Microsoft Copilot for Security experiences
Copilot for Security offers an immersive standalone experience and intuitive embedded experiences that are available in other Microsoft security products.
Standalone and embedded experiences
Standalone experience
Copilot for Security, accessed through https://securitycopilot.microsoft.com, is considered the standalone experience.
Embedded experience
Accessing Copilot for Security embedded experiences in other Microsoft security products is considered an embedded experience.
Important
Guidance on specific embedded experiences can be found in the documentation library of the corresponding service. For example, if you access a Microsoft Defender XDR embedded experience, then the corresponding documentation for that Copilot for Security experience can be found in the Microsoft Defender XDR documentation. This ensures that you receive service-specific guidance wherever you access Copilot for Security.
The following table lists the available embedded experiences.
| Product | Embedded experience |
|---|---|
| Microsoft Defender XDR | - Summarize incidents - Analyze scripts and codes - Generate KQL queries for hunting - Use guided response - Create incident reports - Summarize device information - Analyze files |
| Microsoft Entra | - Investigate risky users |
| Microsoft Intune | - Policy and setting management - Use Microsoft Copilot in Intune to troubleshoot devices |
| Microsoft Purview | - Investigate a Microsoft Purview Data Loss Prevention alert - Summarize Communication Compliance messages by using Microsoft Copilot for Security - Investigate insider risk management activities - Summarize an eDiscovery message by using Microsoft Copilot for Security |
| Microsoft Defender Threat Intelligence | - Using Copilot for Security for threat intelligence |