Microsoft Security Copilot — August 2025 Update: What You Should Know
In the fast-paced world of cyber defense, security—and Security Copilot—never slows down. This month, we’re rolling out a series of powerful enhancements designed to help security and IT professionals investigate threats, manage identities, and automate protection with lightning-fast precision. From AI-driven triage to optimized policy workflows, enriched data exploration, and broader language and compliance support, these new features are all about helping you stay one step ahead—more efficiently than ever before.
Elevate Efficiency: Copilot in Microsoft Intune — Now Generally Available
Say goodbye to fragmented workflows. Security Copilot is now embedded directly within Microsoft Intune, offering a seamless data exploration experience right in the admin center. You can ask natural-language questions to pinpoint noncompliant devices, oversee update status, and launch remediation actions—all from one unified interface.
Strengthen Identity Security: Copilot in Microsoft Entra — Live and In Action
Security Copilot now powers AI-assisted investigations within Microsoft Entra. Admins can simply type in plain English to troubleshoot sign-ins, audit access, monitor tenant health, and review role assignments—no need for complex queries or tool switching. This streamlines identity workflows and helps you close gaps faster.
Autonomous Identity Protection: Conditional Access Optimization Agent — GA
Meet your 24/7 AI analyst. The Cond. Access Optimization Agent in Entra runs autonomously—detecting uncovered users or apps, policy overlaps, and outdated configurations—then recommends one-click remediations. It explains its choices in plain language, adapts to feedback and business rules, and logs every action for full transparency.
“The Conditional Access Optimization Agent is like having a security analyst on call 24/7…” — Julian Rasmussen, Senior Consultant & Microsoft MVP
Faster Phishing Response: Phishing Triage Agent in Microsoft Defender — Public Preview
Tired of static rules? The Phishing Triage Agent, now in public preview, uses LLMs to semantically analyze emails, URLs, and attachments. It learns from feedback, adapts to your environment, and delivers natural-language verdicts along with a visual decision map to explain its reasoning—making phishing analysis faster and more transparent.
Smarter Briefings: Threat Intelligence Briefing Agent — Public Preview
Creating tailored threat briefings used to take hours—now it takes minutes. The Threat Intelligence Briefing Agent, available in the standalone Security Copilot experience, generates customized alerts keyed to your industry, locale, and threat landscape—empowering proactive, context-rich security insights in real-time.
Seamless Segmentation: Workspace-Level Management — Public Preview
Large-scale operations, meet fine-grained control. Workspace-level management lets you segment Security Copilot by team, region, or business unit. Each workspace can have its own role-based access, prompt history, and SCU allocation. Plugin configuration is now scalable—managed at the workspace or org level—reducing the need for individual setup.
Plan with Precision: Security Copilot Capacity Calculator — Available Now
Never wonder how many SCUs you’ll need again. The new Capacity Calculator (in standalone mode with an Azure account) helps you forecast provisioned vs. overage SCUs for both predictable and variable loads. Use it to build your baseline, monitor in-product, and adjust usage smartly.
Automate with Ease: Embedded NL2API Skill for Entra
Now generally available—Security Copilot can translate your natural-language queries into Microsoft Graph API calls across Entra resources. Multi-stage, complex instructions are handled directly in your workflow—no code required.
Improved Flow: Dynamic Suggested Prompts for Entra Skills
Speed and precision—you get both. Dynamic suggested prompts now appear in Entra, reducing orchestrator overhead and delivering faster, more targeted follow-up options in your console.
Compliance Ready: FedRAMP High Authority
Security Copilot now holds FedRAMP High provisional authorization (P-ATO) in Azure Commercial. This milestone improves access for Government Community Cloud (GCC) customers—stay tuned for global availability in secure sectors.
Language & Data Locality: Korean Support + Swiss Data Residency
Empower global teams. Korean language is now supported across standalone and embedded experiences, and Swiss customers can rest assured their data resides within Swiss borders—all to meet compliance needs around the world.
Smarter AI Under the Hood: GPT-4.1 + Large Output Support
Security Copilot is now powered by GPT‑4.1 across all experiences—delivering up to 50% better accuracy and handling larger context windows. No more 2MB constraint—Large Output Support is now generally available, giving you freedom to work with bigger datasets.
Full Accountability: Purview Unified Audit Log Integration
Every agent action—from creation to deletion—is now tracked in the Purview Unified Audit Log. This ensures auditability with rich metadata (agent, tenant, user)—critical for governance and compliance.
What’s Next?
Security Copilot is evolving at pace. From AI-powered workflows to language support and compliance certifications, the ecosystem just keeps expanding. Expect even more innovations in September—and don’t miss the Microsoft Secure digital event on September 30, where new capabilities will be unveiled.
