As always, Microsoft Ignite 2025 showcased a plethora of new products and offerings, providing clear indicators of Microsoft’s focus for the coming year. Just like last year, AI remains at the forefront of their innovations. With the proliferation of AI agents across enterprises, Microsoft introduced a suite of tools that transform how organizations govern, authenticate, and defend their environments. Among the hundreds of announcements, we’ve highlighted capabilities that are either immediately actionable or represent fundamental shifts in the landscape of security.:
- Security Copilot – now included with E5 licensing
- Foundry Control Plane – gain more visibility into what’s happening within your AI agents in Foundry
- Agent 365 – monitor and control your Microsoft and 3rd party agents, post-deployment
- Syncable Passkeys – help drive mass adoption of passwordless authentication in Entra
- Autonomous Response Enhancements – new enhancements to Attack Disruption and the introduction of Predictive Shielding aim to kick attackers out at lightning speed
- Defender Custom Data Collection – tailor telemetry for specialized threat hunting in Defender
Security Copilot
For many organizations, the biggest hurdle to adopting AI in security operations has been the initial dollar commitment. Security teams want to explore AI, but the cost of integrating AI into security has been prohibitively expensive for most. Teams need a way to lower the barrier to entry without burning their annual budget just to run a proof of value.
The New E5 Inclusion Model
Microsoft is eliminating procurement friction by automatically provisioning Security Copilot for Microsoft 365 E5 customers. As of November 18, organizations will be allocated 400 Security Compute Units (SCUs) monthly for every 1,000 paid user licenses, capped at a maximum of 10,000 SCUs per month.
If you’re new to Security Copilot, here are some things to keep in mind about Microsoft’s new SCU offering:
- “Use It or Lose It”: Unlike some credit models, these SCU allocations reset monthly and do not roll over.
- No Overage Risks: If your team exceeds the allocated monthly SCUs, the service will throttle usage rather than automatically billing you. To scale beyond the cap, you must opt-in to a pay-as-you-go model (~$6/SCU).
- Scope of Usage: This capacity applies across the core security stack – Entra, Intune, Purview, Defender, and their standalone portals. Notably, while you can apply these SCUs to run AI scenarios in Microsoft Sentinel, the free SCU’s only cover the AI compute and not the underlying data lake storage or ingestion costs.
Foundry Control Plane
Organizations are rapidly evolving from using a handful of isolated AI agents to deploying thousands of semi-autonomous agents. Without unified oversight, this growth creates “AI Sprawl” – resulting in uncontrolled costs, data leakage, and inconsistent security postures across business units. IT and Security leaders are finding themselves responsible for an “AI Fleet” without a central console to manage risk or performance.
Visibility and Governance
Foundry Control Plane provides unified visibility across Foundry-native (formerly Azure AI Foundry), Microsoft, and third-party agents, allowing you to visualize resource consumption and detect anomalies in real-time.
Crucially, Foundry Control Plane is the enforcement point for reeling in AI sprawl and adding teeth to your AI governance policies. You can define enterprise-wide guardrails using Azure Policy and monitor your agent’s compliance posture.
Think of Foundry Control Plane as your performance, health and compliance platform. To control who has access to what agents and to visualize how agents are interconnected, you will need a different control plane… we’ll talk about that one next!
Agent 365
Managing an AI workforce is hard. Security teams need to distinguish between the generic AI capability provided by IT and the unique, active agents deployed by business units and end users. Organizations have struggled to govern this distinction. Simply listing an agent in a catalog doesn’t solve the problem of managing the individual instances running in your environment, nor does it address who owns them or controls their access to data.
A New Identity Model
Agent 365 and the underlying Microsoft Entra Agent ID change how bots are managed by treating them as distinct identities within the Microsoft 365 admin center. Foundry Control Plane gave you visibility and insight into your agents, and Agent 365 allows your IT and Security departments to monitor and control access to those agents.
This new model introduces a “Request and Activate” workflow. IT Admins define Template Agents – which are pre-approved permissions and compliance settings. If a user tries to use a template which isn’t pre-approved, the request gets routed to IT for approval, ensuring no unvetted agent enters the tenant.
The security implications here are massive thanks to the integration with Microsoft Entra:
- Non-Human Conditional Access: You can now create access policies specifically for agents. Using “Agent Identity Blueprints,” you can enforce Least Privilege, ensuring an agent only accesses the specific data needed for its job.
- Runtime Defense: The platform includes real-time defenses to actively block prompt injection attacks and prevent data exfiltration as the agent operates.
- Nuke it from Orbit: Admins have granular control to Block a specific instance (stopping a rogue bot) or Block the entire Agent (stopping all instances).
Syncable Passkeys
While FIDO2 device-bound passkeys offer the gold standard for security, they have suffered from significant friction regarding user adoption and lifecycle management. The traditional model ties the credential strictly to the hardware; if a user loses their phone or upgrades to a new device, the credential is lost, creating a “support nightmare” and requiring manual re-onboarding. Additionally, in BYOD scenarios, users often resist installing corporate applications just to sign in.
Embracing Portability
Microsoft is embracing syncable passkeys, allowing the private key to be synced across a user’s devices via familiar consumer providers like iCloud Keychain or Google Password Manager. This decoupling of credentials from specific hardware creates a distinct usability advantage: when a user replaces a device, their credentials restore automatically, maintaining the passwordless experience without IT intervention.
Organizations looking to roll out syncable passkeys should adopt a pragmatic, tiered approach. Enforce strict, device-bound passkeys for high-privilege admins (Tier 0/1) to maintain maximum security but use syncable passkeys for the general user population to drive mass adoption.
While this introduces a new risk variable (the security of the user’s personal cloud account), this risk is significantly lower than the risk of password reuse and phishing susceptibility of alternative MFAs. Finally, this is a game-changer for BYOD policies, allowing for secure authentication without requiring intrusive agents or company-managed applications on personal devices.
Autonomous Response Enhancements
Security operations have traditionally been a race against time with a major handicap: the fear of business interruption. When a critical asset is compromised, the SOC faces a difficult choice: take the asset offline and cause an outage or leave it running and hope for the best. Microsoft’s original answer to this was Attack Disruption in Defender XDR, released back in 2022, and Microsoft has put in a lot of effort to ensure that it’s response are high fidelity yet quick and effective. Two really impressive capabilities are now coming to Attack Disruption: Third Party Integrations and Predictive Shielding.
Third Party Integration
Attack Disruption within Microsoft Defender has always been focused on Entra and Defender EDR to quickly stop an attacker. This could result in a user not being allowed to RDP into a machine or a host being isolated. With varied tools across environments, this meant that if a tool didn’t have Defender, it was unlikely be protected by Attack Disruption. Microsoft plans to add support for third parties, like Okta and Proofpoint, to help thwart attacks across environments that are not as homogeneous as vendors would like. Now you can get the same quick response capabilities to thwart attackers based on Okta, Proofpoint or AWS data flowing into Microsoft Sentinel.
Automated Preventative Hardening Capabilities (Predictive Shielding)
Defender’s new Predictive Shielding serves as point-in-time preventative hardening. To get ahead of adversaries, the system can automatically trigger safeguards like GPO Hardening – which prevents malicious configuration changes by freezing new policies – or Safeboot Hardening, which protects vulnerable assets by enforcing stricter boot settings on devices predicted to be at high risk of compromise.
Crucially, this protective approach has evolved beyond blunt-force isolation. Defender can now strictly target high-risk protocols like RPC, SMB, and RDP while ensuring legitimate business traffic continues to flow. This granular precision extends to identity containment as well; compromised users can be blocked from network logons and remote sessions without taking the underlying asset offline. The result is a capability that allows the SOC to effectively stop the bleeding without stopping the business.
Defender Custom Data Collection
Default security telemetry is designed for the masses – it catches common threats and standard behaviors. However, for mature SOCs hunting specific threats or monitoring niche applications, standard logging often creates blind spots. Analysts often find themselves wishing they could inspect specific file modifications, process events in obscure folders, or unique network connections that default sensors simply ignore to save bandwidth.
Custom Collection Rules for Threat Hunting in Defender
Microsoft is introducing Custom Data Collection for Defender for Endpoint P2. This allows you to define specific rules – based on folder paths, process names, or network connections – to capture the data you need for specialized threat hunting.
It’s important to note that this feature relies on a connected Microsoft Sentinel workspace. While the capability is included in your P2 license, the data storage is not; using this feature will incur ingestion charges in Sentinel. To keep this from spiraling, Microsoft has implemented a hard cap of 25,000 events per device per 24 hours. Custom Data Collection Rules are a powerful new tool for hunters, but one that requires a scalpel approach rather than a sledgehammer to avoid blowing up your Sentinel bill.
Wrapping Up
With the rapid evolution of security capabilities, it’s easy to feel overwhelmed. To help you navigate these changes, here’s a clear, actionable roadmap to get started:
Claim and Utilize Your Security Copilot SCUs
If you’re on Microsoft 365 E5, your Security Copilot SCUs will be arriving soon. Start by trialing these areas:
- CrowPilot Agent (if you’re a CrowdStrike customer)
- Defender’s Threat Intelligence Agent
- Microsoft’s Insider Risk Agent
- M365 Email Phishing Agent
Leverage Security Copilot for:
- KQL creation of Advanced Hunting queries
- Daily SOC summaries to integrate AI into your SOC workflows.
Understand and Control Your AI Agents
- Use Foundry and Agent 365 to inventory and gain visibility into the agents running in your environment.
- Register and manage these agents in Entra to maintain control.
Adopt Passwordless Authentication
- Pilot syncable passkeys with a small group of non-admin users to test the user experience.
- Document improvements in helpdesk ticket volume and user satisfaction to build a case for broader adoption.
Enable Attack Disruption
- If you’re not using Attack Disruption, enable it to start autonomous containment of threats.
- Once implemented, consider adding Predictive Shielding for proactive defense.
Optimize Your SOC
If your SOC is overwhelmed with alerts:
- Use Security Copilot for alert triage and investigation.
- Enable Attack Disruption and test Predictive Shielding in monitor mode.
For mature SOCs with custom hunting needs:
- Identify telemetry gaps.
- Model Sentinel costs for custom data collection.
- Deploy 2-3 high-value collection rules.
Don’t Go It Alone
These tools are powerful but require thoughtful implementation. Security Risk Advisors (SRA) can help you assess which capabilities align with your security roadmap and avoid common pitfalls.
By following these steps, you can effectively integrate these new capabilities into your security operations and maximize their value.
Greg Stachura
Greg focuses on Incident Response and the Cyber Security Operations Center. Greg has experience managing SIEM, as well as orchestration and automations platforms. He also has extensive background in Incident Response playbook development, forensics and log analysis. Prior to joining Security Risk Advisors, Greg worked extensively in the financial, healthcare and education sectors.
Kevin Foster
Kevin leads defensive security strategy and implementation projects for clients in financial services, telecom, aerospace, manufacturing, and healthcare.
He advises his clients on technical risk mitigation strategies through program development and controls implementation and engineering.
Kevin specializes in projects related to Threat Hunting, Endpoint Detection and Response (EDR), analytics and Security Information and Event Management (SIEM), and Incident Response (IR) activities.
Kevin is a GIAC Certified Forensic Analyst (GCFA) and has also obtained GIAC Reverse Engineering Malware (GREM), GIAC Certified Detection Analyst (GCDA), and GIAC Defensible Security Architecture (GDSA) certifications.