< Go Back
Blog

Microsoft Ignite 2025: The Book of News Just Dropped — Here’s What We’re Watching

Microsoft has officially released the Ignite 2025 Book of News, highlighting the capabilities, previews, and security innovations that will shape the year ahead.

As always, the security announcements were front and center,  and several stood out to us as especially relevant for CISOs, SecOps teams, and organizations operating in Microsoft ecosystems.

Below is a quick, first-look digest of capabilities we’re keeping an eye on, along with why they matter for customers who rely on Microsoft’s rapidly evolving security stack.

Predictive Shielding and Expanded Automatic Attack Disruption (Defender for Endpoint)

Predictive Shielding,  a new component of Microsoft’s automatic attack disruption,  is one of the most significant enhancements in this year’s Book of News. This capability anticipates attacker movement and proactively hardens potential attack paths before adversaries can pivot.

Instead of only containing compromised assets, Microsoft is now combining threat intelligence and graph insights to forecast attacker behavior and automatically apply just-in-time hardening (like policy changes or Safe Boot restrictions).

Microsoft is also extending automatic attack disruption beyond its own ecosystem, adding AWS, Proofpoint, and Okta when signals are ingested through Microsoft Sentinel. This will help reduce cross-cloud identity and phishing risks, and enable real-time containment across federated environments.

Security Store Goes GA and Partner Agents are Front and Center

A major milestone: the Microsoft Security Store is now generally available, with deeper integration into Defender and Entra. The platform now includes:

  • Over 100 third-party security solutions
  • New fraud prevention, forensics, and threat intelligence agents
  • A marketplace for security services, including MDR and threat hunting

Ontinue Posture Advisor Agent, is already live in the Security Store, offering organizations deeper visibility and guided posture insights across their Microsoft security environment. As Microsoft expands the Store’s footprint, we expect adoption and customer value to accelerate.

The Ontinue Posture Advisor Agent is a premium security posture and configuration auditing agent designed to help organizations more rapidly understand, prioritize, and implement the most impactful security improvements across Microsoft Defender XDR, Microsoft Entra ID, and additional Microsoft controls.

Security Dashboard for AI (Preview)

Microsoft introduced a unified Security Dashboard for AI, designed for CISOs and risk leaders to understand their AI posture in real time. The dashboard:

  • Aggregates signals from Defender, Purview, and Entra
  • Surfaces cross-platform AI risks
  • Provides AI-powered recommendations through Security Copilot

This complements Ontinue’s own work in AI-driven posture management. While Microsoft’s view centers on AI governance and AI-specific risks, our agent in the Security Store focuses on cybersecurity posture across the broader Microsoft environment, giving organizations a more complete picture when these tools are combined.

Entra Expands Secure Access for AI Agents + Passwordless Future

Microsoft Entra is doubling down on identity for the AI era with new capabilities including:

  • Agent ID (preview) for managing and governing enterprise AI agents
  • AI-powered Security Copilot agents for access reviews, risk management, conditional access optimization, and app lifecycle automation
  • Network-level protections for generative AI usage to block prompt injection and inspect sensitive data flows
  • New Entra ID protections including broader passkey support and enhanced risk remediation

With organizations rapidly building and deploying their own agentic workflows, governing AI identities will be essential — and we expect to explore this more in future Ontinue content.

Unified Security Posture Management for Multicloud (Defender for Cloud)

Defender for Cloud continues to be a Microsoft priority, and this year brings:

  • A cloud security dashboard unifying posture and threat protection
  • Multicloud asset inventory across AWS, Azure, and GCP
  • Built-in exposure management capabilities

Many customers have expressed a need for clearer multicloud visibility. Between this and our existing Ontinue Defender for Cloud workshop, there’s real momentum here.

Security Copilot Now Included in Microsoft 365 E5:  A Major Shift for Security AI Adoption

Another big announcement is that Security Copilot is now included in Microsoft 365 E5, unlocking broad access to agentic Security AI across the enterprise without requiring additional licensing.

Microsoft is introducing a new consumption model centered on Security Compute Units (SCUs) that scale with the number of paid user licenses an organization already has.

How the new licensing works:

Customers with Microsoft 365 E5 will receive:

  • 400 SCUs per month for every 1,000 paid user licenses
  • Up to 10,000 SCUs per month at no additional cost
  • Proportional scaling for organizations with fewer than 1,000 licenses

Microsoft notes that these included units are expected to cover typical Copilot security scenarios for most organizations.

Examples:

  • 400 user licenses → 160 SCUs/month
  • 4,000 user licenses → 1,600 SCUs/month

This is a major win for organizations of all sizes. By bundling Security Copilot into E5 and providing built-in SCU capacity,  Microsoft is dramatically lowering the barrier to adopting agentic Security AI.

Security teams can begin benefiting from automated investigation, remediation, identity risk assessment, and Copilot-driven insights without the friction of additional licensing negotiations or incremental cost.

What This Means for You

The Book of News shows a consistent theme: AI-driven security, identity-centric protection, and more automation woven throughout Microsoft’s ecosystem.

We’re already evaluating how these capabilities can complement Ontinue’s Microsoft-first MXDR approach.

Over the coming weeks, we’ll break down several of these announcements in deeper, standalone blog posts — including what they mean for customers and how they fit into the broader evolution of SecOps.

Attending Microsoft Ignite? Come See Us.

If you’re at Ignite this week, stop by Booth #5210 to see how Ontinue is helping Microsoft Security customers strengthen resilience, safeguard trust, and operate more efficiently with AI-powered MXDR.

Not attending Ignite? No worries, stay tuned. We’ll continue publishing insights from the announcements, sessions, and emerging capabilities unveiled throughout the event.

Sharing
Keywords

Related Articles

A person using a touchscreen tablet to enter login credentials, with a lock symbol on the screen. A smartphone displaying a verification prompt is nearby. This illustrates cyber criminals leveraging built-in Microsoft tools.
Blog
Built-in Threats: How Cybercriminals Are Turning Microsoft Tools Into Attack Vectors

Read More >
A man wearing glasses sits at a desk, thoughtfully holding a tablet. In the background, a laptop is visible, with soft lighting creating a modern office environment.
Webinar
Are You Ready for Copilot for Security

Watch Webinar >
Demystifying Agentic AI and Microsoft Security Store for Security Operations

Read More >
A man wearing glasses, looking intently at a computer screen in a dimly lit room, with blurred figures seated behind him, focused on their own screens. A colorful logo appears in the lower left corner.
Blog
Exploring the Future of Cybersecurity with Microsoft Copilot for Security 

Read Blog >