How to create a report using Security Copilot

  • 2 minutes

Following the phishing incident involving Hana Sykorova, the Maple School of Fine Arts board requests a formal report detailing what happened, how it was handled, and what steps are being taken to prevent future incidents. You need to generate a clear, professional summary that can be shared with nontechnical stakeholders.

Steps:

  1. Return to Security Copilot

    • Open the Microsoft Defender XDR portal.
    • Navigate to the Security Copilot interface.
    • Enter the prompt: "Generate a report for school leadership about the phishing incident on October 28 involving hana@fineartschool.net."

  2. Review the draft report

    Ensure it includes:

    • Incident summary: What happened and when, and how it was detected.
    • Timeline: Key events and timestamps, such as when the email was received, reported, investigated, and resolved.
    • Impact: Number of users affected, data exposure (if any), systems involved.
    • Actions taken: Investigation steps, user notifications, remediation.
    • Recommendations: Future prevention strategies such as policy updates, training needs, or technical controls.

  3. Customize the report:

    Add school-specific context, for example:

    • "No student data was compromised."
    • "The incident was contained within two hours."
    • “Staff will receive updated phishing awareness training."

    Adjust tone and terminology for a nontechnical audience.

  4. Export and distribute

    • Export the report to Word or PDF.
    • Share it with school leadership via secure channels.

  5. Optional: Create a parent-facing summary

    • Ask Copilot: "Summarize this incident in plain language for parents of Maple School of Fine Arts students."
    • Review the output for accuracy, appropriate tone, and thoroughness.
    • Use this version for newsletters or parent communications.

  6. Optional: Generate a follow-up checklist

    • Prompt Copilot to: "Create a checklist of follow-up actions for the IT team after this phishing incident."
    • Use this to track remediation and training tasks.

You’ve now created a professional, AI-assisted report in minutes—saving time and improving clarity. This builds confidence in your team’s ability to manage threats.

Tip

Reflection prompt:

  • Ask yourself what stakeholders in your school would need to see this report?
  • How would you tailor the message for each audience (for example, board members, parents, staff)?