On Friday, after months of internal discussions, federal agencies began posting on the left-friendly social network. Within days, they dominated a list of the most-blocked accounts.

Google Skills is a new home for building skills in AI, and learning about other topics like data analytics and security.

Software development teams are drowning in noise. Thousands of vulnerabilities flood security dashboards, but only a fraction pose real risk. Developers context-switch between planning backlogs, triaging security findings, reviewing code, and responding to CI/CD failures — losing hours to manual work. GitLab 18.5 calms this chaos.

At the heart of this release is a valuable improvement in overall usability of GitLab and how AI integrates into your user experience. A new panel-based UI makes it easier to see data in context, and allows GitLab Duo Chat to be persistently visible across the platform, wherever it is needed. Purpose-built agents tackle vulnerability triage and backlog management, and popular AI tools integrate with agentic workflows even more seamlessly than before. We’ve also extended our market-leading security capabilities to help you better identify exploitable vulnerabilities versus theoretical ones, distinguish active credentials from expired ones, and scan only changed code to keep developers in flow.

What’s new in 18.5

18.5 represents our biggest release so far this year — watch our introduction to the release, and read more details below. <div style="padding:56.25% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/1128975773?badge=0&autopause=0&player_id=0&app_id=58479" frameborder="0" allow="autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share" referrerpolicy="strict-origin-when-cross-origin" style="position:absolute;top:0;left:0;width:100%;height:100%;" title="GitLab_18.5 Release_101925_MP_v2"></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>

<p></p>

Modern user experience with quick access to GitLab Duo everywhere

GitLab 18.5 improves the GitLab user experience with a more usable, intuitive interface driven by a new panel-based layout.

Panels present information side by side, allowing you to work more contextually. When you click on an issue in the issues list, you will see the details in its side panel. You can then open the GitLab Duo Chat panel on the right side of the interface as an on-demand assistant, allowing you to engage your agents with contextual questions and instructions from anywhere in the GitLab experience. Other subtle, but usability-driven improvements include the move of the global search box to the top center for improved accessibility, while global navigation elements — including My Issues, Merge Requests, To-Dos, and the user icon — relocate to the top right. The left navigation menu now collapses and expands to provide flexible sidebar management.

The panel UI will be "default-off" in GitLab 18.5, with an opt-in toggle available located under your user icon. To learn more about how to enable or disable this feature, reference the documentation here. Please share your feedback and file bugs on anything you don’t love! Our engineers are listening. Assuming you love the experience as much as our own team, this toggle is expected to be removed in 18.6, making the panel UI standard across all user experiences.

Updates to GitLab Duo Agent Platform

Security Analyst Agent: Transform manual vulnerability triage into intelligent automation

GitLab Duo Security Analyst Agent automates vulnerability management workflows through AI-powered analysis, helping transform hours of manual triage into intelligent automation. Building on the Vulnerability Management Tools available through GitLab Duo Agentic Chat, Security Analyst Agent orchestrates multiple tools, applying security policies, and creating custom flows for recurring workflows automatically.

Security teams can access enriched vulnerability data, including CVE details, static reachability analysis, and code flow information, while executing operations like dismissing false positives, confirming threats, adjusting severity levels, and creating linked issues for remediation — all through conversational AI. The agent reduces repetitive clicking through vulnerability dashboards and replaces custom scripts with simple natural language commands.

For example, when a security scan reveals dozens of vulnerabilities, simply prompt: "Dismiss vulnerabilities with reachable=FALSE and create issues for critical findings." Security Analyst Agent analyzes reachability data, applies security policies, and completes bulk operations in moments — helping decrease work that would otherwise take hours.

