Empowering the SOC - Security Copilot and the Rise of Agentic Defense

Explore how Microsoft Security Copilot is transforming Security Operations Centers (SOCs) through agentic AI-driven defense in this 46-minute conference talk from Microsoft Ignite 2025. Learn about the evolution from assistive AI to autonomous agentic defense systems and discover how modern SOCs are becoming AI-powered operations that deliver measurable security outcomes. Examine Microsoft's integrated security platform including Sentinel, Defender, and Copilot, and witness real-world demonstrations of Copilot's investigation capabilities, session memory, and automated note creation. Discover the newly available Phishing Triage Agent and the Threat Intelligence Briefing Agent that provides tailored daily security insights. See how agents execute queries and summarize results in natural language, making complex security data more accessible to analysts. Understand the Security Compute Unit (SCU) pricing structure and the transition from hourly to monthly allocation models for greater flexibility. Gain insights into how AI agents are closing the gap between threat detection and prevention, empowering security analysts to turn intelligence into actionable defense strategies across the complete SOC lifecycle.

Syllabus

0:00 - Rise of agentic AI usage and impact on future organizational roles
00:01:12 - Progression from assistive AI toward autonomous agentic defense
00:03:27 - Overview of Microsoft's integrated security platform: Sentinel, Defender, and Copilot
00:13:45 - Demonstration of Copilot’s investigation session memory and note creation
00:16:00 - Phishing Triage Agent enters general availability
00:19:55 - Overview of the Threat Intelligence Briefing Agent for tailored daily insights
00:23:29 - Agent Executes Query and Summarizes Results in Natural Language
00:35:39 - Explanation of SCU monthly allocation and pricing structure
00:36:14 - Transition from hourly to monthly SCU allocation model for flexibility