[Launched] Public Preview: Continuous Performance Diagnostics for Linux VMs to Enhance VM Troubleshooting
June 18, 2025Introducing the Microsoft Defender for Office 365 ICES vendor ecosystem
June 18, 2025
By: Julia Idaewor – Product Manager 2 | Microsoft Intune
The threat landscape continues to evolve rapidly, with attackers constantly advancing their techniques to exploit zero-day vulnerabilities—leaving organizations at greater risk. In 2024, more than 40,000 vulnerabilities were disclosed, marking a 38% increase from 2023. For IT and security teams, evaluating the impact of thousands of vulnerabilities and deciding which to address first is a complex and resource-intensive task. It often involves manual analysis, siloed tools, and competing priorities.
Microsoft Intune is bringing the power of AI directly to IT teams with the introduction of Security Copilot agents. The new Vulnerability Remediation Agent for Security Copilot is now in limited public preview. The agent helps reduce the burden of managing an ever-growing list of vulnerabilities by leveraging rich data from Microsoft Defender Vulnerability Management to detect and prioritize vulnerabilities across managed devices. It also delivers a comprehensive Copilot-assisted impact analysis, and step-by-step remediation guidance directly in the Intune admin center along with a comprehensive list of exposed devices that can be exported for actionable responses, enabling faster, more confident action.
As part of the upcoming enhanced AI experience in Intune, the agent exemplifies how Microsoft is embedding Copilot into its workflows turning raw data into actionable insights and empowering security teams to stay ahead of evolving risks.
Getting started
You can get the Vulnerability Remediation agent up and running in just a few steps. To set up the agent navigate to the Endpoint security in the Intune admin center, review set up details and start the agent.
Microsoft Defender Vulnerability Management to surface a prioritized list of top vulnerabilities based on risk and impact. The agent delivers these insights directly to the Intune admin center, giving admins clear visibility into the most critical threats across their device estate. directly to the Intune admin center, giving admins clear visibility into the most critical threats across their device estate.
The Vulnerability Remediation Agent dashboard in the Intune admin center provides a comprehensive view, including an Impact score for each suggestion, number of exposed devices, remediation status, last applied time for tracking actions, and an agent activity log for historical context.
By removing silos between IT and security teams and surfacing vulnerability data and actionable insights directly in Intune, the agent helps increase transparency, streamline workflows, and boost operational efficiency across the board.
The Vulnerability Remediation agent provides IT pros with actionable insights from Microsoft Defender Vulnerability Management in the form of a prioritized list of suggestions.
When admins open a suggestion, they can view a comprehensive, AI-assisted vulnerability impact analysis designed to equip admins with the most critical insights needed to assess high-impact vulnerabilities and the actionable steps to take in Intune to resolve them.
Each suggestion highlights the recommended action to take, the most critical vulnerabilities, presence of active exploits, step-by-step recommended remediation steps, affected systems, and organizational exposure.
To streamline next steps, the agent also surfaces a comprehensive list of exposed devices, which are easily added to either new or existing Microsoft Entra device groups for remediation.
After reviewing and completing the recommended steps, admins can select “Mark as applied” to instantly update the status to “Applied”. This action serves as an attestation that remediation is now completed—providing teams with traceability. The agent does not take any action on the devices, ensuring that full control remains with your IT team.
Impact analysis and recommended actions for a suggestion related to app vulnerabilities.
Demo
The Vulnerability Remediation Agent empowers IT teams to proactively strengthen their endpoint security posture. By surfacing prioritized insights and delivering clear, actionable guidance within Intune, the agent helps admins quickly assess and remediate high-impact vulnerabilities.
From insight to action, it’s never been easier to stay ahead of threats while bridging the traditional gap between IT and security teams. With AI-driven support, organizations can enforce best practices, respond faster, and build resilient, future-ready endpoint security strategies.
The new Vulnerability Remediation Agent with Copilot in Intune transforms how IT teams manage vulnerabilities connecting insights from Microsoft Defender directly to action in Intune. Instead of relying on manual escalations across teams, the agent continuously scans for vulnerabilities, prioritizes them based on risk, and recommends remediations aligned with Defender guidance.
IT admins can now review and approve these fixes directly within Intune, streamlining the path from detection to deployment. This reduces delays, increases control, and accelerates response – empowering teams to remediate confidently and efficiently.
What’s next
The launch of the Vulnerability Remediation Agent in preview paves the crucial foundation for our ultimate vision: achieving end-to-end automation for the entire vulnerability remediation lifecycle—dramatically reducing risk exposure and accelerating response times.
By combining Copilot-assisted guidance with device ecosystem data, this agent represents a significant leap forward in streamlining operational efficiency and transforming how organizations not only focus on high-impact vulnerabilities but also understanding the right actions to take to protect their endpoints. As we continue to innovate, our commitment is to empower organizations with the tools and insights they need to build resilient, future-ready security infrastructures.
The Vulnerability Remediation Agent is currently in a limited public preview and available to only a select group of customers. To learn more about setup and capabilities, be sure to explore our documentation on the Vulnerability Remediation Agent.
We look forward to providing further updates as part of the Copilot in Intune blog series. Make sure to check out the previous blog if you missed it: Microsoft Security Copilot in Intune deep dive – Part 1: Features available in public preview.
If you have any questions or want to share how you’re using Copilot in Intune, leave a comment below or reach out to us on X @IntuneSuppTeam or @MSIntune. You can also connect with us on LinkedIn.