Microsoft’s Security Store crowns cyber AI agents as products

On September 30, 2025, Microsoft launched a Security Store inside Sentinel that turns AI security agents into real products with identity, approvals, billing, and audit. Here is what changes for SOCs, partners, and how to deploy in 90 days.

ByTalosTalos
AI Agents
Microsoft’s Security Store crowns cyber AI agents as products

The week cyber agents got a real app store

On September 30, 2025, Microsoft shifted the center of gravity in enterprise security. The company introduced an agentic update to Sentinel and, crucially, opened a dedicated Security Store so security teams can find, buy, and deploy AI agents that perform concrete tasks like phish triage, alert correlation, and access reviews. For years, agents were demos or pilots tucked inside products. This launch makes them products with packaging, pricing, and governance that enterprises can operate at scale. Microsoft set the tone clearly in its Sentinel announcement, which points teams to the Security Store for partner and Microsoft built agents in its post Sentinel’s agentic era and Security Store availability.

Think of the Security Store as a specialized hangar for autonomous security copilots. Instead of flying experimental drones in a parking lot, you now have flight lanes, air traffic control, tail numbers, and maintenance logs. That is the difference between a neat prototype and a safe, repeatable operation.

Why a store matters now

The Security Store re-bundles four enterprise needs into one experience:

  • Distribution you can trust. Curated listings, product pages that state required inputs and permissions, and a standard flow to try, deploy, and update. This reduces shadow procurement and gives security leaders a vetted path to automation.
  • Governance by design. Agents install into existing workspaces, inherit the enterprise identity and access model, and respect role-based controls. Admins can scope agents to least privilege, bind actions to approvals, and turn on audit logging centrally.
  • Billing that finance teams can reconcile. Purchases bind to the enterprise Azure subscription and resource groups, which means cost centers, tags, and commitments apply. This is how autonomous work gets out of the lab and onto the books.
  • Compliance evidence on tap. Audit records for agent configuration and interactions route into Microsoft Purview and your security data lake. That makes regulator questions like who approved a containment action and which data sources fed a decision answerable without a war room.

If you have spent the past eighteen months proving agents in pockets of the environment, this is the moment to consolidate those experiments around a store model that operationalizes them.

What changes inside the SOC

Agent on call, not analyst on call

Set a rotation where a small cadre of agents is always listening and triaging. The job is simple: reduce noise, escalate the right 5 percent, and propose actions with clear reasons. Analysts shift from finding problems to supervising resolutions.

  • Example: A phish triage agent ingests mail flow, URL detonation results, and user reports, then closes obvious false positives outright while packaging ambiguous cases with a proposed verdict, the evidence chain, and a one click approval to quarantine.
  • Example: An access review agent tracks groups and applications that drift from policy and proposes revocations, leaving reviewers to approve inside Teams with the full context attached.

Least privilege actioning

Agents get their own identities and roles. Treat them like junior colleagues: narrowly scoped, fully logged, and limited to safe changes unless an analyst approves. Use the following pattern:

  • Define scopes by data domain and action type. Let an alert triage agent read telemetry across Defender and Sentinel but restrict write actions to tagging and case updates.
  • Bind sensitive actions to approvals. If an agent recommends disabling a user, it must present the reason graph and require a human decision.
  • Apply conditional access and just in time elevation for agent identities so that risky conditions or off hours do not unlock sweeping rights.

Audit trails that investigators love

Every meaningful touch needs a breadcrumb. Capture three classes of evidence: configuration changes, interaction metadata, and content capture where policy allows. When a breach review starts, responders can replay the decision path: which agent suggested the block, which signal sources it used, who approved, and what the system did next. This shifts debates from opinion to facts.

New SOC metrics

Move the scoreboard from volume to value:

  • Mean time to triage and contain
  • Agent proposed action acceptance rate
  • Analyst hours saved per shift and per incident type
  • False positive rate before and after agent deployment
  • Percentage of alerts auto closed with post hoc sampling quality

The point is not to replace analysts. It is to let analysts apply judgment where it matters most while agents handle tedious, high volume work.

What it unlocks for partners

Security service providers and software vendors have tried to productize playbooks for years. The Security Store turns those playbooks into agents you can publish, monetize, and support under a common contract and billing model. Listings can package industry expertise as capabilities, telemetry connectors, and safe actions. A managed security service provider can now sell a posture optimization agent that continuously inspects configurations across Microsoft 365 and cloud estates, proposes changes aligned to a framework, and opens tickets for approval.

The distribution story matters as much as the technology. Microsoft has been unifying its commercial marketplaces so buyers can procure agents and applications through a single storefront that integrates with channel partners and established billing. That broader move underpins how a security focused store scales beyond early adopters. For details on catalog consolidation, purchasing routes, and Model Context Protocol alignment, see the unified Microsoft Marketplace announcement.

Partners should also draw lessons from adjacent ecosystems. Marketplace operations, packaging, and support expectations increasingly mirror what we have covered in our look at the HubSpot's Breeze Marketplace play, where buyers expect clear permission manifests, predictable pricing, and observable agent behavior.

