At Ignite 2025, Microsoft announced that its AI-powered security assistant, Security Copilot, will now be bundled with Microsoft 365 E5 at no additional cost for customers. This means every organization with an E5 subscription gains built-in access to “agentic” AI security agents across the Microsoft security ecosystem. These intelligent agents are embedded directly into tools such as Microsoft Defender, Entra (identity management), Intune (endpoint management), and Purview (compliance), enabling autonomous threat detection and response within the security teams that already use these tools. Microsoft’s move addresses a critical cybersecurity skills shortage while introducing new governance measures to ensure AI acts responsibly within enterprise environments.
Security Copilot Bundled into E5
Microsoft 365 E5 now includes Security Copilot, providing enterprises with a built-in AI security assistant at no additional charge. This integration drops advanced AI capabilities directly into Defender, Entra, Intune, and Purview workflows, out-of-the-box.
Introducing “Agentic” AI Defense
Agentic AI refers to autonomous AI “agents” that can make decisions and take actions. In Security Copilot, a dozen new agents can triage alerts, hunt threats, and even initiate responses automatically across systems. It’s a shift from passive advice to active cyber defense.
Key Features
- Integrated AI Agents: Embedded into Defender, Entra ID, Intune, Purview for seamless security workflows.
- Large Agent Ecosystem: 12 new Microsoft-built agents + 30+ partner agents covering various security functions.
- Natural Language Ops: Analysts interact via plain English for tasks like alert triage, threat hunting, and policy changes – no complex queries needed.
- Autonomous Actions: Agents can execute tasks (isolate endpoint, disable account, classify data, etc.) autonomously under set policies.
- Included in M365 E5: Provided at no extra cost to all Microsoft 365 E5 customers. No separate license required.
Rollout Details
- Phased Rollout: Begins Nov 18, 2025 for tenants already using Security Copilot; expands to all E5 tenants over following months. Includes a 30-day advance activation notice to admins.
- SCU Capacity: Each 1,000 E5 users = 400 SCUs/month (up to 10k) included. Unused SCUs don’t roll over. Additional usage will eventually be pay-as-you-go ($6 per SCU).
- Admin Control: Capabilities and access governed via Entra ID group membership + new Agent management dashboards.
Strategic Benefits
- Augments Security Teams: Helps close the global 4M+ cybersecurity talent gap by automating routine tasks.
- Faster Response: Automates alert triage, compliance checks, and other high-volume workflows for faster threat mitigation.
- Unified Workflow: Reduces context switching with AI embedded directly into existing Microsoft security tools.
- Governed AI Usage: Includes oversight tools such as Entra Agent IDs, audit logs, and the centralized “Agent 365” hub.
- Higher Security Posture: Makes advanced security capabilities accessible by default, boosting organizational security maturity without major new investments.
What Is Security Copilot?
Security Copilot is Microsoft’s AI-driven security assistant, initially introduced earlier in 2025 as a GPT-4-powered tool for security operations. It could analyze incidents, answer natural-language questions about threats, and assist analysts in investigations. The big news at Ignite is the evolution of Security Copilot from a standalone assistant to an “agentic” system directly integrated into the security workflow.
Embedded AI Agents Across the Stack
Instead of only providing recommendations in a chat interface, Security Copilot’s AI agents now live inside Microsoft’s security products. There are a dozen new built-in agents from Microsoft and 30+ partner-built agents that plug into various security roles. For example, one agent might reside in Defender to autonomously map an attack’s path or isolate a compromised device. At the same time, another in Entra ID could monitor and adjust user access based on risk signals.
Natural Language Operations
These agents let security professionals interact with complex systems using plain English. Analysts can ask something like “Show me any unusual sign-ins from this user in the last 24 hours” and the agent will translate that into the necessary queries across identity logs. Routine tasks such as alert triage, threat hunting, or writing firewall rules can be handled or accelerated by simply describing the goal to the agent. This lowers the barrier to using advanced security tools, as teams no longer need deep domain scripting expertise for every task.
Seamless Integration for E5 Customers
Previously, Security Copilot was a separate add-on (with its own cost and provisioning). Now, Microsoft 365 E5 customers automatically get Security Copilot’s capabilities as part of their subscription with no extra licensing or setup. It’s considered part of the “core entitlement” of E5, meaning that if you already pay for E5, these AI features are activated in your tenant without additional purchase. Microsoft is effectively democratizing access to sophisticated security AI by bundling it into its most popular enterprise suite (E5).
When Does Security Pilot Rollout?
November 18, 2025 – Rollout Begins
Customers already using Security Copilot (preview or trial) and who have Microsoft 365 E5 licenses are the first to receive the included Security Copilot agents. Their tenants were enabled starting on the Ignite announcement date.
