Microsoft Copilot for Security Logic Apps Connector
The Microsoft Copilot for Security Logic Apps connector allows you to call into Copilot from an Azure Logic Apps workflow. This document provides an introduction to the connector action and its properties to get started integrating Copilot for Security in your automation workflows.
The connector exposes 2 connector actions:
- Submit a Copilot for Security prompt - Submit a natural language prompt to create a new Copilot for Security investigation. After completion, the evaluation result will then be returned to your workflow.
- Submit a Copilot for Security promptbook - Given a promptbook, invoke a new Copilot for Security promptbook evaluation and return the output to your Azure Logic Apps workflow.
For more information, see Power Platform Connector Page.
Prerequisites
Tenant - Ensure that your tenant admin sets up access to Microsoft Copilot for Security before using the connector.
User Authentication - This connector only supports delegated permissions via OAuth Authorization Code flow. The user that establishes connection to the connector when designing the Azure Logic Apps workflow must have access to Microsoft Copilot for Security. Learn more about Microsoft Copilot for Security Authentication.
Data access for enhanced interaction - It's important that the authenticated user can access data from various remote security products, including tasks like reading Defender incident reports and gathering multifactor authentication (MFA) details, among others.
Submit a Copilot for Security prompt
Create and set up a new Logic Apps workflow in the Azure portal.
- The connector is available in both "Standard" and "Consumption" plan types.
Configure the initial trigger step and proceed to search for the Copilot action "Submit a Copilot for Security prompt".
Fill in the parameters on the Copilot action.
Reference the following descriptions for the Copilot Action Parameters
Prompt Content (Required): Enter the natural language prompt to be evaluated.
Session ID (Optional): Enter an existing Copilot sessionId for maintaining continuity in your tasks, allowing to ask prompts within the same investigation. If omitted, Copilot creates a new investigation.
Plugins (Optional): Enter a list of plugin names for your investigation, scoping down the potential plugins that Copilot can pick to execute and answer your natural language prompt. Useful to avoid plugin collisions.
Direct Skill Name (Optional): Enter a specific Copilot skill to execute. Convenient way to bypass the standard Copilot planner if you know a specific skill to trigger.
Direct Skill Inputs (Optional): Enter a JSON body containing key/value pairs for required skill parameters. Useful when providing a Direct Skill Name to execute.
Submit a Copilot for Security promptbook
Create a new Azure Logic Apps workflow in the Azure portal.
- The connector is available in both "Standard" and "Consumption" plan types.
After setting up the Azure Logic Apps and configuring the initial trigger step, proceed to search for the Copilot for Security action.
After choosing the new Security Copilot action, proceed to fill in the following information.
Promptbook Name (required): Select a promptbook from the dropdown list.
Promptbook Inputs (required): Inputs are displayed dynamically for promptbooks with input fields. Enter the specific inputs for each input field.
Note
You will need to ensure that required fields, such ash
<SENTINEL_INCIDENT_ID>,<THREATACTORNAME>, or<DEFENDER_INCIDENT_ID>are filled in the input fields. Otherwise, the Azure Logic App workflow will not run successfully.Session ID (optional): Enter an existing Security Copilot sessionId for maintaining continuity in your tasks, allowing to ask prompts within the same session. If omitted, Security Copilot will create a new session.