” (BRK328), which offers technical guidance to make Zero Trust actionable with 10 top controls to help improve your organization’s security posture. Plus, join “Supercharge endpoint management with Microsoft Copilot in Intune” (THR656) for guidance on unlocking Microsoft Intune’s potential to streamline endpoint management.
• Microsoft partners: We appreciate our partners and have developed sessions aimed at supporting you. These include “Security partner growth: The power of identity with Entra Suite” (BRK332) and “Security partner growth: Help customers modernize security operations” (BRK336).

Attend sessions tailored to addressing your top challenge

When exploring effective cybersecurity strategies, you likely have specific challenges that are motivating your actions, regardless of your role within your organization. We respect that our attendees want a Microsoft Ignite experience tailored to their specific objectives. We’re committed to maximizing your value from attending the event, with Microsoft Security sessions that address the most common cybersecurity challenges.

• Managing complexity: Discover ways to simplify your infrastructure in sessions like “Simpler, smarter, and more secure endpoint management with Intune” (BRK319), which will explore new ways to strengthen your security with Microsoft Intune and AI, and “Break down risk silos and build up code-to-code security posture” (BRK312), which will focus on how defenders can overcome the expansive alphabet soup of security posture tools and gain a unified cloud security posture with Microsoft Defender for Cloud.   
• Increasing efficiency:: Learn how AI can help you overcome talent shortage challenges in sessions like “Secure data across its lifecycle in the era of AI” (BRK318), which will explore Microsoft Purview leveraging Microsoft Security Copilot can help you detect hidden risks, mitigate them, and protect and prevent data loss, and “One goal, many roles: Microsoft Security Copilot: Real-world insights and expert advice” (BRK316), which will share best practices and insider tricks to maximize Copilot’s benefits so you can realize quick value and enhance your security and IT operations.  
• Threat landscape: Navigate effectively through the modern cyberthreat landscape, guided by the insights shared in sessions like “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will share a secret in Microsoft Defender for Endpoint success and how it uses machine learning and threat intelligence, and the theater session “Threat intelligence at machine speed with Microsoft Security Copilot” (THR555), which will showcase how Copilot can be used as a research assistant, analyst, and responder to simplify threat management.
• Regulatory compliance: Increase your confidence in meeting regulatory requirements by attending sessions like “Secure and govern your data estate with Microsoft Purview” (BRK317), which will explore how to secure and govern your data with Microsoft Purview, and “Secure and govern your data with Microsoft Fabric and Purview” (BRK327), which will dive into how Microsoft Purview works together with Microsoft Fabric for a comprehensive approach to secure and govern data.
• Maximizing value: Discover how to maximize the value of your cybersecurity investments during sessions like “Transform your security with GenAI innovations in Security Copilot” (BRK307), which will showcase how Microsoft Security Copilot’s automation capabilities and use cases can elevate your security organization-wide, and “AI-driven ransomware protection at machine speed: Defender for Endpoint” (BRK325), which will dive into the key secret to the success of Defender for Endpoint customers in reducing the risk of ransomware attacks as well maximizing the value of the product’s new features and user interfaces.

Explore cybersecurity tools with product showcases and hands-on training

Learning about Microsoft security capabilities is useful, but there’s nothing like trying out the solutions for yourself. Our in-depth showcases and hands-on trainings give you the chance to explore these capabilities for yourself. Bring a notepad and your laptop and let’s put these tools to work.

• “Secure access at the speed of AI with Copilot in Microsoft Entra” (THR556): Learn how AI with Security Copilot and Microsoft Entra can help you accelerate tasks like troubleshooting, automate cybersecurity insights, and strengthen Zero Trust.  
• “Mastering custom plugins in Microsoft Security Copliot” (THR653): Gain practical knowledge of using Security Copilot’s capabilities during a hands-on session aimed at security and IT professionals ready for advanced customization and integration with existing security tools. 
• “Getting started with Microsoft Sentinel” (LAB452): Get hands-on experience on building detections and queries, configuring your Microsoft Sentinel environment, and performing investigations. 
• “Secure Azure services and workloads with Microsoft Defender for Cloud” (LAB457): Explore how to mitigate security risks with endpoint security, network security, data protection, and posture and vulnerability management. 
• “Evolving from DLP to data security with Microsoft Preview” (THR658): See for yourself how Microsoft Purview Data Loss Prevention (DLP) integrates with insider risk management and information protection to optimize your end-to-end DLP program. 

Network with Microsoft and other industry professionals

While you’ll gain a wealth of insights and learn about our latest product innovations in sessions, our ancillary events offer opportunities to connect and socialize with Microsoft and other security professionals as committed to you to strengthening the industry’s defenses against cyberthreats. That’s worth celebrating!

