Microsoft today announced a raft of security features that include substantive enhancements to its existing products and services at its Ignite conference in Seattle and online.

The news integrates more than 50 different feature sets into six general product lines, offering both completely new products as well as enhancements to existing ones, as shown below. Included is an early access program for Security Copilot, its AI-fueled defensive tool, and new features for Defender modules for both cloud and endpoints. The program will expand to a public beta next year.

Some of the new features are playing catchup, to be sure, but are still essential. Microsoft’s security Vice President Vasu Jakkal mentioned during the introductory session at Ignite that the level of attacks has vastly increased in the past two years, with password attacks going from 579 to more than 4,000. That number is what the company’s telemetry discovers each second.

“Security teams face an asymmetric challenge: they must protect everything, while attackers only need to find one weak point — while regulatory complexity, a global talent shortage and rampant fragmentation add to the challenge,” she said during the keynote.

The collection of new products is their second broad-brush collection of security-related announcements. Earlier this month, the company put forth its Secure Future Initiative, to help speed remediation efforts and reduce coding vulnerabilities.

The copilot product will work in tandem with existing security offerings, including its Sentinel and Defender XDR, with a unified playbook, data sets and automation rules to coordinate any threat response. The AI makes it easier to analyze malicious scripts or to hunt for malware incursions, as well as produce management reports. The company said customers using the AI measures got 44% more accurate responses and were 26% faster, according to an internal survey.

Check out our full coverage of Microsoft Ignite in these stories:

• First dedicated AI accelerators and in-house Arm processors unveiled for Microsoft Azure
• Microsoft turbocharges AI development with Fabric, Azure AI Studio and database updates
• AI-powered Microsoft Copilot expands with new features and customization
• Broad collection of security products announced at Microsoft Ignite
• Microsoft debuts new AI tools for Windows developers and IT professionals
• Nvidia announces generative AI foundry on Azure and new foundational models
• Microsoft brings generative AI copilots to sales and service teams
• Exclusive: Informatica and Microsoft team on native data integration for Fabric analytics

Copilot has been added to a broad collection of Microsoft products. It’s now part of the company’s Purview compliance management product, which will be expanded to secure both structured and unstructured data types. This means security analysts can craft AI prompts to drive data loss and ediscovery investigations, among others. A new module for Purview will cover insider risk investigations into a variety of software-as-a-service services, such as Dropbox, Google Drive and GitHub, among others.

Copilot is also part of Azure AD, which has been rebranded as Entra, making it easier to manage enterprise identities and resource access controls with AI prompts. And Intune and Defender External Attack Surface Management are both getting their own integration with Copilot as well, which is used for troubleshooting device and security policy management and general network threat discovery, respectively. Instead of using specialized queries as part of these products, analysts can formulate natural language queries that will be interpreted by the AI.

These products will also add offensive AI measures as well, so security analysts can find riskier AI usage patterns in their telemetry, such as accessing private data. “As generative AI apps become more popular, security teams need tools that secure both AI applications and the data they interact with,” Jakkal said, “In fact, 43% of organizations said lack of controls to detect and mitigate risk in AI is a top concern.”

Microsoft also announced today that Intune will get three new toolsets next March that will include a cloud-based public key infrastructure and certificate management, an enterprise application management tool to register and track third-party apps, and advanced analytics for anomaly detection.

The software and cloud giant also promoted its Intelligent Security Association, a partner program that has been operating since 2018 with more than 300 different members. It has been expanded and now offers both independent software vendors and managed service providers a bunch of security training, various sales tools, go-to-market promotions and other assistance measures. A prerequisite for membership is to first join the AI Cloud partner program. It is nice to see more attention to the partners, since that has been a past traditional place for its success, especially when selling more complex product combinations.

Microsoft made many claims during the introduction of these products, some not quite true. For example, they are not the first vendor, especially not the first security vendor to integrate AI across its product portfolio, something that just about every security vendor has done in the past several months. They are also not the first vendor to make use of a common data lake of security events and threat data: Earlier this week Palo Alto Networks Inc. offered their own AI-based data lake, and Google’s Chronicle has been around for many years as well.

Defender has certainly come a long way. The product harks back nearly two decades, when Windows XP was still found on the majority of corporate desktops and Windows 7 was introduced with Defender built in. At the time, there wasn’t much talk of any cloud-based security tools from the company. Over the ensuing years, Defender went from being mostly second-rate to one of the more effective anti-malware tools on the market, and complementary tools have come out from Microsoft that compete in the cloud-native security segment.

This week’s announcement cements Microsoft’s role in the security arena and also does more than just rename products. It provides a more holistic and feature-rich tool collection. How well the various integrations across its product line will actually work remains an open question, however.

Images: TheDigitalArtist/Pixabay, Microsoft