Megosztás:

Understand how Security Copilot is auto provisioned for Microsoft 365 E5 customers

If Security Copilot is included in your Microsoft 365 E5 license and your tenant has been enabled, Microsoft will automatically provision and onboard, so that you can immediately get started with Security Copilot in the flow of your work. You can start using Security Copilot in the following experiences:

For more information on Security Copilot capabilities included in your license, see Learn about Security Copilot inclusion in Microsoft 365 E5 subscription.

What gets autoprovisioned?

As part of the autoprovisioning process, the following steps are done for you so that you can easily get started:

Customer Data storage location

Customer Data storage location is the geography where customer’s prompts, responses, and any Customer Data associated with a workspace is stored. For the default workspace that Microsoft creates for you, the Customer Data storage location that is preselected is your Microsoft Entra geography. If your customer tenant has opted for Advanced Data Residency (ADR add-on) in Microsoft 365, then Microsoft chooses the local region geography that you opted for in ADR. Currently, Multi-geo isn't supported.

The Customer Data storage location that was preselected for your Security Copilot default workspace can be viewed within the Owner settings page within Security Copilot portal. For more information, see Configure owner settings.

Data sharing settings

By default, the following settings are set to OFF:

  • Allow Microsoft to capture data from Security Copilot to validate product performance using human review
  • Allow Microsoft to capture and human review data from Security Copilot to build and validate Microsoft's security AI model

The data sharing settings can be changed within the Owner settings page within the Security Copilot portal.

For more information, see Privacy and data security.

Agent setup requirements

To start using Security Copilot agents, your Global Administrator must complete the initial agent setup in Security Copilot or one of the Microsoft products (Microsoft Entra, Intune, Purview, and Defender).

Prompt evaluation location

Prompt evaluation location determines where your prompts are processed (evaluated) using GPU resources. When a user enters a prompt, Security Copilot evaluates it on GPU clusters in Azure datacenters. By default,

  • If the customer traffic is from Europe, prompts are evaluated within Europe
  • If the customer traffic is from rest of the world, prompts are evaluated globally

Accessing data from Microsoft 365 services

This setting allows customers to configure whether Security Copilot can query information directly from Microsoft 365 services such as Microsoft Purview.

By default, this setting is set to OFF.

For more information, see Privacy and data security.

Default roles

The following Microsoft Entra, Intune, Defender, and Purview roles automatically inherit Security Copilot owner access:

  • Global Administrator
  • Security Administrator
  • Conditional Access Administrator
  • Intune Administrator
  • ComplianceBundle
    • Microsoft Entra Compliance Administrator
    • Purview Compliance Admin
    • Purview Organization Management
  • Purview Data Governance Administrator

The following Microsoft Defender and Purview roles automatically inherit Security Copilot contributor access:

These roles that were added by default, can be modified within the Role assignment page of Security Copilot portal.

  • Last updated on