SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Realistic illustration computer workstation glowing digital shield ai cybersecurity defense
#
Data Protection
#
SIEM
#
Cloud Security

Microsoft unveils unified AI security platform to counter threats

Wed, 1st Oct 2025
Author image
By Melania Watson, Interview Editor

Microsoft has unveiled new security features aimed at helping organisations respond more rapidly and effectively to evolving cyber threats.

With increased adoption of artificial intelligence (AI), organisations face fresh opportunities but are also exposed to novel risks. Attackers have been quick to exploit vulnerabilities, and many organisations struggle with fragmented tools and workflows. According to Gartner research cited by Microsoft, enterprises operate an average of 45 different security tools sourced from multiple vendors.

Microsoft has responded by integrating its range of tools into a more unified security system.

Unified security platform

One notable update is the evolution of Microsoft Sentinel into a platform described as AI-ready, designed to connect users, agents, devices, actions, and risks across the whole security environment.

This upgrade is intended to enable defenders to trace attack paths, assess potential impacts, and prioritise responses using a single system that provides comprehensive oversight.

The foundation is further strengthened by Security Copilot, which allows security teams to create custom AI agents without requiring coding expertise. These agents can be integrated into routine workflows, all with enterprise-grade security guardrails in place. The newly launched Microsoft Security Store also allows customers to discover and deploy new agents and solutions from Microsoft's partner ecosystem.

Describing the current landscape, Microsoft stated: "We are living through a turning point in how organizations work and defend themselves. Across industries, 'Frontier Firms' are emerging; these are businesses where humans and AI agents collaborate in real time to solve problems, innovate, and build resilient organisations."

The announcement notes how the pace and complexity of cyber threats now require approaches that go beyond traditional tools. Microsoft Sentinel is positioned as a solution bringing together data, context, automation, and intelligent agents to defend organisations at AI speed.

Building on its history as a cloud-based security information and event management (SIEM) tool, Sentinel now features a unified security data lake and the public preview of Sentinel graph and the Model Context Protocol (MCP) server. These capabilities support advanced context analysis, semantic access, and intelligent orchestration to help security teams correlate alerts and empower AI-enabled agents across different platforms.

"With Microsoft Security and Sentinel data lake, we've unified silos, scaled operations, automated processes, and expanded coverage-transforming how we detect patterns and prepare for the future with a unified, agile security posture." -Bernard Knaapen, Chief Product Owner, Monitoring and Incident Response, ABN AMRO.

Sentinel's system ingests both structured and semi-structured signals to build detailed contextual representations of digital estates using vectorised data and graph-based relationships. Integration with Microsoft Defender and Purview enables users to trace attacks, understand their impact, and prioritise actions without leaving their existing workflows.

Sentinel's graph-based approach assists Security Copilot agents in reasoning over the IT environment with greater accuracy. The MCP server uses open standards to allow predefined and custom-built agents to operate across unified data, shifting security work from reactive response to predictive action.

Security Copilot customisation

With Security Copilot, Microsoft is emphasising user empowerment. The Security Copilot portal includes a no-code agent builder, which enables users to describe their agent requirements in natural language and create, refine, and publish them quickly. Agents can also be constructed in platforms such as Visual Studio Code via GitHub Copilot and integrated into Copilot's workspace.

Security Copilot agents can integrate into day-to-day tools and can be either developed by customers or sourced from Microsoft's partners. Since introducing Security Copilot agents in March 2025, more than a dozen agents have been developed for tasks such as phishing triage and optimising conditional access. Agents, including those built by partners, are now accessible through the new Security Store.

By leveraging graph-based context from Sentinel, Security Copilot agents can correlate alerts, enrich contextual understanding, and automate responses, aiming to reduce the volume of false positives and improve response times. Routine security operations can be orchestrated and automated by agents, freeing analysts to focus on more strategic decisions and threat hunting.

Securing AI environments

Microsoft has also introduced tools to assist organisations in securing and managing their AI applications and agents. Updates include Entra Agent ID for asset management, controls to prevent data oversharing, risk discovery tools for AI models, and enhanced abilities to detect prompt injection attacks.

Among new enhancements announced for Azure AI Foundry are agent task adherence controls, personally identifiable information (PII) guardrails, and prompt shielding features intended to bolster the protection of AI agents through their development and operational lifecycle.

Microsoft stated: "Together, these innovations help you secure and govern your AI apps and agents in Microsoft 365 Copilot, Copilot Studio, and Azure AI Foundry-helping you build on the trusted tools your teams already use and offering you more natively built protections for your Microsoft AI platforms."

Collaboration and outlook

The corporation continues to collaborate with partners such as Accenture, ServiceNow, and Zscaler to expand the availability of agentic security tools across the industry. Microsoft emphasised that security must be a collaborative effort, observing: "I firmly believe that security is a team sport. That team includes all of us- innovating together, learning together, and defending together."

The latest updates form part of Microsoft's strategy to provide integrated, scalable security systems that adapt to changes in technology and the threat environment.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Exabeam & Recorded Future boost threat response with AI-driven intel
Rubrik unveils AI tools to boost recovery for Microsoft 365 & DevOps
Cohesity & Microsoft deepen AI-driven data security & growth
ROLLER boosts global speed & security with Fastly platform
Nutanix to bring Azure Virtual Desktop support to hybrid setups

Top stories

OpenEye adds AI video tools to reduce false alarms & boost security
Claroty unveils AI-powered CPS Library to boost asset visibility
New Relic boosts AI observability with Microsoft Azure tie-in
Rubrik & Microsoft integrate to manage AI agents in 365 apps
DEFEND wins global Microsoft award as cyber threats surge in NZ