The Agentic SOC Will Happen, and Agents Will Be Everywhere.
Like it or not, the AI genie along with its agents, is out of the bottle and it's not going back in. This isn't just Microsoft's view, it's also the view of Allie Mellen, Forrester Analyst for SecOps and AI/ML in security tools, who has been sceptical of such claims. I found her point around accepting non-deterministic tools in the SOC a real moment of enlightenment, and in fact the whole session with Rob Lefferts was incredibly thought provoking.
So what? Having a strategy that doesn't address agents within a security context is not a strategy. Read more: Microsoft Ignite: Ambient and autonomous security for the agentic era | Microsoft Security Blog
Models Will Come and Go, Platforms Must Persist
As tools, models, agents, technologies and whatever comes next arrive and evolve, it will take a platform approach to manage them that delivers governance, observability, and security. Microsoft has put together a strong play to be that platform with the new announcements below.
So what? In a rush to adopt AI, a platform must bring appropriate security controls to ensure safe adoption
Agent 365: A New Control Plane for Agents
Noted above, Microsoft sees agents as an inevitable part of the workforce and is proposing to be the platform that manages them, keeping them in line from a governance, observability and security perspective. Agent 365 is a new admin centre within M365 that aims to give that functionality (registry, access control, visibility, interoperability and security), and is fully integrated across the Microsoft stack. This includes integrations with Security, with any incidents automatically appearing in the Defender portal for the security team to address.
So what? Evaluate Agent365 as part of your overall approach to governance and risk management. Prepare your security team to triage and remediate threats from agents that Agent 365 escalates. Read more: Microsoft Agent 365: The control plane for AI agents | Microsoft 365 Blog
Agent ID Within Entra
Agents will need some form of identity to control their access, and Microsoft has extended Entra to allow agent identities to access resources and be managed in the same way as other identities. This is very welcome, however there are some details that need evaluation. As an example, how agents are registered depends on where they've come from: anything from Microsoft Copilot Studio, Azure AI Foundry, or Agent 365 is automatically registered and others need to self-serve with calls to the Microsoft Graph API.
So what? Agent identities need to be part of your identity strategy sooner rather than later. Evaluate Microsoft's approach to Agent ID against your strategy for agents - especially their development - and create a timeline to adopt as appropriate. Read more: Microsoft Entra: What’s New in Secure Access on the AI Frontier | Microsoft Community Hub
Security Copilot Agent Expansion and Availability Within E5
Microsoft previously had a couple of agents available for Phish Triage and Conditional Access review that have proved their worth in reducing the drudgery of triage and configuration. However, trying to work out how much they'd cost you was an exercise in advanced mathematics. Now there's 12 agents across Purview, Defender, Sentinel, Intune and Entra handling everything from context aware threat intelligence briefings through access reviews to data security posture recommendations and data security incident triage. These should all really reduce the drudgery associated with triaging, especially eradicating false positives.
So what? Organisations with Microsoft 365 E5 licenses should be evaluating the agents and assistants to determine how they can fit in with their security operations across identity, endpoint management and protection, data protection, and SIEM/SOAR. Trial small and evaluate costs against your allowance (400 security compute units for every 1,000 licenses, and this scales pro-rata down and up to a maximum of 10,000 SCUs. No, I can't tell you definitively how much work you get for one SCU but there are examples on Microsoft's detailed page) Read more: Agents built into your workflow: Get Security Copilot with Microsoft 365 E5 | Microsoft Security Blog
Sentinel as the Security Platform, Not Just SIEM/SOAR, With New Attack Disruption within Sentinel
Sentinel has been quietly evolving, with the Data Lake being announced before Ignite but still getting a lot of attention - which it deserves to. I hadn't realised all data ingested into Sentinel/LA is also provisioned in the lake free of charge, which is helpful to get used to querying. AWS, Proofpoint and Okta now benefit from attack disruption from Sentinel (not Defender) which is an interesting development.
New agents for threat intel briefings, threat detection and threat hunting join the phishing triage agent, and as noted above organisations with ME5 get credits to use these. A small but important thing for Sentinel-only customers is that threat analytics is included, which is a good benefit.
There's also GenAI in Sentinel now, with two pretty big things that aren't agents: automated analyst notes, which provide a summary of steps taken to remediate an incident, and guided responses suggesting next steps which can be driven by ingesting your Standard Operating Procedure documentation. They're both very, very cool and deserving of attention. There's a load more around KQL improvements for Data Lake, new connectors, and further access control to data. Add in the MCP Server, plus HIPPA and GDPR compliance trackers and Sentinel is becoming a real security platform across SIEM/SOAR with Agent access, data lake, and other modalities built in.
So what? Sentinel does a lot more, with data lake in particular being a game changer for cost management, and agents/assistants able to save analysts time. Read more: Microsoft Ignite 2025: Power the next era of cybersecurity with Microsoft Sentinel | Microsoft Community Hub
Purview Quietly Incorporates Everything AI into Data Security Posture Management
Purview got a lot of love at Ignite, and rightly so. There's a recognition that data drives AI, and that data must be handled with appropriate governance and permissions. Purview DSPM has had a major overhaul to include AI observability from one single pane. Microsoft have also made improvements to remediation actions for risk assessments, new agents, outcome based workflows, and better third party integrations including for Salesforce, Snowflake, GCP and Databricks, which is a very big deal in itself.
So what? Purview DPSM is now the place to orchestrate your data security across all aspects including agents and AI, and third parties including Salesforce. Evaluate third party integration and AI risk management with Purview. Read more: Empowering organizations with integrated data security: What’s new in Microsoft Purview | Microsoft Community Hub
Don’t Forget Defender!
Defender for Endpoints also got a polish, and what might be interesting in the real world is better protected by Defender with support for every Windows back to version 7, and every Windows server back to 2008 R2. This is a tacit acknowledgement from Microsoft that the world isn't perfect. Predictive shielding, which hardens compromised devices based on knowledge of attack paths, is unique and could be a game changer.
So what? Legacy mission critical systems can now be protected with Defender properly, and you should still be planning on migrating them. Research and use the new predictive shielding features!
That's a lot to take in, and there’s way more than this that was announced. But no-one who uses Microsoft security can afford to ignore these key takeaways in particular. Ignoring AI and hoping it’ll go away is not an option and whilst we might be in a bit of a hype cycle, it will impact the way everyone works whether we like it or not.
.jpg?sfvrsn=55ae76d5_1 "nick-lines-thumbnail-image (1)")
Nick Lines
Microsoft Alliance Manager
