Microsoft Readies New Security Copilot Agents

Mary Jo Foley is the Editor in Chief at Directions on Microsoft. Before joining Directions, Mary Jo has worked as... more

For Microsoft, 2024 was a big year for filling out its Copilot line-up. So far, 2025 looks to be the year of the agents.

Microsoft is planning to add several security-specific agents to its Security Copilot later this year. They will be available in preview in April, according to the company.

Microsoft made its Security Copilot available for Microsoft 365 commercial customers in April 2024. Security Copilot is a set of capabilities that integrate data from numerous Microsoft 365 services and Microsoft Sentinel and is available in its own console, as well as the Microsoft Defender XDR portal. Security Copilot is billed using a complex and confusing “Security Compute Unit” (SCU) meter of US$4/hour for the time the service is provisioned and used each month.

As opposed to assistants like Security Copilot, which are focused on UI/user interaction, agents are meant to autonomously handle specialized, multi-step tasks, alone or in concert with one another.

Agents: ‘The natural evolution of Security Copilot’

Microsoft officials say these coming agents “represent the natural evolution of Security Copilot” by managing high-volume security and IT tasks. They will provide automation across areas like threat protection, identity management, data security and more, officials said.

Microsoft’s newly announced Security Copilot agents include:

Phishing Triage Agent in Microsoft Defender for handling phishing reports
Alert Triage Agents in Microsoft Purview for data loss prevention and insider risk alerts
Conditional Access Optimization Agent in Microsoft Entra monitors for new users or apps not covered by existing policies
Vulnerability Remediation Agent in Microsoft Intune monitors vulnerabilities and remediation tasks
Threat Intelligence Briefing Agent in Security Copilot for curating threat intelligence.

Microsoft also is working on a Purview-specific solution, Purview Data Security Investigations, which will help teams analyze data-exposure risks using AI. Beginning April 9, DSI will be available in preview for admins and will require Purview pay-as-you-go and Security Copilot Security Compute Units.

In its blog post announcing the new Security Copilot agents, Microsoft also touted additional new agents for Security Copilot from various partners, including:

Privacy Breach Response Agent from OneTrust
Network Supervisor Agent from Aviatrix
SecOps Tooling Agent from BlueVoyant
Alert Triage Agent from Tanium
Task Optimizer Agent from Fletch.

In related news, Microsoft is extending its ability to use Microsoft Defender to manage the AI security posture of models beyond Azure and Amazon Web Services (AWS) to include Google VertexAI, plus all models in the Azure AI Foundry model catalog. This capability will be in preview starting in May 2025 and will include Gemini, Gemma, Meta Llama, Mistral and custom models.

Microsoft is hosting a free, one-hour AI security virtual event, Microsoft Secure, on April 9, where company officials will provide more information and demos about Security Copilot, these new agents and other related tools. It plans to expand on these topics at the upcoming RSA Conference 2025 from April 27 to May 1 in San Francisco. For Microsoft, 2024 was a big year for filling out its Copilot line-up. So far, 2025 looks to be the year of the agents.