6 major Microsoft Ignite updates set to shake-up your security strategy

Ignite 2025 made one thing clear: AI is moving faster than most organisations can govern.

Agents, automations and integrations are now part of everyday work, but many teams still lack the visibility and control to manage them properly.

Microsoft’s updates focus on securing the AI systems working alongside employees, not just the employees themselves.

Kocho’s Technology Evangelist, David Guest, breaks down the updates that should shape your 2026 identity and security roadmap.

Watch the video below to get his expert thoughts:

TL;DR

• AI agents become governable: Agent ID / Agent 365 makes automations visible and controlled.
• AI traffic gets guardrails: Global Secure Access (GSA) blocks risky prompts, uploads and shadow tools.
• Passwordless becomes workable: Passkeys supported across Windows, Apple and Android.
• Endpoints get easier to run: Intune flags bad changes and clears out old devices.
• Data protection catches up: Purview labels multi-cloud data and governs AI agents.
• Security Copilot becomes standard: E5 now includes built-in AI help across security.

1. AI agents finally get governed identities

Most organisations have more AI agents in production than they realise: Copilot extensions, Power Automate bots, scripts, Azure AI Foundry experiments, Copilot Studio creations.

They behave like users, but until now, they haven’t been managed like users.

This is what Entra Agent ID and Agent 365 have been deployed to fix.

Every agent now gets:

• A discoverable identity
• Least-privilege permissions
• Proper lifecycle management
• Access reviews and policy controls

It means AI agents stop being “background automation” and start being accountable entities within your identity model. And because Agent 365 centralises discovery and oversight, you can actually see the estate you’re trying to govern.

This is where the narrative starts: AI becomes something you can govern rather than something you hope is behaving itself.

2. Entra authentication takes another step towards true passwordless

If AI systems are now identities, those identities need strong authentication. And so do the people operating alongside them.

This year’s authentication updates include:

• Cross-ecosystem passkeys for Windows, Apple and Android
• Granular rollout profiles to phase deployment safely
• Risk-based remediation for passwordless users
• Verified ID recovery, including government ID checks

This strengthens the human side of the model: AI identities are governed, and human identities are harder to compromise.

3. Global Secure Access adds real AI traffic control

Once humans and agents are governed, the next weak point is how they interact with AI tools on the internet.

Identity policies can’t stop someone pasting client data into the wrong AI chat window. Network controls can.

Global Secure Access now provides:

• Network-level DLP for AI uploads
• Prompt injection protection
• Shadow AI visibility before it embeds into daily workflow
• The ability to block unapproved MCP servers

This closes off the most common cause of AI-related risk: good people trying to be productive with whatever tool is fastest.

Now the access layer can say: AI traffic is inspected, controlled and logged, not trusted blindly.

4. Intune’s endpoint management gets AI assistance

Endpoints remain the foundation of user and agent activity, yet it’s also where we find some of the biggest operational challenges. Not headline-grabbing security flaws, but the day-to-day incidents that eat entire afternoons.

Intune’s updates target exactly those pain points:

• Security Copilot agents for policy generation and change review
• Automated device offboarding
• Remote access to Windows Recovery Environment
• Safer, more predictable rollout rings
• Better cross-platform management for Windows, macOS, iOS and Android

These changes are designed to remove friction from every mixed-fleet environment. AI helps prevent the misconfigurations and delays that make environments brittle.

5. Purview upgrades reflect how data really moves in 2025

Data no longer stays inside Microsoft 365. It moves through:

• AI prompts
• Slack threads
• SaaS apps
• Multi-cloud storage
• Internal systems triggered by agents

Purview’s updates recognise this reality:

• DSPM that prioritises what actually needs fixing
• Auto-labelling extended to SQL, Snowflake and S3
• Data controls extended to AI agents
• Inline protection across Edge and 30+ AI apps

This creates a data governance layer that can keep pace with the speed of collaboration and automation. If AI is going to act on your data, Purview needs to be the brakes and the seatbelt. These updates enable that possibility.

6. Security Copilot now available within your E5 licence

Security Copilot is now included in Microsoft 365 E5. No add-on. No provisioning. No separate project.

E5 tenants get a monthly pool of Security Compute Units (SCU) powering embedded Copilot agents that take on the repetitive, time-consuming work that slows down security operations:

• Conditional Access tuning
• Access reviews
• Data investigations
• Alert summarisation
• Phishing triage
• Endpoint configuration checks

Copilot now works alongside the new identity, access, endpoint and data capabilities described above. It creates the connective tissue that helps teams actually use the security model they’ve been building.

So, if you run E5, AI can now become part of your daily security workflow, rather than something you trial when you have spare time.

The bigger picture

Ignite 2025 didn’t give us “more features.” It gave us the missing layers needed to run AI safely at scale:

• Identity governance for agents
• Stronger authentication for users
• Network controls for AI traffic
• Endpoint stability with AI assistance
• Data protection built for multi-cloud and AI workflows
• Copilot baked into E5 as standard operational capability

The message underneath all of it is simple:

AI is now part of the workforce. Your security stack needs to treat it like one of the team.

If you’re shaping your 2026 security roadmap, this is your new starting point.

At Kocho, we’re proud of our status as one of Microsoft’s leading partners in identity and security. If you’d like to know more about how to maximise the value of these new features in your environment, please contact us today.