Microsoft Copilot for Security experiences

Copilot for Security offers an immersive standalone experience and intuitive embedded experiences that are available in other Microsoft security products.

Standalone and embedded experiences

Standalone experience
Copilot for Security, accessed through, is considered the standalone experience.

Embedded experience
Accessing Copilot for Security embedded experiences in other Microsoft security products is considered an embedded experience.


Guidance on specific embedded experiences can be found in the documentation library of the corresponding service. For example, if you access a Microsoft Defender XDR embedded experience, then the corresponding documentation for that Copilot for Security experience can be found in the Microsoft Defender XDR documentation. This ensures that you receive service-specific guidance wherever you access Copilot for Security.

The following table lists the available embedded experiences.

Product Embedded experience
Microsoft Defender XDR - Summarize incidents

- Analyze scripts and codes

- Generate KQL queries for hunting

- Use guided response

- Create incident reports

- Summarize device information

- Analyze files
Microsoft Entra - Investigate risky users
Microsoft Intune - Policy and setting management

- Use Microsoft Copilot in Intune to troubleshoot devices
Microsoft Purview - Investigate a Microsoft Purview Data Loss Prevention alert

- Summarize Communication Compliance messages by using Microsoft Copilot for Security

- Investigate insider risk management activities

- Summarize an eDiscovery message by using Microsoft Copilot for Security
Microsoft Defender Threat Intelligence - Using Copilot for Security for threat intelligence