Microsoft Defender for Cloud Innovations at Ignite 2025

In today’s AI-powered world, the boundaries of security are shifting fast. From code to runtime, organizations are moving faster than ever – building with AI across clouds, accelerating innovation, and expanding the landscape defenders must protect. Security teams are balancing fragmented tools, growing complexity and a new generation of intelligent, agentic systems that learn, adapt and act across the digital estate. The challenge isn’t understanding the change – it’s staying ahead of it.

At Ignite 2025, we’re unveiling four major advancements in Microsoft Defender for Cloud that redefine how security keeps pace with cloud-scale innovation and AI autonomy. Together, they advance a simple idea – that security should move as fast as the systems it protects, adapting in real time to new patterns of risk.

Defender for Cloud + GitHub Advanced Security integration delivers AI-driven, automated remediation

We start where every application does: in the code – and with a major step forward in how security and development teams work together.

The pace of development has scaled dramatically. Organizations now build more than 500 new apps¹ on average each year – and as code volume grows, the gap between development and security widens. Working in separate tools with no shared context, developers can’t see which threats security teams prioritize, and security teams can’t easily trace issues back to their source in code.

To help organizations address this challenge, Microsoft Defender for Cloud now natively integrates with GitHub Advanced Security (in public preview) –  the first native link between runtime intelligence and developer workflows, delivering continuous protection from code to runtime. This bidirectional integration brings Defender for Cloud’s runtime insights directly into GitHub, so vulnerabilities can be surfaced, prioritized, and remediated with AI assistance – all within the developer environment.

When Defender for Cloud detects a critical vulnerability in a running workload, developers see exactly where the issue originated in code, how it manifests in production, and the suggestion of how to fix the vulnerability. With Copilot Autofix and GitHub Copilot coding agent capabilities, AI-generated and validated fixes are suggested in real time –  shortening remediation cycles from days to hours.

For organizations, this integration delivers three tangible benefits:

• Collaborate without friction. Security teams can open and track GitHub issues directly from Defender for Cloud with context and vulnerability details, ensuring shared visibility between security and development.
• Accelerate remediation with AI. Copilot-assisted fixes make it faster and safer to resolve vulnerabilities without breaking developer flow.
• Prioritize what matters most. By mapping runtime threats directly to their source in code, teams can focus on vulnerabilities that are truly exploitable – not just theoretical.

Together, security, development, and AI now move as one, finding and fixing issues faster and creating a continuous feedback loop that learns from runtime, feeds insights back into development, and redefines how secure apps and agents get built in the age of AI.

Unified posture management and threat protection extends to secure AI Agents

The next frontier is securing the AI agents teams create – ensuring protection evolves as fast as the intelligence driving them.

IDC projects that organizations will deploy 1.3 billion AI agents by 2028², each capable of reasoning, acting, and accessing sensitive data across multiple environments. As these systems scale, visibility becomes the first challenge: knowing what agents exist, what data they touch, and where risks connect. And with 66% of organizations³ planning to establish a formal AI risk management function within the next four years, it’s clear that security leaders are racing to catch up with this next evolution.

To help organizations stay ahead, Microsoft Defender now provides unified posture management and threat protection for AI agents as a part of Microsoft Agent 365 (in preview). These first-of-its-kind capabilities that secure agentic AI applications across their entire lifecycle. With this innovation, Defender helps organizations secure AI agents in three critical ways:

Comprehensive visibility for AI Agents. Gain unified visibility and management of AI agents through Defender, spanning both pro-code and low-code environments from Microsoft Foundry to Copilot Studio. With a single agent inventory, teams can see where agents run and what they connect to – reducing shadow AI and agent sprawl.

 

• Risk reduction through posture management. Proactively strengthen AI agents’ security posture with Defender’s posture recommendations and attack path analysis for AI agents. These insights reveal how weak links across agents and cloud resources can form broader risks, helping teams detect and address vulnerabilities before they lead to incidents.

 

• Threat protection for AI Agents. Detect, investigate, and respond to threats targeting agentic AI services across models, agents from Microsoft Copilot Studio and Microsoft Foundry, and cloud applications using Defender’s AI-specific detection analytics. These include scenarios like prompt injection, sensitive data exposure, or malicious tool misuse, all enriched with Microsoft’s unmatched threat intelligence for deeper context and faster response.
  

