Coming in May 2025, Microsoft will introduce six new agentic solutions within the Microsoft Security Copilot suite in public preview. These agents are designed to autonomously handle high-volume security and IT tasks, and integrate seamlessly with existing Microsoft Security solutions.
What is Microsoft Security Copilot?
Microsoft Security Copilot is a comprehensive security platform that integrates various security tools and solutions to provide a unified approach to managing and mitigating security threats. The platform includes advanced AI-driven agents that help security teams automate and streamline their workflows. The existing AI-driven agents are now being extended with the following additions:
New Security Agents
Phishing Triage Agent in Microsoft Defender
This agent autonomously triages user-submitted phishing incidents and distinguishes genuine threats from false alarms with great precision. It provides natural language explanations for its decisions and refines its detection capabilities based on your feedback.
How to get started:
- Visit: https://security.microsoft.com/
- Incidents – you can find incidents reported by the Security Copilot Phishing Triage Agent there
Alert Triage Agents in Microsoft Purview
These agents prioritize critical incidents in Data Loss Prevention (DLP) and Insider Risk Management (IRM), categorizing alerts based on their impact on sensitive data. They provide comprehensive explanations for their categorizations and learn from admin feedback to improve future prioritizations.
How to get started:
- Visit: https://purview.microsoft.com/
- Data Loss Prevention – Alert Triage Agent – Needs attention – you can find incidents reported by the Alert Triage Agent there
Conditional Access Optimization Agent in Microsoft Entra
This agent monitors new users and applications, analyzing their alignment with existing Conditional Access (CA) policies, and proactively detects security gaps. It recommends optimizations and provides one-click fixes to refine policy coverage effortlessly.
How to get started:
- Visit: https://entra.microsoft.com/
- Agents – Conditional Access Optimization Agent (Preview)
Vulnerability Remediation Agent in Microsoft Intune
This agent identifies, evaluates, and prioritizes vulnerabilities, offering clear, actionable recommendations for remediation. It continuously monitors newly published threats and assesses their risk levels to reduce exposure time.
How to get started:
- Visit: https://intune.microsoft.com/#view/Microsoft_Intune_Workflows/SecurityManagementMenu
- Overview – Vulnerability Remediation Agent
Threat Intelligence Briefing Agent in Security Copilot
This agent curates up-to-date, context-specific intelligence tailored to your organization’s unique profile and attack surface. It delivers prioritized reports in just 4-5 minutes and highlights the most pressing threats while providing actionable recommendations.
How to get started:
- Visit: https://securitycopilot.microsoft.com/
- Agents – Threat Intelligence Briefing Agent
Licensing
Security Copilot pricing is based on the capacity in Security Compute Units (SCU).
- Provisioned SCUs: Use provisioned Security Compute Units (SCUs) for your regular, expected workloads. These units are billed at a consistent rate per hour.
- Flexible Overage SCUs: Flexible overage SCUs are available for unexpected or seasonal workloads. They are only charged based on actual usage, up to your chosen overage limit, offering cost-effective scalability during periods of high demand. They are billed per hour and priced 50% higher than provisioned SCUs.
More Information
Security Copilot pricing: https://azure.microsoft.com/en-us/pricing/details/microsoft-security-copilot/.
Contact us at SCHNEIDER IT MANAGEMENT consultancy concerning your Microsoft licensing and to secure advantageous licensing conditions for your organization.