Edit

Share via

Microsoft Copilot for Security Logic Apps Connector

  • Article

The Microsoft Copilot for Security Logic Apps connector allows you to call into Copilot from a Logic Apps workflow. This document provides an introduction to the connector action and its properties to get started integrating Copilot for Security in your automation workflows.

The connector exposes a single action:

  • Submit a Copilot for Security prompt - Submit a natural language prompt to create a new Copilot for Security investigation. After completion, the evaluation result will then be returned to your workflow.

For more information, see Power Platform Connector Page.

Prerequisites

  • Tenant - Ensure that your tenant admin has set up access to Microsoft Copilot for Security before using the connector.

  • User Authentication - This connector only supports delegated permissions via OAuth Authorization Code flow. The user that establishes connection to the connector when designing the logic app must have access to Microsoft Copilot for Security. Learn more about Microsoft Copilot for Security Authentication.

  • Data access for enhanced interaction - It's important that the authenticated user can access data from various remote security products, including tasks like reading Defender incident reports and gathering multifactor authentication (MFA) details, among others.

Quick Start

  • Create and setup a new logic app in Azure portal

    • The connector is available in both "Standard" and "Consumption" plan types

  • Configure the initial trigger step and proceed to search for the Copilot action "Submit a Copilot for Security prompt"

  • Fill in the parameters on the Copilot action

    Logic Apps Connector Parameters

  • Reference the following descriptions for the Copilot Action Parameters

    • Prompt Content (Required): Enter the natural language prompt to be evaluated.

    • Session Id (Optional): Enter an existing Copilot sessionId for maintaining continuity in your tasks, allowing to ask prompts within the same investigation. If ommitted, Copilot creates a new investigation.

    • Plugins (Optional): Enter a list of plugin names for your investigation, scoping down the potential plugins that Copilot can pick to execute and answer your natural language prompt. Useful to avoid plugin collisions.

    • Direct Skill Name (Optional): Enter a specific Copilot skill to execute. Convenient way to bypass the standard Copilot planner if you know a specific skill to trigger.

    • Direct Skill Inputs (Optional): Enter a JSON body containing key/value pairs for required skill parameters. Useful when providing a Direct Skill Name to execute.