While individual Vulnerability Management Tools can be accessed directly through Agentic Chat for specific tasks, Security Analyst Agent orchestrates these tools intelligently and automates complex multi-step workflows. Note that Vulnerability Management Tools are available through Agentic Chat on GitLab Self-managed and GitLab.com instances, and Security Analyst Agent is available on GitLab.com only for 18.5, while availability in Self-managed and Dedicated environments will come with our next release. Watch this demo:

<div style="padding:56.25% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/1128975984?badge=0&autopause=0&player_id=0&app_id=58479" frameborder="0" allow="autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share" referrerpolicy="strict-origin-when-cross-origin" style="position:absolute;top:0;left:0;width:100%;height:100%;" title="18.5 Security Demo"></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>

<p></p>

GitLab Duo Planner: Turn backlog chaos into strategic clarity

Managing complex software delivery requires constant context-switching between planning tasks. GitLab Duo Planner addresses the real-world planning challenges we see teams face every day. Duo Planner acts as your teammate with awareness of your project context, including how you manage issues, epics, and merge requests. Unlike generic AI assistants, it's purpose-built with deep knowledge of GitLab's planning workflows coupled with Agile and prioritization frameworks to help you balance effort, risk, and strategic alignment.

GitLab Duo Planner can turn vague ideas into structured planning hierarchies, identify stale backlog items, and draft executive updates. For example, when refining your backlog with hundreds of issues accumulated over months, simply prompt: "Identify stale backlog items and suggest priorities." Within seconds, you'll receive a structured summary showing issues without recent activity, items missing key details, duplicate work, and recommended priorities based on labels and milestones, complete with actionable recommendations.

For teams managing complex roadmaps, the Planner aims to eliminate hours of manual analysis and context-switching, helping Product Managers and engineering leads make faster, more informed decisions. As of 18.5, GitLab Duo Planner is currently “read-only,” meaning that it can analyze, plan, and suggest, but cannot yet take direct action to modify anything. Please see our documentation for more information.

Extensible Agent Catalog: Popular AI tools as native GitLab agents

GitLab 18.5 introduces popular AI agents directly into the AI Catalog, making external tools like Claude, OpenAI Codex, Google Gemini CLI, Amazon Q Developer, and OpenCode available as native GitLab agents. Users can now discover, configure, and deploy these agents through the same unified catalog interface used for GitLab's built-in agents, with automatic syncing of foundational agents across organization catalogs.

This eliminates the complexity of manual agent setup by providing a point-and-click catalog experience while maintaining enterprise-grade security through GitLab's authentication and audit systems. GitLab Duo Enterprise subscriptions now include built-in usage of Claude and Codex within GitLab, allowing you to use your existing GitLab subscription for these tools without requiring separate API keys or additional billing setup. Other agents may still require separate subscriptions and configuration while we finalize our integration plans.

Self-hosted GitLab Duo Agent Platform (Beta): Address data sovereignty requirements without sacrificing AI power

GitLab 18.5 moves GitLab Duo Agent Platform's self-hosted capabilities from experimental to beta, enabling organizations to execute AI agents and flows entirely within their own infrastructure — critical for regulated industries and data sovereignty requirements. The beta release includes improved timeout configurations and AI Gateway settings, allowing teams to use AI agents for code reviews, bug fixes, and feature implementations, while providing enterprise-grade security for sensitive code.

Smarter, faster security: Prioritize real risks and keep developers in the flow

GitLab 18.5 introduces new application security capabilities that help teams focus on exploitable risk, reduce noise, and strengthen software supply chain security. These updates continue our commitment to building security directly into the development process — delivering precision, speed, and insight without disrupting developer flow.

Static Reachability Analysis

With over 37,000 new CVEs issued this year, security teams face an overwhelming volume of vulnerabilities and struggle to understand which ones are truly exploitable. Static Reachability Analysis, now in limited availability, brings library-level precision by helping to identify whether vulnerable code is actually invoked in your application, not just present in dependencies.

Paired with our recently released Exploit Prediction Scoring System (EPSS) and Known Exploited Vulnerability (KEV) data, security teams can more effectively accelerate vulnerability triage and prioritize real risks to help strengthen overall supply chain security. In 18.5, we’re adding support for Java, alongside existing support for Python, JavaScript, and TypeScript.

