Follow ZDNET: Add us as a favorite source On Google.
ZDNET Highlights
- Microsoft announced new or improved AI security agents in Ignite.
- The security agent functionality is exposed in Microsoft’s contextual management portal.
- Agents are free to all CoPilot Security customers with a 365 E5 subscription.
At Microsoft’s Ignite conference in San Francisco earlier this week, the onslaught of artificial intelligence-related announcements made it easy to miss some of the company’s more important “all-AI all-the-time” news.
Also: Microsoft’s new AI agents now create your Word, Excel, and PowerPoint projects
The word “Copilot” – representative of Microsoft’s flagship AI brand – appeared thousands of times in nearly every functional area of the technology firm’s offering, evidence of an AI-first strategy that has also covered its portfolio of security-related solutions.
AI enters the security game of cat-and-mouse
Cyber security has always been like a game of cat and mouse. When the IT department succeeds in shutting down one type of intrusion, adversaries start looking for another type of intrusion and the vicious cycle continues. This has been the case with an ever-evolving series of tactics, techniques, and procedures (TTPs) used by threat actors who are stealing billions of customer records from Salesforce instances belonging to some of the world’s largest and best-known brands.
Naturally, it is only a matter of time before hackers begin to utilize the scalability and speed of AI to pursue their exploits more successfully. For example, Anthropic – developer of the popular Cloud LLM – published a report The following were revealed earlier this month:
“In mid-September 2025, we detected suspicious activity, which we later investigated revealed to be a highly sophisticated espionage campaign. Attackers leveraged AI’s ‘agent’ capabilities to an unprecedented level – using AI not only as an advisor, but also to execute cyberattacks.”
It should come as no surprise that, as part of a game of cat-and-mouse, Microsoft and other companies are now looking to AI to help their customers even the playing field. Buried in the noise of all of Microsoft’s Ignite AI announcements — including how AI agents will help us code software and enable data centers to self-repair — was news of Microsoft and partner-provided AI agents designed to close new security vulnerabilities before threat actors are able to discover or exploit them.
Also: Microsoft’s new recovery tools rebuild Windows when it’s messed up – here’s how
Microsoft previously released AI agents to improve customer agility in the race against threat actors. However, in this latest round of additional agent announcements and improvements, Microsoft is also standardizing how to make those agents available contextually within its existing security and management tools.
“We’re introducing a dozen new and enhanced Microsoft Security CoPilot agents, available in Microsoft Defender, Microsoft Entra, Microsoft IntuneAnd Microsoft Purview“Empowering security teams to move from reactive responses to proactive strategies and help transform every aspect of organizational security,” wrote Microsoft’s corporate vice president of security. Vasu Jakkal one in blog post“These adaptive agents work hand-in-hand with security teams to detect incidents, customize conditional access policies, surface threat intelligence, and more easily maintain secure, compliant endpoints,”
This table shows a partial list of various Microsoft-developed security-oriented AI agents and security dashboards with the company highlighting their functionalities as relevant.
Screenshot by David Berlind/ZDNET
As shown in the table above, the specific roles of different agents determine which security management tools they are included in. For example, while specific agents for identity management will appear contextually in Microsoft’s Entra identity management solution, specific agents for endpoint security will be integrated into Microsoft Intune.
Availability of Microsoft-built agents
Availability of new Microsoft-built agents – along with additional partner-provided agents – will be rolled out through Storefront (all powered by a central Microsoft Security Store) Previewed on September 30) which are also contextually embedded in the appropriate Microsoft Security and Management Dashboard.
Also: Microsoft’s new AI agents won’t just help us code, they’ll now decide what to code
As shown in the screenshot below, agents like Microsoft’s Phishing Triage Agent (lower right) are exposed in a storefront that is built into the company’s Defender Security Operations solution.
AI agents provided by Microsoft and partners surface contextually within the content management portal.
Microsoft
The Phishing Triage Agent went into public preview in March 2025 and was announced for general availability in Ignite. According to Microsoft, the Phishing Triage Agent “autonomously handles large-scale user-submitted phishing reports. The agent categorizes incoming alerts and resolves false positives, escalating only malicious cases that require human expertise.”
Reflecting Microsoft’s standardized approach to contextually surfacing agents within the appropriate management console, the company’s Threat Intelligence Briefing Agent, previously introduced in marchNow embedded in the Microsoft Defender Portal. The agent not only gathers timely briefings from various threat intelligence sources, but it also assesses the risk of each briefing, makes recommendations on how to address it, and links it to specific assets within the organization that require immediate attention.
Also: Apple, Microsoft, or Google: Whose Platform Authenticator Rules Our Passkey Future?
Within Antra, Microsoft has improved CoPilot Conditional Access Optimization AgentDesigned to monitor policies across devices and identities. Many of these will be AI agents themselves as the company pursues a strategy where agent identities are treated with the same first-class citizenship that human identities get within an organization’s digital infrastructure. (This approach is also advocated by the OpenID Foundation Okta is Microsoft’s competitor on the identity management front.) For example, the agent can identify an increase in sign-in failures, investigate the policy that may have caused the problem, and recommend steps to resolve the problem before other users are affected.
There are many other new and improved agents – too many to count here. However, importantly, the Microsoft-provided agents will be made available at no additional charge to existing Safety Co-Pilot customers with a Microsoft 365 E5 subscription, and eventually, to non-Co-Pilot customers, who will be notified 30 days in advance of when they can activate them.
