Today, we’re joined by Rupert Marais, our in-house security specialist, to dissect the groundbreaking announcements from Microsoft’s recent Ignite conference. The tech giant is fundamentally changing how enterprises access and use AI in cybersecurity by bundling its powerful Security Copilot with Microsoft 365 E5 licenses. This decision is sending ripples through the industry, and we’ll be exploring what this shift means for security teams on the ground. We’ll touch on the practical implications of democratizing these advanced tools, the reality of the usage limits, how new AI agents will reshape daily workflows, and the critical challenge of governing an explosion of automated agents in the enterprise.
Microsoft’s Scott Woodgate said bundling Security Copilot with M365 E5 is about “democratizing” security agents. Considering past cost hesitation, what specific hurdles does this remove for enterprise security teams, and how might they experiment with this new access in their first 90 days?
The cost hesitation was a very real, palpable barrier for so many teams. It wasn’t just about the budget line item; it was the uncertainty of the return on that investment. CISOs had to make difficult, predictive judgments on value, which is tough with emerging tech. By bundling it, Microsoft has essentially removed the entire budget negotiation and proof-of-concept funding battle from the equation. Suddenly, every M365 E5 customer has a powerful AI tool in their hands. In the first 90 days, I see teams immediately putting it to work on their most time-consuming, repetitive tasks. They’ll likely start with phishing triage, using the AI to summarize suspicious emails and investigate indicators of compromise, which is a huge drain on analyst time. They’ll also experiment with threat intelligence, asking Copilot to summarize the latest threats relevant to their industry. It’s a risk-free period to build an evidence-based case for its value before ever having to worry about paying for additional compute.
The article details an allotment of 400 Security Compute Units per 1,000 M365 E5 licenses. For a typical enterprise, could you walk us through what kind of security tasks or investigations this monthly allotment might cover before they hit the cap and need to pay more?
Think of the Security Compute Units, or SCUs, as a monthly fuel allowance for your AI security engine. For an enterprise with, say, 4,000 users, they’d receive 1,600 SCUs per month. This is a substantial amount for day-to-day operations. It would easily cover the routine workload of a security operations team: triaging dozens of phishing alerts, running incident summaries for daily briefings, investigating common alerts, and even doing some proactive threat hunting based on new intelligence. Where they might feel the pinch is during a major, complex incident. A sophisticated, multi-stage attack requires deep, iterative investigation—query after query, correlating data across multiple systems. That kind of intense, sustained activity could burn through the allotment. But for the normal rhythm of security work, that initial 400 SCUs per 1,000 licenses is more than enough to demonstrate overwhelming value and get teams hooked on the efficiency gains.
Microsoft is adding new agents for Defender, Entra, and Purview, addressing functions like attack disruption and identity protection. From an analyst’s viewpoint, which of these new capabilities will have the most immediate, tangible impact on their daily workflow, and what metrics might they use to measure it?
From an analyst’s chair, the new attack disruption agent in Defender is the absolute game-changer. Right now, a big part of their job is a frantic race against time—connecting disparate alerts to see the bigger picture of an attack and then manually taking action to contain it. It’s incredibly high-stress. This new agent promises to automate that containment process. The immediate, tangible impact will be a profound sense of relief, shifting the workflow from reactive firefighting to strategic oversight. The key metric they’ll use to measure this is Mean Time to Respond (MTTR). I expect to see that number plummet. Another critical metric will be the reduction in incident escalation; by automatically disrupting attacks early, fewer alerts will blossom into full-blown, crisis-level incidents that require waking people up in the middle of the night.
With over 30 new third-party agents from vendors like AWS and Okta, how does this open ecosystem change security operations? Can you describe the steps a team might take to integrate one of these agents to investigate and stop a potential cross-cloud identity attack?
This open ecosystem fundamentally breaks down the data silos that have plagued security operations for years. It’s the difference between fumbling with a dozen different remote controls versus having a single, universal one for your entire security stack. Imagine an analyst gets an alert from the new Okta agent signaling a potential identity compromise. Instead of swiveling their chair to a different console, they can simply ask Security Copilot in natural language: “Investigate this user’s activity in our AWS environment over the last hour.” Copilot would then use the AWS agent to pull relevant logs, correlate them with the Okta signals, and present a unified summary of the potential cross-cloud attack. It could then suggest or even initiate a response, like suspending the user’s credentials in both Okta and AWS simultaneously. This unified, conversational approach dramatically accelerates the investigation and containment, turning a multi-step, multi-tool headache into a single, fluid workflow.
Charles Lamanna introduced Agent 365 to manage the coming proliferation of agents. What are the top security risks posed by unmanaged AI agents in an enterprise, and how exactly does a central registry like Agent 365 help a CISO mitigate those specific threats?
The biggest risk is the rise of “shadow AI.” We’re heading toward a world with, as IDC forecasts, 1.3 billion agents in the next three years. Without management, you have countless automated entities with varying levels of access to sensitive data, created by different teams for different purposes. This creates a massive, ungoverned attack surface. A compromised agent could exfiltrate data, or a poorly configured one could inadvertently cause a data leak. It’s a CISO’s nightmare. Agent 365 is the essential control plane to prevent this chaos. It acts as a single trusted registry, giving security leaders clear visibility into every agent operating in their environment. It answers the critical questions: Who built this agent? What data can it access? What is its purpose? By providing this central point of visibility and governance, a CISO can enforce access controls, monitor for risky behavior, and secure these agents proactively, mitigating the threat before it becomes a breach.
What is your forecast for the evolution of autonomous AI security agents over the next three years?
Over the next three years, we are going to witness a significant shift from AI as a “copilot” to AI as a fully autonomous digital team member. Today, these agents assist and recommend; tomorrow, they will be delegated the authority to act independently within carefully defined guardrails. I foresee specialized agents taking over entire roles, such as a 24/7 Tier 1 SOC analyst that can handle the initial triage, investigation, and response for the vast majority of alerts without any human intervention. The critical evolution won’t just be in the AI’s capability, but in our ability to govern it. The focus for security leaders will be on building robust trust frameworks, ensuring every action taken by an autonomous agent is explainable, auditable, and perfectly aligned with the organization’s risk tolerance. Humans will move from doing the work to managing and directing teams of highly efficient AI agents.
