Highlights:

  • The Copilot product will collaborate with existing security offerings, such as Sentinel and Defender XDR, using a unified playbook, datasets, and automation rules for coordinated threat responses.
  • Copilot is also integrated into Azure AD, now rebranded as Entra, simplifying the management of enterprise identities and resource access controls through AI-driven prompts.

Microsoft recently unveiled a host of security features, bringing substantial enhancements to its current products and services. The announcement was made at the Ignite conference in Seattle and online.

The announcement consolidates over 50 feature sets into six product lines, introducing new products and enhancing existing ones. The release encompasses an early access program for Security Copilot, its AI-driven defensive tool, along with added features for Defender modules in the cloud and endpoints, set to transition to a public beta in the coming year.

While certain features may be catching up, they remain crucial additions to enhance the overall functionality of the products and services. During the Ignite conference, Microsoft’s security Vice President Vasu Jakkal highlighted a significant surge in attacks, noting a rise in password attacks from 579 to over 4,000 in the past two years. This alarming statistic reflects the continuous threats detected every second through the company’s telemetry.

“Security teams face an asymmetric challenge: they must protect everything, while attackers only need to find one weak point — while regulatory complexity, a global talent shortage, and rampant fragmentation add to the challenge,” she commented during the keynote.

This assortment of new products marks Microsoft’s second comprehensive set of security-related announcements. Earlier this month, Microsoft launched its Secure Future Initiative to accelerate remediation efforts and minimize coding vulnerabilities.

The Copilot product will collaborate with existing security offerings, such as Sentinel and Defender XDR, using a unified playbook, datasets, and automation rules for coordinated threat responses. The AI simplifies the analysis of malicious scripts, facilitates malware hunting, and generates comprehensive management reports. According to an internal survey, customers utilizing the AI measures experienced 44% more accurate responses and were 26% faster in their operations.

Copilot is now incorporated into a wide range of Microsoft products. It has been integrated into Microsoft’s Purview compliance management product, extending its coverage to secure structured and unstructured data types. This enables security analysts to create AI prompts for data loss and eDiscovery investigations. A new Purview module will address insider risk investigations across various software-as-a-service platforms, including Dropbox, Google Drive, and GitHub.

Copilot is also integrated into Azure AD, now rebranded as Entra, simplifying the management of enterprise identities and resource access controls through AI-driven prompts. Intune and Defender External Attack Surface Management receive dedicated integration with Copilot. This integration will enhance troubleshooting for device and security policy management in Intune and aid in general network threat discovery with Defender External Attack Surface Management. Instead of relying on specialized queries within these products, analysts can now create natural language queries that the AI will interpret.

These products will also incorporate offensive AI measures, allowing security analysts to identify riskier AI usage patterns in their telemetry, such as accessing private data. Jakkal said, “As generative AI apps become more popular, security teams need tools that secure both AI applications and the data they interact with. In fact, 43% of organizations said lack of controls to detect and mitigate risk in AI is a top concern.”

Microsoft also revealed that Intune is set to receive three new toolsets in March. These include a cloud-based public key infrastructure and certificate management, an enterprise application management tool for registering and tracking third-party apps, and advanced analytics for anomaly detection.

The software and cloud giant highlighted its Intelligent Security Association, a partner program operational since 2018 with over 300 diverse members. Expanded to include independent software vendors and managed service providers, the Intelligent Security Association now provides security training, diverse sales tools, go-to-market promotions, and various assistance measures. Its membership requires prior enrollment in the AI Cloud partner program, underscoring Microsoft’s emphasis on partners. This move recognizes the crucial role partners play in the success of selling intricate product combinations.

During the unveiling of these products, Microsoft made several assertions, some of which may not entirely align with reality. An illustration of this is its claim to be the first security vendor to incorporate AI across its product portfolio, particularly in security. This assertion may not be entirely accurate, as numerous security vendors have undertaken similar endeavors in recent months. Microsoft is not the first vendor to employ a common data lake for security events and threat data. Palo Alto Networks Inc. introduced its AI-driven data lake very recently, and Google’s Chronicle has existed for many years, providing similar functionalities.

Defender has indeed made significant strides in its development. The product’s inception dates back almost two decades, when Windows XP prevailed on most corporate desktops, and the introduction of Windows 7 came with Defender pre-installed. During that period, the company wasn’t extensively discussing or offering cloud-based security tools. Over the years, Defender evolved from being relatively mediocre to one of the more effective anti-malware tools available. Additionally, Microsoft has introduced complementary tools that compete in the cloud-native security segment.