Lizzie Heinze outlines the August 2025 update to Microsoft Security Copilot, presenting key AI-driven features and integrations designed to help security and IT professionals improve investigation, automation, and compliance in complex operational environments.

What’s New in Microsoft Security Copilot: AI-Powered Security Innovations for IT and Security Teams

Author: Lizzie Heinze

Overview

This update details the significant new features and capabilities introduced to Microsoft Security Copilot, focusing on how AI and automation empower security and IT teams to operate more efficiently, proactively, and transparently. Key highlights include new integrations, agents, operational tools, compliance enhancements, and technical improvements now generally available or in public preview as of August 2025.

Key Feature Updates

1. Copilot Integration with Microsoft Intune & Entra ID (Now GA)

  • Copilot in Microsoft Intune:
    • Dedicated data exploration experience.
    • IT admins can use natural language to query device compliance, manage updates, and trigger remediations directly in the admin center.
    • Simplifies traditional IT tasks and streamlines complex workflows.
    • Read more
  • Copilot in Microsoft Entra (formerly Azure AD):
    • Offers AI-assisted identity investigations, sign-in troubleshooting, and role analysis via natural language.
    • Helps administrators close security gaps and manage access efficiently.
    • Read more

2. Conditional Access Optimization Agent (Microsoft Entra)

  • AI-powered agent analyzes Conditional Access policies for coverage, redundancies, and outdated assignments.
  • Delivers remediation suggestions, logs all actions for compliance, and generates clear, explainable reports.
  • Enables more effective policy management while maintaining auditability.
  • See announcement

3. Autonomous Threat and Alert Management Agents

  • Phishing Triage Agent (Microsoft Defender):
    • Public preview release.
    • Uses large language models for deep semantic threat analysis of emails, URLs, and files in the SOC.
    • Learns from analyst feedback, explains verdicts with visual maps, and is fully auditable.
    • Announcement
  • Threat Intelligence Briefing Agent:
    • Public preview in the Security Copilot standalone app.
    • Automates production of organization-specific threat briefings, adapting to the org’s industry and attack surface.
    • Learn more

4. Enhanced Workspace Management and Automation

  • Workspace Support: Segment environments by team, region, or business unit with RBAC, localized prompt history, SCU planning, and plugin management.
  • Capacity Calculator: Estimate and monitor Security Copilot utilization for predictive and flexible capacity planning. Calculator details
  • Automation with NL2API in Entra: Now generally available; enables natural language-to-API workflow automation across Entra via Microsoft Graph.
  • Dynamic suggested prompts: Faster, deterministic completion for Entra skills.

5. Compliance, Internationalization, and Technical Enhancements

  • FedRAMP High Authorization: Security Copilot now authorized in the Azure Commercial environment, supporting government compliance and expansion to GCC.
  • Expanded Language and Data Residency: Supports Korean; Swiss region residency for compliance needs.
  • GPT-4.1 Support & Large Output: Upgraded LLM for improved accuracy and context window; lifts previous 2MB output limit for large-scale analysis.
  • Purview Unified Audit Log Integration: Auditing agent changes in real time for traceability and compliance.

Useful Resources and Next Steps

Upcoming Event: Microsoft Secure Digital Event – September 30th, 2025 – New Security Copilot announcements.

This post summarizes the August 2025 Microsoft Security Copilot updates, focusing on actionable, technical, and operational perspectives for security and IT professionals.

This post appeared first on “Microsoft Tech Community”. Read the entire article here