Navigate Copilot for Security

The Copilot for Security platform has navigational features to maximize its functionality. As you explore the system, reference this article for more details.

Explore

Need some ideas on what to explore next? Check out these key landmarks:

1. Home menu
2. Prompts
3. Manage plugins and other sources
4. Help

Once you start your first prompt, more features light up:

1. Process log to see what Copilot for Security is up to.
2. Share your session with your team.
3. Side panel where the Pin board displays.
4. Create a promptbook based on the selected prompts.
5. Pin a prompt to the pin board.

Home menu

• Home gets you back to the initial page, ready to create a new prompt.

• My sessions reloads the page and changes the view to focus on past sessions you created. Manage your sessions with search and filter options along with the ability to rename or delete sessions as needed. Sessions created by embedded experiences you worked in also show up here.

• Promptbook library

• Owner settings - For more information, see Configure owner settings.

• Role assignment - For more information, see Assign roles.

• Usage monitoring - For more information, see Monitor security compute units use.

• Settings include theme, time zone, and language preferences along with some settings for Copilot owners.

• Tenant switching requires specific authentication.

  
  For more information, see the following articles:

  • Understand authentication

  • Grant MSSP access

    When a user signs into the Copilot for Security platform for their tenant, but the security-related data is in a different tenant, you must explicitly switch to that tenant. In the following screenshot, security analyst Angus MacGregor uses a Fabrikam account to sign in. Copilot for Security is provisioned in the Contoso tenant, however. With the tenant switch feature, the external member or guest account configured with the appropriate role in Contoso, is authorized to conduct sessions using Contoso data.

    The Copilot for Security portal reloads and initially shows the tenant ID in the URL like this:

    https://securitycopilot.microsoft.com/?tenantId=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

    Tip

    Manually modifying the tenant ID portion of the Copilot for Security URL will also switch the tenant.

Prompts

Check out these great articles to use promptbooks, find prompts to start with, and create great prompts on your own.

• Try promptbooks
• Prompting in Copilot for Security
• Create effective prompts

Manage plugins

For more information, see Manage plugins.

Get help

Access the support link and documentation articles from the Get help menu.

For more information on these options, see the following articles:

• Documentation
• Help - Contact support

Prompt features

Here are the features available once you create your prompt.

Process log

The process log appears directly under your prompt after you send it. As the response is being formed, notice the plugin chosen.

Each plugin and its capabilities directly correspond to prompts found when selecting See all system capabilities.

For example, in the process log shown, the Microsoft Defender XDR plugin is chosen. Also the prompt icon proceeds the prompt Generate guided response, which indicates this prompt was a specific capability of the plugin.

When you select the Prompts button, use the search to find capabilities. Select See all system capabilities to see all the prompts listed for each plugin.

Note

The Generate guided response session is just one of the possible sessions created by the Defender XDR embedded experience. When you interact with an embedded Copilot experience to produce results, the session will appear in your session list.

Many responses include direct links to data provided by the Microsoft service plugin chosen by the response. Use the direct links and the process log to build trust in Copilot for Security while you verify it's delivering accurate, appropriate responses.

Pin important items to the session

Use the pin board to keep track of important responses in your session. When a response is pinned for the first time, Copilot for Security generates a summary of the session for the pin board.

Pin multiple prompt-response pairs to expand what is included in the summary. Pinned items show a condensed response that is expandable. The last prompt pinned is ordered last in the pin board. If you pin a prompt from the middle of the session last, that's where it's pinned on the pin board.

Along with the summary, the pin board features tags under the session name to help provide context to the session.

Share a session

At any time during a Copilot for Security session, share your work with your team or decision makers. Select to create a link.

The send via email option isn't available in these regions. Use the Copy link and send manually.

• SouthAfricaNorth
• UAENorth

Tip

Keep in mind, this link references the entire session, not just the portion conducted prior to selecting the Share feature.

The same Share feature is available while reviewing My sessions.

Warning

When the link is shared by the owner to anyone with Copilot for Security access in the same tenant, they are able to view the shared session. Shared sessions show a static display of the entire session, whether they normally have access to the underlying security data or not.

While accessing a shared session, there's an option to Export the results.

View the shared session summary and pinned items to quickly understand the shared content.

For more information, see Shared session access.

Create a promptbook

For more information, see Build your own promptbook