Microsoft has enhanced its cloud security capabilities by integrating Azure Firewall with Security Copilot, an AI-powered security solution designed to help security teams work faster and more efficiently.

This integration allows security analysts to investigate malicious network traffic using simple, natural-language questions rather than complex technical queries.

Security Copilot is a generative AI tool that assists security professionals in handling critical tasks such as incident response, threat hunting, intelligence gathering, and security posture management.

The solution operates at machine speed and scale, significantly boosting security team productivity by providing an assistive copilot experience through natural language interactions.

Azure Firewall is Microsoft’s cloud-native network firewall security service that protects Azure workloads with built-in high availability and scalability.

The new Security Copilot integration helps analysts investigate malicious traffic intercepted by the Intrusion Detection and Prevention System (IDPS) feature across their entire firewall group.

Security teams can access this integration through two experiences: the standalone Security Copilot portal or the embedded Azure Copilot experience within the Azure portal.

Both options allow users to ask questions in plain English rather than writing complicated database queries. The integration offers several powerful security operations features.

Analysts can retrieve top IDPS signature hits for specific firewalls and get enriched threat profiles for security signatures.

Perform fleet-wide searches across tenants, subscriptions, or resource groups to track threats across all firewalls.

Additionally, Security Copilot generates recommendations for securing environments using Azure Firewall’s IDPS feature and helps teams understand best practices and protection strategies without manually searching through documentation.

To use this integration, organizations must configure Azure Firewall to send resource-specific structured logs for IDPS to a Log Analytics workspace.

Users need appropriate Role-Based Access Control permissions to access firewalls and associated workspaces. The service requires Security Compute Units (SCUs), which organizations can adjust based on their needs.

This integration represents Microsoft’s continued investment in AI-powered security tools that make advanced threat detection and response accessible to security teams of all skill levels.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Microsoft Integrated Azure Firewall With AI-powered Security Copilot appeared first on Cyber Security News.

Microsoft unveiled significant enhancements to threat intelligence at Ignite 2025, bringing the Threat Intelligence Briefing Agent directly into the Defender portal.

This integration marks a pivotal shift in how security teams approach cyber defense, moving from reactive responses to proactive threat anticipation.

The Threat Intelligence Briefing Agent, initially launched in March 2025, is now fully integrated into the Microsoft Defender portal in Public Preview.

Enhanced Threat Analytics and Intelligence Access

This powerful tool delivers daily customized briefings that combine Microsoft’s global threat intelligence with organization-specific insights.

Saving analysts countless hours previously spent manually gathering information from multiple sources.

Security teams receive automated, up-to-date intelligence summaries within minutes, complete with risk assessments, clear recommendations, and direct links to vulnerable assets.

This streamlined approach enables organizations to identify and address exposures before they become incidents, fundamentally changing how defenders prioritize their actions.

Microsoft has expanded access to its comprehensive threat intelligence library through Threat Analytics, now available to both Defender XDR and Sentinel-only customers in Public Preview.

Previously exclusive content is now accessible at no additional cost, democratizing world-class threat intelligence across Microsoft’s security ecosystem. The upgraded Threat Analytics includes several critical enhancements.

Each threat report now features comprehensive Indicators of Compromise (IOCs), allowing customers to review relevant indicators and access detailed entity information directly within Defender.

MITRE ATT&CK framework mapping helps teams proactively identify and mitigate persistent attack techniques. At the same time, insights into targeted industries and the origins of threat actors enable better prioritization.

Reports are systematically organized and filterable by Actor, Tool, Technique, Vulnerability, Activity, or Core threat, making specific intelligence easier to locate.

Additional context includes related intelligence links and threat actor aliases, helping analysts understand how Microsoft’s findings align with broader industry developments.

A new feature allows security teams to link cases directly to relevant IOCs, ensuring investigations and response workflows remain connected.

This improvement enhances visibility and collaboration, enabling faster and more informed decisions during critical threat investigations.

These advancements represent Microsoft’s commitment to equipping organizations with powerful tools to anticipate and address emerging threats more effectively in an ever-evolving security landscape.

Follow us on Google News, LinkedIn, and X for daily cybersecurity updates. Contact us to feature your stories.

The post Microsoft Threat Intelligence Briefing Agent Now Integrated With the Defender Portal appeared first on Cyber Security News.