Sophos, a global leader in next-generation cybersecurity, announced the general availability of deep integrations between its threat intelligence platform, Sophos Intelix, and Microsoft’s AI-powered environments: Microsoft Security Copilot and Microsoft 365 Copilot. First introduced at Microsoft Ignite in San Francisco, these enhancements provide organizations from small businesses to large enterprises with real-time access to Sophos threat data directly inside Microsoft’s Copilot ecosystem.
Every day, Sophos handles more than 223 terabytes of telemetry data on its Central platform, generating over 34 million detections and blocking more than 11 million threats automatically. This massive volume of global customer insight powers Sophos Intelix, making it one of the richest repositories of cyber threat intelligence and now, it is freely available to users of Microsoft Security Copilot and Microsoft 365 Copilot.
This development aligns with Sophos’ mission to democratize cybersecurity intelligence. By embedding its intelligence into Microsoft’s Copilot ecosystem, the company ensures that organizations at any stage of their security journey can access powerful insights where they work.
Sophos Intelix for Microsoft Security Copilot
Sophos Intelix integrates seamlessly with Microsoft Security Copilot, Microsoft’s generative AI assistant designed for Security Operations Center (SOC) and IT teams. By combining data across Microsoft Defender, Sentinel, Intune, Entra, and Purview, Security Copilot enables users to query and investigate threats in natural language now enriched with the global context and expertise from Sophos, which protects more than 600,000 organizations.
Through this integration, security analysts and IT teams can:
- Enrich alerts and triage incidents more quickly using Sophos Intelix services, including sandbox detonation and dynamic analysis.
- Investigate indicators of compromise (IOCs) by performing file, URL, and IP reputation lookups.
- Access global insights and threat prevalence data drawn from Sophos X-Ops directly in Security Copilot.
Sophos Intelix will also be available via Microsoft’s new Security Store, offering broader access through third-party agents, Microsoft Copilot agents (MCP), and APIs.
Sophos Intelix for Microsoft 365 Copilot
Beyond SOC workflows, Sophos is bringing its threat intelligence into productivity tools with the integration of Intelix into Microsoft 365 Copilot. Through this integration, business users, risk managers, and IT administrators can:
-
Ask natural-language questions in Microsoft 365 Copilot Chat or Teams to pull in Sophos threat intelligence.
- Verify if links, files, or domains are linked to known malicious behavior.
- Improve cyber awareness and decision-making without leaving their daily productivity tools.
This accessibility empowers users across the organization regardless of technical expertise to make security-informed decisions faster, minimizing the friction between productivity and protection.
Also Read: OpenAI Warns of Rising ‘Prompt Injection’ Threats – A New Cybersecurity Frontier for Businesses
Extending Microsoft Agent 365 Capabilities
Sophos Intelix also integrates into Microsoft Agent 365, expanding its reach within Microsoft’s evolving agent ecosystem. Leveraging Entra-based identity management, this integration allows organizations to embed Sophos intelligence within their agents while preserving full visibility and compliance.
Microsoft Agent 365 acts as a control plane for AI agents, enabling organizations to scale protections, infrastructure, and applications through familiar mechanisms tailored to agent contexts. Sophos’ presence in this ecosystem underscores its commitment to delivering threat intelligence throughout Microsoft’s expanding AI framework.
Addressing the Cybersecurity Gap
Security teams today face a deluge of alerts and often lack the human resources to respond at scale. This challenge is most acute for small and mid-size businesses (SMBs). According to Sophos’ research, 96 percent of SMB respondents struggle to investigate suspicious alerts, and 75 percent report difficulty in swiftly remediating incidents.
At the same time, cyber adversaries are accelerating their operations. Sophos’ Active Adversary Report 2025 reveals that data exfiltration begins within three days on average, with a median of only 2.7 hours between exfiltration and detection. In certain cases, attackers compromise Active Directory in as little as 11 hours. These findings highlight the urgency for defenders to access threat intelligence that is both deep and real-time.
Powered by Deep, Real-Time Intelligence
By making Sophos Intelix available inside Microsoft’s Copilot frameworks, Sophos is lowering the barrier to high-quality threat intelligence. This integration accelerates analysis, trims response times, and improves defense outcomes for organizations of all kinds.
Simon Reed, Chief Scientific Research Officer at Sophos, underscored the importance of this innovation: “The Microsoft Copilot ecosystem is transforming how people interact with technology by bringing natural language interfaces into the core of its Copilot ecosystem. The future of SOC productivity is moving beyond the graphical user interfaces we’ve relied on since the 1980s, toward a new paradigm of human–AI collaboration. AI assistants powered by expansive datasets, deep threat intelligence, and advanced systems are fundamentally reshaping how analysts work. By making Sophos threat intelligence available through both Microsoft Security Copilot and Microsoft 365 Copilot, we’re giving defenders faster, more natural access to insights that help them respond to threats with speed, precision, and confidence.”
On the Microsoft side, Vasu Jakkal, Corporate Vice President of Microsoft Security, emphasized the broader impact: “AI is the force multiplier for defenders, and when partners like Sophos bring their agentic innovation into the Microsoft Copilot ecosystem, the impact is exponential. Together, we’re not just building tools we’re creating a new era of intelligent, collaborative cyber defense.”
