Poznámka:
Přístup k této stránce vyžaduje autorizaci. Můžete se zkusit přihlásit nebo změnit adresáře.
Přístup k této stránce vyžaduje autorizaci. Můžete zkusit změnit adresáře.
At Ignite 2025, Microsoft is announcing that Security Copilot agents will be directly built into the flow of work for security teams using Microsoft Defender, Microsoft Entra, Microsoft Intune, and Microsoft Purview.
A dozen new agents are introduced across these products, to bring agentic defense across workflows, enabling autonomous and proactive protection.
To make the agents easily accessible and help security teams get started more quickly, we're excited to announce that Security Copilot will be available to all Microsoft 365 E5 customers.
Rollout starts November 18, 2025, for existing Security Copilot customers with Microsoft 365 E5 as of November 18, 2025, and will continue in the upcoming months for all Microsoft 365 E5 customers. Customers will receive a 30-day advanced notification before activation. For more information on what's included, see What capacity is included?.
Welcome to a new era of cybersecurity: where security is ambient and autonomous, with agents built-in, easy-to-use, and ready to empower your team to stay ahead of threats.
Microsoft 365 E5 customers who already have Security Copilot can get started today with:
- Security operations in Microsoft Defender: https://security.microsoft.com
- Data security in Microsoft Purview: https://purview.microsoft.com
- Identity and access in Microsoft Entra: https://entra.microsoft.com
- Endpoint management in Microsoft Intune: https://intune.microsoft.com
All other Microsoft 365 E5 customers can get access to Security Copilot as part of a phased rollout in the upcoming months. Read the FAQ for more information.
FAQ
Overview and timeline
When will Security Copilot inclusion in Microsoft 365 E5 be available?
Security Copilot will be included for all Microsoft 365 E5 customers in the upcoming months - bringing agentic AI in the daily workflow. Customers will receive a 30-day advanced notification before activation. If you're already a Microsoft 365 E5 customer using Security Copilot, you can access this benefit at no additional cost.
Rollout starts November 18, 2025, for existing Security Copilot customers with Microsoft 365 E5, and will continue in the upcoming months for all Microsoft 365 E5 customers. Customers will receive a 30-day advanced notification before activation.
Licensing and capacity
What capacity is included?
Customers with Microsoft 365 E5 will have 400 Security Compute Units (SCU) each month for every 1,000 paid user license, up to 10,000 SCUs each month at no additional cost.
This amount scales by user license count, including for customers with fewer than 1,000 user licenses. This included capacity is expected to support typical scenarios as mentioned.
- Example 1: An organization with 400 user licenses gets 160 SCUs/month.
- Example 2: An organization with 4,000 user licenses gets 1,600 SCUs/month.
What is a Security Compute Unit?
A Security Compute Unit is a unit measure of the compute power to run Security Copilot workloads – for AI capabilities within the standalone and embedded experiences.
Will the provided SCUs for each month be usable across multiple workspaces?
Yes. The SCUs are usable across all workspaces in a tenant.
Is there an example of SCU consumption under current provisioned vs inclusion models?
Let's assume an enterprise company has provisioned 5 SCUs for each hour under the current billing model. Within a two-hour period, the customer runs the following scenarios:
- Prompt Execution: 3 SCUs over 40 seconds in the first hour
- Incident Summarization: 0.5 SCU over 10 seconds in the second hour
Total usage: 3.5 SCUs across 2 hours. However, because billing is based on provisioned capacity, the customer is charged for 5 SCUs every hour, resulting in 10 SCUs billed for 2 hours.
With the inclusion model, which provides 400 SCUs per 1,000 user licenses, there's no hourly provisioned capacity. Instead, the same two scenarios would deduct 3.5 SCUs from the monthly SCU allocation.
Will Security Compute Unit (SCU) allocation reset monthly or rollover if unused?
SCU allocations reset monthly and don't roll over if unused. Customers can't carry forward unused SCUs to future months.
Eligibility and access requirements
Who is eligible for Security Copilot inclusion?
All Microsoft 365 E5 customers are eligible and will get access in the upcoming months.
How do customers prepare their organization and tenants to configure Security Copilot?
Security Copilot is automatically provisioned for all eligible Microsoft 365 E5 tenants.No Azure setup or consent flows are required.
Customers will see in-product banners and guided onboarding to help them get started. No manual provisioning of SCUs is needed.
Is there a minimum Microsoft 365 E5 user license count consumption commitment to qualify for the Security Copilot inclusion?
No. All customers with Microsoft 365 E5 licenses qualify for the offer, regardless of user license count.
If a customer purchases Microsoft 365 E5 between now and activation, do they immediately receive the Security Copilot inclusion?
All qualifying Microsoft 365 E5 customers receive access in the upcoming months and will get a 30-day advanced notification before activation.
If a customer upgrades from Microsoft 365 E3 to Microsoft 365 E5 do they need to do anything specific to get access to Security Copilot?
No. No action is needed for customers to access to Security Copilot. Customers will receive a 30-day advanced notification before activation.
Is Security Copilot still available to customers without qualifying Microsoft 365 E5 licenses?
Yes. Customers without Microsoft 365 E5 licenses can continue to access Security Copilot using the existing pricing model. Learn more about Security Copilot pricing.
Are Microsoft Sentinel customers without Microsoft 365 E5 licenses excluded from eligibility?
Yes. Microsoft 365 E5 customers get Security Copilot at no additional cost as part of their license. Microsoft Sentinel customers without Microsoft 365 E5 licenses aren't eligible.
