Microsoft Security Copilot Expands to 12 Preview Agents Across Defender Entra Intune Purview

Microsoft’s Ignite announcements pushed Security Copilot from a tactical assistant to a full-fledged, agentic security platform — delivering twelve new preview agents across Microsoft Defender, Microsoft Entra, Microsoft Intune and Microsoft Purview, plus an expanding partner ecosystem, a Security Store for agent discovery and procurement, and new control-plane tooling to govern agent fleets at scale.

Background / Overview​

Microsoft introduced Security Copilot as an AI-powered security assistant to help organizations detect, investigate, and respond to threats faster. At Ignite 2025 the product evolved: instead of a single chat assistant, Microsoft is embedding specialized adaptive agents across its security stack to automate high-volume tasks — from phishing triage and alert prioritization to conditional access tuning and sensitive-data remediation. That multi-surface push ties Security Copilot into Defender, Entra, Intune and Purview while exposing partner-built agents through a new Security Store and governance surfaces like Agent 365. These changes are explicitly positioned as productivity and risk-reduction measures for SOCs, identity teams, IT operations and compliance teams: agents accelerate triage, surface prioritized threat intelligence, translate policy goals into Intune configurations, and help remediate data oversharing — all while operating with tenant-scoped context. Independent coverage and Microsoft’s book-of-news confirm the 12-agent count and the broader partner catalog expansion.

---

What Microsoft announced at Ignite: the essentials​

Twelve preview Security Copilot agents (and 30+ partner agents)​

• Scope: Twelve new agents from Microsoft previewed across Defender, Entra, Intune and Purview, with more than 30 partner agents available to extend coverage and provide verticalized or specialized workflows.
• Example agent types: Phishing Triage Agent, Alert Triage Agents for DLP/Insider Risk, Conditional Access Optimization Agent, Identity Risk Management Agent, App Lifecycle Management Agent, and Intune policy conversion/analysis agents.

Integrated platform tooling and governance​

• Agent 365: A centralized control plane / registry to discover, inventory, quarantine and govern agents across the enterprise. Agent 365 ties agent identities to Entra (Agent ID), enforces RBAC-like policies, and provides telemetry and visualization for agent activities.
• Microsoft Security Store: A catalog and procurement surface for security solutions and agents enabling discovery, purchase and deployment with embedded workflows inside Defender and Entra. Microsoft says the catalog now includes 100+ third-party solutions and that partners can sell managed detection services via the Store.
• Foundry Control Plane & Developer Tooling: New Foundry features to build, manage and secure agent fleets, and direct publishing pipelines to Microsoft Agent runtimes. This moves agent creation toward a developer + security integrated lifecycle.
• Security Dashboard for AI: A unified operational view that aggregates signals about AI agents, apps and platforms from Defender, Purview and Entra so teams can monitor risks like data oversharing and identity compromise.

New integrations and protections​

• Defender + GitHub Advanced Security: Native integrations to bring runtime context to the developer workflow: surface vulnerabilities in runtime, create remediation workflows, and enable developer fixes (including Copilot Autofix) with validation from Defender.
• Purview & Copilot protections: Expanded Purview controls (DLP for Copilot/chat prompts, oversharing reports, scheduled Teams transcript deletion) to reduce sensitive-data exposure when agents and Copilots operate over enterprise content.
• Baseline Security Mode (BSM): A guided experience that applies Microsoft-recommended settings to reduce legacy risk and simulate the impact of changes before deployment.

---

How the new Security Copilot agents work — practical mechanics​

Defender agents: automated triage and hunting​

Defender agents are designed to reduce SOC toil by automating repetitive parts of the investigation lifecycle. Key capabilities include:

• Automated alert triage to separate true positives from noisy alerts.
• Natural-language threat hunting for analysts to ask questions like, “Find activity related to this domain across my estate” and receive a focused list of telemetry-driven hits.
• Missed-threat detection that hunts for gaps in coverage and suggests detection improvements.

These agents leverage Defender’s telemetry and Microsoft Threat Intelligence and are intended to integrate with existing playbooks and service-ticketing flows rather than replace human decision-making.

Entra agents: identity governance and conditional access optimization​

Entra agents address identity-focused tasks:

• Monitor policy coverage and recommend or simulate Conditional Access changes.
• Investigate risky users and suggest remediation paths, including access revocation or policy escalation.
• Manage application lifecycles, automating discovery and onboarding remediation where apps violate policy.

Agents use Entra Agent ID to give each agent a short-lived, auditable identity bound to tenant governance policies.