Secret Validity Checks

Just as Static Reachability Analysis helps teams prioritize exploitable vulnerabilities from open source dependencies, Secret Validity Checks bring the same insight to exposed secrets — currently available in beta on GitLab.com and GitLab Self-Managed. For GitLab-issued security tokens, instead of manually verifying whether a leaked credential or API key is active, GitLab automatically distinguishes active secrets from expired ones directly in the Vulnerability Report. This helps enable security and development teams to focus remediation efforts on genuine risks. Support for AWS- and GCP-issued secrets is planned for future releases.

Custom rules for Advanced SAST

Advanced SAST runs on rules informed by our in-house security research team, designed to maximize accuracy out of the box. However, some teams required additional flexibility to tune the SAST engine for their specific organization. With Custom Rules for Advanced SAST, AppSec teams can define atomic, pattern-based detection logic to help capture security issues specific to their organization — like flagging banned function calls — while still using GitLab’s curated ruleset as the baseline. Customizations are managed through simple TOML files, just like other SAST ruleset configurations. While these rules will not support taint analysis, they do give organizations greater flexibility in achieving accurate SAST results.

Advanced SAST C and C++ language support

We’re expanding our language coverage for Advanced SAST to include C and C++, which are widely used languages in embedded systems software development. To enable scanning, projects must generate a compilation database that captures compiler commands and includes paths used during builds. This works to ensure the scanner can accurately parse and analyze source files, delivering precise, context-aware results that help security teams identify real vulnerabilities in the development process. The implementation requirements for C and C++ require specific configurations, which can be found in our documentation. Advanced SAST C and C++ support are currently available in beta.

Diff-based SAST scanning

Traditional SAST scans re-analyze entire codebases with every commit, slowing pipelines and disrupting developer flow. The developer experience is a critical consideration that can make or break the adoption of application security testing. Diff-based SAST scanning aims to speed up scan times by focusing only on the code changed in a merge request, reducing redundant analysis and surfacing relevant results tied to the developer’s work. By aligning scans with actual code changes, GitLab delivers faster, more focused feedback that helps keep developers in flow while maintaining strong security coverage.

Simplify API configurations

API-driven workflows offer power and flexibility, but they can also create unnecessary complexity for tasks that teams need to perform regularly. The new Maven Virtual Registry interface brings a UI layer to these operations.

Maven Virtual Registry interface

The new web-based interface for managing Maven Virtual Registries turns complex API configurations into visual simplicity, providing a more intuitive experience for package administrators and platform engineers.

Previously, teams configured and maintained virtual registries only through API calls, which made routine maintenance time-consuming and required specialized platform knowledge. The new interface removes that barrier, helping to make everyday tasks faster and easier.

With this update, you can now:

• Create virtual registries to simplify dependency configuration
• Create and order upstreams to help improve performance and compliance
• Browse and clear stale cache entries directly in the UI

This visual experience helps reduce operational overhead and provides development teams with clearer insight into how dependencies are resolved, enabling them to make better decisions about build performance and security policies.

Watch a demo:

<!-- blank line --> <figure class="video_container"> <iframe src="https://www.youtube.com/embed/CiOZJPhAvaI?si=cYaoR_OIgqFKbyM2" frameborder="0" allowfullscreen="true"> </iframe> </figure> <!-- blank line -->

<p></p>

We invite enterprise customers to join the Maven Virtual Registry Beta program and share feedback to help shape the final release.

AI that adapts to your workflow

This release represents more than new capabilities — it's about choice and control. Watch the walkthrough video here:

<p></p>

<div style="padding:56.25% 0 0 0;position:relative;"><iframe src="https://player.vimeo.com/video/1128992281?badge=0&autopause=0&player_id=0&app_id=58479" frameborder="0" allow="autoplay; fullscreen; picture-in-picture; clipboard-write; encrypted-media; web-share" referrerpolicy="strict-origin-when-cross-origin" style="position:absolute;top:0;left:0;width:100%;height:100%;" title="18.5-tech-demo"></iframe></div><script src="https://player.vimeo.com/api/player.js"></script>

<p></p>

GitLab Premium and Ultimate users can start using these capabilities today on GitLab.com and self-managed environments, with availability for GitLab Dedicated customers planned for next month.

