Describe Microsoft Security Copilot


The top security challenges organizations face include:

  • An increase in the number and sophistication of attacks.
  • A talent shortage that is driving the need for automation, integration, and consolidation of security tools.
  • Visibility into security, privacy, compliance, and governance.

Organizations need to act quickly to address all the security challenges they face, but working at human speed, even if there weren't a talent shortage, isn't enough. Organizations need to work at machine speed.

Microsoft Security Copilot is the first and only generative AI security product to help defend organizations at machine speed and scale. It's an AI-powered security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk exposure in minutes.

Diagram showing key attributes of Microsoft Security Copilot, including hyperscale AI infrastructure, cyber-trained model with security skills, threat intelligence from 65 trillion signals and end-to-end security tooling.

The center of Microsoft Security Copilot is the prompt bar that allows security analysts to ask questions in natural language. You use the prompt bar to tell copilot what insights you want from your security data.

Three primary use cases are security posture management, incident response, and security reporting.

  • Security posture management. Security Copilot delivers information on anything that might expose an organization to a known threat. It then gives the analyst prescriptive guidance on how to protect against those potential vulnerabilities.

  • Incident response. Security Copilot can quickly surface an incident. For a surfaced incident, Security Copilot can enrich it with context from other data sources, assess its scale and impact, and provide information on what the source might be. Security Copilot can then guide the analyst through the response and remediation steps with guided recommendations. Security Copilot provides single pane of glass visibility by pulling in data from other sources like Defender and Sentinel and then correlating and analyzing that data all together.

  • Security reporting. Security Copilot can deliver customizable reports that are ready to share and easy to consume, allowing analysts to focus more on high value tasks pertinent for securing the organization.

The information you give Copilot will only be accessible to your organization. Your data is your data, and it's protected by comprehensive enterprise compliance and security controls. Your data isn't used to train the foundation AI models.

Security Copilot, which is currently in preview and not yet generally available, has planned integration with Microsoft Sentinel and Microsoft's other security product families.