Usage and billing
What happens if a customer exceeds the included SCUs?
Usage beyond the allocated SCUs will be throttled at a future date. Customers have an option to scale beyond the allocated amount at $6 for each SCU on a pay-as-you go basis at that time. Customers will get a 30-day advanced notification when this option is available.
Do customers need to provision SCUs separately if they're eligible for this offer?
No. Eligible customers automatically receive access to Security Copilot. There's no need to manually provision SCUs.
Do customers need to manage other licenses or setup?
No. Security Copilot is ready to use inside the tools teams already rely on, with no action needed and guided onboarding for immediate value.
Features and capabilities
What capabilities are included?
Core Experiences: All chat, promptbook, and agentic scenarios across Microsoft Entra, Microsoft Intune, Microsoft Purview, Microsoft Defender, and the standalone Security Copilot portal. Additionally, customers with Microsoft 365 E5 who also use Microsoft Sentinel can apply their included SCU allocation to run Security Copilot scenarios in Microsoft Sentinel.
Developer Experiences: Tools such as Agent Builder and APIs for creating custom agents, promptbooks, and integrations via MCP and Graph APIs.
Partner-built agents: SCU costs included until further notice.
What isn't covered as part of this inclusion?
Any capabilities beyond those that are part of the core Security Copilot value requires additional payment.
For example:
- Microsoft Sentinel data lake compute or storage costs.
- Non-agentic Data Security Investigations experience in Microsoft Purview.
- Charges for Azure Logic Apps for usage with Security Copilot.
- Partner-built agent licensing paid through Security Store.
- Some agents may require prerequisites that involve products outside of Microsoft 365 E5 which are not covered.
Are Partner-built agents included?
Partner-built agents may require a separate license from the partner (purchased via Security Store); SCU costs for third-party agents are included, but this might change in the future as we roll out Security Copilot inclusion more broadly.
What can customers do with Security Copilot?
Security Copilot supports various use cases, such as:
SOC teams can simplify phishing triage and incident response with agents that classify alerts, summarize threats, and guide remediation.
Identity teams can strengthen access controls and reduce risk with agents that optimize Conditional Access policies and automate access reviews.
Data security teams can strengthen data protection and compliance with agents built to help triage alerts and discover sensitive data.
IT admins can better maintain secure, compliant endpoints more easily, with agents that help with tasks like assessing changes before they impact productivity.
For all other use cases, you can build custom Security Copilot agents, tailored to your organization's unique workflows.
Read more about Security Copilot use cases in the Adoption Hub.
Product experience
Where can customers track their usage?
Customers are able to track their usage in the in-product usage dashboard in the Security Copilot standalone portal. For more information, see Monitor security compute units use.
What is the in-product experience for customers?
Customers are presented with a recommendation card that suggests high-value use cases for using Security Copilot in a particular product experience. With the provided capacity, customers can use Security Copilot agents to automate tasks like user-submitted phish triage, alert triage, access reviews, and vulnerability remediation.
Will Microsoft Security Copilot agents be automatically enabled?
No, a customer's organization is required to set up and deploy agents in the relevant stand alone or embedded experiences. For more information, see Manage agents.
Are there other Security Copilot Integration Experiences and Configurations available?
Security Copilot integrates seamlessly with multiple Microsoft 365 and Microsoft security products that your organization has licensed. This integration allows users to query information directly from those products in the Security Copilot standalone and embedded experiences. This data is copied, processed, and stored by Copilot.
Customers can choose not to share their Microsoft 365 service data with Copilot in the "Owner settings" page. However, the organization won't be able to use Copilot with Microsoft 365 products such as like Microsoft Purview.
Where can customers learn more about adding additional workspaces and logging data in Security Copilot?
Customers can't allocate SCUs by workspace at this time. The total SCUs are to be used across the tenant.
Special scenarios
What does this mean for Managed Service Providers (MSPs)?
If an MSP is a Microsoft 365 E5 customer using Security Copilot today, whether internally or to manage the security of a customer, they no longer need to do separate billing for Security Copilot and can enjoy continued access to all agentic and chat experiences.
If an MSP after November 18, 2025 deploys Security Copilot for customers that are either Microsoft 365 E5 customers, then this customer also is no longer separately billed for Security Copilot, and can continue to use all Security Copilot capabilities and experiences.
What if the customer is a Microsoft 365 E5 customer and purchases Security Copilot after November 18?
Microsoft 365 E5 customers can continue to provision Security Copilot using the existing provisioned and overage pricing model, and will get a 30-day advanced notification before Security Copilot is included as part of their Microsoft 365 E5 license.
How will Security Copilot inclusion in Microsoft 365 E5 impact existing standalone Security Copilot customers who don't have Microsoft 365 E5 subscriptions?
Customers without Microsoft 365 E5 subscriptions can continue to access Security Copilot using the existing provisioned and overage pricing model.
The inclusion in Microsoft 365 E5 doesn't remove standalone access, ensuring continuity for customers who rely on Security Copilot outside of Microsoft 365 E5.
Data and compliance
What is Security Copilot's Microsoft 365 E5 data handling policies?
All existing Security Copilot customers' data storage and handling will continue in the location where their current workspace resides. For more information, see Privacy and data security in Microsoft Security Copilot.
Can my organization elect to disable Security Copilot at this time?
Existing customers can remove Security Copilot capacity. For more information, see Delete capacity through Security Copilot.
For customers who do not currently have access to Security Copilot through Microsoft 365 E5, details will be shared once it is included in their Microsoft 365 E5 license.