Let’s discuss how Security Copilot Agents Help with Phishing Triage DLP and IRM Alert Management and More. Security Copilot agents are autonomous AI tools created to manage a large amount of security work. They were recently announced at Microsoft Secure and are currently in preview.
Security Copilot uses intelligent agents to automate routine tasks, significantly reducing the manual workload for security and IT teams. This improves security and IT operations in areas like cloud, data protection, identity, and network security. These agents use AI to manage large, time-consuming tasks by combining data and code.
These intelligent agents react to both user inquiries and system notifications. It helps teams enhance their productivity and concentrate on high-priority work. Security Copilot agents are built to work with existing workflows without extra training or license costs.
The public preview for Security Copilot agents has begun and will gradually include more customers to ensure a smooth and scalable experience. Select users in this preview can currently access the agents described in this blog post.
Table of Contents
Microsoft Security Copilot Agents
Nowadays, cyberattacks are high, but security teams often have limited manpower and tools. Microsoft’s Security Copilot, an AI assistant released in April 2024, helps them find, understand, and stop attacks using Microsoft tools. According to Microsoft’s research, Security Copilot is making security and IT teams more productive. Microsoft Entra agents and Microsoft Security Copilot work well together.
The following agents are now available in preview to select customers:
| Available Agents | Features |
|---|---|
| Conditional Access Optimization Agent in Microsoft Entra | This tool automatically finds unprotected users and apps and lets you fix their access with one click, keeping your security rules current. |
| Vulnerability Remediation Agent in Microsoft Intune | This agent helps you quickly fix security problems by finding the most important weaknesses in your apps and policies and streamlining Windows updates. |
| Threat Intelligence Briefing Agent in Security Copilot | This security copilot automatically provides your organization with timely and important threat intelligence based on your specific profile and cyber risks. |
- Pricing Details of Microsoft Security Copilot
- New Intune Troubleshooting Options Using Security Copilot
- New SharePoint Agent Capabilities: Complete Security Controls, Conditional Access Authorization Labels, etc
Upcoming Security Copilot Agents
Microsoft is continuing its expansion of agents, and more are expected to become available in the coming weeks. The following table highlights upcoming Security Copilot Agents that you can expect in the coming weeks.
| Upcoming Agents | Features |
|---|---|
| Phishing Triage Agent in Microsoft Defender | This Microsoft Defender agent helps security teams quickly focus on real phishing attacks by accurately filtering out false alarms. It provides clear explanations for its analysis and improves its accuracy based on admin input. |
| Alert Triage Agents in Microsoft Purview | Alert Triage Agents intelligently sort through data loss prevention and insider risk alerts, prioritize the most critical ones, and learn from administrator feedback to become even more accurate. |
| Partner Agents | Automating tasks like privacy breach response, SOC assessment, alert triage, task optimization, and root cause analysis is now possible with partner agents from OneTrust, Tanium, BlueVoyant, Fletch, and Aviatrix. |
Partner Agents
Microsoft announced that two new Partner Agents have joined since the Secure event last month and are currently in private preview.
- Email Threat Analyst Agent by Performanta: This agent investigates email threats and compromised accounts, then explains the impact and suggests how to fix it.
- IAM Supervisor Agent by Performanta: This agent analyzes identity and access threats, determines their priority and impact, and recommends mitigation steps.
Resourses
Need Further Assistance or Have Technical Questions?
Join the LinkedIn Page and Telegram group to get the latest step-by-step guides and news updates. Join our Meetup Page to participate in User group meetings. Also, Join the WhatsApp Community to get the latest news on Microsoft Technologies. We are there on Reddit as well.
Author
Anoop C Nair has been Microsoft MVP for 10 consecutive years from 2015 onwards. He is a Workplace Solution Architect with more than 22+ years of experience in Workplace technologies. He is a Blogger, Speaker, and Local User Group Community leader. His primary focus is on Device Management technologies like SCCM and Intune. He writes about technologies like Intune, SCCM, Windows, Cloud PC, Windows, Entra, Microsoft Security, Career, etc.