Analyst(s): Krista Case
Publication Date: April 7, 2025

Microsoft is enhancing Security Copilot with AI agents to support security teams, with a preview launching in April. Microsoft Purview is improving data security by adding risk investigation tools and integrating browser DLP controls into Edge for Business. Microsoft Defender is expanding AI security management to Google VertexAI, improving AI-based threat detection, and making Defender for Office 365 generally available. Additionally, Microsoft Entra is introducing an AI web category filter to mitigate shadow.

Key Points:

• Microsoft is enhancing Security Copilot with AI agents for autonomous security support, with a preview launching in April.
• Microsoft Purview is strengthening data security by improving risk investigation and integrating DLP controls into Edge for Business.
• Microsoft Defender expands AI security management to Google VertexAI, enhances AI-based threat detection, and releases Defender for Office 365.

Overview:

Microsoft’s AI-powered Security Copilot is poised to transform security operations (SecOps) by introducing autonomous AI agents designed to support security teams. In April, a preview of six Microsoft-developed agents and five partner-developed agents will be available. These agents are expected to enhance security operations by automating key tasks, reducing response times, and improving efficiency.

Microsoft Purview is also expanding its data security capabilities by adding tools to uncover, investigate, and mitigate risks related to sensitive data exposure. Additionally, Purview’s browser data loss prevention (DLP) controls are now integrated into Edge for Business to prevent sensitive data from being entered into generative AI applications. These updates reinforce Microsoft’s commitment to securing enterprise data amid the rising adoption of AI-powered tools.

Microsoft Defender is undergoing significant upgrades, including expanding AI security posture management from Microsoft Azure and Amazon Web Services to Google VertexAI and Azure AI Foundry models. Defender also introduces enhanced AI-driven detection for OWASP risks and announces the general availability of Microsoft Defender for Office 365. Furthermore, Microsoft Entra is launching an AI web category filter to mitigate the risks associated with shadow AI usage, a growing concern in enterprise environments.

These advancements reflect broader trends in cybersecurity, particularly the need for vendors to facilitate the adoption of AI capabilities among SecOps professionals. Microsoft’s approach ensures that AI-driven recommendations remain transparent, explainable, and auditable. Features such as flowcharts outlining AI decision-making processes, administrator approval mechanisms, and trainable AI models provide security teams with necessary oversight and control. This approach aims to increase trust in AI-driven security solutions while optimizing their effectiveness.

The increasing volume and sophistication of cyber threats drives the rise of AI in SecOps. Security teams are often overwhelmed by the need to respond quickly to a high number of diverse attack vectors. AI-powered automation can alleviate this burden by autonomously managing routine security tasks, such as phishing detection and threat prioritization. By handling high-volume security incidents, AI allows analysts to focus on more strategic and complex security challenges.

Adopting fully autonomous AI agents in SecOps will take time despite the potential benefits. Organizations remain cautious about relying on AI-driven decision-making, emphasizing the need for explainability and human oversight. Microsoft is addressing these concerns by ensuring that AI recommendations are reviewable and adjustable by administrators. Over time, as trust in AI grows, organizations may shift from AI working “with” security teams to AI working “for” them.

Securing AI applications themselves is equally important. The rise of shadow AI—unauthorized AI usage within enterprises—raises concerns about data leakage, compliance risks, and expanded attack surfaces. Microsoft is tackling this issue through enhanced identity and access management (IAM) controls, DLP capabilities, and AI-specific security measures. The introduction of AI Security Posture Management (AISPM) further aims to provide visibility into AI-related risks across different models and infrastructures.

As AI becomes a critical component of cybersecurity, competition among vendors will intensify. Microsoft’s integration of AI-driven security solutions across its ecosystem positions it as a leader in this evolving space. However, its success will depend on continued advancements in AI transparency, security posture management, and risk mitigation for AI applications. The industry will closely watch the adoption of agentic AI in security operations and how Microsoft’s approach influences broader cybersecurity trends.

The full report is available via subscription to Futurum Intelligence’s Cybersecurity IQ service—click here for inquiry and access.

For more detailed insights from the event, see Microsoft’s blog on the announcement.

Futurum clients can read more in the Cybersecurity Intelligence Portal. Nonclients can learn more here: Cybersecurity Practice.

About the Futurum Cybersecurity Practice

The Futurum Cybersecurity Practice provides actionable, objective insights for market leaders and their teams so they can respond to emerging opportunities and innovate. Public access to our coverage can be seen here. Follow news and updates from the Futurum Practice on LinkedIn and X. Visit the Futurum Newsroom for more information and insights.

Author Information

Krista Case

With a focus on data security, protection, and management, Krista has a particular focus on how these strategies play out in multi-cloud environments. She brings approximately 15 years of experience providing research and advisory services and creating thought leadership content. Her vantage point spans technology and vendor portfolio developments; customer buying behavior trends; and vendor ecosystems, go-to-market positioning, and business models. Her work has appeared in major publications including eWeek, TechTarget and The Register.

Prior to joining The Futurum Group, Krista led the data protection practice for Evaluator Group and the data center practice of analyst firm Technology Business Research. She also created articles, product analyses, and blogs on all things storage and data protection and management for analyst firm Storage Switzerland and led market intelligence initiatives for media company TechTarget.