Building on a series of AI- and Copilot-centric security rollouts in April, Microsoft last week detailed new Security Copilot functionality within core security platforms, an AI agent that performs access optimization, built-in calculations of compute capacity required for security functions, and Security Copilot management functionality through “Workspaces.”
The new features “mark continued progress toward delivering an excellent Security Copilot embedded experience, our innovation in agentic AI, and improving capacity planning for Security Copilot customers,” said Dorothy Li, Corporate Vice President, Microsoft Security Copilot and Ecosystem, in a LinkedIn post.
The new functionality underscores the focus by Microsoft, and the industry more broadly, to tap AI to automate and scale security functions that are so often constrained by people resources that can’t keep pace with the volume and sophistication of bad actors.
Each of the sections below breaks down the new/enhanced Microsoft security functionality in more detail.
Security Copilot in Microsoft Intune
Intune enforces device compliance, app protection, and endpoint privilege management; it serves as a foundational element for implementing a Zero Trust model.
Adding Security Copilot to the Microsoft Intune platform is expected to make it easier for IT and security professionals to ask questions, take action, and gain insights directly within their existing workflows. Security Copilot in Intune introduces a Copilot-assisted data exploration capability. IT admins now have a dedicated page in the Intune admin center to ask Copilot for the data they need, take action, and complete endpoint management tasks.
This allows security admins to extract insights across Intune domains — devices, apps, security policies, app configurations — and act on them. The new functionality should simplify time-consuming IT workflows such as assessing security posture, managing updates, troubleshooting issues, and generating custom reports. It represents a key step in the shift from traditional reporting and queries to AI-powered investigation.
Admins can ask natural language questions such as, “Show me devices that are not on the latest version of Windows and Office,” or “Which of my endpoint privilege management rules are in conflict and what are the source profiles?”
Microsoft noted that in the coming weeks, it plans to introduce additional AI capabilities in Intune, specifically Copilot assistance for Windows 365, offering insights into licensing optimization and performance issues tied to compute resources.
Security Copilot capabilities in Intune are now generally available.
Security Copilot in Entra Enhances Identity Security
Entra governs identity access through Conditional Access policies and granular authentication controls.
Security Copilot in Microsoft Entra, now generally available, provides AI-assisted reasoning, while supporting natural language prompts and real-time insights — across the identity and access estate — from within the Microsoft Entra admin center.
This functionality helps admins investigate users, troubleshoot sign-ins, manage access reviews and entitlements, monitor tenant health and service-level agreement (SLAs), optimize license usage, and analyze role assignments and recommendations — all while leveraging Microsoft Graph data.
Security Capacity Calculator
Last week’s announcements included a new in-portal capacity calculator for the Security Copilot standalone experience (which requires an Azure account).
This tool allows organizations to estimate the number of Security Compute Units (SCUs) they may need based on the number of Security Copilot users in each Microsoft Security product. Users can generate an estimate that serves as a starting point for capacity planning. SCU allocations can then be adjusted as actual usage patterns come into focus.
AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.
Access Optimization Agent
The company announced general availability of the Conditional Access Optimization Agent in Microsoft Entra. This launch brings AI-powered automation to IT and security operations, helping teams proactively protect identity workflows.
The Conditional Access Optimization Agent runs autonomously, scanning an enterprise environment for gaps, overlaps, or outdated policy assignments. It then recommends remediations to close gaps, turning reactive cleanup into proactive defense that aligns with Zero Trust practices.
The Conditional Access Optimization Agent:
- Automatically detects newly created users or apps not covered by Conditional Access policies
- Explains decisions with plain-language summaries and visual activity map showing how the agent reached its conclusion
- Adapts with support for custom business rules, learning based on natural-language feedback
- Provides full auditability of agent actions such as install, enable, and disable; recommendations are recorded in the audit log for compliance and operational transparency
Workspaces for Copilot Management
Microsoft launched Security Copilot Workspaces, which help teams manage access, resources, and collaboration within Security Copilot. Workspaces provide a flexible way to segment environments in order to align access and capacity with organizational needs as well as compliance requirements.
With Workspaces, users realize benefits including:
- Data boundaries: Regional teams can operate within their own dedicated workspaces, keeping data such as AI prompt history local and accessible only to that team. This supports compliance with regional data residency requirements.
- Role-based access control: Only authorized users have access to each workspace, and workspace management is restricted to users with administrator roles.
- Capacity planning: SCUs can be provisioned per workspace, giving admins the ability to right-size capacity based on each team’s workload.
Closing Thoughts
With this latest set of security products and features, Microsoft is driving Copilots deeper into corporate security platforms, ensuring customers have access to the latest, most sophisticated AI technology to ward off bad actors and protect corporate data assets.
Over the balance of 2025, we should begin to get greater clarity into whether the top security vendors or the hackers are gaining the upper hand in the use of AI.
Ask Cloud Wars AI Agent about this analysis
