Empowering the SOC: Security Copilot and the Rise of Agentic Defense

This Microsoft Ignite session, featuring Cristina Da Gama and Corina Feuerstein, highlights how Security Copilot and agentic AI are transforming the Security Operations Center, offering concrete demos and platform updates for security professionals.

Empowering the SOC: Security Copilot and the Rise of Agentic Defense

Overview

In this Microsoft Ignite 2025 breakout session (BRK1731), speakers Cristina Da Gama and Corina Feuerstein present the latest advancements in Security Copilot within Microsoft Defender and Sentinel, showcasing how modern Security Operations Centers (SOC) are evolving into agentic, AI-driven environments.

Key Topics Covered

• Agentic AI and SOC Evolution
  • Introduction to agentic AI and its impact on future SOC roles
  • Transition from assistive AI solutions to autonomous agent-driven security operations
• Microsoft’s Integrated Security Platform
  • How Sentinel, Defender, and Copilot create a unified security ecosystem
  • Real-world demonstrations across multiple SOC lifecycle stages
• Security Copilot Features and Innovations
  • Investigation session memory and note creation to assist analysts
  • Release of the Phishing Triage Agent into general availability for efficient threat response
  • Threat Intelligence Briefing Agent for customized daily insights
  • Agent-driven query execution and natural language summarization for rapid comprehension
• Operational Enhancements and Pricing
  • Explanation of the Security Compute Unit (SCU) allocation and updated pricing models
  • Transition to a monthly SCU allocation model to improve operational flexibility

Speaker Information

• Cristina Da Gama
• Corina Feuerstein

Resources

• Ignite Secure Data Plans
• Microsoft Ignite Event Portal

Chapters Breakdown

• 0:00 Rise of agentic AI usage in security operations
• 00:01:12 Progression toward autonomous agentic defense
• 00:03:27 Sentinel, Defender, Copilot security platform overview
• 00:13:45 Copilot investigation session demonstration
• 00:16:00 Phishing Triage Agent release details
• 00:19:55 Threat Intelligence Briefing Agent introduction
• 00:23:29 Agent query execution and summarization
• 00:35:39 SCU allocation and pricing changes explained

Target Audience

This session is aimed at security operations professionals, SOC analysts, architects, and technical security leaders interested in leveraging Microsoft’s AI and automated agentic technology to improve detection, response, and prevention capabilities within their organizations.