GitLab Duo Agent Platform is currently in beta — enable beta and experimental features to experience how full-context AI can transform the way your teams build software. New to GitLab? Start your free trial and see why the future of development is AI-powered, secure, and orchestrated through the world’s most comprehensive DevSecOps platform.

Note: Platform capabilities that are in beta are available as part of the GitLab Beta program. They are free to use during the beta period, and when generally available, they will be made available with a paid add-on option for GitLab Duo Agent Platform.

Stay up to date with GitLab

To make sure you’re getting the latest features, security updates, and performance improvements, we recommend keeping your GitLab instance up to date. The following resources can help you plan and complete your upgrade:

• Upgrade Path Tool – enter your current version and see the exact upgrade steps for your instance
• Upgrade Documentation – detailed guides for each supported version, including requirements, step-by-step instructions, and best practices

By upgrading regularly, you’ll ensure your team benefits from the newest GitLab capabilities and remains secure and supported.

For organizations that want a hands-off approach, consider GitLab’s Managed Maintenance service. With Managed Maintenance, your team stays focused on innovation while GitLab experts keep your Self-Managed instance reliably upgraded, secure, and ready to lead in DevSecOps. Ask your account manager for more information.

This blog post contains "forward‑looking statements" within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934. Although we believe that the expectations reflected in these statements are reasonable, they are subject to known and unknown risks, uncertainties, assumptions and other factors that may cause actual results or outcomes to differ materially. Further information on these risks and other factors is included under the caption "Risk Factors" in our filings with the SEC. We do not undertake any obligation to update or revise these statements after the date of this blog post, except as required by law.

The AI landscape is evolving rapidly, and with the introduction of Microsoft Agent Framework, developers now have a powerful platform for building sophisticated AI agents that go far beyond simple chat completions. These agents can execute complex, multi-step workflows with persistent state, conversation threads, and structured execution—capabilities that are essential for production AI applications.

Today, we're excited to share how Azure App Service provides an excellent platform for running Agent Framework workloads, especially those involving long-running operations. Let's explore why App Service is a great choice and walk through a practical example.

🔗 Quick link to sample app GitHub repo: https://github.com/Azure-Samples/app-service-agent-framework-travel-agent-dotnet

The Challenge: Long-Running Agent Framework Flows

Agent Framework enables AI agents to perform complex tasks that can take significant time to complete:

• Multi-turn reasoning: Iterative calls to large language models (LLMs) where each response informs the next prompt
• Tool integration: Function calling and external API interactions for real-time data
• Complex processing: Budget calculations, content optimization, multi-phase generation
• Persistent context: Maintaining conversation state across multiple interactions

These workflows often take 30 seconds to several minutes to complete—far too long for synchronous HTTP request handling. Traditional web applications run into several constraints:

⏱️ Timeout Limitations: HTTP requests have timeout constraints (typically 30-230 seconds)

⚠️ Connection Issues: Clients may disconnect due to network interruptions or browser navigation

📈 Scalability Concerns: Long-running requests block worker threads and don't survive app restarts

🎯 Poor User Experience: Users see endless loading spinners with no progress feedback

The Solution: Async Pattern with App Service

Azure App Service provides a robust solution through the asynchronous request-reply pattern combined with background processing:

1. API immediately returns (202 Accepted) with a task ID
2. Background worker processes the Agent Framework workflow
3. Client polls for status with real-time progress updates
4. Durable state storage (Cosmos DB) maintains task status and results

This pattern ensures:

✅ No HTTP timeouts—API responds in milliseconds

✅ Resilient to restarts—state survives deployments and scale events

✅ Progress tracking—users see real-time updates (10%, 45%, 100%)

✅ Better scalability—background workers process independently

Rapid Innovation Support

The AI landscape is changing at an unprecedented pace. New models, frameworks, and capabilities are released constantly. Azure App Service's managed platform ensures your applications can adapt quickly without infrastructure rewrites:

• Framework Updates: Deploy new Agent Framework SDK versions like any application update
• Model Upgrades: Switch between GPT-4, GPT-4o, or future models with configuration changes
• Scaling Patterns: Start with combined API+worker, split into separate apps as needs grow
• New Capabilities: Integrate emerging AI services without changing hosting infrastructure

App Service handles the platform complexity so you can focus on building great AI experiences.

