Data Security & AI Report — January 2026
How Microsoft doubled down on the foundations required to scale enterprise AI at Ignite
John Collison, co-founder and president of Stripe, recently sat down with Satya Nadella over a cheeky pint and asked a simple question: what should people be excited about at [November 2025’s] Microsoft Ignite?
Satya’s answer wasn’t about bigger models. It was about something far more operational: making sure AI actually gets diffused inside the enterprise.
Many organizations have learned how to admire someone else’s AI factory. Far fewer know how to build their own. And it turns out the hardest part of that journey isn’t using frontier models; it’s organising one’s own data layer.
Collison followed up with a sharp observation: “We still don’t have ‘deep research’ in a corporate context.” Satya responded immediately. This, he said, is what Copilot is really about. “To me, that is the killer feature.”
The most important database in any company isn’t only in some data lake. It’s email, documents, and Teams conversations. The semantic connections between all of that information live mostly in people’s heads. And historically, they’ve been lost.
What Microsoft has done, Satya explained, is take the graph that sits underneath everyday work and make it usable. For the first time, there’s meaningfully better recall. Work IQ for everyday productivity. Fabric IQ for analytics and business intelligence. Foundry IQ for homegrown corporate AI systems that need to understand both the organisation and each other’s role within it.
If models like Claude, ChatGPT, DeepSeek, and Mistral are about modeling the world’s intelligence writ large, Copilot is about modeling an organization’s intelligence within its boundaries.
Bill Gates coined the phrase “data at your fingertips” in a speech to corporate folks in the 1990s. It’s remained an evergreen promise for decades, largely because the plumbing never quite got there. But maybe this time that ideal is within reach.
This January edition focuses on the more sober side of the secure AI transition: good old-fashioned change management, and the move from AI experimentation to AI diffusion. It curates the Ignite announcements that signal why security is our most critical investment area at Microsoft alongside AI.
In this report
Security for AI: what matters now
Role-specific observability for AI systems (AI Observability)
Agentic security execution (Security Copilot)
Data security and AI governance (Purview)
Identity and access for AI agents (Entra ID)
Exploit-aware risk prioritization across cloud and applications (Defender for Cloud)
Autonomous defense and response (Defender XDR)
AI as the first responder for email-borne attacks (Defender for Office)
AI-native security reasoning and orchestration (Sentinel)
Platform foundations (Intune, Edge, cryptography)
Conclusion: From AI experimentation to AI diffusion
Security for AI: what matters now
The following sections walk through the Ignite 2025 Security briefings I’ve done with colleagues and customers, spanning everything from AI observability to endpoints and platform foundations.
Together, they show how Microsoft is reshaping security for a world where AI agents operate alongside humans, and where identity, data, cloud, and operations are increasingly designed and operated within one integrated security system.
Each entry highlights what changed, why it matters now, and what was newly introduced. You can view each briefing online or download the full PowerPoint using the links below.
Ignite 2025 Briefing – AI Observability for every role.ppt
Covers: Unified observability for AI agents and applications, with role specific views for IT, developers, and security leaders
Why it matters: Security needs to be woven into everything we build. Different roles need different views, but all should contribute to AI observability based on their strengths. These control planes make that possible.
New: Microsoft Agent 365, Foundry Control Plane, unified Security Dashboard for AI.
Ignite 2025 Briefing – Security Copilot.ppt
Covers: An agentic security layer embedded across Microsoft Defender, Entra, Intune, and Purview, with built-in, partner, and custom agents supporting security, identity, endpoint, and data workflows.
Why it matters: Security Copilot extends beyond the SOC. By introducing role-specific AI agents across data security, identity and access, endpoint management, and security operations, it helps teams offload routine work while keeping humans in control. This shifts security from reactive triage to continuous, assisted execution across the stack.
New: Security Copilot included with Microsoft 365 E5; SOC, identity, endpoint, and data security agents; partner-built agents; ability to build custom agents; unified agentic experience across Defender, Entra, Intune, and Purview.
Ignite 2025 Briefing – Purview
Covers: Data security, data security posture management (DSPM), and AI governance across users, data, and AI agents.
Why it matters: AI safety and compliance collapse without strong, enforceable data controls. As agents act autonomously, governance must extend beyond people to prompts, actions, and organisational outcomes.
New: AI-centric DSPM experience with third-party signals; Security Copilot–powered Purview agents (Data Security Triage Agent and Data Security Posture Agent); DLP for Microsoft 365 Copilot and agent prompts; AI observability for agent activity; inline data protection with real-time controls during prompts, responses, and browser interactions; automated regulatory mapping and AI compliance assessments.
Ignite 2025 Briefing – Entra ID
Covers: Identity, access, and Zero Trust controls for users and AI agents, including agent identity, lifecycle management, and AI gateway enforcement.
Why it matters: Identity becomes the anchor for AI security and agent governance. As agents act autonomously, they need unique identities, controlled lifecycles, and continuous policy enforcement across access and network boundaries.
