Lead Story | Action Required | Enterprise · IT Ops · Cloud+DevOps |
|
Security Copilot Rolls Out to Every M365 E5 Tenant Starting April 20 — and Your Activation Notice Arrives Just 7 Days Before It Goes Live
Microsoft has begun a phased rollout of Security Copilot to every organization on Microsoft 365 E5 — automatic, zero-click, no Azure provisioning required. Message centre notice MC1261596 puts the activation window at April 20 through June 30, 2026. Your only advance warning is a 7-day in-product notification before your specific tenant goes live. The security teams that will get genuine operational value from this are the ones with a deployment plan before the activation banner appears.
Microsoft’s message centre notice MC1261596 confirms a phased rollout of Security Copilot to all Microsoft 365 E5 tenants from April 20 through June 30, 2026. Organizations receive 400 Security Compute Units per month for every 1,000 paid user licences, scaling proportionally for smaller environments, up to 10,000 SCUs per month at no additional cost. Activation is zero-click and automatic — no Azure configuration, no manual capacity provisioning. Security Copilot becomes available inside Microsoft Defender, Microsoft Entra, Microsoft Intune, Microsoft Purview, and the standalone Security Copilot portal the day your tenant is enabled. The notification that precedes that activation arrives seven days in advance.
The Security Copilot bundle includes the full catalogue of agentic experiences built into Microsoft’s security stack. For SOC and triage teams, the Phishing Triage Agent in Microsoft Defender evaluates each submitted message — body content, embedded links, attached files — using large language model reasoning rather than signature-based rules, and each verdict comes with an analyst-readable explanation and a visual reasoning map showing the agent’s decision path. The Alert Triage Agent handles the upstream alert volume that typically overwhelms tier-one analysts. For identity teams, the Conditional Access Optimization Agent in Entra reviews every CA policy in the tenant, identifies users and applications not covered by any policy, flags stale and conflicting assignments, and recommends targeted plain-language remediations. The Access Review Agent automates the access review cycle, flags unusual access patterns, and reduces the administrative burden on governance and compliance teams. For threat hunters and detection engineers, the KQL Query Assistant in Advanced Hunting converts natural-language requests into Kusto Query Language and shows the query logic step-by-step — closing the access gap for analysts who need to hunt but are not fluent in KQL. Custom agents can be built through the Agent Builder no-code interface, or extended via MCP and Graph APIs for developer teams.
The platform does not configure itself into operational readiness. Microsoft is explicit: every agent must be individually set up and deployed by an administrator before it performs any function. An organization can have a fully provisioned Security Copilot environment and still derive zero operational benefit because no agents have been enabled. The 7-day notification window is not a setup grace period — it is the entire advance warning that your deployment readiness will be tested. SCUs reset monthly and do not roll over; unused compute cannot be carried forward.
The 400-SCU-per-1,000-user allocation is meaningful but not unlimited, and organizations that use it reactively — running arbitrary analyst queries whenever someone thinks to ask Copilot a question — will exhaust the monthly budget quickly and encounter throttling. Overage SCUs, when available, are priced at $6 per unit on a pay-as-you-go basis. This is not a reason to avoid the platform; it is a reason to deploy agents against high-frequency, high-volume workflows first. A Phishing Triage or Alert Triage agent processing a consistent alert stream returns far more per SCU than sporadic analyst prompt sessions. Identify where Copilot works at scale, and start there.
→ Key Takeaway Before your activation notice arrives, answer three questions. Which workflows are you deploying agents against first? Microsoft’s recommended starting scenarios are phishing triage and alert triage in Defender, and access reviews in Entra. Who in your organization owns agent configuration and deployment — and do they know the window is 7 days? And what is not covered: Sentinel data lake compute, non-agentic Purview data investigations, Azure Logic Apps integrations, and third-party agent licensing from the Security Store are all outside the base E5 inclusion. Microsoft Sentinel customers without M365 E5 are not eligible at all. MC1261596 explicitly recommends using the FastTrack programme to accelerate your first pilot — request that engagement now, before the activation window opens. |
Quick Hits
| 01 |
FortiClient EMS CVE-2026-35616: Exploitation Confirmed Since March, 2,000+ Instances Exposed, CISA Flags Active Exploitation
CVE-2026-35616 (CVSS 9.8) is a pre-authentication API access bypass in Fortinet FortiClient Enterprise Management Server versions 7.4.5 and 7.4.6. An unauthenticated attacker can bypass the access control layer and execute arbitrary commands on the server via crafted HTTP requests. CISA added it to the Known Exploited Vulnerabilities catalog on April 6, confirming active exploitation. Exploitation was first observed against public-facing instances on March 31, 2026 — before most security teams had the patch in hand. CISA also issued a patch deadline of April 9 for US federal civilian agencies. The Shadowserver Foundation identified more than 2,000 publicly reachable FortiClient EMS instances globally. Fortinet released emergency hotfixes for versions 7.4.5 and 7.4.6; version 7.4.7 is forthcoming as the permanent fix. FortiClient EMS manages endpoint security policy and software deployment across enterprise fleets — pre-auth RCE on this server means an attacker can reach the policy engine that governs every endpoint it manages. CISA KEV →
| Critical | Enterprise · IT Ops |
|
| 02 |
Not on the M365 Stack? Cisco Open-Sourced a Free Agentic Threat Hunting Assistant in January and It Is Ready to Deploy
