We are not going to talk about MFA. You already know it exists.
We are going to talk about what Microsoft launched in the last 12-18 months that is redefining how a modern tenant is protected. These are features designed for the threat scenarios of 2025-2026, and that most Managed Service Providers have not even configured.
If your MSP has not spoken to you about any of these, you have an important question to ask them.
What we commonly find in Microsoft 365 tenants
When we audit a tenant, regardless of the MSP managing it, the pattern is consistent:
- Security Exposure Management never opened. The attack graph exists, but no one has reviewed it.
- Copilot active without an AI Security dashboard configured. Organizational data flowing into prompts without auditing.
- Conditional Access with the same 3 policies from 4 years ago. No "Require Risk Remediation," no authentication context, no network filters.
- Automatic Attack Disruption disabled. Because no one performed the cross-onboarding of Defender products.
- Purview with basic DLP but Adaptive Protection untouched. Insider risk remains completely invisible.
The problem is not that Microsoft did not build the solution. It is that no one turned it on.
What Microsoft launched and no one told you
AI Security Dashboard: specific security for Copilot and AI agents
Microsoft launched the Security Dashboard for AI, a section dedicated exclusively to the security of AI interactions. With the massive adoption of Microsoft 365 Copilot and the new Copilot Agents, companies now have a completely new attack surface: prompts.
The AI Security dashboard allows you to:
- Audit all user interactions with Copilot (what they are asking, what data they are touching).
- Detect prompt injection attempts, attacks where malicious documents try to manipulate Copilot to exfiltrate data.
- See what organizational data the AI is accessing and whether there is oversharing in SharePoint.
Most companies activated Copilot without reviewing what data it could see. This dashboard is the antidote, and almost no one has opened it.
Conditional Access: "Require Risk Remediation," the condition that changes everything
Until recently, Conditional Access could only block or require MFA when it detected risk. The new condition "Require Risk Remediation" is a different paradigm.
Instead of blocking the user when there is a risk signal (such as a suspicious token or an anomalous session), the system can now require that the user actively remedy the risk before continuing, whether by changing their password, confirming identity via a secure channel, or completing an Identity Protection flow.
This solves the classic problem: legitimate users blocked without knowing why, and unnecessary support tickets. Now, the system guides the user through remediation in real time, maintaining security without sacrificing user experience.
Did your MSP configure this condition? It is new, it is powerful, and it is likely already available in your Microsoft 365 tenant.
Automatic Attack Disruption: Defender acting on its own
Automatic Attack Disruption is Microsoft Defender XDR's response to attacks that move faster than security teams. When the system detects an attack in progress (especially when a mailbox is compromised or during lateral movement), it can:
- Automatically isolate compromised accounts without waiting for human approval.
- Revoke active session tokens in real time.
- Contain suspicious devices by cutting off their access to the corporate network.
- Document the entire chain of forensic evidence automatically.
The key distinction from traditional tools: it does not just generate an alert, it acts. The incident is contained in minutes, not hours.
This requires Defender XDR with correlation enabled between Defender for Endpoint, Defender for Office 365, and Defender for Identity, a configuration that demands real integration, not just having the licenses active.
Ready to take your security to the next level?
As you have seen, Microsoft Defender XDR's new active remediation and automatic response capabilities mark a major turning point in protection against modern threats. Make the most of these tools and do not get left behind.
Schedule a call with the NeoDefender team. Together, we can review your environment, identify opportunities for improvement, and design a security strategy tailored to your needs.
Contact us today and take the next step toward a proactive, frictionless defense. Your security cannot wait.
