Editor's note 6.2.2025 – Screenshots and some content have been updated to reflect the release scope of the preview experience.
Microsoft Intune is transforming endpoint management and extending AI innovation for IT with the introduction of Security Copilot agents. Agents empower organizations to improve their security posture, boost productivity, and simplify IT operations, while helping to address the constant pressure IT and security teams are under to manage complex endpoint environments and stay ahead of evolving threats.
A recent study found that IT professionals using Security Copilot were 35% more accurate in completing tasks. Now, Copilot in Intune is expanding its capabilities with Security Copilot agents. These agents bring powerful, adaptive automation to IT and security operations teams — streamlining critical tasks and enabling them to act faster and with greater confidence. The first of these agents in Intune is the Vulnerability Remediation Agent, launching in May 2025 in public preview.
From discovery to remediation: the next step for Copilot in Intune
Copilot introduced AI assistance in Intune to help IT admins manage endpoints more efficiently and make informed decisions, whether it's planning and deploying policies, troubleshooting endpoint issues, or assessing app risk when elevating privileges. By providing quick analysis and guidance, Copilot continues to enhance critical IT workflows and improve admin productivity.
The next evolution of Copilot in Intune is to remove the friction in identifying and remediating vulnerabilities across your endpoint estate. The Vulnerability Remediation Agent will monitor your endpoints for vulnerabilities, and it will evaluate their risk and impact, to create a prioritized list of vulnerabilities along with Copilot-assisted remediation actions that enable you to resolve the highest impact vulnerabilities and reduce the attack surface in your environment.
The Vulnerability Remediation Agent in Microsoft Intune admin center.
Discover, prioritize, and remediate vulnerabilities
Security threats are constantly evolving, and attackers are refining their tactics to exploit zero-day vulnerabilities leaving organizations increasingly exposed. With an average of 65 days to fix a critical vulnerability, organizations can be exposed far longer than they should be. As these threats evolve, vulnerabilities that may have been low risk yesterday can be actively exploited and become high risk tomorrow.
For security and IT teams, assessing the impact of vulnerabilities and prioritizing which ones to remediate can be overwhelming, adding complexity, time, and resources to ongoing vulnerability assessment and remediation.
Microsoft Security processes more than 78 trillion security signals daily and with broad set of vulnerability data feeds from Microsoft Defender Vulnerability Management, and by harnessing AI, Copilot can do the hard work in identifying vulnerabilities for your IT and security teams and turn the tides in favor of defenders.
However, the challenge isn't just identifying vulnerabilities—it's knowing which ones to prioritize. The Copilot agent takes advantage of Microsoft Defender Vulnerability Management data combined with an AI-assisted impact assessment to prioritize top vulnerabilities and evaluate the risk severity and impact on your devices. For the first time, IT will not only have visibility in Intune of the vulnerabilities in their environment but also a prioritized set of suggestions that will resolve highly impactful vulnerabilities. With the information they need to ease decision making, admins are equipped with both the critical insights needed to assess high-impact vulnerabilities and the actionable steps to take in Intune to resolve them.
This is the first step toward vulnerability remediation at scale.
Let's explore the agent in Intune
IT admins can access the Vulnerability Remediation Agent in the Intune admin center under the Endpoint security blade, where you'll have visibility into agent details, suggestions to manually remediate the top vulnerabilities, and a history of recent run activity.
The Vulnerability Remediation Agent dashboard page.It takes just a few simple steps to configure and run the agent to discover common vulnerabilities and exposures on your endpoints. Once deployed, the agent runs based on your configured schedule. The agent uses data from Defender Vulnerability Management to continuously monitor and assess ongoing vulnerabilities, surfacing the vulnerabilities directly to the Intune admin for remediation. In Intune, the agent provides the total Common Vulnerabilities and Exposures (CVEs) evaluated, the total CVEs identified for remediation, and their Common Vulnerability Scoring System (CVSS) scores. Removing barriers to risk and vulnerability information access across IT and security teams increases operational efficiency for all.
From the Vulnerability Remediation Agent run results, admins can quickly access the AI-driven impact analysis for the individual CVEs prioritized for remediation. Each identified CVE includes key information such as severity, exploitability, affected systems, and organizational exposure. This information empowers IT admins with the assessment of potential risk to their environment and guidance to decide which risk they want to address first.
Impact analysis and recommended actions for a suggestion related to app vulnerabilities.The Vulnerability Remediation Agent provides a set of prioritized suggestions to remediate scenarios such as OS and app updates . This prioritization of and options for remediation keep administrators in control. They know what to act on first and have a curated, guided steps and actions to take manually—all scoped based on their specific endpoint estate security policies, and device configurations. Copilot can guide administrators of all levels of experience step by step through the required process to quickly patch the most impactful vulnerabilities.
Once remediation is complete, a remediation summary confirms the vulnerabilities addressed, ensuring IT teams have full oversight of the process.
The agent helps IT teams proactively improve their endpoint security posture. IT can use the new AI capabilities to strengthen defenses, enforce best practices, and develop more resilient endpoint security strategies improving their endpoint security posture.
What's next?
Our vision is to offer organizations the power of AI agents to fully scale endpoint vulnerability remediation using data across from across Microsoft security and our device ecosystems. The Vulnerability Remediation Agent in Intune marks a major step toward this vision with Copilot-assisted guidance paving the way for future automation and improving organizational efficiency. This is just the beginning. Read about additional new Copilot in Intune capabilities and data and analytics enhancements.
Learn more about the innovations designed to help your organization protect data, defend against cyber threats, and stay compliant. Join Microsoft leaders online at Microsoft Secure on April 9. Being secure is the first step towards AI innovation. Learn how to harden your defenses by exploring new AI-first tools, demos, and best practices. Register now.
Stay up to date! Bookmark the Microsoft Intune Blog and follow us on LinkedIn or @MSIntune on X to continue the conversation.
Microsoft
