Agents built into your workflow: Get Security Copilot with Microsoft 365 E5

November 18, 2025 TH Author

The cybersecurity landscape is at a historic inflection point. As cyberattackers wield AI to automate cyberattacks at extraordinary speed and scale, the challenge before us is not just to keep pace—but to leap ahead. There are over four million unfilled cybersecurity jobs, so depending solely on human resources isn’t enough to safeguard our digital future.¹ To close this gap, it’s important to empower security professionals, enhancing their capabilities through intelligent agents—AI collaborators designed to augment human expertise and help transform organizational security.

That is why we are making security agents available in the everyday flow of work of security teams, embedded right in the tools they love and use. At Microsoft Ignite 2025, we are not just announcing new features—we are redefining what’s possible, empowering security teams to shift from reactive responses to proactive strategies.

Unlocking AI-first security with Microsoft Security Copilot

A Microsoft 365 E5 subscription delivers security across your organization, including threat protection with Microsoft Defender, identity and access management through Microsoft Entra, endpoint device management via Microsoft Intune, and data security provided by Microsoft Purview. Microsoft Security Copilot amplifies these capabilities with built-in agents that act as a force multiplier across the security stack. Security teams are empowered with adaptive agents, running side by side with them to accelerate investigations, streamline tasks and deliver faster, smarter outcomes.

To make it easier to harness the power of these agents and get started more quickly, we are excited to announce that Microsoft Security Copilot will be included for all Microsoft 365 E5 customers.* The rollout begins today for existing Security Copilot customers with Microsoft 365 E5 and will continue in the upcoming months for all Microsoft 365 E5 customers.

Existing Security Copilot customers with Microsoft 365 E5 subscriptions can get started with the agents today at no additional cost*:

All other Microsoft 365 E5 customers will receive a 30-day advanced notification before activation and can learn more in the documentation.

Welcome to a new era of cybersecurity: where agents are built in, easy to use, and ready to help your team stay ahead of cyberthreats.

Expanding our agent portfolio for stronger security outcomes

We’re not only making these agents more easily accessible, we’re extending the ecosystem even further. Adding to the 37 Security Copilot agents already available, we’re introducing more than 40 new Microsoft and partner-built agents.

12 new Microsoft-built agents across Microsoft Defender, Entra, Intune, and Purview are available today in preview. Additionally, more than 30 new partner-built agents extend protection end-to-end. These agents automate large-scale tasks, which allows security teams to dedicate more time to strategic initiatives.

Extensive portfolio with new agents

Security operations teams can harness agents that triage alerts in real time, surface actionable threat intelligence, and enable natural language threat hunting—so defenders can focus on what matters most: staying ahead of cyberattackers.

Identity and access admins can deploy new agents in Microsoft Entra to protect across layers of identity: proactively remediating risky users, optimizing Conditional Access policies, streamlining access reviews, and managing app lifecycles to reduce risk and improve efficiency.

Data security professionals can use agents in Microsoft Purview, to strengthen data security by discovering, analyzing, and remediating sensitive data risks—combining proactive posture management with intelligent triage to reduce manual work and help continuous risk reduction.

IT admins can use the new agents in Microsoft Intune to make complex tasks easier and security stronger by turning requirements into policies, assessing changes before they impact productivity, and identifying devices for removal— for smarter decisions, better compliance, and reduced risk.

Agents across all roles through partner ecosystem: additionally, there are more than 30 new partner-built agents available today in the Microsoft Security Store. These agents support security roles across the industry, with skills and capabilities like simplifying incident analysis, enhancing data protection, and ensuring security tools are aligned with industry standards. To learn more about these agent offerings, visit Microsoft Security Store.

If you don’t find exactly what you need among the dozens of ready-to-use agents, Security Copilot gives you the flexibility to create your own. Since announcing this capability in September, customers have already built more than 370 unique agents—tailored to their environments and designed for their specific use cases.

Evolving agent capabilities for deeper collaboration

With the interactive agent experience, now in public preview, security teams can engage in scoped, focused chats tailored to each agent’s expertise. Dynamic workflows and built-in starter prompts keep investigations on track, while prompt suggestions surface in real time, helping humans and agents collaborate for quicker, more effective security and IT results.

And to truly empower agents, context and data are key. Security Copilot taps into Microsoft’s threat intelligence—powered by more than 100 trillion signals processed daily—and unifies insights through Microsoft Sentinel. Now, with enterprise knowledge integration in preview, agents can reason over your organization’s internal data, delivering contextual recommendations unique to your environment. This means every interaction is informed, precise, and tailored to accelerate your security and IT operations.

Agents accelerating cybersecurity outcomes

This is not just vision—it’s reality. Security Copilot agents are already delivering transformative outcomes:

SOC analysts have detected malicious emails up to 550% faster with the Phishing Triage Agent in Microsoft Defender—based on controlled comparisons of detection speed in simulated phishing scenarios.²
Identity admins have achieved up to 204% greater accuracy in identifying missing Zero Trust policies with the Conditional Access Optimization Agent in Microsoft Entra—measured against baseline policy audits in enterprise environments.³

Shape the future of security with Microsoft

Microsoft is committed to helping organizations become true “Frontier Firms”—pioneers who harness agentic AI to transform security and IT operations. Microsoft Ignite is your invitation to be part of this movement: connect with our experts, experience the future firsthand, and discover how Security Copilot can help you realize your boldest ambitions.

Visit our Meet the Experts booths (#2330 and #2320), attend security sessions, and visit the Microsoft Security Store to explore available Microsoft and partner-built agents. The future of defense is not just about keeping up—it’s about leading the way.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us on LinkedIn (Microsoft Security) and X (@MSFTSecurity) for the latest news and updates on cybersecurity.

* Eligible Microsoft 365 E5 customers will have 400 Security Compute Units (SCUs) per month for every 1,000 user licenses, up to 10,000 SCUs per month. This included capacity is expected to support typical scenarios. Customers will have an option to pay for scaling beyond the allocated amount at a future date with $6 per SCU on a pay-as-you-go basis, and will get a 30-day advanced notification when this option is available. Learn more.

¹Bridging the Cyber Skills Gap, World Economic Forum. 2025.

²Randomized Controlled Trial for Phishing Triage Agent, James Bono, Microsoft Corporation. October 2025.

³ Randomized Controlled Trial for Conditional Access Optimization Agent, James Bono, Beibei Cheng, Joaquin Lozano, Microsoft Corporation. October 2025.