• Pre-day Forum: All Chicago Microsoft Ignite attendees are welcome to add on to the event with our pre-day sessions on November 18, 2024, from 1 PM CT to 5 PM CT. Topics covered will include threat intelligence, Microsoft’s Secure Future Initiative, AI innovation, and AI security research, and the event will feature a fireside chat with Microsoft partners and customers. The pre-day event is designed for decision-makers from businesses of all sizes to advance your security strategy. If you’re already attending in person, log in to your Microsoft Ignite registration and add on the Microsoft Security Ignite Forum.
• Security Leaders Dinner: We’re hosting an exclusive dinner with leaders of security teams, where you can engage with your peers and provide insights on your greatest challenges and successes. This intimate gathering is designed specifically for CISOs and other senior security leaders to network, share learnings, and discuss what’s happening in cybersecurity.   
• Secure the Night Party: All security professionals are encouraged to celebrate the cybersecurity community with Microsoft from 6 PM CT to 10 PM CT on Wednesday, November 20, 2024. Don’t miss this opportunity to connect with Microsoft Security subject matter experts and peers at our “Secure the Night” party during Microsoft Ignite in Chicago. Enjoy an engaging evening of conversations and experiences while sipping tasty drinks and noshing on heavy appetizers provided by Microsoft. We look forward to welcoming you. Reserve your spot today! 

Something that excites us the most about Microsoft Ignite is the opportunity to meet with cybersecurity professionals dedicated to modern defense. Stop by the Microsoft Security Expert Meetup space to say hello, learn more about capabilities you’ve been curious about, or ask questions about Microsoft’s cybersecurity efforts. 

Hear from our Microsoft Intelligent Security Association partners at Microsoft Ignite

The Microsoft Intelligent Security Association (MISA), comprised of independent software vendors (ISV) and managed security service providers (MSSPs) that have integrated their solutions with Microsoft’s security technology, will be back at Microsoft Ignite 2024.

We kick things off by celebrating our Security Partner of the Year award winners BlueVoyant (Security), Cyclotron (Compliance), and Inspark (Identity) who will join Vasu Jakkal for a fireside chat on “How security strategy is adapting for AI,” during the Microsoft Ignite Security Pre-day Forum. This panel discussion includes insights into trends partners are seeing with customers relating to AI, a view on practical challenges, and scenarios that companies encounter when deploying AI, as well as the expert guidance and best practices that security partners can offer to ensure successful AI integration in security strategies.

MISA is thrilled to welcome small and medium business (SMB) verified solution status to its portfolio. This solution verification highlights technology solutions that are purpose built to meet the needs of small and medium businesses, and the MSSPs who often manage IT and security on behalf of SMBs. MISA members who meet the qualifying criteria and have gone through engineering review, will receive a specialized MISA member badge showcasing the verification and will be featured in the MISA partner catalog. We are excited to launch this status with Blackpoint Cyber and Huntress.

Join MISA members including Blackpoint Cyber and Huntress at the Microsoft Expert Meetup Security area where 14 members will showcase their solutions and Microsoft Security Technology. Review the full schedule below.

We are looking forward to connecting with our customers and partners at the Microsoft Secure the Night Party on Wednesday, November 20, from 6 to 10 PM CT.  This evening event offers a chance to connect with Microsoft Security subject matter experts and MISA partners while enjoying cocktails, great food, and entertainment. A special thank you to our MISA sponsors: Armor, Cayosoft, ContraForce, HID, Lighthouse, Ontinue, and Quorum Cyber.

Register today to attend Microsoft Ignite online

There’s still time to register to participate in Microsoft Ignite online from November 19 to 22, 2024, to catch security-focused breakout sessions, product demos, and participate in interactive Q&A sessions with our experts. No matter how you participate in Microsoft Ignite, you’ll gain insights on how to secure your future with an AI-first, end-to-end cybersecurity approach to keep your organizations safer.

Plus, you can take your security knowledge further at Tech Community Live: Microsoft Security edition on December 3, 2024, to ask all your follow-up questions from Microsoft Ignite. Microsoft Experts will be hosting live Ask Microsoft Anything sessions on topics from Security for AI to Copilot for Security.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.

The post Microsoft Ignite: Sessions and demos to improve your security strategy appeared first on Microsoft Security Blog.

In our first post, we talked about why more of our customers are migrating to cloud-native endpoint management. Our second post presented a three-phase model for how customers can go cloud-native with Intune. In this final post, we’re focusing on what it really takes for organizations to make this valuable change—from the strategic leadership to the tactical execution.

Microsoft Intune

Your command center for endpoint management

Get started 

A change in vision

“Copilot…frees up my time to use my expertise to create more value, and spend less time on lower-value activities, and instead focus on what drives impact and drives change for our clients.”—Sally Penson, Head of Transforming Delivery, UK Insights

Microsoft Copilot for Security and Copilot in Intune signals a shift in the information technology and security landscape. While it is relatively easy to envision how individual tasks and routines may be changed by AI and automation, it is harder to see exactly how this will impact business in five years and beyond, but there’s little doubt it will be significant. Imagining what that impact may be is critical to understanding the opportunities and challenges ahead, and re-defining your capital “V” Vision for your enterprise is fundamental to making the most of it.

