Microsoft Ignite 2025: The Biggest Partner Program, Security News

Microsoft partner program and security news from Ignite 2025 includes Microsoft 365 Copilot Business, AI agents in Microsoft Intune and Windows kernel access updates.

An upcoming Microsoft Copilot offer aimed at small and midsize businesses. New artificial intelligence agent capabilities in Microsoft Intune. And updates on Windows kernel access by Microsoft partners.

These are among the biggest news in Microsoft’s partner program and its security product portfolio to come out of the company’s annual Ignite conference aimed at developers. The tech giant’s conference runs through Friday in San Francisco.

Part of the partner program updates includes investments in helping solution providers build their skills in cloud and AI technologies. Nicole Dezen, Microsoft’s chief partner officer and corporate vice president for global channel partner sales, believes that organizations that devote 10 to 20 percent of their time to training and skilling can outperform, innovate faster, and set the direction for entire industries.

“In an AI-first world, skilling is the new currency,” Dezen said in a blog post Tuesday.

[RELATED: 5 Microsoft Partner Program Dates Solution Providers Need To Watch]

Microsoft Ignite 2025

Other news in security and partner programs at Ignite 2025 includes:

Read on for more information about the biggest news from Ignite 2025 in security and Microsoft partner program.

Partner Skilling Hub, App Accelerate, Marketplace Updates

Microsoft, headquartered in Redmond, Wash., has made its Partner Skilling Hub generally available and launched previews for an App Accelerate offer that unites incentives, benefits and co-sell support across the Microsoft Cloud.

The Skilling Hub offers partners live, virtual and on-demand learning experiences across pre-sales, sales and technical roles, according to the vendor. Partners can use the hub to earn certifications.

App Accelerate is planned for full availability in 2026. It offers software developer partners end-to-end technical guidance, developer tools and go-to-market (GTM) resources, according to the vendor.

Along with those two updates, Microsoft has made resale-enable offers globally available in its online marketplace. This feature’s goal is to allow marketplace publishers and channel partners to resell software products and services directly, benefitting from the simple transactions experience, expanding market reach and scaling revenue, according to Microsoft.

New Partner Designations, Badging

Microsoft now has a “frontier partner” badge, “frontier distributor” and “support services” designations and a “digital sovereignty” specialization available for partners to differentiate themselves.

The frontier partner badge designates which solution providers can combine AI agents and human ingenuity to scale innovation, according to the vendor. Badge candidates must show excellence across a variety of Microsoft Cloud and AI disciplines.

The frontier distributor designation is globally available for distributors that help partners deliver meaningful value to small and midsize businesses (SMBs).

The support services designation is aimed at partners that meet rigorous standards for satisfaction, resolution and service excellence. And the digital sovereignty specialization is for partners that can assess, architect and implement sovereign-cloud strategies across Azure, Microsoft 365 and Security.

Microsoft 365 Copilot Business

In December, Microsoft will make available a Copilot offer aimed at small and midsize businesses.

Solution providers in the Cloud Solution Provider (CSP) program can leverage this Copilot offer to simplify work, boost productivity and grow customer value with trusted AI, according to Microsoft. The offer delivers the full Copilot experience through Microsoft 365 Business Basic, Standard, and Premium plans.

Microsoft 365 Copilot Business will cost $21 per user, per month for businesses with fewer than 300 users, according to the vendor.

On Dec. 1, Microsoft will also offer new bundles that pair Microsoft 365 with Copilot for Business alongside promotional offers aimed at simplifying adoption and making it more affordable during the big Microsoft renewal season in the second half of its fiscal year.

The bundles will allow users to renew base licenses with Copilot for $10 more per user, per month. If they prefer, Business Premium users can combine the bundle with a Purview promotion for $15 more per user, per month.

Microsoft Security Copilot Inclusion

Microsoft has started including its Microsoft Security Copilot security AI tool in Microsoft 365 E5 licenses.

How this will work is eligible E5 license holders will receive 400 security compute units (SCUs) per month for every 1,000 paid seats and up to 10,000 SCUs per month, according to Microsoft.

Microsoft expects that this capacity is enough to support “typical scenarios” and will eventually throttle usage beyond the allocated SCUs. Users will have the option of paying $6 per SCU on a pay-as-you-go basis to scale beyond the allocated amount. They will have a 30-day advance notification when this option is available.

This change has already started for users with Security Copilot and E5 licenses and will expand to all E5 license holders in the coming months.

Windows Security, Recovery Updates

Windows capabilities now in preview or generally available that are aimed at security and recovery efforts include Windows Cloud I/O Protection, Intune management of Windows Recovery and point-in-time restore.