Sample Application: AI Travel Planner

To demonstrate this pattern, we've built a Travel Planner application that uses Agent Framework to generate detailed, multi-day travel itineraries. The agent performs complex reasoning including:

• Researching destination attractions and activities
• Optimizing daily schedules based on location proximity
• Calculating detailed budget breakdowns
• Generating personalized travel tips and recommendations

The entire application runs on a single P0v4 App Service with both the API and background worker combined—showcasing App Service's flexibility for hosting diverse workload patterns in one deployment.

Key Architecture Components

Azure App Service (P0v4 Premium)

• Hosts both REST API and background worker in a single app
• "Always On" feature keeps background worker running continuously
• Managed identity for secure, credential-less authentication

Azure Service Bus

• Decouples API from long-running Agent Framework processing
• Reliable message delivery with automatic retries
• Dead letter queue for error handling

Azure Cosmos DB

• Stores task status with real-time progress updates
• Automatic 24-hour TTL for cleanup
• Rich query capabilities for complex itinerary data

Azure AI Foundry

• Hosts persistent agents with conversation threads
• Structured execution with Agent Framework runtime
• GPT-4o model for intelligent travel planning

One of the powerful features of using Azure AI Foundry with Agent Framework is the ability to inspect agents and conversation threads directly in the Azure portal. This provides valuable visibility into what's happening during execution.

Viewing Agents and Threads in Azure AI Foundry

When you submit a travel plan request, the application creates an agent in Azure AI Foundry. You can navigate to your AI Foundry project in the Azure portal to see:

Agents

• The application creates an agent for each request
• Important: Agents are **automatically deleted** after the itinerary is generated to keep your project clean
• Tip: You'll need to be quick! Navigate to Azure AI Foundry right after submitting a request to see the agent in action
• Once processing completes, the agent is removed as part of the cleanup process

Conversation Threads

• Unlike agents, threads persist even after the agent completes
• You can view the complete conversation history at any time
• See the exact prompts sent to the model and the responses generated
• Useful for debugging, understanding agent behavior, and improving prompts

The ephemeral nature of agents (created per request, deleted after completion) keeps your Azure AI Foundry project clean while the persistent threads give you full traceability of every interaction.

Get Started Today

The complete Travel Planner application is available as a reference implementation so you can quickly get started building your own apps with Agent Framework on App Service.

🔗 GitHub Repository: https://github.com/Azure-Samples/app-service-agent-framework-travel-agent-dotnet

The repo includes:

• Complete .NET 9 source code with Agent Framework integration
• Infrastructure as Code (Bicep) for automated deployment
• Web UI with real-time progress tracking
• Comprehensive README with deployment instructions

Deploy in minutes:

git clone https://github.com/Azure-Samples/app-service-agent-framework-travel-agent-dotnet.git cd app-service-agent-framework-travel-agent-dotnet azd auth login azd up

Key Takeaways

✅ Agent Framework enables sophisticated AI agents beyond simple chat completions

✅ Long-running workflows (30s-minutes) require async patterns to avoid timeouts

✅ App Service provides a simple, cost-effective platform for these workloads

✅ Async request-reply pattern with Service Bus + Cosmos DB ensures reliability

✅ Rapid innovation in AI is supported by App Service's adaptable platform

Whether you're building travel planners, document processors, research assistants, or other AI-powered applications, Azure App Service gives you the flexibility and reliability you need—without the complexity of container orchestration or function programming models.

What's Next? Build on This Foundation

This Travel Planner is just the starting point—a foundation to help you understand the patterns and architecture. Agent Framework is designed to grow with your needs, making it easy to add sophisticated capabilities with minimal effort:

🛠️ Add Tool Calling

Connect your agent to real-time APIs for weather, flight prices, hotel availability, and actual booking systems. Agent Framework's built-in tool calling makes this straightforward.

🤝 Implement Multi-Agent Systems

Create specialized agents (flight expert, hotel specialist, activity planner) that collaborate to build comprehensive travel plans. Agent Framework handles the orchestration.

