Microsoft Defender: Building the Agentic SOC with Allie Mellen

Microsoft Events, joined by Allie Mellen, presents a deep dive into how Microsoft Defender is leveraging AI and agentic automation to transform security operations and enhance SOC effectiveness.

Microsoft Defender: Building the Agentic SOC with Allie Mellen

This session, presented at Microsoft Ignite 2025 by Rob Lefferts, Corina Feuerstein, and guest analyst Allie Mellen, explores how AI and intelligent agent technologies are advancing the effectiveness of security operations through Microsoft Defender.

Key Topics Covered

• Microsoft’s Mission: Adaptive, autonomous defense that empowers security teams to focus on strategic work while automating repetitive SOC tasks.
• AI-Driven Security Innovations:
  • Use of intelligent agents to reduce alert overload and false positives.
  • Automation for threat containment, including automatic session token revocation and disabling compromised accounts.
• Defender XDR in Action:
  • Real-world example: Detecting attacker activity where a compromised account is federated into AWS, and subsequent automated response through Defender XDR.
• Agentic Capabilities:
  • Automation and orchestration of SOC work using encoded runbooks and guardrails.
  • Importance of explainability, transparency, and clear labeling in AI-driven security solutions.
• Evolving Analyst Roles:
  • How the responsibilities of security analysts change in the context of agentic and autonomous operations.
• Trust and Vendor Transparency:
  • The role of labeling, confidence levels, and vendor communication in building trust around generative AI and automated security workflows.

Session Highlights

• Strategies for combating alert fatigue and scaling SOC efficiency
• Practical examples of how automation can speed up detection and incident response
• Discussion on the transition from manual to agentic SOC operations, and the resulting need for new skills among analysts
• Considerations for ensuring transparency and explainability in AI-driven decisions

Learn More

• Microsoft Defender Product Page
• Microsoft Ignite

Speakers

• Rob Lefferts
• Corina Feuerstein
• Allie Mellen (Forrester Principal Analyst)

---

Delivered as a silent stage breakout session at Microsoft Ignite 2025, this presentation provides practical insight and real-world stories on modernizing security operation centers with Microsoft Defender and the latest in agentic AI.