Security Copilot: Your AI-powered security solution

  • 6 minutes

Security Copilot is an AI-powered, cloud-based security analysis tool that enables analysts to respond to threats quickly, process signals at machine speed, and assess risk exposure faster than traditional methods. This video explains more about Security Copilot.

Security Copilot is designed to streamline security operations, saving time and money. These features demonstrate Security Copilot's versatility.

  • Investigate threats: Triage complex security alerts and remediate faster with step-by-step guidance.
  • Build queries: Use natural language translation to eliminate manual query writing and enable technical tasks.
  • Manage risks: Gain a broad picture of your environment with prioritized risks to improve security posture.
  • Troubleshoot IT: Synthesize relevant information rapidly and receive actionable insights to resolve IT issues quickly.
  • Define policies: Draft new policies, cross-reference for conflicts, and manage complex organizational contexts easily.
  • Develop reports: Create clear, concise reports summarizing context, environment, open issues, and proactive measures.

Security Copilot integrations and plugins

Security Copilot integrates with your IT team's existing tools, enhancing workflow and awareness, and accelerating new team member onboarding to ensure the security of your institution's data, apps, and devices. These are some data security tools that integrate with Security Copilot.

  • Defender XDR: Enable security teams to quickly and efficiently investigate and respond to incidents.
  • Defender for Cloud: Analyze, summarize, remediate, and delegate your recommendations with natural language prompts.
  • Entra: Summarize a user's risk level, provide insights relevant to the incident at hand, and suggest recommendations for rapid mitigation.
  • Intune: Manage policies and settings, understand security posture, and troubleshoot device issues.

Copilot in Purview

Security Copilot also integrates with Microsoft Purview. When IT admin sign up for Security Copilot in the same tenant as Microsoft Purview, they can use both the Security Copilot standalone and embedded experiences.

  • Standalone experience
    • End-to-end visibility: Gain deep dive insights from across platforms.
    • Insider risk and data context: Provide insider risk and data context to a variety of incidents and identify the attack's source.
    • Prioritize investigations: Prioritize investigations by understanding the data sensitivity involved in incidents.
  • Embedded experience
    • Enhance incident analysis: Dive deeper and speed up investigations with comprehensive alert summaries and advanced user hunting.
    • Unified security context: Integrate user and data context in one place for better understanding of intent.
    • Manage hidden risks: Identify, manage, and act on hidden risks with Data Security Posture Management.
    • Streamline controls: Discover protection gaps and improve controls with data loss prevention (DLP) policy insights.
    • Empower teams: Provide guidance and knowledge sharing with suggested prompts.
    • Accelerate eDiscovery: Quickly search through large volumes of eDiscovery content, reducing time from days or hours to minutes.