Microsoft Enhances Security Copilot With AI Agents

News

Microsoft Strengthens Security Copilot with New AI Agents

This week, Microsoft announced an expansion of its Security Copilot, incorporating additional security-focused AI agents aimed at improving defenses against increasing cyber threats. This enhancement comes as part of the company’s continuous commitment to bolster its security offerings, coinciding with the first anniversary of Security Copilot.

Significant Additions to Microsoft’s Security Platform

Microsoft is enhancing its security capabilities by introducing new features across various platforms, including Microsoft Defender, Microsoft Entra, and Microsoft Purview. “In this age of AI, securing AI, and utilizing it to enhance security, is critical for organizations,” stated Vasu Jakkal, Microsoft’s corporate vice president for security. “Microsoft is committed to helping organizations secure their futures through an AI-first, comprehensive security platform.”

New AI Agents: Automating Security Tasks

The updated platform will include six new built-in AI agents along with five additional agents designed by partners. These agents are crafted to automate routine, high-volume security tasks including:

Alert Triage Agents in Microsoft Purview – designed to prioritize insider risk alerts.
Conditional Access Optimization Agent in Entra – identifies gaps in identity policies.
Vulnerability Remediation Agent in Intune – streamlines patch management processes.
Threat Intelligence Briefing Agent – provides tailored summaries of threats specific to an organization’s landscape.

[Click on image for larger view.] Figure 1. Microsoft Copilot security agents.

These new AI agents will enter public preview in April. They are designed to learn from user feedback, adapt to existing workflows, and operate within Microsoft’s Zero Trust security framework.

Partner Contributions to AI-Powered Security

In addition to its own agents, Microsoft has teamed up with five partners to enhance the Security Copilot platform. The partner contributions include:

OneTrust: Creates a Privacy Breach Response Agent to assist with regulatory compliance.
Aviatrix: Offers a Network Supervisor Agent to troubleshoot VPN and gateway issues.
BlueVoyant: Provides a SecOps Tooling Agent aimed at improving SOC capabilities and compliance.
Tanium: Develops an Alert Triage Agent that delivers deeper insights for incident analysts.
Fletch: Introduces a Task Optimizer Agent that helps minimize alert fatigue by prioritizing threats.

“A proactive approach to privacy using AI will revolutionize industry practices. Autonomous AI agents will empower our clients to scale and enhance their privacy operations dramatically,” explained Blake Brannon, Chief Product and Strategy Officer at OneTrust.

Additional Innovations for AI Governance

Along with the new agents, Microsoft has unveiled various AI tools focused on governance and data protection. These include:

AI Security Posture Management which will extend support to Google Vertex AI and Azure AI Foundry, expected in preview by May.
Enhanced Defender Threat Detection aimed at addressing risks such as prompt injection and wallet abuse in AI applications.
Microsoft Entra’s AI Web Category Filters to block unauthorized access to unapproved “shadow AI” applications.
Microsoft Purview’s browser-based data loss prevention to stop unauthorized data entry into generative AI tools like ChatGPT via Edge for Business.

Starting in April 2025, Microsoft Defender for Office 365 will also enhance protection for Microsoft Teams, guarding against phishing and other sophisticated threats. This update will incorporate real-time scanning of URLs and scrutiny of suspicious attachments and links. Security operations teams will benefit from comprehensive visibility, with alerts and incident data seamlessly integrated into Microsoft Defender.

Please follow and like us: