Talk about an intense all senses experience at Microsoft Ignite 2025! There’s the expected ‘drinking from the firehose’ and the sheer volume of new product and feature announcements. There’s the chaotic multi-building logistical operation that created a high-friction experience at times. And of course, the protests outside the official locations at the Moscone Center in San Francisco that made the event’s security protocols seem poorly thought out and inconsistently applied. Still, an amazing conference that I was fortunate to be able to attend, with tons of exciting announcements. There were so many security-specific announcements made, that it’s hard to shortlist them, but here are the top security announcements from Microsoft Ignite 2025 that I think are pretty big deals if you are (or work with) Security leaders like I do.
1. Security Copilot Included with E5: Broadening Access to AI Security
The decision to bundle Security Copilot with Microsoft 365 E5 licenses marks a strategic shift in Microsoft’s approach to security accessibility. It’s true that Security Copilot improves the effectiveness of under-resourced SecOps teams. It is also true that Microsoft sales teams were struggling to translate the window dressing promise into actual evidence that would induce CISOs and CROs to bankroll the spend. Nevertheless, given that prior to this announcement Security Copilot was available only as an expensive add-on makes this announcement probably the biggest and most impactful of the bunch. Frankly if this was the only security related announcement at Ignite this year, it would be plenty. By integrating Security Copilot with E5, Microsoft is expanding access to powerful security tools, thereby enabling a broader range of their current customers to elevate their security posture. I imagine it would also make the move from Microsoft 365 E3 to E5 licenses more compelling for orgs with tight budgets.
Rollout is expected to begin as of 18th November 2025, and customers will receive a 30-day advanced notification before activation. If you’re already a Microsoft 365 E5 customer using Security Copilot, you can access this benefit at no additional cost. In terms of the included capacity, Microsoft measures this by a Secure Compute Unit (SCU). An SCU is a measure of the computer power required to run Security Copilot workloads for AI capabilities in both the standalone and embedded experiences.
Organizations with Microsoft 365 E5 will have 400 Security Compute Units (SCUs) each month for every 1,000 paid user licenses, up to 10,000 SCUs each month at no additional cost.
This amount scales by user license count, including for customers with fewer than 1,000 user licenses. This included capacity is expected to support typical scenarios as mentioned.
- Example 1: An organization with 400 user licenses gets 160 SCUs/month.
- Example 2: An organization with 4,000 user licenses gets 1,600 SCUs/month.
Particularly as things like this can change, you can visit official Microsoft documentation to learn more about Security Copilot. There’s also documentation on what capacity is included.
Whether its to assist security teams with reducing alert fatigue, improving incident triage times, recommending remediation measures, or even automating routine procedures, Security Copilot is a big boost for security teams. I believe its poised to significantly enhance how your SOC teams will work in the era of AI, without the burden of the additional spend that was previously the case.
In an upcoming post, I’ll cover what CISOs want to know most about Security Copilot. Stay tuned!
2. Agent 365: The “control plane” for AI Agents in your organization
One of the core challenges with organizations thinking about deploying Agentic AI is that IT leaders are rightfully concerned about how to monitor, secure, and govern Agents within their M365 environment. This would be a problem if there were 25 agents you didn’t know about in your organization. What if that number was 2,500? With the announcement of Agent 365, capabilities within Microsoft Defender, Purview, Entra, M365 admin center come together to help organizations deploy, organize, and govern Agentic AI use within their environment. Irrespective of whether those agents are created with Microsoft platforms, open source, or third-party platforms.
While there may have been unclear business value with broad use of agentic AI, the fact is there’s a high curiosity as employees are exploring what agents can help them become faster or more efficient at doing. Technology leaders have legitimate security and governance concerns about poor line of sight on agents deployed within their organizations, by whom, and what information the agents are permitted to access (particularly if it’s sensitive info). There’s often little governance for agentic development or usage. There’s poor visibility into end-to-end agent lifecycles. Agent 365 promises to reduce those blind spots to potentially encourage greater exploration of agentic capabilities, and to begin the steps at implementing good security guardrails and governance.
In brief, Agent 365 is brings 5 core capabilities:
- Registry: provides a complete view of all agents in your organizations, including registered agents and shadow agents.
- Access control: brings agents under management and limits their access to just the resources they need. Agent compromise can be prevented using risk-based conditional access policies that are available with E5 licenses.
- Visualization: to explore connections between agents, how people use them and what data they’re using.
- Interoperability: to provide context of work to onboard into business processes via Work IQ (another fancy marketing term invented that simply means all of your organization’s unique data, relationships, and context).
- Security: that protects agents from threat and vulnerabilities, and detects, investigates, and remediates attacks that specifically target agents. There are also claimed benefits that this capability will protect the data that agents create and use from oversharing, leaks, and risky agent behavior.
3. AI-Powered Data Security Agents in Microsoft Purview: Data Security Triage Agent and Data Security Posture Agent
12 new Security Copilot agents built into Microsoft Defender, Entra, Intune, and Purview are now available in preview, and that’s not even counting the ones created by Microsoft partners and available through the Microsoft Security Store. 2 of these AI-powered agents are particularly interesting to me because they drive at the heart of the challenges SOC teams are facing today: too much work to do and not enough people to do it.
That’s why I’m really excited about these two in particular:
- Data Security Posture Agent: This is targeted to support Data Security Admins on SecOps teams who are responsible to proactively shape security posture before incidents occur. The Data Security Posture Agent is intended to continuously assess posture gaps, discover sensitive content, and drive security policy at scale.
Note: This is coming into Preview shortly.
- Data Security Triage Agent: This is targeted to support Data Security Analysts on SecOps teams who are responsible for investigation and responding to incidents after they are detected. The Data Security Triage Agent’s coverage spans over 90% of all alerts visible in Purview, including alerts generated for endpoint DLP and custom SITs. This agent intends to improve the time to investigate an alert, prioritize, and respond/remediate more comprehensively (and in less time than it takes to complete today).
Note: This is in GA this week.
The Broader Significance.
What I hear most often from technology leaders at enterprise organizations is there is a significant deficit of skilled resources available to address the challenges they face. Nowhere is this more prevalent than in CISO and CIO shops. I think the collective impact of these announcements brings into closer reality the comprehensive, intelligent, and accessible security solutions that are needed for complex enterprise organizations looking to adopt AI responsibly. These journeys are contending with a backdrop of inconsistent or poor data security practices, under-staffed or under-skilled teams, and alert fatigue (among other pain points). I feel the capabilities that have been announced better equip enterprise orgs to address emerging threats with greater agility and confidence.
The inclusion of Security Copilot with E5 democratizes access to advanced security capabilities that massively improve the investigation and response time.
As more organizations green light the use of Agentic AI, I think capabilities within Agent 365 need to provide visibility into Agent workflows and to ensure the proper security and governance hygiene is in place. The alert triage agent is something I know many organizations with small SecOps teams will be excited to try out… and is already available.
What’s the horizon looking like?
While Microsoft Ignite always has a bumper crop of exciting announcements (and 2025 was no different), moving forward, I believe the product and features announced are starting to take the concerns of CISOs and CIOs more seriously than before. Not to say these concerns were being dismissed outright in the past, but yes I do think the hurried excitement from Microsoft urging its enterprise customers to just adopt its AI capabilities has tended to miss the point thus far. The push to incorporate Copilot and other GenAI tools into business workflows was avoiding the inconvenient truth that much of the corporate data of its customers is simply not ready for prime time AI. What do I mean by that? I mean corporate data is often described as a corporate asset and yet is inconsistently identified, secured, or governed. And that’s a best-case scenario. A possible worse case scenario is that CIOs and CISOs know AI adoption is a landmine disaster waiting to happen unless the appropriate data access and permission remediations are put into place, unless security guardrails and data governance is sharply improved, and organizational change management is actively supporting users on how to work with AI tools responsibly.
So, the thing I’m most optimistic about is that this Ignite felt different. From a security standpoint at least, it feels like Microsoft has been listening. It feels like they’re working towards addressing the concerns that were being raised and are legitimate. The concerns will continue to be legitimate and I’m eager to more closely examine these capabilities, and to chase down some of the answers Microsoft was non-committal with me on during the conversations I had with the product teams (apparently some details are not ready for prime time either).
PS: The sheer volume of information and announcements at Ignite 2025 are best digested in bite sizes, and is packaged quite well in the Microsoft Ignite 2025 Book of News. Check that out if you haven’t already.
Thanks for reading, and please reach out if you’d like to discuss the practical applications of these announced tools and features in more detail… or if you have a question or just want to chat more!