Historically, IT has been treated like an electrical utility—make sure that the information is flowing, and if it isn’t, get it back with as little disruption as possible. The future will be a very different place. As I see it, IT is at the start of a truly radical change. Routine maintenance and troubleshooting will be automated away or made easier. This leaves experienced technology experts with more time to focus. They will need to use their knowledge of your business and technology to become value-creators—this is the change in vision that will need to come from the top.

“Have a growth mindset and invest time into developing and learning the ever-evolving technology of cloud management.”—IT administrator, Thorlabs Inc.

BUILD A FOUNDATION FOR AI SUCCESSTechnology and data strategy 

Setting the stage for this transformation now—by expanding your corporate vision to encompass the new tech landscape—can help with the next level of change. But successful implementation will depend on how well you can help your IT professionals align their own vision of their roles, and of themselves, to the changing technology landscape. One theme we hear over and again—especially from customers who have spent years learning and mastering the complex controls and arcana of endpoint management—is “Why would I give up the total control I have now?” or “why fix what isn’t broken?”

These questions and concerns are common to those who have built and mastered their craft in the utility model: This is a complex system that I understand and manage expertly, and it enables the flow of information exactly as we need. This is a model that prioritizes knowledge of and experience with processes and tools. Experts should rightly be proud of their abilities, and some systems and processes simply can’t be updated. The challenge is that for the systems that can be updated, the processes, tools, maintenance, and the complexity of systems will be vastly different. In a world with Copilot and AI-aided automation, process will be secondary to data. The knowledge and experience of problem-solving and of how to harness technology to improve your business will become more valuable than the knowledge of tools. Instead of merely keeping the information flowing, IT teams will need to tap into that flow to find new efficiencies and business opportunities.

And while I am confident in the impacts we will see, I don’t want to leap too far into the future.

Changing the vision of the role of IT administrator isn’t going to happen overnight. The first change that can lay the groundwork for the new mindset the future will require is to prepare your organization to take advantage of the AI and automation that’s already here. That means going cloud-native and moving endpoint management to Intune. Less radical than the changes to come, but no less jarring—this move eliminates the need for a lot of specialized equipment and specialized knowledge of the tools that run it all. It also requires a re-imagining of security, policies, and approaches to endpoint management. Faced with having to start fresh in creating these policies, many choose the status quo. But as we talked about in our first post in this series, moving endpoints to the cloud grants access to the value-add of cloud management and the next generation of technologies. So a fresh mindset is needed, along with a fresh look at device configuration and compliance policies.

I make no assertions that such change is easily accomplished. In fact, we have customers with the directive to change the vision at the top who are stymied at the point of implementation. The human element, the vision an IT admin has for their own future, must be given consideration—and a plan.

A change in process

“It’s time to leave behind the old mindset and start from the beginning.”—IT administrator, Multinational Chemical Company

We have found that the combination of inertia and inherent complexity in making a change to endpoint management solutions causes a lot of hesitation. No one wants to be the one who pushes the button to make the information stop flowing—even if you assure them no such button exists. Customers who have had successful migrations to Intune overcome this hesitation by creating smaller pilot programs, rolling out changes incrementally, and identifying and organizing “champions”—stakeholders committed to the project who advocate for its adoption. Hewlett Packard Enterprise even shared their advice with us for this case study.

With this approach, potential negative outcomes are limited. Small wins can be quantified, and champions help with communicating clearly what’s happening to other stakeholders at every step, building trust and easing minds.

A change in our process

We have heard from customers that the power and flexibility of the Intune platform presents an array of options and configurations that can be daunting. It isn’t possible for our experts to embed with every customer every day—though the FastTrack and Customer Acceleration Teams provide great support and can consult on particularly complex scenarios. What those teams hear over and over is “just tell us what to do.” So we at Intune have decided to change our process a bit, to help our customers to change theirs.

As part of this new approach, we’ve created what we call “one-size-fits-most” guidance to help configure the basic settings companies need to get endpoints more secure and productive with Intune. We’ve also streamlined the Microsoft Intune documentation hub, highlighting this guidance and making the path to implementation a little clearer. Our hope is that the IT administrators tasked with actually making Intune “go” will have the confidence to do just that.

We have also cultivated a robust community around Intune, full of fellow IT administrators and support professionals—which can be a great resource when that “one-size” approach doesn’t quite fit. Find the Intune Tech Community, and engage our Intune customer success team on X or their Tech Community page.

For those whose job entails proving the return on investment (ROI) of Intune we’ve even published a new tool that helps you calculate your ROI with Intune.

Learn more about Microsoft Intune

• Read case studies from Hewlett Packard Enterprise, Petrobras, and AUDI AG.
• Read the Microsoft 365 change guide.
• Read the Microsoft Intune blog.
• Join the conversation on X at @MSIntune and LinkedIn.

The post How to achieve cloud-native endpoint management with Microsoft Intune appeared first on Microsoft Security Blog.