Catatan
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba masuk atau mengubah direktori.
Akses ke halaman ini memerlukan otorisasi. Anda dapat mencoba mengubah direktori.
This article provides an overview of the key personas and how you can discover, set up and use agents, and the related components in the workflow in Microsoft Security Copilot. Advanced users and developers can also build and publish custom agents tailored to their organization’s needs.
Personas
Security Copilot agents span across three key personas:
Administrators - Discover and determine which agents to install, configure plugins, and review usage and success metrics of the agents.
End users (analysts or data security team; or IT admins) - Interact with the agent by using the output of their workflows and providing feedback on their workflows.
For more information on the use cases as they apply to the different personas or roles for Administrators and end users in a security operations center or an IT team, see Use cases.
Developers - Build and publish agents for internal use or broader organizational deployment. For more information on the developer documentation, see Build custom agents.
Work with agents, plugins, and connectors
Microsoft Security Copilot uses these capabilities to automate and extend security operations. Understanding what scenarios they can help with and how they relate to each other helps you get the most out of Security Copilot.
| Scenario | Recommended Approach | Guidance |
|---|---|---|
| Ad-hoc analysis | Start with prompts and promptbooks | Prompting in Security Copilot |
| Repeatable workflow & integration | Explore plugins and connectors | Plugins and Connectors |
| Automation | Discover agents | - To get started with agents, review key agent terminology to familiarize yourself with core concepts used in agent setup. - Explore Discover agents for the standalone and embedded agents. For partner-built agents, see Security Store. - For real-world examples of the capabilities in action, see Use cases. |
| Advanced workflows | Advanced level users can create custom agents, build promptbooks, and custom plugins | - Agents: Build custom agents - Promptbooks: Build your own promptbooks - Plugins: Build custom plugins |
Agents
An agent is an AI-driven security assistant or workflow that can autonomously execute and orchestrate tasks on behalf of security teams. Each agent has a defined goal such as triaging phishing alerts, generating a threat intelligence briefing, or remediating vulnerabilities. The agent works toward that goal without requiring you to guide every step. You can discover Microsoft agents, deploy partner agents, or build your own custom agents.
Agents can be interactive (responding to user prompts in real-time) or automated (triggered by events or on a schedule) to handle repetitive tasks with speed and consistency.
Plugins
When an agent needs information or needs to take action, it reaches out through a plugin. A plugin is a collection of tools (sometimes called skills) that connect the agent to a particular security product or service (Microsoft or third-party). For example, one plugin might let Security Copilot retrieve an alert from Microsoft Sentinel, while another plugin might query an IP reputation service.
A Security Owner can enable or disable plugins; developers can write custom plugins. For more information, see Plugins overview.
Connectors
Connectors are integration interfaces that link Security Copilot with the broader ecosystem. Connectors bring external systems such as Logic Apps workflows or Copilot Studio connectors inward to invoke a Security Copilot agent, run a prompt, or trigger automation. Where plugins extend what an agent can reach outward, connectors bring external processes inward to reach an agent.
For more information, see Connectors overview.
Custom agents
If you are a developer, you can build and publish Security Copilot custom agents tailored to your organization's specific security and operational needs.
Security Copilot empowers developers to build, test, and publish agents to Security Copilot.
For more information, see the Agent development overview developer content documentation.
Promptbooks
A promptbook is a reusable, multi-step workflow made up of natural language prompts. It guides Security Copilot through a structured process such as investigating an incident, analyzing a threat, or generating a report by chaining together a series of prompts and actions.
Promptbooks can include branching logic, input fields, and references to plugins or skills. Analysts can run promptbooks manually or trigger them through agents or connectors as part of a broader workflow.
For more information, see Promptbooks.