Microsoft is preparing a new Copilot offer for small and mid-size businesses. The company is also adding new AI agent features to Microsoft InTune and updating how partners can access the Windows kernel.
These announcements reflect Microsoft’s commitment to strengthening its partner ecosystem and security capabilities. They were unveiled as part of the company’s Partner Program and Security Updates during the Ignite Conference, an annual event for developers that runs through Friday in San Francisco.
The Partner Program updates also focus on helping solution providers and improving their skills in cloud and AI technologies. Nicole Dezen, Microsoft’s chief partner officer and corporate vice president of global channel partner sales, says the organizations that spend 10 to 20% of their time on training can outperform others, innovate more quickly, and lead their industries.
In an AI-first world, scaling is the new currency, Dezen said in a blog post on Tuesday.
Microsoft Ignite 2025
Other updates in Security and Partner programs at Ignite 2025 include:
- A new App Accelerate offer that combines new incentives, benefits, and course support across the Microsoft Cloud.
- New partner destinations
- Updates to Purview, Entra, and Defender
Keep reading for more details on the biggest news from Ignite 2025 about Security and the Microsoft Partner Program.
Partner Scaling Hub App Accelerate Marketplace Updates
Microsoft’s partner’s scaling hub is now widely available, and reviews for the app accelerator offer have started.
The Skilling Hub provides partners with live, virtual, and on-demand learning for pre-sales and technical roles. According to Microsoft, partners can also earn certifications through the Hub.
App Accelerate, fully available in 2026, will provide developer partners with technical guidance, tools, and go-to-market resources.
In addition, Microsoft now offers resale-enabled options worldwide on its online marketplace. This lets publishers and channel partners resell software products and services directly, making transactions easier, expanding their reach, and helping them grow revenue, according to Microsoft.
New Partner Destinations Badging
The Frontier Partner badge recognizes providers that combine AI agents with human creativity to drive innovation. Earning it requires excellence in key Microsoft Cloud and AI areas.
The Frontier Distributor Destination is for distributors helping partners deliver value to SMBs and is now available globally.
The Support Services designation is for partners excelling in customer satisfaction, problem resolution, and service quality. The Digital Sovereignty specialization recognizes expertise in designing and implementing sovereign cloud strategies across Azure, Microsoft 365, and security.
Microsoft 365 Copilot Business
In December, Microsoft plans to launch a Copilot offer designed for small and mid-sized businesses.
According to Microsoft Solution Providers in the Cloud Solution Provider (CSP) program, this Co-Pilot offer can help make work easier and boost productivity. It delivers more value to customers with trusted AI. The offer provides full Co-Pilot features across the Microsoft 365 Business Basic, Standard, and Premium plans.
The cost for Microsoft 365 Copilot Business is $21 per user per month, and it applies to businesses with up to 300 users. This is for adding Copilot to any Microsoft 365 Business Basic, Standard, or Premium license. Starting December 1, Microsoft will introduce Microsoft 365 with Copilot for Business, making adoption easier and more affordable in line with renewal season.
With these bundles, users can renew their base Microsoft 365 licenses and add Copilot for an additional $10 per user per month. For Business Premium users, adding a Purview promotion costs an extra $15 per user per month. This means Business Premium users who want both Copilot and Purview will pay $25 per user per month in addition to their base license fee.
Microsoft has been including its security Copilot AI tools with Microsoft 365 E5 licenses.
Eligible E5 license holders will receive 400 Security Compute Units (SCUs) per 100 paid seats per month. Their allocation is capped at 10,000 SCUs per month, according to Microsoft.
Microsoft believes this capacity will cover most typical needs. It will limit usage beyond the allocated SCUs. Users can pay $6 per SCU on a pay-as-you-go basis. If they need more, they will get a 30-day notice before this option becomes available.
This change is already in effect for users with Security Copilot and E5 licenses and will roll out to all E5 license holders in the next few months.
Windows Security Recovery Updates
Several Windows security and recovery features are now in preview or generally available. These include:
- Windows Cloud I/O Protection
- In-tune management for Windows recovery
- point-in-time restore
According to Microsoft, the new I/O protection feature offers advanced input protection against keylogging malware and keystroke injection attacks.
