Welcome to the AI Agent & Copilot Podcast, analyzing the latest AI Copilot and agent developments from Microsoft and its partners, delving into customer use cases, and exploring how AI plus the Cloud helps customers reimagine their business.
In this episode, Jason Revill, Global Security Practice Technology Lead at Avanade discusses his company’s design partnership with Microsoft for the recently updated Sentinel security platform, new Avanade AI agents for security, and how centralized security data storage in the form of a data lake will benefit customers.
Highlights
Security Data Storage and Compression (02:13)
Revill explains the computational power and AI capabilities enhanced by the new Sentinel data lake, making it more effective for security operations. He discusses the previous challenges of offline, hard-to-access long-term data storage and the benefits of the new data lake, which allows for longer storage durations and better data compression, increasing compliance and data accessibility. Storing more data enables AI models to detect more patterns and connect dots that humans might miss.
Multi-Vendor Integration and Universal Connector Architecture (06:35)
Microsoft’s universal connector architecture allows for the integration of security signals from multiple third-party sources. Revill explains the significance of integrating data from various sources, using SAP data as an example of the benefits and impact of the connectors. The graph layer further connects and visualizes the data, making it more actionable and easy to query.
Avanade-Microsoft Design Partnership (09:38)
Partnerships including Avanade-Microsoft (Avanade is a Microsoft-Accenture joint venture) provide Microsoft with valuable insights in developing features based on real-world experiences and customer feedback. Revill mentions specific features proposed by Avanade, such as visibility into the cost of Security Copilot usage, which have been implemented.
AI Agent & Copilot Summit is an AI-first event to define opportunities, impact, and outcomes with Microsoft Copilot and agents. Building on its 2025 success, the 2026 event takes place March 17-19 in San Diego. Get more details.
New Analytics Optimizer and Threat Shield Agents (11:01)
Revill explains the Analytics Optimizer’s role in identifying noisy incidents and optimizing Sentinel rules, reducing false positives and improving Security Operations Center (SOC) analyst efficiency. The Threat Shield agent focuses on threat intelligence sources and writing rules to improve detection coverage. He emphasizes the symbiotic relationship between the Analytics Optimizer and Threat Shield, enhancing continuous improvement and detection.
Endpoint Risk Insights and Agent Deployment (14:38)
The third new agent, Endpoint Risk Insights, helps prioritize vulnerabilities and patching efforts. The agent leverages Defender for Endpoint signals and correlates them with known exploited vulnerabilities. The agent generates a tailored list of devices with critical vulnerabilities, aiding in prioritizing patching and isolation efforts. Customers deploy these agents through Security Copilot, requiring minimal customization and configuration.
Availability of New Agents, Future Directions (18:49)
Revill notes that four more agents are close to being finalized, with more advanced capabilities due to recent developments in Microsoft’s platform. The new agents will leverage advanced features like the new build feature, VS Code extensions, and Model Context Protocol (MCP) server capabilities.
Tom Smith
Analyst
Cloud Wars, Agent and Copilot
Related Posts
