What happened
Announced in the June 25, 2026 Intune update, the Vulnerability Remediation Agent (public preview) operates within Microsoft Security Copilot, drawing on Defender Vulnerability Management data to autonomously rank CVEs across Intune-managed Windows devices by CVSS score, exposure impact, and device count. It runs under a dedicated Entra agentic identity — not a human account — with admin-delegated scoped read permissions, preserving a clean audit trail.
Why it matters
This is one of the first Microsoft GA-path agentic security capabilities with a formal non-human identity model (Entra agentic identity + scoped permissions), setting a governance blueprint for enterprise AI agent deployments. It directly compresses the CVE-to-remediation cycle for endpoint teams.
Applicability
IT/security teams managing Intune-enrolled Windows fleets with Security Copilot licenses should enroll in the preview; particularly valuable for orgs with large device estates and limited vuln-management staffing.