Cross vendor interoperability moves from theory to practice

The practical question is how an agent in one product coordinates with a service in another. Three developments shift this from slideware to workable patterns:

  • Shared context graph. Sentinel’s graph based context and data lake create a common substrate that agents can reason over. Partners building into that substrate benefit from consistent entity identities and relationships.
  • Standardized capability exposure. Agent platforms increasingly expose tools through predictable schemas. That lets a triage agent request enrichment from a threat intelligence tool without bespoke glue for each vendor.
  • Model Context Protocol alignment. Marketplace level support for model context protocol simplifies connecting agent tooling and developer environments to enterprise data and actions. This reduces brittle custom plumbing and eases portability.

Interoperability does not mean every vendor agent acts everywhere. It means the affordances are in place for secure, explicit collaboration so that a containment action proposed by one system can be validated against another system’s policy before execution. For teams exploring isolation and safety boundaries, it is worth comparing Microsoft’s emerging patterns with the sandboxing approaches we examined in Vertex AI Agent Engine sandboxes.

A 90 day enterprise playbook

Below is a time boxed plan to pilot, govern, and measure agent value, while getting ready for vertical stores beyond security.

Days 0 to 30: Prove one narrow agent in production like conditions

Objectives

  • Select one high volume, low regret use case. Good candidates include phish triage, routine access reviews for Teams and groups, or enrichment and deduplication of endpoint alerts.
  • Define success before you deploy: target a 30 percent reduction in mean time to triage and a 20 percent reduction in analyst minutes per alert. Agree on an acceptable quality bar using random post hoc sampling.
  • Establish a control group and a test group so you can compare outcomes.

Actions

  • Create a non production workspace that mirrors production data and permissions. Load recent but sanitized data if needed.
  • Assign agent identities and roles with least privilege. Map every proposed action to an approval rule. Ensure sensitive changes are gated by human review.
  • Turn on audit for agent configuration and interactions. Decide whether transcripts are captured and where they are retained based on policy.
  • Instrument metrics: start measuring triage time, acceptance rate, and auto closure quality two weeks before deployment so your baseline is clean.
  • Run tabletop failure modes: what if the agent recommends a bad block, what if the approval route fails, what if the data source is unavailable. Document rollback steps.

Deliverables by Day 30

  • One agent live on a constrained scope with approvals enabled
  • Baselines captured and a live dashboard for the three core metrics
  • A short runbook that explains when to trust the agent, when to escalate, and what to do if it misfires

Days 31 to 60: Scale the pilot to two more use cases and harden governance

Objectives

  • Add one adjacent use case that exercises a different domain, for example identity hygiene in Microsoft Entra or data loss prevention alert triage in Purview.
  • Reduce human approvals on low risk actions where the agent has achieved 95 percent precision in your sampling. Keep approvals for high impact changes.

Actions

  • Introduce partner agents from the Security Store so you validate cross vendor behavior. Test how partner agents read your context and how their actions are logged alongside Microsoft agents.
  • Automate entitlements and lifecycle. Use a catalog entry per agent role so analysts can request or relinquish access with approval workflow and periodic recertification.
  • Connect audit streams to your security data lake for long term analytics and trend reporting. Build a weekly report that correlates agent activity with incident severity and outcomes.
  • Run a red team style assessment where a separate group tries to manipulate agent inputs. Validate that guardrails, approvals, and anomaly alerts hold.

Deliverables by Day 60

  • Three agents live across at least two domains with cross vendor evidence in the audit trail
  • Updated approval matrix that reduces friction where safe
  • A partner management checklist that covers onboarding, data sharing terms, and exit criteria

Days 61 to 90: Prove ROI and prepare for vertical agent stores

Objectives

  • Quantify the value. Translate analyst minutes saved into cost savings or capacity gains. Show improvements in time to triage and time to contain. Tie agent actions to reduced user impact on common incidents.
  • Draft a portability plan. You will want the option to bring your agent patterns to other domains that adopt stores.

Actions

  • Build a return on investment model that attributes outcomes by pathway. For example, a 25 percent reduction in triage time yields six analyst hours saved per week in the email response queue. Document assumptions and confidence intervals.
  • Define a minimal agent interface standard for your organization: identity model, allowed tools and actions, logging requirements, and approval patterns. This becomes the template you take into finance, supply chain, or employee services when vertical stores appear there.
  • Negotiate channel and marketplace terms with your preferred partners so you can buy and meter agents through your existing commitments and reseller routes.
  • Plan for failure domains. Treat each agent as a service with its own service level objective, versioning, and a rollback play. Add a kill switch for any agent that drifts from expected precision.

Deliverables by Day 90

  • An executive readable scorecard with three outcomes: time saved, quality maintained or improved, and risk reduced
  • A reusable policy and interface template for future agents and future stores
  • A sourcing plan that aligns Security Store procurement with your cloud commitments and partner program

Preparing for vertical agent stores beyond security

Security is first because the pain is loud and measurable. The same machinery will spread to other functions that have repeatable tasks and strong governance needs.

