Microsoft has taken a decisive step in its AI-driven security strategy with the official launch of Security Copilot in Microsoft Intune and Microsoft Entra, two of its key pillars in implementing the Zero Trust model. After months in preview, this integration marks a significant evolution in how IT departments manage identities, devices, access, and threats.
With the support of generative AI, administrators can now interact with their data using natural language, automate complex tasks, and respond more quickly to incidents—all without leaving their usual environment.
Less time, more accuracy
According to Microsoft, organizations that have already implemented Security Copilot have reduced their average device policy conflict resolution time by 54%, and have seen a 22.8% decrease in incident alerts within just three months. These results not only boost productivity but also enable teams to focus on higher-impact security strategies.
Copilot in Intune: the new command center for endpoint management
The integration with Intune offers a completely redesigned experience: now, administrators have a dedicated section to explore data via Copilot, perform complex queries, and execute actions without changing context. Notable capabilities include:
– Assessing device and application compliance
– Identifying update failures or policy conflicts
– Automating remediations
– Generating customized reports with just a single query
Additionally, support extends to Windows 365 Cloud PCs, providing unified management across physical devices and cloud-based environments. In the coming weeks, Microsoft will introduce AI-based features to analyze connection quality, optimize licenses, and detect performance bottlenecks.
Copilot in Entra: AI-governed identity
In Microsoft Entra, Security Copilot acts as an intelligent co-pilot for identity management. It can answer questions like:
– “Which users have admin roles?”
– “Which applications have expired or insecure permissions?”
The system can assist with reviewing access packages, managing licenses, assessing application risks, and role analysis—all based on Microsoft Graph data and providing detailed natural language responses.
Conditional Access Optimization Agent: autonomous defense
One of the most innovative announcements is the general availability of the Conditional Access Optimization Agent. This AI-powered agent can:
– Detect gaps or overlaps in access policies
– Identify new users or apps not covered by existing policies
– Suggest automatic remediations with clear, traceable explanations
– Learn administrator preferences through natural language feedback
As Julian Rasmussen, partner at Point Taken and a Microsoft MVP, explains:
> “This agent is like having a security analyst running in the background 24/7. It reduces risks from the first minute and allows testing changes without disrupting operations.”
AI for the next generation of IT operations
Microsoft’s strategy aims for an integrated, intelligent, and autonomous security platform. Security Copilot already features 11 specialized agents announced at Microsoft Secure 2025, covering threat analysis to policy management.
Furthermore, Microsoft has introduced a new Azure tool to estimate the usage of Security Compute Units (SCUs) based on the number of users and products in use, aiding capacity planning in enterprise environments.
Why does this integration matter?
The rise of identity-based attacks (over 600 million daily, according to the Microsoft Digital Defense Report 2024) and the complexity of hybrid infrastructures make it essential to have tools that not only alert but also act proactively, intelligently, and transparently.
Security Copilot aims to be the next-generation digital co-pilot, supporting IT professionals in their daily work by improving response capabilities and helping anticipate risks.
via: https://www.opensecurity.es/microsoft-security-copilot-ya-esta-disponible-en-intune-y-entra-inteligencia-artificial-al-servicio-de-la-ciberseguridad-y-la-eficiencia-ti/