Introduction
Microsoft Copilot for Security is accessible directly from some Microsoft security products. This is referred to the embedded experience. Currently, Copilot is embedded with Microsoft Defender XDR and Microsoft Purview, with more Microsoft security solutions embedding Copilot capabilities in very the near term.
The scenarios available through the embedded experiences are determined by the Microsoft solution in which the Copilot capabilities are embedded. For example, in Microsoft Purview Communication Compliance, Copilot can provide a summary of a message and its attachments in the context of the policy and classifier conditions that flagged the message.
In the standalone experience, Copilot does some processing to determine which of its many capabilities is best suited to respond to your prompt. In the embedded experience, because Copilot is available in the specific product, Copilot is able to invoke the product specific capabilities directly, providing processing efficiency.
The embedded experience is also a great place to start a security investigation. For example, as an analyst using Microsoft Defender XDR, you're likely to spend a good amount time in the incidents page. From the incident page, you can select an alert and immediately get a summary of that incident. Depending on what you learn you may determine that a deeper investigation is needed. In this scenario, you can easily transition to the standalone experience to pursue a more detailed, cross product investigation that brings to bear all the Copilot capabilities enabled for your role.
In this module, you learn about the scenarios supported by the embedded experiences of Microsoft Copilot for Security.
After completing this module, you'll be able to:
- Describe Microsoft Copilot in Microsoft Defender XDR.
- Describe Microsoft Copilot in Microsoft Purview.
- Describe Microsoft Copilot in Microsoft Entra.
- Describe Microsoft Copilot in Microsoft Intune.