Late 2025 to Early 2026 – Phased Expansion
All other Microsoft 365 E5 customers will be gradually activated in the “upcoming months.” Microsoft is providing a 30-day advance email notice to each tenant before Security Copilot becomes active for them. This gives administrators time to prepare (and opt-out or adjust settings if needed).
Why This Matters: Strategic Implications for Security Teams
Microsoft’s integration of Security Copilot into E5 isn’t just a product update; it signals a broader strategy in cybersecurity, addressing key challenges:
Cybersecurity Skills Gap
The industry has over 4 million unfilled cybersecurity jobs worldwide, meaning most security teams are under-resourced and overburdened. By providing every E5 customer with a fleet of AI agents, Microsoft aims to augment human teams with machine power. These agents can take on a significant amount of the “heavy lifting” sifting through thousands of alerts, monitoring logs 24/7, and performing first-level analysis; tasks that a limited human team might struggle to keep up with. In essence, Security Copilot acts as a force multiplier, enabling organizations to accomplish more without the need to immediately hire scarce experts.
Operational Efficiency & Speed
Many security tasks are routine but highly time-consuming (think of user access reviews, checking device compliance, or triaging the daily deluge of SIEM alerts). With Copilot agents, routine, high-volume tasks can be automated or accelerated, significantly reducing response times. For example, instead of an analyst spending 30 minutes investigating a phishing email, an AI agent might do it in seconds and provide a report. This frees up human analysts to focus on higher-value investigations, threat hunting, and strategic improvement rather than constant firefighting.
Unified Security Experience
Security teams typically juggle numerous consoles and tools. One promise of these integrated agents is a more unified workflow. Because the AI is embedded in Defender, Entra, Intune, and Purview, security staff can interact with Copilot within whichever tool they are already using, without needing to switch contexts to a separate application. The AI can pull context from one system to another behind the scenes. This seamless integration means less friction – for instance, a Compliance manager in Purview might receive AI assistance in classifying data without needing to learn the details of how that data also relates to an incident in Defender; the agent bridges that gap.
Advancing “Agentic” Defense
Traditionally, AI in security (and Microsoft’s earlier Copilot previews) has been assistive, suggesting or summarizing, while leaving the action to humans. By moving to agentic AI, Microsoft is pushing toward systems that take proactive actions in defense. This is strategically significant: threats now move at machine speed, and autonomous agents that can act immediately (under policy constraints) could dramatically blunt fast-moving attacks. Microsoft’s vision is one of “ambient, autonomous security” – where many defenses occur in the background, intelligently, without requiring human initiation. It positions Security Copilot (and Microsoft 365 E5) as an AI-driven security platform that is continuously at work, not just a toolkit that analysts pull out when they have time.
Lowering Barriers to Security Maturity
Not every organization has a mature Security Operations Center or specialists in every security domain. By bundling these advanced capabilities into E5, Microsoft is effectively raising the baseline of security for many companies. Even smaller IT teams can now leverage AI for sophisticated tasks (like threat hunting or insider risk detection) that they might not have attempted before. This could lead to an overall improvement in cloud security postures for E5 customers, as critical issues are less likely to go unnoticed or unresolved thanks to the Copilot’s constant vigilance.
Conclusion
Microsoft’s decision to include Security Copilot with Microsoft 365 E5 marks a significant milestone in enterprise security. It signals that AI-powered security is no longer a premium add-on. Now its a fundamental component of defending modern cloud environments. With agentic AI woven throughout the security stack, organizations stand to gain speed, efficiency, and enhanced capabilities against emerging threats. However, this innovation comes with the responsibility of governance. Microsoft has paired the new capabilities with tools and guidelines to ensure that autonomous agents remain under human direction and aligned with organizational policies. For E5 customers, the message is clear: you now have cutting-edge AI security at your fingertips. Making it essentially “free” as part of what you’re already paying for – but it’s up to you to activate it thoughtfully, govern it wisely, and harness its potential.
In the broader context, Security Copilot with E5 represents a future where human security experts and AI agents collaborate seamlessly. Routine threats are handled at machine speed. Meanwhile, humans focus on creative problem-solving and strategic defense. This partnership could enhance security postures across industries. Making defenses more proactive and breaches less likely to occur. As organizations adopt Security Copilot, we will likely see a new standard emerge, one where having AI in your security operations center is as common and necessary as firewalls and antivirus solutions. Microsoft is betting that agentic AI will be the next indispensable layer in cybersecurity. With this rollout, they’re putting that bet into action on a broad scale.
