All news with #microsoft sentinel tag

Security Copilot Agents Included with Microsoft 365 E5

🛡️ Microsoft is including Security Copilot agents in Microsoft 365 E5, embedding AI-driven assistants across Defender, Entra, Intune, and Purview to accelerate investigations and automate routine tasks. The rollout begins today for existing Security Copilot customers on E5 and will expand to all E5 tenants in the coming months with a 30-day notification. The announcement adds 12 Microsoft-built preview agents, 30+ partner agents, and support for customer-built agents to tailor workflows.

Ambient and Autonomous Security for the Agentic Era

🛡️ At Microsoft Ignite 2025, Microsoft set out an ambient, autonomous security approach for the emerging agentic era and announced a suite of tools to observe, secure, and govern AI agents and apps. The centerpiece is Microsoft Agent 365, a control plane providing an Entra-based registry, access controls, visualization, and integrations with Defender, Entra, and Purview to detect prompt-injection, prevent leakage, and enable auditing. Microsoft also expanded platform protections, enhanced Copilot data controls in Purview, and positioned Microsoft Sentinel and Security Copilot as agentic security pillars for detection and response.

Microsoft Security Store Unites Partners and Innovation

🔐 Microsoft Security Store, released to public preview on September 30, 2025, is a unified, AI-powered marketplace that lets organizations discover, buy, and deploy vetted security solutions and AI agents. Catalog items — organized by frameworks like NIST and by integration with products such as Microsoft Defender, Sentinel, Entra, and Purview — address threat protection, identity, compliance, and cloud security. Built on the Microsoft Marketplace, it provides unified billing, MACC eligibility, and guided automated provisioning to streamline deployments.

Microsoft Named Leader in 2025 Gartner SIEM Magic Quadrant

🔒 Microsoft has been recognized as a Leader in the 2025 Gartner® Magic Quadrant for Security Information and Event Management (SIEM). The announcement highlights Microsoft Sentinel as a cloud- and AI-powered SIEM that centralizes security data via a purpose-built data lake and supports agentic AI through the Model Context Protocol (MCP) server. The platform emphasizes cost optimization, SOC automation, and integrated SOAR, UEBA, and threat intelligence to accelerate detection and response.

Microsoft launches ExCyTIn-Bench to benchmark AI security

🛡️ Microsoft released ExCyTIn-Bench, an open-source benchmarking tool to evaluate how well AI systems perform realistic cybersecurity investigations. It simulates a multistage Azure SOC using 57 Microsoft Sentinel log tables and measures multistep reasoning, tool usage, and evidence synthesis. The benchmark offers fine-grained, actionable metrics for CISOs, product owners, and researchers.

Securing Agentic AI: Microsoft Ignite Security Guide

🔒 Microsoft Ignite 2025 highlights security-focused sessions and hands-on labs tailored for practitioners and leaders. Join in San Francisco Nov 17–21 (or online Nov 18–20) for briefings, demos, and instructor-led labs covering Microsoft Security Copilot, Sentinel, Defender, Entra, and Purview. A Security Forum (Nov 17) and keynote segments led by senior security executives will explore designing, governing, and protecting agentic AI across the lifecycle.

Microsoft Advances Sentinel with Agentic AI Upgrades

🔒 Microsoft announced major AI upgrades for Sentinel SIEM and Security Copilot, positioning them as agentic platforms. The update makes Sentinel data lake generally available and introduces public-preview releases of Sentinel graph and the Sentinel Model Context Protocol (MCP) Server so AI agents can access and act on SIEM data. Customers can now build custom agents with natural‑language prompts and discover third‑party agents via a revamped store. Microsoft positions agents to automate investigation and response but warns of increased noise, false positives and a new attack surface.

Microsoft Sentinel: Agentic Platform for Defenders Now

🛡️ Microsoft announced expanded agentic security capabilities in Microsoft Sentinel, including the general availability of the Sentinel data lake and public preview of Sentinel Graph and the Model Context Protocol (MCP) server to enable AI agents to reason over unified security data. Sentinel ingests structured and semi-structured signals, builds vectorized, graph-based context, and integrates with Microsoft Defender and Microsoft Purview. Security Copilot now offers a no-code agent builder and developer workflows via VS Code/GitHub Copilot, while enhanced governance controls (Entra Agent ID, PII guardrails, prompt shields) aim to secure agent lifecycles.

Retail at Risk: Single Alert Reveals Persistent Threat

🔍 A single Microsoft Defender alert triggered an investigation that uncovered a persistent cyberthreat against retail customers. Attackers exploited unpatched SharePoint flaws CVE-2025-49706 and CVE-2025-49704 using obfuscated ASPX web shells while also compromising identities through self-service password reset abuse and Microsoft Entra ID reconnaissance. DART swiftly contained the intrusions—removing web shells, isolating Entra ID, deprivileging accounts, and recommending Zero Trust measures, MFA enforcement, timely patching, and EDR deployment.

Forrester: Microsoft Defender Delivers 242% ROI Over 3 Years

🔒 Microsoft’s latest Forrester TEI study found a 242% return on investment over three years for organizations using Microsoft Defender. The analysis attributes $17.8 million in total benefits and reports an average payback period of less than six months for a composite organization. Integrated with Microsoft Sentinel, Defender streamlines SecOps by consolidating tooling, lowering false positives, and accelerating response through automation and KQL-enabled detections. Customers cite improved visibility across hybrid and multicloud environments and reduced operational overhead.