Purview agents: data discovery and compliance automation​

Purview agents bring AI-powered content analysis to data incidents:

• Discover and remediate oversharing or sensitive-data exposure.
• Connect DLP incidents to Defender incidents to provide cross-product context during investigations.
• Generate prioritized remediation steps and compliance-ready explanations for privacy teams.

Intune agents: translate requirements into policies​

Intune agents help IT turn high-level requirements into device and configuration policies:

• Convert compliance requirements into Intune configuration profiles.
• Simulate policy changes before rollouts to assess potential productivity or compatibility impacts.
• Identify devices for removal or quarantine based on compliance posture.

---

New tools and ecosystem: Security Store, Foundry, Agent 365 and the AI dashboard​

The announcements are not just feature additions — they are an ecosystem play:

• Security Store centralizes discovery, purchase and deployment of agentic solutions and services. Microsoft’s public messaging frames it as a one-stop-shop for security tooling that integrates with Defender and Entra workflows.
• Foundry Control Plane focuses on developers and ISVs: a publishing path that embeds Entra/Defender/Purview checks into the agent development lifecycle and simplifies large-scale agent fleet management.
• Agent 365 is the governance layer: registry, quarantine, and unified telemetry to detect shadow agents and apply tenant-level policy templates. This is central to treating agents as first-class, auditable services.
• Security Dashboard for AI aggregates agent posture, compliance signals and risk insights — a necessary operational surface for enterprises that must manage agent-driven data flows.

These surfaces attempt to close the lifecycle loop: author → vet → publish → govern → monitor.

---

Availability, licensing and rollout​

Microsoft announced that Security Copilot will be made available to Microsoft 365 E5 customers with a phased rollout: Frontier customers already see some capabilities and the broader E5 rollout will continue in the coming months with advance notifications to tenants. This inclusion is a material licensing move because it makes agentic security capabilities accessible to a large installed base of enterprise customers. Note: details about consumption limits, scaling (e.g., extra Security Copilot Units) or how partner agent charges are invoiced can vary. Organizations should expect phased activation, tenant notices, and potential add-on charges for high-scale autonomous action or partner services.

---

Why this matters: operational benefits​

• Faster incident response: Agents that triage and enrich alerts shorten time-to-detect and time-to-remediate by reducing repetitive research tasks analysts perform.
• Better identity hygiene: Entra agents that simulate policy changes and automate access reviews can reduce risky access and credential abuse windows.
• Improved compliance posture: Purview agents and DLP integrations limit data oversharing to AI apps and provide audit-ready remediation guidance.
• Developer-security collaboration: Defender integration with GitHub Advanced Security brings runtime context to code security and supports automated fix workflows. This shortens the remediation feedback loop between security and development teams.

---

Real-world risks and limitations — what to watch for​

No platform shift is risk-free. The move to agentic security introduces new attack surfaces and operational complexities that demand cautious adoption.

• Automation blast radius: Agents that can take corrective actions (block users, remove devices, change policies) increase the impact of misconfiguration or a compromised agent identity. Enforce conservative defaults and require human approvals for high-impact actions.
• Supply-chain and agent hijacking risks: Researchers have already demonstrated token-theft and "CoPhish" style attacks that target Copilot/agent workflows; vet agent publishers, restrict third-party consent and monitor for anomalous agent behavior. Flagged incidents show attackers can exploit legit-looking agent flows to harvest OAuth tokens. Treat agent sources and manifests like any other third-party software you install.
• Preview vs GA uncertainty: Several Ignite features are preview-only — behavior, APIs and remediation actions (for example, some named features like "Predictive Shielding") may change before GA. Treat vendor brief examples as illustrative until formal documentation and release notes exist.
• False positives and operational noise: Aggressive scanning (e.g., on large blob stores or serverless posture checks) can increase cloud egress and scanning costs and can create noisy signals that require tuning.
• Privacy and data residency: Agents that access tenant data, prompts or transcripts increase the audit and data-residency burden. Ensure logs, prompt content, and any agent-derived artifacts are managed under compliance controls.

---

Technical verification and cross-checked claims​

Key load-bearing claims from Ignite were verified against Microsoft’s own posts and independent reporting:

• Microsoft’s announcement of agent previews and their embedding across Defender, Entra, Purview and Intune is confirmed in Microsoft’s Security blog and the Ignite Book of News.
• The Security Store concept and partner catalog are present in Microsoft messaging and independently covered by third-party outlets. Expect an expanding catalog that integrates procurement and deployment into Defender and Entra workflows.
• Defender + GitHub Advanced Security integration for lifecycle security (runtime context + remediation workflows) is listed in Ignite material and described in third-party reporting on developer-security integration.

