Virtual Ninja Training featuring Corina Feuerstein

Heike Ritter welcomes Corina Feuerstein back to the Virtual Ninja Show to explain what Security Copilot agents are and why they’re a big step beyond “assistant” features inside Microsoft Defender. Corina contrasts classic automation/playbooks with agents that can take a goal, use context, and build a workflow dynamically—then she spotlights the Phishing Triage Agent in Microsoft Defender. It focuses on user-reported phishing submissions (often hundreds per day), where 90%+ are benign, and uses Copilot-powered analysis to classify items as false positive (and resolve them) or true phish (and keep them open). She also shows how the agent plugs into Defender’s unified RBAC, runs under an assigned identity with minimum necessary permissions, provides explainability so analysts can see why decisions were made, and collaborates with Microsoft Defender for Office 365 AIR—where the agent’s “true” verdict triggers downstream investigation and remediation like campaign scoping and cleanup. Corina rounds out the ecosystem view with other agent areas (DLP/IRM, Conditional Access optimization, Intune vulnerability remediation, threat intelligence briefing) and a growing partner landscape.

We produced this as a pre-recorded, streamed episode that keeps the conversation lively and the technical bits pleasantly palatable. We shaped the flow, built a graphics package that supports the story without stepping on it, and prepped the guests so it sounds like a real dialogue—not a compliance document read aloud. In post, we tightened pacing and kept the demo beats clean, then delivered a smooth multi-channel stream through our remote studio and platform—resulting in a polished show that’s easy to watch live and even easier to replay when your SOC team needs a refresher.