/M365

Microsoft Copilot for Security: What you Need to Know

Since its launch, Microsoft’s Copilot has dominated industry discussions, perpetually building AI copilots into its products. The AI transformation has affected how many professionals work, cutting down mundane tasks and saving time at speed and scale.

At Trusted Tech Team, we remain committed to harnessing the latest AI advancements to fuel our growth in the industry. The recent release of Microsoft Copilot allows us to offer real-time intelligent assistance with privacy, compliance, and responsible AI to ensure all our customer’s data processing is protected. AI has created many opportunities to help businesses like ours protect against evolving cyber threats.

The latest release of Copilot focuses on the cybersecurity landscape, empowering security professionals to detect end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management.

Many teams are faced with security challenges as attackers become increasingly sophisticated. According to Microsoft statistics, the number of password attacks has tripled in the last 12 months. Additionally, access to private data has become more vulnerable due to successful attempts of phishing emails.

To help increase the efficiency and capabilities of defenders, Microsoft has utilized generative AI to enhance its security capabilities while remaining compliant with responsible AI principles. Now generally available for all businesses, Microsoft Copilot for Security represents the first generative AI solution dedicated to strengthening your IT infrastructure through its large language model (LLM), plugin capabilities, and product integrations.

What is Copilot for Security?

Copilot for Security helps defend organizations by combining the most advanced GPT4 model from OpenAI with Microsoft’s security expertise to help security analysts and IT professionals be more effective and efficient.

For instance, security analysts can swiftly detect and address incidents within minutes, a process that would otherwise consume hours. Copilot for Security streamlines the creation of intricate scripts, such as those needed for threat hunting tasks. By simply querying Copilot for assistance with Kusto Query Language translation, it will initiate the process and generate the script on your behalf.

Example of Copilot for Security reporting after a prompt submission

Security Copilot can be accessed through the standalone experience or embedded experience available in other Microsoft security products. The standalone experience enables teams to gain a broader context to swiftly troubleshoot and remediate incidents within Copilot for Security.

Copilot for Security Standalone Experience Homescreen
Copilot for Security Standalone Experience Homescreen

On the other hand, the embedded experience seamlessly integrates Copilot guidance into your chosen products, ensuring familiarity and ease of use for your team members. For example, if you had Entra power user or Intune, you don’t have to leave that portal to access Copilot for Security.

Microsoft Products Integrated with Copilot for Security

ProductDescription
Unified security operationsOutpace cyberthreats with XDR and SIEM, all in one platform-available with Copilot embedded.
Microsoft IntuneMitigate cyberthreats to devices, protect data, and improve compliance across clouds-available with Copilot embedded.
Microsoft PurviewExplore governance, protection, and compliance solutions for your data-available with Copilot embedded.
Microsoft SentinelCollect security data and correlate alerts from virtually any source with intelligent security analytics.
Microsoft Defender Threat IntelligenceUnderstand cyberthreats and expose suspicious infrastructure with threat intelligence-included with Copilot.
Microsoft Defender External Attack SurfaceSee your rapidly changing, global external cyberattacks surface in real time.
Microsoft Defender XDRHelp prevent and detect cross-domain cyberattacks at the speed of AI-available with Copilot embedded.
Microsoft EntraHelp protect any identity and secure access to any resource with one family of solutions-available with Copilot embedded.

How Does Copilot for Security Work?

Microsoft and third-party security plugins enhance Copilot’s capabilities by integrating services and providing additional context from event logs, alerts, incidents, and policies. These plugins also enable searching through Defender Threat Intelligence articles, intel profiles, vulnerability disclosure publications, and more.

Security Copilot improves user prompts from these plugins by pre-processing them through a grounding approach. A grounding approach improves the specificity of the prompt, ensuring that prompts are more relevant and actionable to get you the answers you need. Once processed, the modified prompts are sent to the language model to generate informative responses for the user.

How Copilot for Security Works By Microsoft
How Copilot for Security Works By Microsoft

Security Copilot Pricing and Prerequisites

As of April 1st, the only prerequisite for Copilot for Security is an Azure account. Microsoft recommends connecting your Microsoft Security tools and integrating your other security tools to get the most value from Copilot.

Copilot for Security will be offered as a consumptive model, which means there will be no per-user or per-device charges. Security Copilot will be provisioned by Security Compute Units (SCU) to run all workloads.

Customers will be billed monthly for the number of SCUs provisioned at $4 per hour.

Trusted Tech Team will not be provisioning Copilot for Security SCUs; however, we will update our customers on any changes or offers through our newsletter! Make sure to subscribe below to keep up with the latest industry updates and trends.


Subscribe to the Trusted Tech Team Blog

Get the latest posts delivered right to your inbox

NhuDiem Pham

NhuDiem Pham

Content Marketing Strategist

Read More