Intune Recovery, now generally available, lets users remotely manage the Windows Recovery environment (WinRE). It gives a single, scalable management platform for recovery. Users can run custom recovery scripts and start recovery actions. Microsoft also plans to add this to Windows servers running in Azure Virtual Machines via the Azure portal.
Point-in-Time Restore lets users roll back individual devices or groups to a previous state. This avoids complicated troubleshooting. The feature will be available in preview in the Windows Insider build of Windows 11 this week.
According to Microsoft, new Windows devices next year will include Hardware Accelerated BitLocker for Full-Disk Encryption. There will be stronger hardware-based protection. In early 2026, Sysmon functionality will become generally available in Windows. This will allow security events to be accessed through an event node.
Other Windows security features now generally available include:
- Post-quantum cryptography
- Zero trust
- DNS
- Passkey manager integration with Windows Hello
Trust DNS uses encrypted DNS and approved servers to prevent unauthorized access during outbound name resolution.
External Identities support is now generally available to secure logins for contractors and partners. Multiple simultaneous network links are also available. This ensures flawless failover and better connection performance.
Microsoft is adding new networking features and auto patch management to give enterprises more control over quick machine recovery (QMR). These are part of several improvements to Windows recovery tools.
According to Microsoft, Windows Recovery Environment will use the networking configuration from the main Windows system, so a separate WinRE setup is not needed. It currently supports Ethernet and will soon support enterprise Wi-Fi with WPA 2/3 and device certificates.
A Cloud Rebuild for Windows 11 is now in preview for PCs with erratic behavior. Users can choose the Windows version and language through Intune. The PC downloads the installation media, rebuilds itself, and lets the user resume Autopilot. This ensures the correct mobile device management (MDM) setup. Intune Windows Backup for Organizations and OneDrive can then quickly restore the user’s apps, settings, and files.
Auto Patch Update Readiness, now in preview, provides IT teams with greater transparency, predictability, and control. It helps them assess device fleets, spot possible issues before deployment, and plan rollouts.
Windows Endpoint Security Kernel Access
Microsoft has made the Windows Intune Security Platform (WESP) generally available to partners with building security tools that operate outside kernel mode, meaning these tools work without deep access to the core of the operating system.
Microsoft says the new API is designed to lower the risk of crashes and improve stability. The company learned from the faulty CloudStrike software update that used a global Windows update in 2024.
As part of this initiative, Microsoft is working with its Windows driver partners to move third-party drivers out of the kernel. The company is also making kernel-mode drivers more secure to reduce reliability risks. This is especially important for drivers like graphics that must remain in user mode for performance, according to Microsoft.
Windows driver signing now includes new certification tests and adds more built-in drivers and APIs. These updates aim to replace custom kernel drivers with standard Windows drivers or shift their functions to user mode.
Microsoft expects that over the next few years, there will be much less code running in kernel mode for drivers like:
- Networking
- Cameras
- USB
- printers
- Batteries
- Storage
- Audio
- Others
Microsoft will continue to support third-party kernel-mode drivers, enabling innovation and their use when no built-in alternatives exist or are needed for user experience.
Microsoft is adding new protections to kernel-mode drivers. These drivers operate at the core level of the Windows operating system and control hardware directly. New protections include:
- Required compiler safeguards that restrict code behavior
- Driver isolation that limits the system impact of driver problems
- DMA remapping, a technique that prevents drivers from accidentally accessing sensitive kernel memory
In major incidents, Windows users can now get help from Microsoft engineers through the Windows part of Mission Critical Services for Microsoft 365.
A new digital signage mode is coming soon for non-interactive public display devices. Restaurant menus, airport flight boards, and similar signs will no longer show window screens or error messages. Diagnostics or recovery are needed. Windows will display the error screen for 15 seconds, then the display will turn off until someone uses a keyboard or mouse.
Tune is adding new security Copilot agents for activities such as change review policy, setup, and device offboarding.
The Device Management Service now has an administrator of tasks feature to centralize important actions such as approval requests and security. This centralizes important actions such as approval requests or security tasks. It also added a deployments feature for phased rollouts and a maintenance windows feature to help schedule updates with less disruption to business operations while blocking attacks from malicious attachments or social engineering malware (malicious software spread by deceiving users!).
