Security

Microsoft Security AI Foundations: Customer Success

3 min read

Summary

Microsoft highlighted how St. Luke’s and ManpowerGroup are building AI-ready security foundations with Microsoft Security, Microsoft Sentinel, Microsoft Defender, and Security Copilot. The stories show why unified visibility, automation, and Zero Trust controls are becoming essential for organizations that want to scale AI without increasing risk.

Need help with Security?Talk to an Expert

Introduction

As organizations push AI deeper into daily operations, security is becoming the foundation that determines whether innovation can scale safely. Microsoft’s latest customer stories from St. Luke’s University Health Network and ManpowerGroup show how enterprises are using a unified security platform to improve visibility, automate response, and support AI adoption with less risk.

What’s new

Microsoft’s update focuses on two real-world examples of organizations modernizing security to support AI-driven operations:

  • St. Luke’s University Health Network used Microsoft Security Copilot with Microsoft Defender and Microsoft Sentinel to unify security operations.
  • ManpowerGroup used Microsoft 365 E5, including Defender and Sentinel, to reduce tool sprawl and build a more consistent global security platform.
  • Microsoft positions these examples as a repeatable playbook for securing AI at scale: start with business risk, unify signals, operationalize governance, continuously harden posture, and automate outcomes.

Key takeaways from the customer stories

St. Luke’s: Faster SOC operations with Security Copilot

St. Luke’s needed better real-time visibility across its security estate. By connecting Defender and Sentinel and adding Security Copilot, the organization gained a single AI-powered view across endpoints, identity, email, and cloud workloads.

Reported benefits include:

  • Faster threat detection and investigation
  • Improved phishing triage and fewer false positives
  • More centralized workflows for SOC collaboration
  • Up to 200 analyst hours saved per month through Security Triage Agent automation

ManpowerGroup: Unified security for a global workforce

ManpowerGroup modernized from a fragmented toolset to a more integrated Microsoft security platform. Using Microsoft 365 E5, the company unified prevention, detection, response, SIEM, and SOAR capabilities.

Microsoft says this helped ManpowerGroup:

  • Reduce security complexity
  • Shorten integration timelines from weeks or months to hours or days
  • Improve consistency across global operations
  • Establish an AI-ready security foundation

Why this matters for IT administrators

For security leaders and Microsoft admins, the message is clear: AI adoption increases pressure on identity, data governance, compliance, and incident response. A disconnected security stack can slow teams down and create blind spots.

These examples reinforce the value of consolidating tools, improving cross-platform visibility, and using automation to reduce manual SOC workload. They also align with broader Zero Trust and governance priorities already familiar to Microsoft 365 and Azure security teams.

Next steps

IT administrators should review whether their current security environment supports AI adoption at scale:

  • Assess visibility across identity, endpoint, email, cloud, and data
  • Identify opportunities to reduce tool sprawl
  • Evaluate Security Copilot, Defender, Sentinel, and Microsoft 365 E5 capabilities
  • Strengthen governance with labeling, DLP, and policy enforcement
  • Automate repetitive triage, remediation, and reporting tasks where possible

Microsoft’s customer examples provide a practical roadmap for organizations that want to enable AI securely rather than treat security as a blocker.

Need help with Security?

Our experts can help you implement and optimize your Microsoft solutions.

Talk to an Expert

Stay updated on Microsoft technologies

Microsoft SecuritySecurity CopilotMicrosoft SentinelMicrosoft DefenderAI security

Related Posts

Security

Salesforce OAuth Abuse: Microsoft Guidance on ShinyHunters

Microsoft detailed how threat activity associated with ShinyHunters abused trusted OAuth relationships in Salesforce to gain persistent access, exfiltrate CRM data, and evade traditional sign-in detections. The company also announced improved Salesforce telemetry and near-real-time detection in Defender for Cloud Apps, giving security teams better visibility into connected apps, OAuth scopes, and suspicious SaaS activity.

Security

Microsoft Entra ID Passkeys Default Rollout Dates

Microsoft will make passkeys the default authentication experience in Entra ID starting September 1, 2026, automatically prompting users currently using SMS or voice MFA to register a passkey. The change matters because Microsoft-provided SMS and voice authentication will be retired on February 1, 2027, pushing organizations toward phishing-resistant authentication and requiring admins to plan migrations now.

Security

Microsoft Secure Future Initiative July 2026 Update

Microsoft’s July 2026 Secure Future Initiative progress report highlights major security gains across identity, cloud resource isolation, vulnerability remediation, and AI-driven defense. The update matters to IT and security teams because it pairs measurable hardening progress with practical guidance on phishing-resistant MFA, secure defaults, composite attack paths, and post-quantum readiness.

Security

GigaWiper Malware: Microsoft Details Destructive Backdoor

Microsoft Threat Intelligence has published a deep analysis of GigaWiper, a Golang-based backdoor that combines command-and-control features with multiple destructive payloads, including disk wiping, fake ransomware, and system sabotage. The research matters because it shows attackers consolidating several malware families into a single modular implant, increasing flexibility while reducing deployment footprint.

Security

Microsoft SFI AI Hardens Cloud Security at Scale

Microsoft detailed an internal multi-agent AI system built under its Secure Future Initiative (SFI) to proactively evaluate and harden live cloud services. The approach speeds up deep security analysis from weeks to hours by correlating code, identity, network, configuration, and runtime signals to uncover composite risks that single-tool reviews can miss.

Security

Cloud Security Posture Management Trends for 2026

Frost & Sullivan’s 2025 Frost Radar shows cloud security posture management is shifting from periodic compliance checks to continuous, risk-based governance within CNAPP platforms. For IT and security teams, the key takeaway is clear: prioritize tools that unify posture, identity, workload, and data signals to reduce risk faster across multicloud environments.