🧠 Enhance with RAG

Add retrieval-augmented generation to give your agent deep knowledge of destinations, local customs, and insider tips from your own content library.

📊 Expand Functionality

• Real-time pricing and availability
• Interactive refinement based on user feedback
• Personalized recommendations from past trips
• Multi-language support for global users

The beauty of Agent Framework is that these advanced features integrate seamlessly into the pattern we've built. Start with this sample, explore the Agent Framework documentation, and unlock powerful AI capabilities for your applications!

Learn More

• Microsoft Agent Framework Documentation
• Azure App Service Documentation
• Async Request-Reply Pattern
• Sample Application GitHub Repo

Have you built AI agents on App Service? We'd love to hear about your experience! Share your thoughts in the comments below.

Questions about Agent Framework on App Service? Drop a comment and our team will help you get started.

With increasing cyber threats, security teams require intelligent agents that adapt and operate throughout the security stack, not just automation. Key statistics from our Microsoft Digital Defense Report 2024 which highlights this concerning trend of Cybersecurity threats: 

• Over 600 million cyberattacks per day targeting Microsoft customers 

• 2.75x increase in ransomware attacks year-over-year 

• 400% surge in tech scams since 2022 

• Growing collaboration between cybercriminals and nation-state actors 

In my previous blogs, I explored how AI agents are transforming security operations in Microsoft Defender XDR, Intune, and Entra: 

• Phishing Triage Agent in Defender XDR: Say Goodbye to False Positives and Analyst Fatigue 

• Intune AI Agent: Instant Threat Defense, Invisible Protection 

• Conditional Access Optimization Agent in Microsoft Entra Security Copilot 

Today, I’ll discuss how Security Copilot, Copilot for Azure in Azure, Defender for Cloud, and Security Copilot Agents in Microsoft Purview use AI to transform security, compliance, and efficiency across the Microsoft ecosystem. 

From Microsoft Learn

What Are Security Copilot Agents? 

Security Copilot Agents are modular, AI-driven assistants embedded in Microsoft’s security platforms. They automate, high-volume repetitive tasks, deliver actionable insights, and streamline incident responses. By leveraging large language models (LLMs), Microsoft’s global threat intelligence, and your organization’s data, these agents empower security teams to work smarter and faster. Microsoft Security Copilot agents overview 

Agents are available in both standalone and embedded experiences and can be discovered and configured directly within product portals like Defender, Sentinel, Entra, Intune, and Purview.  

Why Security Copilot Agents Matter 

Security Copilot Agents represent a paradigm shift in cyber defense: 

• Automation at Scale: They handle high-volume repetitive tasks, freeing up human expertise for strategic initiatives. 

• Adaptive Intelligence: Agents learn from feedback, adapt to workflows, and operate securely within Microsoft’s Zero Trust framework. 

• Operational Efficiency: By reducing manual workloads, agents accelerate response, prioritize risks, and strengthen security posture. Microsoft Security Copilot Frequently Asked Questions 

 Security Copilot Agents in Azure and Defender for Cloud 

From Microsoft Learn

Azure and Defender for Cloud now feature embedded Security Copilot and Copilot for Azure that help security professionals analyze, summarize, remediate, and delegate recommendations using natural language prompts. This integration streamlines security management by: 

• Risk Exploration: Agents help admins identify misconfigured resources and focus on those posing critical risks, using natural language queries. 

• Accelerated Remediation: Agents generate remediation scripts and automate pull requests, enabling rapid fixes for vulnerabilities. 

• Noise Reduction: By filtering through alerts and recommendations, agents help teams focus on the most impactful remediations. 

• Unified Experience: Security Copilot and Copilot for Azure work together to provide context, explain recommendations, and guide implementation steps, all within the Defender for Cloud portal. Microsoft Security Copilot in Defender for Cloud 

 

From Microsoft Learn

Security Copilot Agents in Microsoft Purview 

Microsoft Purview leverages Security Copilot agents to automate and scale Data Loss Prevention (DLP) and Insider Risk Management workflows. Here are more details: 

• Alert Triage Agent (DLP): Evaluates alerts based on sensitivity, exfiltration, and policy risk, sorting them into actionable categories. 

