Overview
- Security Copilot’s Alert Triage Agent now evaluates phishing, identity, and cloud alerts with natural‑language verdicts and transparent reasoning, with public preview support for identity cases like password spray and BEC‑linked inbox rules.
- Microsoft introduced the Security Analyst Agent to run deep, multi‑step investigations across Defender and Sentinel telemetry, surfacing prioritized findings with evidence in minutes.
- Defender adds identity‑focused protections including a unified identity risk score, a consolidated dashboard with detections across SaaS and identity types, and predictive shielding that applies just‑in‑time hardening to block credential and token pivots.
- Collaboration defenses expand to Microsoft Teams with real‑time in‑call warnings for suspected voice‑based social engineering, SOC‑ready investigation via Advanced Hunting, and a Protection & Posture Insights report with tenant‑specific threat trends and policy recommendations.
- Cloud security updates include broader visibility into new AWS and GCP services, near real‑time container runtime protection to prevent binary drift, and scanning for AI models, aligning with research that found 97% of organizations had access incidents and 70% tied to AI activity.