The new I/O protection function promises advanced input protection against keylogging malware and keystroke injection attacks, according to Microsoft.

Intune recovery, now generally available, offers remote management of the Windows Recovery Environment (WinRE). Users receive a single, scalable management plane for recovery. They can execute custom recovery scripts and trigger recovery actions. Microsoft plans to add the same ability for Windows Servers hosted in Azure virtual machines (VMs) to Azure Portal.

Point-in-time restore allows users to roll back individual devices or groups of them to a previous state without complex troubleshooting. Point-in-time restore will be available in preview in the Windows Insider build of Windows 11 this week.

Next year, new WIndows devices will have hardware-accelerated BitLocker for full disk encryption with stronger hardware-based key protection, according to Microsoft. Coming in early 2026 is general availability of Sysmon functionality in Windows for making security events available through an event log.

More generally available Windows security features include post-quantum cryptography, zero trust domain name system (DNS) and passkey manager integration with Windows Hello.

Zero Trust DNS controls outbound name resolutions through encrypted DNS and approved DNS servers to block unauthorized access.

Also now generally available is external identities support to secure logins for contractors and partners and multiple simultaneous network paths for seamless failover delivery and connection boosting.

Microsoft is also adding new networking capabilities and Autopatch management for enterprise-level control of Quick Machine Recovery (QMR) updates as part of a host of advancements for its Windows recovery tools.

Windows Recovery Environment will read networking configuration from full Windows, so networking for WinRE does not need to be configured separately, according to Microsoft. The capability supports Ethernet currently and will soon also support Enterprise Wi-Fi with WPA 2/3 enterprise with device certificates.

In preview is a cloud rebuilt for Windows 11 for PCs experiencing erratic behavior. Users can select the Windows release and language through Intune. The PC will download the installation media, rebuild itself, and let the user take over Autopilot, ensuring the right mobile device management (MDM) configuration. Intune, Windows Backup for Organizations and OneDrive can then quickly provision the user’s applications, PC settings and files.

Autopatch update readiness, in preview, promises IT teams more transparency, predictability and control for assessing device fleets, identifying potential issues before deployment and planning rollouts.

Windows Endpoint Security, Kernel Access

Microsoft has moved the Windows Endpoint Security Platform (WESP) application programming interface (API) into general availability for partners building security tools outside kernel mode.

Informed by the defective software update from cybersecurity vendor CrowdStrike that caused a global Windows outage in 2024, the new API aims to reduce the risk of crashes and improve stability, according to Microsoft.

Microsoft is also working with the entire Windows driver partner ecosystem to move third-party drivers out of the kernel. The vendor is also hardening how kernel mode drivers run to reduce reliability risks for certain driver types such as graphics, which cannot leave user mode for performance reasons, according to Microsoft.

Part of Microsoft’s driver signing changes for Windows include new certification tests and more Microsoft-provided Windows in-box drivers and APIs to replace custom kernel drivers with standardized Windows drivers or move logic to user mode.

Microsoft expects “over the coming years” a significant reduction in code that runs in kernel mode across networking, cameras, USB, printers, batteries, storage, audio and other driver classes, according to the vendor.

Microsoft said it will continue to support third-party kernel mode drivers and won’t limit partners from innovating where Microsoft doesn’t provide Windows in-box drivers. Microsoft also won’t block partners from using kernel mode drivers where required for a quality Windows experience and for scenarios without in-box coverage.

New guardrails being added to kernel-mode drivers include mandatory compiler safeguards to constrain driver behavior, driver isolation to limit blast radius, and direct memory access (DMA)-remapping to prevent accidental driver access to kernel memory, according to Microsoft.

During high-impact incidents, Windows users can now work with Microsoft product team engineers through the Windows component of Mission Critical Services for Microsoft 365.

And coming soon for machines with non-interactive public displays is a digital signage mode. Restaurant menus, airport flight displays and other such signs will no longer show Windows screens or error dialogs. When Windows screens and error messages need diagnostics and recovery, Windows will show the screen or error for 15 seconds, then turn off the screen while waiting for keyboard or mouse input to reactivate.

Digital signage mode doesn’t replace the mode for interactive kiosk, according to Microsoft.

Security Capabilities In Microsoft Intune

Intune is gaining some new Security Copilot agents, including ones for change review, policy configuration and device offboarding.

The device management service has also gained an administrator tasks function for centralizing high-priority actions like approval requests and security tasks. It gained a deployments function for enabling controlled, phased rollouts across a diverse estate, and a maintenance windows function for updates scheduling control to minimize disruption.

A managed installer function in Intune should simplify allowing line-of-business (LOB) apps to run while eliminating attacks from malicious attachments or social engineered malware.

