Microsoft Ignite 2025: MSP Wrap Up

Written By Nathan Atkins

Microsoft ignite was such a success for the team, we had a great time with so many prospects and customers from all over the world.

I'm going to give a bit of a technical wrap up from Ignite 2025 with the features that have been announced or improved that can help our customers do more with Microsoft.

At the end of each section is a link with more info to Microsoft's announcements on those particular features I have talked about.

 

Obviously so much more was announced and talked about so for anyone who wants to look through the incredibly exhaustive list please have a look here 

https://news.microsoft.com/ignite-2025-book-of-news/

 

COPILOT

This was the absolute buzzword at the conference and it feels like Copilot has moved out of its infancy and is now exploring the world with even more intelligence.

There is a new tier for Copilot called Microsoft 365 Copilot Business its a new offering created for small and midsize businesses (SMBs) with fewer than 300 users. Built on the Microsoft 365 foundation, For $21USD per user  per month

It lacks the ability to create agents and use Copilot Studio but is a cheaper way to get people into copilot.

This launches in December
https://techcommunity.microsoft.com/blog/microsoft365copilotblog/introducing-microsoft-365-copilot-…

 

Microsoft Baseline Security Mode, This is a ultra low impact/no impact baseline provided directly by Microsoft and is now available, helps organizations secure their Microsoft 365 environment with recommended configurations in just a few clicks. Through a guided admin experience, IT and security teams can identify gaps, simulate changes and deploy protections across Office, SharePoint, Microsoft Teams, Microsoft Entra and more. These configurations help organizations reduce risk from known vulnerabilities and build resilience against emerging threats, with minimal disruption.

This baseline currently only works with Entra and M365 with Intune and purview coming soon.

This is no replacement to a properly managed baseline, but it can enable customers to rollout to their more immature customers and improve on just “security defaults”

https://techcommunity.microsoft.com/blog/microsoft_365blog/ignite%E2%80%9925-spotlight-announcing-m…

 

Purview

Microsoft Purview Data Loss Prevention (DLP) for Microsoft 365 Copilot protects sensitive information. If a prompt contains confidential data, DLP for Copilot prompts (in preview) blocks Copilot and agents from responding, ensuring such data isn't used in Microsoft 365 or web searches.

Security Copilot

Security Copilot will soon be available for all Microsoft 365 E5 customers instead of as a standalone product currently. The rollout begins with Frontier Security Copilot customers and will expand to all E5 users in the coming months. Customers will be notified before Security Copilot is activated in Microsoft 365.

 

ENTRA

So much was announced on the identity space but I’m going to only mention a couple of things.

Below are 3 items that are quite huge, Passkey management is the future in making sure that users can have MFA on their work account. Over half of all work accounts in Microsoft eco system don’t have MFA and this needs to be fixed. So Microsoft has launched the below to help. This means you can use your google or iCloud account from Apple to authenticate to your work account, using a MFA method that is already available and familiar to the user.

New Microsoft Entra ID features, currently in preview, will strengthen identity protection and reduce the risk of phishing and impersonation attacks, while providing a user-friendly experience and self-service options. The features will include:

  • Support for synced passkeys from Apple, Google and other third-party providers, and passkey profiles for easier management.

  • Expanded risk remediation and detection to help identity admins respond faster and enhance security operations center collaboration with Microsoft Defender.

  • Secure, self-service account recovery for users to regain access with Verified ID Face Check and a government-issued ID if their device is lost or stolen.

https://techcommunity.microsoft.com/blog/microsoft-entra-blog/microsoft-entra-what%E2%80%99s-new-in…

 

INTUNE

The below features are cool and can be quite helpful for MSP’s. These agents though are only accessible to ones who have E5 licensing.

A potential advantage here would be to recommend having a E5 license on a customers baseline so they can take advantage of these features and then use inforcer to push these policies out.

  • A Change Review Agent — This agent will analyze change requests in context, checking for risks, conflicts and compliance. It will provide detailed insights and clear recommendations, so IT admins can move forward with confidence knowing their decision is informed. Initially, the Change Review Agent will handle Multi-Admin Approval script requests, with additional types of change requests added over time.

  • A Policy Configuration Agent — This agent will accelerate policy creation by capturing intent from uploaded documents or natural language requirements, mapping them to recommended settings, and enabling admins to review, discuss and refine configurations before deployment.

  • A Device Offboarding Agent — This agent will use activity signals to suggest which devices should be removed and provides a simple way to offboard them from the environment, improving efficiency and strengthening the security of the digital estate.

 

Copilot in Intune will unlock even more Intune data for natural language exploration, including Autopilot, Endpoint Privilege Management and Advanced Analytics. Admins will be able to accelerate their work in these areas by using natural language to ask questions, navigating custom data views and creating new groups or adding to existing ones directly from query results. This is generally available.

 

Edge For Business

MSP’s can now set up a MAM profile on externally managed devices for a secure Edge for Business browsing experience. Unlike before, files downloaded through agency devices can be directed to OneDrive for Business, reducing data leak risks. IT admins can also enforce copy/paste limits to keep data within the organization’s tenant.

Edge for Business with Intune MAM protections for agency-managed devices will enter preview in January.

 

https://blogs.windows.com/msedgedev/2025/11/18/edge-for-business-presents-the-worlds-first-secure-e…

 

Nathan Atkins
Next

Microsoft Ignite 2025: Securing Copilot