The Collective

Microsoft Ignite 2025 Recap: Key Security and Infrastructure Updates

by | Dec 22, 2025 | Blog

Microsoft Ignite 2025 update

Microsoft Ignite 2025 brought a wave of announcements that will shape how we approach security and infrastructure in 2026. We’ve analyzed the key updates and identified what matters most for security and infrastructure engineers. Here’s what you need to know across Security and Identity, Endpoints, and Azure.

 

Security and Identity: Autonomous Protection

Security Copilot Now Included in E5

Microsoft is making Security Copilot available to Microsoft 365 E5 customers as part of their licensing, providing 400 Security Compute Units (SCUs) per 1,000 licenses. makes AI-powered security tools accessible across Microsoft Defender, Sentinel, and Entra ID without additional procurement.

Note: Rollout began in November 2025 but happens in stages, you’ll receive a 30-day notice before activation.

Attack Disruption Expands Beyond Microsoft

Attack Disruption, which autonomously responds to security incidents, now supports Proofpoint, AWS, and Okta data. This expansion enables coordinated defensive actions across your entire security stack, not limited to just Microsoft products.

Predictive Shielding: Stop Attacks Before They Spread

While Attack Disruption responds after detection, Predictive Shielding proactively blocks lateral movement. When a device is compromised, Defender XDR maps potential attack paths and implements protective measures:

  • Disables safe boot to prevent antivirus bypass
  • Blocks GPO creation to stop ransomware deployment
  • Contains user accounts in the attack chain

Critical: Keep your assets properly tagged in Defender XDR Exposure Management. This classification directly impacts protection effectiveness.

AI Agent Governance

Microsoft Agent 365 and Entra Agent ID provide centralized visibility and control over AI agents, bringing familiar identity management features to this new landscape: conditional access, lifecycle management, and authentication controls.

Unified Security Portal

Defender for Cloud is now fully integrated into the Defender XDR portal, creating a true single pane of glass with unified attack paths, RBAC, and recommendations across Azure and AWS.

Syncable Passkeys: Usability Meets Security

Syncable passkeys allow storage in third-party password managers, improving user experience across devices. While this creates convenience, consider keeping traditional device-bound passkeys for high-privilege accounts. Read our detailed analysis for implementation guidance.

Defender XDR: Better Control and Visibility

Custom Data Collection Rules

Specify which endpoint events must always be captured, ensuring critical detections never miss due to the default data sampling. Perfect for monitoring sensitive processes like Entra ID authentication (PRT token access).

Enhanced Legacy Support

The new Defender for Endpoint agent for Windows 7 SP1 and Windows Server 2012 R2 brings modern capabilities to legacy systems: device isolation, full Defender Antivirus, and Attack Disruption support.

Universal Deployment Tool

The Defender Deployment Tool automatically detects OS versions and installs all requirements. Deploy silently via GPO or Configuration Manager for easy large-scale onboarding.

 

Endpoints: Enhanced Management and Security

Licensing Changes

Microsoft is incorporating Intune Suite features directly into M365 E5 licenses. While the E5 price increases from $57 to $60 per user monthly, you gain valuable capabilities like Endpoint Privilege Management.

Endpoint Privilege Management Gets Better

Two major enhancements::

  • Elevate as Current User (already live): Processes run under the user’s actual identity, preserving profile settings and audit trails while maintaining security.
  • Network Configuration Elevation (Q1 2026): Allow specific network setting changes without full admin rights—perfect for engineers connecting to customer sites.

Windows Resiliency Improvements

Three interconnected features enhance recovery:

  • WinRE Remote Management: Manage recovery environments through Intune (H1 2026)
  • Point-in-Time Restore: Roll back OS, apps, settings, and files together
  • Cloud Rebuild: Reset using current cloud images with device-specific drivers

Windows Endpoint Security API

Learning from the CrowdStrike incident, Microsoft is trying to move security software out of the Windows kernel. The new unified API provides necessary visibility while reducing stability risks. General availability targeted for 2026.

New Intune Management Agents

Three AI-powered agents for Intune:

  • Change Advice Agent: Analyzes deployment impact of a policy change, backed by multi-stage approval functionality.
  • Device Offboarding Agent: Simplifies identifying stale devices and streamlines device removal
  • Policy Configuration Agent: Checks compliance with standards like STIG.

 

Azure: Secure AI Infrastructure

Microsoft Foundry Enhancements

Anthropic Model Support: Claude models (Sonnet 4.5, Opus 4.1, Haiku 4.5) are now available in your Microsoft Foundry environment.

Model Router (GA): Automatically selects the most cost-effective model based on task complexity, optimizing AI infrastructure costs.

MCP Marketplace

The Model Context Protocol marketplace simplifies AI integrations:

  • Managed Remote MCPs: Microsoft-hosted integrations (e.g., Microsoft Learn)
  • Self-Hosted MCPs: Deploy Logic Apps in your environment that act as MCP servers for internal systems like Entra ID or Sentinel

Hosted Agents

Deploy AI agents directly in Foundry without custom infrastructure. Perfect for rapid POCs and user testing before full development.

AI Gateway

Comprehensive security for AI workloads: MCP security, automated prompt moderation, and compliance controls. Essential for production AI deployments.

Azure Bastion Browser Support

Connect to VMs with Entra ID authentication directly through the Azure portal—no PowerShell or native clients needed.

Planning Your 2026 Roadmap

As you build your 2026 plans, prioritize:

  1. Autonomous Security: Implement Predictive Shielding and ensure critical assets are properly classified
  2. Endpoint Privilege Management: Eliminate standing admin rights while maintaining productivity
  3. AI Governance: Establish controls for agent proliferation early
  4. Infrastructure Resilience: Plan for enhanced recovery capabilities
  5. Cloud AI Strategy: Explore Microsoft Foundry if deploying AI applications

Moving Forward

These announcements provide clear opportunities to strengthen security posture and operational efficiency in 2026. At the Collective, we help organizations identify which capabilities matter for their specific environments and implement them effectively through our managed services.

If you’re planning your 2026 roadmap and want guidance on where these features fit, reach out. If you missed our webinar on the implications for you company, let us know and we’ll share the details with you.

We’re here to help you build more secure, resilient environments.