Updates for Microsoft Purview
In the next few weeks, Microsoft will launch a public preview of new Purview data governance features, including an AI-powered tool for managing data security posture.
The new DSPM feature combines per-view DSPM and DSPM for AI, providing a single place for data security insights and controls. It adds outcome-based workflows, broader coverage, and tools for remediating data risks. Organizations can also track agent risk and posture metrics based on agent interactions with their data.
A new security Copilot agent in Purview is designed to help users quickly find and analyze sensitive data, disclosing hidden risks. This tool helps users disclose hidden risks in files, emails, and messages. Purview users can also see data risks in Salesforce, Snowflake, and other non-Microsoft sources, as well as data breaches, through Microsoft Sentinel integrations. They have more features, including protections for autonomous agents and an insider risk management tool that lets users flag risky agent activities by applying specific indicators and behavioral analytics.
Azure AI Search now uses Microsoft Purview sensitive labels, which are tags that indicate data sensitivity levels, and applies related protection policies through built-in indexes (automated tools for organizing and searching data). Purview data loss prevention (DLP) policies, which protect sensitive information from leakage, now also work in co-pilot mode in the Edge for Business Browser.
The public preview now includes:
- Purview DLP for Microsoft 365 Copilot
- More apps with inline data protection in Edge for Business
- new reports on usage, compliance gaps, and Purview seat assignments
New information protection can now detect sensitive information in meeting transcripts with its on-demand classification feature, which is in public preview.
The generally available features include:
- On-Demand
- Endpoint Classification
- Default Sensitivity Labeling for the entire SharePoint Documentation, Document Libraries, and a Data Security Triage Agent
Priority cleanup in Purview data lifecycle management for SharePoint and OneDrive is now generally available, allowing users to override retention policies and delete files in compliance with regulations.
Quentin Rhoads-Herera, Vice President of Security Services at Charlotte, NC-based Stratascale, which is part of SHI International and ranked number 12 on CRN’s 2025 Solution Provider 500, told CRN that Microsoft’s Purview data platform and data security are in high demand among its customers.
As more companies adopt AI, customers are paying closer attention to data labeling and governance. This trend has led to more work for Stratascale, SHI, and other Microsoft solution providers.
Microsoft Entra Enhancements
Microsoft Entra Identity now has new agents in preview for:
- Conditional access optimization
- Access review
- Identity risk management
- Application lifecycle management
The expanded public preview of Microsoft Entra Agent ID lets users grant AI agents secure access using the same identity tools used for workforce identities. Users can manage agent identities, life cycles, and resource access.
Soft Entra internet access now has public previews for:
- Prompt injection protection (defending against malicious user input)
- Network file filtering (controlling files transferred over the network)
- Shadow AI detection (finding unauthorized or hidden AI use)
- Blocking employee access to MCP servers by web address (restricting network traffic to certain Microsoft infrastructure)
Microsoft has released public previews for improved multi-factor authentication in EntraID. The updates contain:
- Synced passkeys from Apple and other passkey profiles
- Self-remediation for passwordless users
- Self-service account recovery
- Web address filtering
- Guest access for external users from different tenants
All these features are in public preview.
Microsoft Entra Secure Access Edge (SASE) now offers preview features that can block attacks in real time, reducing exposure to risk.
Azure Cosmos DB ID authentication, which extends Azure’s Unified Identity for database access, is now generally available.
Developments for Microsoft Defender
Microsoft Defender has added several new agent features, including:
- Phishing Triage
- Threat Intelligence
- Vibe Hunting
- Adaptive Threat Detection
A based email grading system that replaces manual reviews and gives quick, clear verdicts and explanations for every reported email.
Real-time threat detection agents actively look for false negatives and blind spots that traditional alerts might miss during an incident. These are threats that traditional alerts might be missing. When an incident occurs, agents start an automated search to find threats that have not been detected. Point and Okta. This enables real-time threat detection and automatic containment. For example, phishing and identity compromise
The new predictive shielding feature, which automatically disrupts, activates as soon as an attack is contained. As an attack is contained, it predicts where an attacker might go next. The feature uses just-in-time hardening to block them from moving further. Defender for Cloud’s runtime protection, which is improved by agent-based remediation.
Source: Microsoft Ignite 2025: The Biggest Partner Program, Security News
