Sophos integrates threat intelligence into Microsoft Copilot

Sophos has released new integrations for its threat intelligence platform, Sophos Intelix, to work inside multiple Microsoft Copilot environments. 

Integration details

The new capabilities bring Sophos threat intelligence into Microsoft Security Copilot, Microsoft 365 Copilot, and Microsoft Copilot Studio. Organisations can now use real-time threat data from Sophos directly inside their existing Microsoft workflows, including Teams and Microsoft 365 Copilot Chat.

The integrations allow for natural language querying, file and domain scanning, and incident triage without leaving Microsoft platforms.

The Sophos Intelix integration for Microsoft Security Copilot enables security professionals to enrich alerts, investigate indicators of compromise, and access data from Sophos X-Ops. Microsoft 365 Copilot users, including IT administrators and business decision makers, can check file, URL, and domain reputations and access threat intelligence through familiar interfaces.

Sophos reports that security teams continue to face high alert volumes and a shortage of resources, particularly in small and mid-sized organisations. According to its research, most respondents found investigating alerts and remediating incidents a challenge. It found that data exfiltration begins, on average, within 3 days, at a median of only 2.7 hours between exfiltration and detection. It added that attackers can reach Active Directory in 11 hours.

"The Microsoft Copilot ecosystem is transforming how people interact with technology by bringing natural language interfaces into the core of its Copilot ecosystem," said Simon Reed, Chief Scientific Research Officer, Sophos. "The future of SOC productivity is moving beyond the graphical user interfaces we've relied on since the 1980s, toward a new paradigm of human-AI collaboration. AI assistants powered by expansive datasets, deep threat intelligence, and advanced systems are fundamentally reshaping how analysts work."

Expanding agent ecosystem

Sophos Intelix is also connecting with Microsoft's expanding Copilot and agent ecosystem. The integration, supported by Entra-based identity management, aims to help organisations oversee compliance and bring Sophos threat intelligence into a broader portfolio of AI-powered agents.

Microsoft Agent 365 acts as a control plane for these AI agents, allowing organisations to extend infrastructure and application security features to agent-driven environments.

Small business focus

Sophos has also announced integration with Microsoft Defender for Business and Microsoft Defender for Endpoint, and its managed detection and response (MDR) service for Microsoft environments has earned Microsoft's Small & Medium Business solution status. The recognition highlights Sophos' work to address the specific security requirements of managed service providers (MSPs) and their small business clientele.

Sophos MDR for Microsoft environments uses telemetry from Microsoft 365 and Defender solutions, combined with proprietary threat intelligence and 24/7 monitoring, to detect and respond to cyber threats. Response capabilities include blocking user logins, terminating sessions, and disabling inbox rules when attacks are detected, aiming to shorten response times and mitigate potential damage.

The expanded integration of Sophos threat intelligence into the Microsoft Copilot ecosystem is intended to give organisations faster access to relevant data and help inform security decisions at speed.

"With the increasing volume and sophistication of attacks targeting small and medium-sized businesses, customers are seeking top-tier security solutions to protect themselves," said Vasu Jakkal, Corporate Vice President, Microsoft Security. "The new Sophos integrations with Microsoft 365 Business Premium and Microsoft Defender for Business will enable managed service providers to easily implement and scale the security services that small business customers need."