Where claims remain tentative: vendor briefings described certain remediation actions and feature names (for example, illustrative capabilities tied to a name like “Predictive Shielding”) that are not yet fully documented in public product pages; those should be treated as preview behaviours and examples until Microsoft publishes technical docs.

---

Practical rollout checklist — how to pilot Security Copilot agents safely (recommended sequence)​

• Inventory existing automation: map Copilot, Copilot Studio, agent runtimes, and custom connectors in use.
• Set governance baseline: create agent registry and policy templates in Entra (restrict agent consent and require short-lived credentials).
• Pilot in monitor-only mode: enable agents in a test tenant or limited environment with read-only suggestions before enabling auto-remediation.
• Tune DLP and Purview policies: test Copilot/DLP prompt controls and scheduled retention for sensitive transcripts.
• Integrate telemetry: route agent logs and webhook data into SIEM/SOAR (Sentinel/Defender) for correlation and alerting.
• Define human-in-the-loop approvals: require multi-person sign-off for any agent that can change access or delete resources.
• Exercise incident playbooks: run red-team scenarios for agent compromise (prompt injection, RAG poisoning, token harvesting) and practice revocation of agent identities.
• Track cost and performance: monitor scanning egress, compute and latency impacts across agent workflows.
• Engage partners carefully: for partner agents, validate vendor processing, residency, and contractual SLAs before production deployment.
• Stay on update cadence: preview features will change — maintain a change-control cadence tied to Microsoft’s tenant activation notices.

---

Developer and partner implications​

For ISVs and security vendors, the Security Store and Foundry Control Plane present a path to distribute agentized solutions. Partners must:

• Adopt the Model Context Protocol (MCP) and Entra Agent ID patterns to ensure interoperability.
• Harden agent supply chains (attestations, signing) and support tenant-level revocation.
• Provide clear SLAs and audit logs to meet enterprise compliance needs.

---

Industry context and independent perspective​

Microsoft’s bet is clear: make agents first-class, identity-bound, auditable, and governed. That architecture aligns with requests from enterprise security teams who want provenance, RBAC and auditable behavior for autonomous workflows. Coverage across independent outlets, major tech press and Microsoft’s own documentation supports the core claims while also highlighting early adversarial research that underscores why governance is non-negotiable. At the same time, the transition to an agentic security posture raises systemic questions about process, cost and liability: who owns an automated remediation that triggers business outage? What legal exposures exist if an agent exfiltrates regulated data through a model? These are practical governance items enterprises must answer before broad adoption.

---

Final assessment and guidance for Windows-centered security teams​

Microsoft’s security announcements at Ignite accelerate an existing trajectory: embed AI into security operations while adding governance scaffolding to manage scale. The new Security Copilot agents can materially reduce analyst toil and shrink attacker dwell time — if organizations combine technical pilots with policy updates, hardened identities for agents, tuned DLP rules and rigorous testing of partner agent integrations.
Takeaways for Windows and Microsoft 365 environments:

• Treat agents as production services: include them in access reviews, incident playbooks and change control.
• Start with low-risk pilots: enable read/suggest-only modes and measure MTTR improvements and false-positive rates.
• Insist on vendor transparency: require partners to publish processing region, SLAs, and attestations for agent behavior and data handling.
• Monitor evolving threats: keep an eye on reported agent-focused attack techniques (token theft, malicious agent manifests) and update revocation and detection playbooks accordingly.

The Ignite announcements supply a full stack — agents, store, governance plane and developer tooling — that can accelerate security operations. The decisive factor for every organization will be governance rigor: identity-bound agent identities, conservative automation defaults, auditable telemetry, and staged rollouts will determine whether Security Copilot agents deliver predictable operational value or introduce new, costly risks.

---

Microsoft’s portfolio move is bold and coherent: it pairs automation with governance and aims to make agentic security manageable at enterprise scale. For security teams, the immediate priority is pragmatic: pilot deliberately, instrument thoroughly, and bake agent governance into identity and compliance processes before allowing agents to act autonomously across production workloads. Conclusion
Security Copilot’s agent wave is a major step toward scaling defensive automation, and the supporting surfaces (Security Store, Agent 365, Foundry) show Microsoft is thinking end-to-end. The promise — faster threat detection, leaner SOC workflows and proactive compliance — is real, but the road to realizing it requires meticulous governance, rigorous pilot programs, and careful partner selection. Organizations that adopt this disciplined approach will likely capture the productivity upside while minimizing the operational and security risks of an agentic future.

---

Source: Petri IT Knowledgebase New Security Copilot Agents Boost Threat Detection, Compliance