Updates For Microsoft Purview

Microsoft enhancements entering public preview in the coming weeks for its Purview data governance product include an AI-powered data security posture management ability.

The new DSPM ability brings together Purview DSPM and DSPM for AI to make a central entry point for data security insights and controls, according to Microsoft. The new experience adds outcome-based workflows, expanded coverage and remediation on data risk assessments and AI observability for an organization’s agent inventory with assigned agent risk levels and agent posture metrics based on agentic interactions with an organization’s data.

A new Security Copilot agent in Purview aims to accelerate the discovery and analysis of sensitive data to uncover hidden risks across files, emails and messages. Purview users can also have a unified view of data risks through visibility into Salesforce, Snowflake, Databricks and other non-Microsoft data available through integrations with Microsoft Sentinel.

Microsoft also has a public preview for auto-labeling Snowflake, SQL Server and Amazon S3 data sources. Purview users gained enhancements that range from extending protections to autonomous agents to an insider risk management function for agents where users can flag specific risky agent activities based on dedicated indicators and behavioral analytics.

Azure AI Search now ingests Microsoft Purview sensitivity labels and enforces corresponding protection policies through built-in indexers. And Purview data loss prevention (DLP) policies now extend to Copilot Mode in the Edge for Business enterprise browser.

In public preview are Purview DLP for Microsoft 365 Copilot, dozens more apps covered by inline data protection in Edge for Business, and new usage posture and consumption reports for compliance gaps, optimizing Purview seat assignments and more.

The ability for Purview Information Protection on-demand classification to detect sensitive information in meeting transcripts is in public preview.

More GA functions include on-demand classification for endpoints, extended SharePoint permissions with default sensitivity labeling to an entire document library, and a data security triage agent.

Priority cleanup in Purview Data Lifecycle Management for SharePoint and OneDrive is GA for overriding retention policies and compliantly deleting files.

Quentin Rhoads-Herrera, vice president of security services at Charlotte, N.C.-based Stratascale–part of SHI International, No. 12 on CRN’s 2025 Solution Provider 500–told CRN in an interview that Microsoft’s Purview data platform and data security as a whole are in high demand with the customers he works with.

The emergence of AI adoption across enterprises has customers more focused on data labeling and data governance, which has fueled more work for not only Stratascale and SHI but other Microsoft solution providers as well.

Microsoft Entra Enhancements

New agents in preview in the Microsoft Entra identity product include ones for conditional access optimization, access review, identity risk management and application lifecycle management.

An expanded public preview of Microsoft Entra Agent ID aims to give users secure access for AI agents with the same tools for your workforce identities. Users can register and manage agents, govern agent identities and lifecycles, plus protect agent access to resources.

Microsoft Entra Internet Access has gained public previews for prompt injection protection, network file filtering, shadow AI detection, and the ability to block employee access to MCP servers by web address.

The vendor has provided public previews for enhanced multifactor authentication (MFA) in Entra ID. Those enhancements include synced passkeys from Apple and others, passkey profiles, self-remediation for passwordless users, and self-service account recovery.

Entra Suite also added user-centric access reviews, risk-based approval in entitlement management, threat intelligence filtering, web address filtering, and guest access for external users from different tenants–all in public preview.

Microsoft Entra Secure Access Service Edge (SASE) capabilities, introduced as previews, include the ability to block attacks in the runtime to reduce risk exposure.

Entra ID authentication for Azure Cosmos DB–which expands Azure unified identity for database access–has entered general availability.

Developments For Microsoft Defender

Microsoft Defender offers a host of advancements to its agentic capabilities, providing users with agents that can do phishing triage, threat intelligence, vibe hunting agent and dynamic threat detection.

Phishing triage agents will soon have the ability to cover identity and cloud alerts, according to Microsoft. It also gained a new agentic email grading system to replace manual reviews and deliver rapid, transparent verdicts and clear explanations for every reported email.

Dynamic threat detection agents proactively hunt for false negatives and blind spots that traditional alerting can miss, kicking off an automated hunt to uncover undetected threats when an incident happens.

Defender’s disruption capabilities are expanding to more critical data sources through Microsoft Sentinel–including Amazon Web Services, Proofpoint and Okta–for real-time detection and automatic containment of threats like phishing and identity compromise.

The new predictive shielding automatic attack disruption capability activates immediately after an attack is first contained, predicting potential attack paths for where the adversary might go next and applying just-in-time hardening techniques that proactively block the attacker from pivoting.

A public preview is now available for a new end-to-end solution that combines GitHub Advanced Security’s application security tool with Microsoft Defender for Cloud's runtime protection enhanced by agentic remediation.