Microsoft announced significant enhancements to its threat intelligence capabilities at Ignite 2025, including the full integration of the Threat Intelligence Briefing Agent into the Microsoft Defender portal.
These updates aim to help security teams transition from reactive defense to proactive threat management through unified intelligence and streamlined workflows.
Threat Intelligence Briefing Agent Now in Defender Portal
The Threat Intelligence Briefing Agent, first launched in March 2025, is now fully integrated into the Microsoft Defender portal and available in Public Preview.
This AI-powered tool delivers daily, customized briefings that combine Microsoft’s global threat intelligence with organization-specific insights in just minutes.
Security analysts no longer need to spend hours gathering information from multiple sources. Instead, they receive automated intelligence summaries with risk assessments, clear recommendations, and direct links to vulnerable assets.
This enables organizations to address security exposures proactively and prioritize actions based on real-time threat data.
Microsoft continues to converge Microsoft Defender Threat Intelligence (MDTI) into Defender XDR and Microsoft Sentinel, with the first phase now in Public Preview.
This integration provides world-class, real-time threat intelligence at no additional cost. Defender XDR customers gain access to Microsoft’s comprehensive threat intelligence library through enhanced threat reports within Threat Analytics.
These reports include exclusive analyses of threat actors, attack techniques, vulnerabilities, and malware campaigns, all automatically correlated with related incidents and affected assets.
Sentinel-only customers also benefit from this upgrade, gaining access to the threat intelligence library without requiring a Defender XDR license.
While incident correlation and automated response remain exclusive to Defender XDR, standalone Sentinel deployments receive improved threat visibility and integrated security options.
Threat Analytics reports now include enhanced insights previously available only through paid MDTI licenses.
Each report provides Indicators of Compromise (IOCs) with comprehensive lists of threat-specific indicators, allowing customers to review relevant data and access detailed entity information directly within Defender.
Reports also feature MITRE ATT&CK mapping to help organizations identify and mitigate persistent attack techniques, along with information about targeted industries and threat actor origins.
Security teams can now filter threat reports by Actor, Tool, Technique, Vulnerability, Activity, or Core threat, making it easier to locate specific intelligence.
Additionally, a new feature allows analysts to link cases directly to relevant IOCs, ensuring investigations and response workflows stay connected for faster, more informed decisions.
Access to IOCs is restricted to verified customers only due to the sensitivity of this information, protecting against potential data theft or exploitation by malicious actors.
These advancements strengthen security operations and empower defenders to stay ahead in an evolving threat landscape.
Follow us on Google News, LinkedIn, and X to Get Instant Updates and set GBH as a Preferred Source in Google.