Microsoft has unveiled a suite of AI-powered Security Copilot agents, now available in public preview, marking a significant advancement in cybersecurity automation. These agents are designed to streamline high-volume security tasks, enabling security teams to concentrate on more complex challenges.
Introduction to Security Copilot Agents
At the RSA Conference 2025, Microsoft introduced new AI-driven agents for Security Copilot, initiating a phased rollout to provide early access to select customers. This development builds upon the foundation laid by Security Copilot, launched the previous year to assist security professionals in areas such as threat hunting, incident response, intelligence gathering, and posture management. The tool integrates seamlessly with Microsoft's security products, including Microsoft Defender XDR, Microsoft Sentinel, and Microsoft Intune, as well as third-party services.
Overview of the New Security Copilot Agents
In March 2025, Microsoft announced the introduction of Security Copilot agents aimed at managing high-volume security tasks, thereby allowing security teams to focus on more intricate issues. The initial set of agents includes:
- Conditional Access Optimization Agent for Microsoft Entra: This agent monitors for new users or applications not covered by existing policies, identifies necessary updates to close security gaps, and recommends quick fixes for identity teams to apply with a single click.
- Vulnerability Remediation Agent for Microsoft Intune: It monitors and prioritizes vulnerabilities and remediation tasks to address application and policy configuration issues, expediting Windows OS patches with administrative approval.
- Threat Intelligence Briefing Agent for Security Copilot: This agent automatically curates relevant and timely threat intelligence based on an organization’s unique attributes and cyber threat exposure.
Integration and Functionality
Built on the Security Copilot platform, these agents are tailored to specific security use cases, adapt to organizational workflows, and learn from feedback, all while keeping security teams in full control. This ensures a consistent, secure, and unified experience across capabilities. The agents are designed to autonomously handle high-volume security and IT tasks, seamlessly integrating with Microsoft Security solutions. They operate securely, aligned with Microsoft’s Zero Trust framework, and aim to accelerate responses, prioritize risks, and drive efficiency to enable proactive protection and strengthen an organization’s security posture.
Partner Contributions
In addition to Microsoft's own agents, two new partner agents from Performanta are available in public preview for commercial customers:
- Email Threat Analyst Agent: Assists security teams in investigating email threats.
- IAM Supervisor Agent: Helps in assessing identity access risks.
Enhancements in Data Protection and Insider Threat Detection
Microsoft has also introduced new plugins and AI-powered governance tools to enhance data protection and insider threat detection. Integrations for Microsoft Purview are now available in preview, enabling organizations to detect sensitive data exposure and investigate AI-based insider threats. Security teams can apply retention and audit policies to AI-generated data, providing a comprehensive approach to data governance.
Scalability Improvements with Security Compute Unit (SCU) Model
To improve scalability, Microsoft has introduced a new overage Security Compute Unit (SCU) model. This feature allows customers to extend their Copilot workloads beyond their initial provisioned limits, ensuring that organizations can scale their security operations as needed without compromising performance.
Conclusion
The introduction of AI-powered Security Copilot agents represents a significant step forward in automating and enhancing cybersecurity operations. By offloading repetitive and high-volume tasks to these intelligent agents, security teams can focus on strategic and critical work, ultimately strengthening their organization's security posture. As these agents continue to evolve and integrate with various security solutions, they hold the promise of transforming the landscape of cybersecurity management.
Source: Petri IT Knowledgebase Microsoft Announces Security Copilot Agents Preview