New: Microsoft Entra Agent ID and centralized agent registry; agent lifecycle and access management; AI gateway controls including prompt injection protection and shadow AI detection; risk-based Conditional Access; AI-powered identity governance agents; Intelligent Local Access to reduce latency by enforcing access policies closer to users and agents.
Ignite 2025 Briefing – Defender for Cloud
Covers: Unified cloud security posture management and threat protection across multicloud environments, source code, serverless platforms, and AI agents.
Why it matters: Cloud risk is no longer confined to infrastructure. It spans code, runtime, serverless services, and autonomous AI agents. Defender for Cloud brings these layers together, allowing teams to prioritize what is truly exploitable and remediate issues where they originate.
New: Unified cloud security dashboard embedded in the Defender portal; deep GitHub Advanced Security integration with code-to-cloud risk mapping and Copilot-assisted remediation; posture management and threat protection for AI agents; extended CSPM coverage for serverless platforms including Azure Functions, Web Apps, and AWS Lambda.
Ignite 2025 Briefing – Defender XDR
Covers: Autonomous and agentic security operations across the extended detection and response (XDR) stack.
Why it matters: Security operations are shifting from manual investigation and reactive response to predictive, autonomous defense. Defender XDR enables SOCs to scale expertise, disrupt attacks earlier, and reduce blast radius without increasing analyst workload.
New: Defender Threat Intelligence Premium for enriched global signals at enterprise scale; agentic SOC capabilities (phishing, hunting, threat intelligence, and dynamic detection agents); predictive shielding and automatic attack disruption, for example selectively isolating endpoints from the network when risk escalates; expanded protection for low-code and pro-code AI agents; identity fabric correlation and attack path analysis; container threat investigation and response.
Ignite 2025 Briefing – Defender for Office
Covers: Agentic phishing detection, triage, and investigation for email and collaboration tools.
Why it matters: Email remains the highest-volume and most exploited attack vector. Automating phishing triage and grading reduces analyst toil, improves verdict quality, and allows security teams to focus on high-impact threats rather than manual review queues.
New: Security Copilot Phishing Triage Agent (generally available); agentic email grading with transparent, LLM-driven analysis; measurable improvements in detection accuracy and analyst efficiency; expanded Integrated Cloud Email Security (ICES) ecosystem with unified investigation and quarantine across Microsoft and partner detections.
Ignite 2025 Briefing – Sentinel
Covers: AI-native security information and event management (SIEM) built on graph-based security reasoning, a unified data lake, and agent-compatible interfaces.
Why it matters: Sentinel shifts SOCs from query-driven investigation to relationship-based reasoning and active response. By turning security data into graphs and exposing it to AI agents, Sentinel becomes the system that connects signals, understands blast radius, and orchestrates action.
New: Sentinel Graph (generally available) with ephemeral and materialized security graphs; Microsoft Sentinel MCP server for agentic security workflows; automatic attack disruption across AWS, Proofpoint, and Okta; AI-assisted SIEM migration from Splunk and QRadar; data lake innovations with improved KQL, notebooks, and new UEBA experiences; expanded out-of-the-box connectors across cloud, SaaS, and data security sources.
Ignite 2025 Briefing – Intune and other news
Covers: Secure endpoint management, cryptographic foundations, browser-level security, and ecosystem extensibility.
Why it matters: As AI diffuses across the enterprise, security increasingly depends on platform-level foundations. Endpoints, browsers, and cryptographic protection quietly determine whether AI systems can scale safely today and remain trustworthy decades from now.
New: Intune Suite included with Microsoft 365 E5, bringing advanced endpoint management, privilege control, and agentic IT operations; post-quantum cryptography APIs now generally available, enabling organizations to start protecting long-lived data against future quantum attacks; Edge for Business positioned as the world’s first secure enterprise AI browser with built-in policy enforcement; Microsoft Security Store expanding access to third-party tools, agents, and services directly inside Microsoft security workflows.
Taken together, these announcements show a clear direction: security for AI is no longer a set of isolated controls. It is a system that spans observability, identity, data, cloud, endpoints, and operations — with AI agents treated as first-class actors.
Ignite 2025 wasn’t about announcing more tools and features. It signalled how Microsoft is rewiring the security stack so AI can scale without breaking trust.
From AI experimentation to AI diffusion
The reasoning behind those announcements was articulated clearly in my favourite session at Ignite this year, by Rohan Kumar, CVP of Microsoft Security, Purview, and Trust:
Security and governance are not a constraint on AI innovation — they are the baseline for trust. Without them, there is no AI at scale.
That framing closely matches what I’m seeing with customers.
AI itself is no longer scarce. Models, copilots, and maker tools are everywhere. What’s missing is structure — the ability to diffuse AI across the enterprise without losing control of data, identity, or accountability. Corporate AI today is often context-poor.
People use LLMs daily, but those systems rarely understand:
what data is sensitive,
who should access it,
how it must be handled,
or what obligations apply when it’s used.
This is why many organizations feel they’re underusing AI — not because the models aren’t capable, but because enterprise context hasn’t been embedded into everyday AI interactions.
That’s where data security and governance stop being back-office concerns and become enablers of intelligence.