By embedding security into every layer of the agentic AI lifecycle, Defender helps organizations start secure and stay secure. This unified approach ensures that as AI agents evolve and scale, protection scales with them, anchoring the same continuous security foundation that extends across code, cloud, and beyond.

Cloud posture management extends to secure serverless resources

Defender for Cloud’s unified foundation extends beyond agents – to the cloud infrastructure and platforms that power them – rounding out the protection that scales with innovation itself. That innovation is increasingly running on serverless computing, now a core layer of cloud-native and AI-powered application development. It gives teams the speed and simplicity to deliver faster, but also expands the attack surface across multicloud environments with new exposure points, from unsecured functions to lateral movement risks.

To help organizations secure this expanding layer, Microsoft Defender for Cloud is extending its Cloud Security Posture Management (CSPM) to serverless compute and application platforms (available in preview by end of November). With this new coverage, security teams gain greater visibility into serverless compute environments and application platforms, including Azure Functions, Azure Web Apps, and AWS Lambda.

Defender for Cloud integrates serverless posture insights into attack path analysis, helping security teams identify and visualize risk, continuously monitor and detect misconfigurations, and find vulnerable serverless resources – further strengthening security posture across the modern application lifecycle.

This extension brings serverless computing into the same unified protection model that already secures code, containers, and workloads in Defender for Cloud. As customers modernize with event-driven architectures, Defender for Cloud evolves with them, delivering consistent visibility, control, and protection across every layer of the cloud.

Deeper expansion into the Defender Portal turns fragmentation into focus

Finally, bringing all the signals security teams depend on into one place requires a single operational hub – a unified security experience that delivers clarity at scale. Yet with 89% of organizations operating across multiple clouds⁴ and using an average of 10 security tools to protect them⁵, teams struggle to manage risk across fragmented dashboards and disjointed data – slowing detection and response and leaving blind spots that attackers can exploit.

To help security teams move faster and act with clarity, we’re announcing the public preview of unified cloud security posture management into the Microsoft Defender security portal. With Microsoft Defender for Cloud’s deep integration into the unified portal, we eliminate security silos and bring a modern, streamlined experience that is more intuitive and purpose-built for today’s security teams. With this deep integration, Microsoft delivers three key advancements:

• A new Cloud Security dashboard that unifies posture management and threat protection, giving security teams a complete view of their multicloud environment in one place.
• Integrated posture capabilities within Exposure Management. Security teams can now see assets, vulnerabilities, attack paths, secure scores, and prioritized recommendations in a single pane of glass, focusing on the issues that matter most.
• A centralized asset inventory that consolidates resources across Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP), enabling posture validation, logical segmentation, and simplified visibility aligned to operational needs.

To complement these capabilities, granular role-based access control (RBAC) helps reduce operational risk and simplify compliance across multicloud environments.

The Microsoft Defender portal is now the center of gravity for security teams – bringing together cloud, endpoint and identity protection into one connected experience. Looking ahead, customers will soon be able to onboard and secure new resources directly within the Defender portal, streamlining setup and accelerating time to value. Large organizations will also gain the ability to manage multiple tenants from this unified experience as the rollout expands.

The Azure portal remains essential for Defender for Cloud personas beyond security teams, such as DevOps. Adding new resource coverage will continue in the Azure portal as part of this transition. We’ll also keep enhancing experiences for IT and operations personas as part of our broader vision, read more on that in the latest news here.

Ready to explore more? 

To learn more about Defender for Cloud and our latest innovations, you can:

• Join us at Ignite breakout sessions:
  • Secure what matters with a unified cloud security strategy
  • Secure code to cloud with AI infused DevSecOps
  • Secure your applications: Unified Visibility and Posture Management
  • AI-powered defense for cloud workloads
• Check out our cloud security solution page and Defender for Cloud product page.
• New IDC research reveals a major cloud security shift – read the full blog to understand what it means for your organization.
• Start a 30-day free trial.

1: Source: State of the Developer Nation Report
2: Source: IDC Info Snapshot, Sponsored by Microsoft, 1.3 Billion AI Agents by 2028, Doc. #US53361825, May 2025
3: Source: According to KPMG, 66% of firms who don’t have a formalized AI risk management function are aiming to do so in the next 1-4 years.
4: Source: Flexera 2024 State of the Cloud Report​
5: Source: IDC White Paper, Sponsored by Microsoft, "THE NEXT ERA OF CLOUD SECURITY: Cloud-Native Application Protection Platform and Beyond", Doc. #US53297125, April 2025