• Alert Triage Agent (Insider Risk): Assesses user, file, and activity risk, prioritizing alerts for investigation. 

• Managed Alert Queue: Agents sift out high-risk activities from lower-risk noise, improving response time and team efficiency. 

• Comprehensive Explanations: Agents provide clear logic behind alert categorization, supporting transparency and compliance. 

Deployment: Enabling Security Copilot can be done in: 

• Azure portal https://portal.azure.com  

• Security Copilot portal https://securitycopilot.microsoft.com.  

Security Copilot requires per-seat licenses for human users, while all agent operations are billed by Security Compute Units (SCUs) on a pay-as-you-go basis. Agents do not need separate per-seat licenses; their costs depend solely on SCU consumption, and they typically run under a service or managed identity in the Copilot environment. Security Copilot Agent Responsible AI FAQ 

Security Copilot Agents: Unified Across the Microsoft Security Ecosystem  

From Microsoft Learn

Security Copilot Agents automate intelligence and security orchestration across Microsoft’s ecosystem, including Defender, Sentinel, Entra, Intune, Azure, Purview, Threat Intelligence, and Office. Their unified design enables consistent protection, swift responses, and scalable automation for security teams. Operating across multiple platforms, these agents provide comprehensive coverage and efficient threat response. 

• End-to-End Visibility: Agents correlate signals across domains, providing context, rich insights and automating common workflows. 

• Custom Agent Creation: Teams can build custom agents using no-code tools, tailoring automation to their unique environments. 

• Marketplace Integration: The new Security Store allows organizations to browse, deploy, and manage agents alongside conventional security tools, streamlining procurement and governance.  

Intune AI Agents: Device and Endpoint Management 

Intune AI Agents automate device compliance and endpoint security. They monitor configuration drift, remediate vulnerabilities, and enforce security baselines across managed devices. By correlating device signals with threat intelligence, these agents proactively identify risks and recommend mitigation actions, reducing manual workload and accelerating incident response. 

Defender for Cloud AI Agents: Threat Detection and Response 

Defender for Cloud AI Agents continuously analyze cloud workloads, network traffic, and user behavior to detect threats and suspicious activities. They automate alert triage, escalate high-risk events, and coordinate remediation actions across hybrid environments. Integration with other Copilot Agents ensures unified protection and rapid containment of cloud-based threats. 

Conditional Access Optimization Agent: Policy Automation 

The Conditional Access Optimization Agent evaluates authentication patterns, risk signals, and user activity to recommend and enforce adaptive access policies. It automates policy updates based on real-time threat intelligence, ensuring that only authorized users access sensitive resources while minimizing friction for legitimate users. 

Azure AI Agents: Cloud Security and Automation 

Azure AI Agents provide automated monitoring, configuration validation, and vulnerability management across cloud resources. They integrate with Defender for Cloud and Sentinel, enabling cross-platform correlation of security events and orchestration of incident response workflows. These agents help maintain compliance, optimize resource usage, and enforce best practices. 

Purview AI Agents: Compliance and Data Protection 

Purview AI Agents automate data classification, information protection, and compliance management for AI-powered applications and Copilot experiences. They enforce retention policies, flag sensitive data handling, and ensure regulatory compliance across organizational data assets. Their integration supports transparent security controls and audit-ready reporting. 

Phishing Triage Defender for Office AI Agents: Email Threat Automation 

Defender for Office AI Agents specialize in identifying, categorizing, and responding to phishing attempts. They analyze email metadata, attachments, and user interactions to detect malicious campaigns, automate alerting, and initiate containment actions. By streamlining phishing triage, these agents reduce investigation times and enhance protection against targeted attacks. 

Threat Intelligence Briefing Agent: Contextual Security Insights 

The Threat Intelligence Briefing Agent aggregates global threat intelligence, correlates it with local signals, and delivers actionable briefings to security teams. It highlights emerging risks, prioritizes vulnerabilities, and recommends remediation based on organizational context. This agent empowers teams with timely, relevant insights to anticipate and counter evolving threats. 

