Rediģēt

Kopīgot, izmantojot


Summarize device information with Microsoft Copilot in Microsoft Defender

Microsoft Copilot for Security in the Microsoft Defender portal helps security teams in speeding up device inspection through AI-powered investigation capabilities.

Know before you begin

If you're new to Copilot for Security, you should familiarize yourself with it by reading the following articles:

Security operations teams are tasked to sift through device data to find suspicious activities or entities to prevent malicious attacks. These teams need to summarize large amounts of data and simplify complex information to quickly assess, triage, and connect a device's status and activities to potentially malicious attacks.

The device summary capability of Copilot in Defender enables security teams to get a device's security posture, vulnerable software information, and any unusual behaviors. Security analysts can use a device's summary to speed up their investigation of incidents and alerts.

Copilot for Security integration in Microsoft Defender

The device summary capability is available in the Microsoft Defender portal for customers who have provisioned access to Copilot for Security.

This capability is also available in the Copilot for Security standalone portal through the Microsoft Defender XDR plugin. Know more about preinstalled plugins in Copilot for Security.

Key features

The device summary generated by Copilot contains noteworthy information about the device, including:

  • The status of important Microsoft Defender XDR protection capabilities, like attack surface reduction and tamper protection
  • Any significant user activity observed, like unusual sign-in attempts
  • A list of vulnerable software installed in the device
  • The status of other security features, like firewall settings, that contribute to the device's risk
  • Other notable insights that signify the device's status, like when the device was last seen active
  • Device insights delivered by Microsoft Intune, like information on the device's primary user, device group, or discovered apps

You can access the device summary capability through the following ways:

  • From the main menu, open the Device inventory page by selecting Devices under Assets. Choose a device to investigate from the list. Upon opening the device page, Copilot automatically summarizes the device information of the chosen device and displays the summary in the Copilot pane.

    Screenshot of the device summary results in Copilot in Defender.

  • From an incident page, you can choose a device on the incident graph and then (1) select Device details. On the device pane, (2) select Summarize to generate the device summary. The summary is displayed in the Copilot pane.

    Screenshot highlighting the steps to access the device summary in an incident page in Copilot in Defender.

    You can also access the device summary capability by choosing a device listed in the Assets tab of an incident. Select Copilot in the device pane to generate the device summary.

    Screenshot highlighting the device summary option in the assets tab of an incident page in Copilot in Defender.

Review the results of the device summary. You can copy the results to clipboard, regenerate the results, or open the Copilot for Security portal by selecting the More actions ellipsis (...) on top of the device summary card.

Sample device summary prompt

In the Copilot for Security standalone portal, you can use the following prompt to generate a device summary:

  • Summarize device information in Defender incident {incident number.

Tip

When investigating devices in the Copilot for Security portal, Microsoft recommends including the word Defender in your prompts to ensure that the device summary capability delivers the results.

Provide feedback

Your feedback helps improve the quality of the results generated by Copilot. You can provide feedback about the results by navigating to the bottom of the Copilot pane and selecting the feedback icon Screenshot of the feedback icon for Copilot in Defender cards.

See also

Tip

Do you want to learn more? Engage with the Microsoft Security community in our Tech Community: Microsoft Defender XDR Tech Community.