The PEAK Threat Hunting Assistant is an open-source agentic AI tool released by Cisco Foundation AI in January 2026, available at github.com/cisco-foundation-ai/PEAK-Assistant. It addresses a specific problem: the research and planning phase that precedes a hypothesis-driven hunt typically consumes more analyst time than the hunt itself — pulling threat actor profiles, mapping to MITRE ATT&CK, identifying relevant data sources, drafting hypotheses. PEAK automates that entire preparation sequence. Given a hunt subject, fourteen cooperating agent teams conduct parallel research across public threat intelligence and your internal data sources, then produce a structured PEAK-framework-aligned hunt plan with step-by-step procedures and sample queries tailored to what actually exists in your environment. Cisco Foundation AI architecturally separates internal and external research: a dedicated set of agents queries your SIEM and internal systems without passing that data into the broader public search pipeline. External data access uses Model Context Protocol servers: Splunk auto-discovery is built in, and any MCP-compatible source can be connected. The system uses a bring-your-own-model design — any LLM provider works, including Cisco’s open-source Foundation-Sec-8B-Instruct model, fine-tuned specifically on cybersecurity content. Human-in-the-loop feedback is a core design principle: analysts can redirect the agent research at any point, inject environment-specific context, or refine hypotheses before the final plan is generated. Cisco describes the preparation phase as shifting from “hours or days” to “minutes” — no independent validation of that figure exists, but the tool is free, the code is open, and the only requirements are an LLM connection and the data sources you configure. GitHub →
| Intel | Enterprise · Cloud+DevOps |
|
CVE Watch
|
Patch of the Day
SmarterMail Authentication Bypass via Password Reset API — Exploited by Storm-1175 Before Disclosure
CVE-2026-23760 is an authentication bypass in SmarterMail’s password reset API endpoint. The vulnerability allows an unauthenticated attacker to reset any user’s password by manipulating the reset request — bypassing the token validation that should confirm account ownership. With a successful bypass, the attacker resets the password for a target email account and logs in with full access. SmarterMail is a Windows-based email and collaboration server deployed across thousands of businesses, hosting providers, and municipal governments. Storm-1175, the China-linked threat actor documented in Microsoft’s April 6 blog, was exploiting CVE-2026-23760 as a zero-day before SmarterMail published its January 2026 advisory. Organizations that applied the advisory patch promptly may still have been compromised during the zero-day window. SmarterTools released the fix in SmarterMail Build 9511 (January 15, 2026). If you are running SmarterMail, verify your build number, and if your system was internet-facing at any point between mid-2025 and January 2026, audit authentication logs for unexpected password resets or logins from unfamiliar IP addresses.
| Vendor: SmarterTools (SmarterMail) · Patched: Build 9511 (January 15, 2026) · CISA KEV: Yes — active exploitation confirmed · Exploited: Zero-day exploitation by Storm-1175 prior to January 2026 disclosure |
|
Compliance Tip of the Day
|
NIST CSF 2.0 — GV.RM — Govern: Risk Management Strategy
AI Agents Are Making Security Decisions Now. Your Risk Register Needs to Document What That Means.
GV.RM-02 requires organizations to establish and communicate risk tolerances that reflect their risk appetite. With agentic AI now entering security operations — through Security Copilot bundles, open-source tools like PEAK, and vendor-built SOC platforms — that requirement extends to a new category of decision-maker. Two questions need explicit documented answers before any AI agent goes live in a security workflow. First: what is your acceptable false negative rate? An alert triage agent that misclassifies five percent of true positives as noise is operating at a rate that some environments can absorb as a reasonable trade-off for volume handled, and others cannot. That threshold needs to be set before the agent processes its first alert — not discovered retrospectively when an incident investigation reveals a dismissed true positive. Second: who is accountable when an AI agent makes a wrong call? The audit trail shows an automated decision. The governance model needs to specify whether a human reviews AI-assisted verdicts before they are actioned, and who owns the outcome when the agent is wrong. Action: Before activating Security Copilot agents or deploying any agentic AI into your security workflow, write AI-specific risk tolerance statements for each use case: acceptable error rates, escalation thresholds, and human review requirements. Add them to your risk register under GV.RM-02 and surface them to the appropriate governance body. GV.RM-02 exists to ensure this conversation happens before an AI-assisted miss forces it.
|
|
HARDENED | This newsletter does not constitute professional security advice. Security configurations and threat landscapes vary by organization. Consult a qualified security professional for implementation guidance specific to your environment. How we work: HARDENED uses AI agents for research, drafting, and automation. Every issue is reviewed by humans before publication. If you spot an error, reply directly — we correct the record promptly. Sources: Microsoft 365 Message Centre Notice MC1261596 (Security Copilot inclusion in M365 E5), m365admin.handsontek.net · Microsoft Learn (Security Copilot for Microsoft 365 E5 customers), learn.microsoft.com/en-us/copilot/security/security-copilot-inclusion · Microsoft Learn (What’s new in Microsoft Security Copilot), learn.microsoft.com/en-us/copilot/security/whats-new-copilot-security · Cisco Foundation AI Blog (Introducing the PEAK Threat Hunting Assistant, January 2026), blogs.cisco.com/security/introducing-peak-threat-hunting-assistant · GitHub (cisco-foundation-ai/PEAK-Assistant), github.com/cisco-foundation-ai/PEAK-Assistant · CISA KEV (CVE-2026-35616, added April 6, 2026), cisa.gov/kev · BleepingComputer (FortiClient EMS CVE-2026-35616, federal deadline April 9), bleepingcomputer.com · Shadowserver Foundation (2,000+ exposed FortiClient EMS instances), shadowserver.org · NVD (CVE-2026-23760 SmarterMail), nvd.nist.gov · CISA KEV catalog (CVE-2026-23760), cisa.gov/kev · Microsoft Security Blog (Storm-1175 / Medusa ransomware operations, April 6, 2026), microsoft.com/security/blog · NIST CSF 2.0, nist.gov/cyberframework |
|
