Microsoft Security Copilot service description

Microsoft Security Copilot is a generative AI security product that helps defend organizations at machine speed and scale. Security Copilot delivers natural language insights and guidance to increase the efficiency and capabilities of security operations teams. Security Copilot leverages an advanced large model with a security-specific model that is informed by Microsoft’s unique global threat intelligence and more than 65 trillion daily signals.

During the Early Access Program, participating customers will receive a Microsoft Security Copilot program pass that grants access to the Security Copilot experience through an immersive prompting environment and embedded in the Microsoft Defender XDR interface.

Feature availability across plans

During the Early Access Program, Microsoft Security Copilot requires a Microsoft Defender for Endpoint P1 licensing.

Features available during Early Access Program

Features Description
Prompt interface Open chat functionality to make requests in natural language, response outputs as text, images, or documents.
Incident summary & response Summarize a security incident, enrich incident with threat intelligence, assess an incident’s impact, and provide guidance on remediation.
Available in the embedded Microsoft Defender for Endpoint experience.
Security posture management Summarize information on events that might expose an organization to a known threat.
Security reporting Prepare event, incident, or threat summaries in ready-to-share reports.
Script analyzer Explains Powershell script in natural language.
Available in the embedded Microsoft Defender XDR experience.
Pinboard Organize and summarize chat sessions.
Guided prompts Prompt suggestions to active common security use cases, accessed by entering “/” in the prompt bar.
Promptbooks Collection of prompts assembled to achieve specific investigation outcomes.
Prompt audit trail Review prompt interactions in an immutable record.
Plugins Integrations with Microsoft Security products and other services to enable access to security incidents, threat intelligence, and organizational context.
Plugins include Microsoft Defender XDR, Microsoft Sentinel, Microsoft Defender Threat Intelligence, Service Now, and more.

Learn More

Purchasing guide:
Onboarding guide:
Learn documentation:


To stay informed of upcoming changes, including new and changed features, planned maintenance, or other important announcements, visit the Message Center. For more information, see Message center.

Licensing terms

For licensing terms and conditions for products and services purchased through Microsoft Commercial Volume Licensing Programs, see the Product Terms site.


Microsoft remains committed to the security of your data and the accessibility of our services. For more information, see the Microsoft Trust Center and the Office Accessibility Center.