Thought Leadership
Microsoft is expanding its AI-supported Security Copilot, which was introduced a year ago, to include autonomous agents. These are intended to support overburdened security teams in their work. The company has introduced six of its own AI agents for its Security Copilot as well as five more from partner companies.
The Microsoft security agents will be available as a preview from next month. They will perform tasks such as analyzing phishing and data loss alerts, prioritizing critical incidents and searching for security vulnerabilities. “The six Microsoft Security Copilot agents enable teams to handle large-scale security and IT tasks autonomously and integrate seamlessly with Microsoft security solutions,” says Vasu Jakkal, Corporate Vice President for Microsoft Security.
The Security Copilot agents will be available across the entire Microsoft security platform:
- The Phishing Triage Agent in Microsoft Defender analyzes phishing alerts to distinguish real cyberthreats from false positives.
- Alert Triage Agents in Microsoft Purview evaluate warnings about data loss and insider risks and prioritize critical incidents.
- The Conditional Access Optimization Agent in Microsoft Entra monitors new users or apps that are not covered by existing policies.
- The Vulnerability Remediation Agent in Microsoft Intune monitors and prioritizes vulnerabilities and remediation measures.
- The Threat Intelligence Briefing Agent in Security Copilot automatically curates relevant threat intelligence based on an organization’s specific attributes.
Microsoft names OneTrust, Aviatrix, BlueVoyant, Tanium and Fletch as partners for third-party security agents. These extensions are intended, for example, to facilitate the analysis of data protection breaches with OneTrust or the root cause analysis of network failures with Aviatrix.
At the same time, Microsoft is also improving phishing protection in Microsoft Teams. Starting next month, Microsoft Defender for Office 365 will protect Teams users against phishing and other cyber threats, including improved protection against malicious URLs and attachments.