Marketplace Integration and Custom Agent Creation 

Organizations can leverage the Security Store to discover, deploy, and manage agents tailored to their specific needs. No-code tools facilitate custom agent creation, enabling rapid automation of unique workflows and seamless integration with existing security infrastructure. 

Getting Started 

To deploy Security Copilot Agents across the enterprise, make sure to 

1. Check Licensing: Ensure you have the required subscriptions and SCUs provisioned. 
2. Enable Agents: Use product portals to activate agents and configure settings. 
3. Integrate Across Products: Link agents for enhanced threat detection, compliance, and automated response. 
4. Monitor and Optimize: Use dashboards and reports to track effectiveness and refine policies. 

 

About the Author: Hi! Jacques “Jack” here, Microsoft Technical Trainer. As a technical trainer, I’ve seen firsthand how Security Copilot Agents accelerate secure modernization and empower teams to stay ahead of threats. Whether you’re optimizing identity protection, automating phishing triage, or streamlining endpoint remediation, these agents are your AI, powered allies in building a resilient security posture. 

#MicrosoftLearn #SkilledByMTT #MTTBloggingGroup

What’s changing?

Microsoft is announcing the end of support and retirement for Office Online Server effective December 31, 2026. After this date, Office Online Server will no longer receive security updates, bug fixes, or technical support from Microsoft. This change is part of our ongoing commitment to modernizing productivity experiences and focusing on cloud-first solutions. To help stay secure and compliant, begin planning now to move to supported options, such as Microsoft 365.

What does end of support mean?

• No more security updates. Systems running Office Online Server may be vulnerable to the evolving threat landscape.
• No bug fixes or technical support.
• Potential compliance risks. Unsupported software may put regulated organizations at risk of non-compliance.

This announcement does not apply to products that integrate with Office Online Server, such as Exchange Server Subscription Edition, SharePoint Server Subscription Edition, or Skype for Business Server Subscription Edition, which will continue to be supported. Learn more about the support timeline for Subscription Edition versions of Exchange Server, SharePoint Server, and Skype for Business Server.

Why is this happening?

Office Online Server was designed to provide browser-based versions of Word, Excel, PowerPoint, and OneNote for on-premises environments. As organizations have adopted Microsoft 365, Microsoft is focusing its browser-based Office app investments on Office for the Web to deliver secure, collaborative, and feature-rich experiences through Microsoft 365.

What is the alternative for Office Online Server?

If your organization relies on Office Online Server for browser-based document editing and collaboration, our recommended path is to transition to Microsoft 365, which includes cloud-powered versions of Word, Excel, PowerPoint, and OneNote. Microsoft 365 offers:

• Real-time collaboration and sharing.
• Automatic updates and ongoing support.
• Enhanced security and compliance features.
• Integration with Microsoft Teams, Outlook, SharePoint Online, and OneDrive for Business.
• Access to Microsoft 365 Copilot for AI-powered productivity.

Learn more about Microsoft 365. And for organizations with 150+ licenses, consider engaging Microsoft FastTrack to support your planning and migration to Microsoft 365.

For organizations using SharePoint Server Subscription Edition or Exchange Server Subscription Edition, Microsoft 365 Apps for Enterprise and Office LTSC 2024 remain supported desktop clients for viewing and editing documents hosted on those servers.

If your organization uses Office Online Server to host Excel workbooks in Power BI Report Server, that functionality will no longer be supported. Alternatives include viewing workbooks in the Excel desktop application or migrating to the Power BI service.

Prepare to make your move

Support for Office Online Server ends December 31, 2026. Continuing to use it after this date may expose your organization to security, compliance, and productivity risks. We therefore strongly encourage all customers to begin planning their transition to supported solutions today.

Microsoft is committed to helping you prepare. Use the resources below to help you get started:

• Explore Microsoft 365 offerings for modern, cloud-powered collaboration.
• Engage your Microsoft account team and Microsoft FastTrack (150+ seats) for migration planning.
• See the instructions for how to disconnect Office Online Server from a SharePoint Server farm.

Thank you for being a Microsoft customer!