While cyber threats are evolving at breakneck speed, so are the defences designed to stop them. AI-driven defences are leading this fightback, and one of the major announcements at Microsoft Ignite 2025 reflected this sentiment completely: Microsoft Security Copilot is now included with Microsoft 365 E5.
By embedding AI-driven intelligence directly into the Microsoft ecosystem, organisations can move from reactive defence to proactive, autonomous protection without additional licensing hurdles.
What is Microsoft Security Copilot and why does it matter?
Security Copilot represents Microsoft’s AI‑first approach to cyber defence. It brings together advanced language models, security expertise, and contextual understanding to deliver clear, real‑time insights.
While AI tools like M365 Copilot are often seen as digital assistants, Security Copilot is so much more than that. It’s an agentic security platform that understands your environment, anticipates risks, and orchestrates defences across Microsoft Defender, Entra, Intune and Purview. Working across the Microsoft security stack, it helps organisations spot and prioritise threats more quickly, automate responses, and maintain compliance at scale with ease.
At Ignite, Microsoft also introduced Agent 365, a new control plane for managing AI agents across identity, governance and compliance. This empowers Security Copilot to do so much more than simply provide answers. It can take action, apply policies automatically, and keep learning through Work IQ, a built‑in intelligence layer that understands your organisation’s data, workflows and risk profile.
It was also announced that Security Copilot now supports federated attack disruption across third-party platforms such as AWS, Okta and Proofpoint, enabling unified defence across ecosystems.
From reactive response to proactive protection
Traditional security operations often focus on responding to incidents after they occur. Security Copilot flips this model by enabling teams to predict, prevent and respond with AI-driven precision.
Across the entire security lifecycle, it enables teams to spot vulnerabilities early, prioritise threats intelligently, investigate and contain incidents automatically, and recover faster with built‑in remediation guidance.
Developers also benefit. Copilot integrates with GitHub Advanced Security and Defender for DevOps, promoting secure coding and automating vulnerability fixes to close the gap between development and operations.
How to get started with Security Copilot
If you’re a Microsoft 365 E5 customer, you already have access. The rollout began on 18th November 2025 for existing customers, with activation notifications issued 30 days in advance.
Each tenant will receive 400 Security Copilot Units (SCUs) per 1,000 users, scaling up to 10,000 SCUs for larger environments.
Once available, you can activate the agents you need within Microsoft Defender, Entra, Intune and Purview, tailoring each to meet your organisation’s security objectives. From there, you can use Security Copilot to create bespoke agents and workflows aligned with your business processes and governance needs.
The future of cyber defence starts now
As a trusted Microsoft partner, we’re here to help organisations operationalise Security Copilot quickly and effectively.
From configuration to custom workflow development, our experts ensure your organisation is ready for autonomous defence. We provide governance guidance, compliance alignment and ROI optimisation so you can unlock the full value of Security Copilot without delay.
Get in touch today to schedule a session with our team and start building a proactive, AI‑driven defence for your business.
