Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
Some information in this article relates to a prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
Microsoft Security Copilot agents automate repetitive tasks and reduce manual workloads. They enhance security and IT operations across cloud, data security and privacy, identity, and network security. These agents handle high-volume, time-consuming tasks by pairing data and code with an AI language model. They respond to user requests and system events, helping teams work more efficiently and focus on higher-impact tasks.
Agents fit naturally into existing workflows. You don't need special training or other licensing to use them. Agents utilize SCUs to operate just like other features in the product. They integrate seamlessly with Microsoft Security solutions and the broader supported partner ecosystem. Agents learn based on feedback and keep you in control on the actions it takes. They handle resource-intensive tasks like threat intelligence briefings, and Conditional Access optimization. With Microsoft Security Copilot agents, you can scale up your teams, people, and processes.
Microsoft Security Copilot agents offer significant benefits for security teams and IT operations by automating routine tasks and freeing up valuable time for teams to concentrate on strategic initiatives and complex problem-solving. This leads to improved operational efficiency, enhanced security and giving teams the ability to respond more swiftly to emerging threats. With Security Copilot agents, organizations can achieve greater scalability and resilience in their security and IT processes.
Agent terminology
This article defines key agent terminology used during agent set up.
Trigger
A trigger is an event or condition that tells an agentic system to initiate an action or series of actions. You can set the agent to run automatically at specific intervals or choose to run it manually when needed.
Permissions
In the context of agents, permissions are the level of authorization an AI agent is given by an administrator during configuration that enables it to access specific information or carry out its tasks.
These permissions might include the ability to read data from other solutions, for example Microsoft Defender External Attack Surface Management or Microsoft Threat Intelligence. By giving the agent permissions to access data from these solutions, the agent can generate insights or provide recommendations based on the information it's able to gather.
Identity
An agent needs an identity to authenticate and securely access resources when it runs. During the agent setup process, you're given two types of identity to choose from:
Create an agent identity
Note
Currently, this option is only available for Microsoft-built agents.
This option creates a dedicated identity for the agent using the Microsoft Entra Agent ID capability. Microsoft Entra Agent IDs are identities created specifically for AI agents. The user setting up the agent grants the agent ID permissions needed for the agent to run successfully. Using Agent IDs keeps access scoped, secure, and easier to manage. For more information, see What are agent identities?.
Connect with an existing user account
This option lets the agent use your credentials to run. It inherits your access and permissions while it's active.
Plugins
Plugins extend the capabilities of Security Copilot. A plugin is a component that extends what an agent can do by giving it access to capabilities in Microsoft and non-Microsoft services and public websites through APIs. Having access to plugins adds more context to the output of an agent.
Get started
To get started with Microsoft Security Copilot and harness agentic AI to transform security and IT operations, follow these steps in the journey to discover and use agents.
- Discover agents - Browse Microsoft and partner-built agents
- Standalone or embedded experience in the Microsoft security products
- Security Store
- Configure and manage agents - Setup agents
- Create your own agents tailored for your use case - Build custom agents
- Extend agents with plugins - Plugins
- Connect external systems - Connectors