Update for the Vulnerability Remediation Agent for Security Copilot in Intune

Week of September 22, 2025
Device security
Update for the Vulnerability Remediation Agent for Security Copilot in Intune (public preview)
We’ve updated the Vulnerability Remediation Agent for Security Copilot, adding the following changes to the ongoing limited public preview:

• Role-based access control (RBAC) for Microsoft Defender - We’ve updated the RBAC guidance to reflect how RBAC is implemented in Microsoft Defender XDR. Guidance is now provided for configurations that use Unified RBAC (a single set of permissions across services) and for granular RBAC (customized permissions per service).

When using granular RBAC configurations, ensure the agent’s identity is scoped in Microsoft Defender to include all relevant device groups. The agent can't access or report on devices outside its assigned scope.

• Agent Identity – You can now manually change the account that the agent uses as its identity. From the agents Settings tab, select Choose another identity to open a sign-in prompt. Enter and authenticate the new account. Ensure the new account has sufficient permission to access the Microsoft Defender Vulnerability Remediation data.

Changes to the agent’s identity won’t affect the agent’s run history, which remains available.

These updates provide greater flexibility and control for organizations using the Vulnerability Remediation Agent in preview.