  • Finance. A month close agent that reconciles journal entries against policy, proposes adjustments with citations, and routes exceptions to controllers. Audit and retention policies are already a fit.
  • Customer operations. An escalation agent that triages tickets, proposes remediations, and auto opens change requests. It runs inside existing ticketing tools with a clear action registry and a kill switch.
  • Supply chain. A risk scanning agent that checks vendor shipments against sanctions and sustainability rules, then flags deviations for procurement review.

To prepare, insist on the same contract everywhere: agents get identities, least privilege, explicit approvals, and full audit. Stores should publish permission manifests and action catalogs so buyers know exactly what they are permitting. Metrics should be named up front and measured by default.

For operations teams thinking about scalability and reliability, patterns from the AWS AgentCore ops layer are instructive. Treat agents as long lived services with health checks, timeouts, and circuit breakers, rather than as ad hoc scripts.

What to watch next

  • Identity for agents. Expect richer role models and built in conditional access for workload identities so you can fence agent rights by location, risk, and time.
  • Evidence normalization. Audit records will become more granular and more portable across systems, making cross vendor compliance reporting easier.
  • Pricing clarity. As agents move from preview to production, pay attention to how vendors meter usage. Favor pricing that aligns with outcomes rather than raw interactions.
  • Interop playbooks. Look for reference designs where agents from different vendors coordinate through shared graphs and standard tool schemas instead of custom scripts.

The marketplace moment for cyber agents

An app store is a social contract as much as a catalog. By launching a Security Store that plugs into enterprise identity, billing, and audit, Microsoft has turned cyber agents into something security leaders can buy, govern, and measure. That makes this a tipping point. Teams get automation that respects guardrails. Partners get a route to market that rewards expertise. Executives get metrics that translate into capacity and risk reduction. The next wave will bring similar stores for other domains. The organizations that win will be the ones that learn to operate agents like real products today, then carry that discipline wherever a store appears tomorrow.

Other articles you might like

Claude Sonnet 4.5 and the Agent SDK make agents dependable

Claude Sonnet 4.5 and the Agent SDK make agents dependable

Anthropic’s Claude Sonnet 4.5 and its new Agent SDK push long running, computer using agents from novelty to production. Learn what is truly new, what to build first, and how to run these systems safely through Q4 2025.

AI Agents
·Read more
OutSystems Agent Workbench goes GA with MCP and marketplace

OutSystems Agent Workbench goes GA with MCP and marketplace

OutSystems made Agent Workbench generally available at ONE in Lisbon, adding a curated agent marketplace and native Model Context Protocol support so CIOs can ship governed, cross system AI agents quickly in Q4.

AI Agents
·Read more
HubSpot’s Breeze Marketplace Turns AI Agents Into Teammates

HubSpot’s Breeze Marketplace Turns AI Agents Into Teammates

HubSpot’s new Breeze Marketplace and Studio put AI agents on a real shelf as installable teammates for sales, marketing, and support. See how CRM context, native guardrails, and clear billing could change day-to-day work.

AI Agents
·Read more
Databricks + OpenAI Make Agent Bricks a Data-Native Factory

Databricks + OpenAI Make Agent Bricks a Data-Native Factory

Databricks and OpenAI just put frontier models inside the data plane. Here is why Agent Bricks now looks like a data-native factory, how Mosaic evals and Tecton features change the game, and what CIOs should do first.

AI Agents
·Read more
AWS AgentCore brings an ops layer for production AI agents

AWS AgentCore brings an ops layer for production AI agents

Announced at AWS Summit New York on July 16, Amazon Bedrock AgentCore bundles Runtime, Memory, Identity, Gateway, Browser, Code Interpreter, and Observability to turn agent prototypes into scalable production systems.

AI Agents
·Read more
Agentforce 3 Is The Tipping Point For Enterprise AI Agents

Agentforce 3 Is The Tipping Point For Enterprise AI Agents

Salesforce’s Agentforce 3 pairs a real Command Center with MCP-native interoperability and FedRAMP High authorization, making observability, governance, and reliability the new table stakes for enterprise AI teams.

AI Agents
·Read more
AP2 Makes Agent Checkout Real: Google’s Payments Breakthrough

AP2 Makes Agent Checkout Real: Google’s Payments Breakthrough

Google’s AP2 gives AI agents a rulebook to prove intent, identity, and spend limits at checkout. See how mandates and verifiable credentials enable card, bank, and stablecoin payments you can audit today.

AI Agents
·Read more
ChatGPT Agent goes live, from chat to action at work

ChatGPT Agent goes live, from chat to action at work

OpenAI has turned ChatGPT from a chat box into a doer. Agent mode opens a virtual computer that browses, runs code, edits files, and delivers finished work. Here is how to roll it out safely.

AI Agents
·Read more
Microsoft Security Store signals the future of enterprise AI

Microsoft Security Store signals the future of enterprise AI

Microsoft's new Security Store is a governed marketplace for cybersecurity agents. SOC teams can build no code Security Copilot agents and deploy vetted partner agents inside their Microsoft environment.

AI Agents
·Read more