Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
If Security Copilot is included in your Microsoft 365 E5 license and your tenant has been enabled, Microsoft will automatically provision and onboard, so that you can immediately get started with Security Copilot in the flow of your work. You can start using Security Copilot in the following experiences:
- Data security in Microsoft Purview: https://purview.microsoft.com
- Identity and access in Microsoft Entra: https://entra.microsoft.com
- Endpoint management in Microsoft Intune: https://intune.microsoft.com
- Access Security Copilot portal: https://securitycopilot.microsoft.com
For more information on Security Copilot capabilities included in your license, see Learn about Security Copilot inclusion in Microsoft 365 E5.
What gets autoprovisioned?
As part of the autoprovisioning process, the following steps are done for you so that you can easily get started:
Creation of a default Security Copilot virtual capacity and a default workspace
Assign default workspace settings
Assign additional settings
Customer Data storage location
Customer Data storage location is the geography where customer's prompts, responses, and any Customer Data associated with a workspace is stored. For the default workspace that Microsoft creates for you, the Customer Data storage location that is preselected is your Microsoft Entra geography.
If your customer tenant has Microsoft 365 geo override (Preferred Data location, Go Local move programs, Advanced Data Residency (ADR add-on) etc.), then we use this Microsoft 365 geo override and map to one of the supported geos by Security Copilot.
The Customer Data storage location that is preselected for your Security Copilot default workspace can be viewed within the Owner settings page within Security Copilot portal. For more information, see Configure owner settings.
Customer Data sharing preferences
By default, the following settings are set to OFF:
- Allow Microsoft to capture data from Security Copilot to validate product performance using human review
- Allow Microsoft to capture and human review data from Security Copilot to build and validate Microsoft's security AI model
The data sharing settings can be changed within the Owner settings page within the Security Copilot portal.
For more information, see Privacy and data security.
Prompt evaluation location
Prompt evaluation location determines where your prompts are processed (evaluated) using GPU resources. When a user enters a prompt, Security Copilot evaluates it on GPU clusters in Azure datacenters. This configuration setting is preselected during autoprovisioning. By default,
- If your tenant's Customer Data storage location is in the EU, then prompts are processed in the EU
- If your tenant's Customer Data storage location is not in the EU, then prompts are processed globally (US, UK, EU, ANZ) depending on locality and GPU availability.
Accessing data from Microsoft 365 services
This setting allows customers to configure whether Security Copilot can query information directly from Microsoft 365 services such as Microsoft Purview.
By default, this setting is set to ON.
If you want to disable Security Copilot's access to Microsoft 365 service data, administrators can adjust this in Owner settings.
Note
Choosing to disable Security Copilot or limit it's access to Microsoft 365 service data will limit Security Copilot's ability to work with Microsoft 365 products.
What admins should do once enabled:
- Review Owner settings to confirm your organization's preferred configuration.
- Inform users that Security Copilot is available as part of your Microsoft 365 E5 license and how it can be used within your organization's policies.
For more information, see Privacy and data security.
Default roles
The following Microsoft Entra, Intune, Defender, and Purview roles automatically inherit Security Copilot owner access:
- Global Administrator
- Security Administrator
- Conditional Access Administrator
- Intune Administrator
- ComplianceBundle
- Microsoft Entra Compliance Administrator
- Purview Compliance Admin
- Purview Organization Management
- Purview Data Governance Administrator
The following Microsoft Defender and Purview roles automatically inherit Security Copilot contributor access:
- Microsoft Defender roles
- Any custom Microsoft Defender XDR roles that include Security Copilot permission. For more information, see Create custom roles.
- Microsoft Purview roles. For more information, see Purview roles in Security Copilot.
These roles that were added by default, can be modified within the Role assignment page of Security Copilot portal.