Microsoft Copilot for Security is here!

No it’s not an April Fool’s Day prank.  On Monday 01 April, Microsoft announced that Microsoft Copilot for Security is finally generally available worldwide.  Copilot for Security is the industry’s first generative AI solution to help security and IT professionals catch what others miss, move faster, and strengthen team expertise.  Our Senior Security Consultant, Neil Roberts tells us what this means for your business.


For the last couple of months we’ve been talking about Microsoft Copilot, Microsoft’s AI powered assistant that is designed to help users work more productively. As exciting as the roll-out of this new technology is, we should always approach new technologies with an air of caution.  New technology means new risks and new threats.  Not only can we use AI to combat cyberthreats but AI will also be used against us, so we need to be prepared.

Microsoft Copilot for Security is an AI cyber security product that will enable all users who have the relevant knowledge and roles to respond to cyber threats quickly, process Advanced Persistent Threats (APT) signals at machine speed and assess the risk exposure of your organisation in minutes. It utilises a special language model designed specifically with security specific capabilities from the Microsoft stack. This includes and not limited to Microsoft Defender XDR, Microsoft Sentinel, Microsoft Intune, Microsoft Entra, Microsoft Purview, and Microsoft Defender for External Attack Surface Management. Copilot uses the data and signals from these products to generate customised guidance.

Take Incident Response as an example.

Responding to incidents needs to be efficient. You must perform initial triage on alerts to determine which ones you must respond to. Without Copilot for Security this would mean having to navigate though your Security Information and Event Management (SIEM) and try to gather all relevant security data associates with an alert. Once this is done, just like a jigsaw, you need to piece it together to get an overall picture of what has occurred. This is a time consuming job and often can lead analysts and other unskilled workers down unwanted rabbit holes.

However, with Copilot you can quickly analyse the alert by using the prompts and provide a summary with all relevant details. Once Copilot has gathered all the details, it will summarise what happened, highlight key details and generate a graphical view of the incident. It can then provide useful suggestions on potential next steps. This quick analysis allows you to triage alerts more efficiently, and the suggestions provided by Copilot, after an initial summary, will enable you to pivot into a full investigation and potential remediation effortlessly.

A recent trial with experienced security analysts to measure the effects on productivity, showed how much faster and more accurate they can be using Copilot for Security.  The trial was compared to a previous study carried out in November 2023 with new-in-career security professionals and a control group that didn’t use Copilot.  The trial produced some interesting results.

  • Experienced security analysts were 22% faster with Copilot.
  • They were 7% more accurate across all tasks when using Copilot.
  • And, most notably, 97% said they want to use Copilot the next time they do the same task.’

Here are some more examples of what you can ask Copilot for Security to do.  By asking questions in natural language and receiving actionable responses to common security and IT tasks, you’ll find solutions in seconds:

Addressing Cyber Security Skills Shortage and Staff Gaps

  • Act as a digital assistant for cyber security analysts.
  • Automate various tasks thus enabling staff to focus on more critical and strategic jobs.
  • Security Copilot analysts to learn from the AI tool by providing real-time guidance, recommendations, and remediation suggestions.

Security Operations – Improved Threat Detection and Response

  • Utilising Natural Language Processing (NLP) it can analyse and process large amounts of data thus allowing the AI tool to detect threats, anomalies, and patterns.
  • Machine-speed analysis and responses, allows you to triage data, identify vulnerabilities, and take decisive action to remediate issues.
  • Integrates seamlessly into existing Microsoft security products such as Intune, Sentinel and Defender.

Device Management – Get Device info and Generate Policies

  • Ask Copilot to list all devices that are associated with an incident and check that they are compliant.
  • Request steps for how to make sure devices remain compliant and keep your organisation safe.
  • Get the similarities and differences between two devices, like the compliance policies, hardware, and device configurations assigned to both devices.

Identity Management – Generate and Summarise access policies

  • Assist in investigating identity risks and help with troubleshooting daily identity tasks, such as why a sign-in required multifactor authentication or why a user’s risk level increased.
  • Quickly get to the root of an issue for a sign-in with a summarized report of the most relevant information and context.

Enhanced Productivity and Collaboration

  • Handling more mundane aspects of cyber security, such as sifting through log files and identifying potential vulnerabilities.
  • Quickly share critical information with colleagues and management to empower businesses to respond to threats more quickly and efficiently.
  • Streamline Threat Hunting to quickly detect patterns and anomalies that may signify malicious activity.

Overall, Microsoft Copilot for Security represents a significant step forward in the world of cyber security. It offers businesses a powerful and versatile tool to enhance your digital defences. By combining AI-driven analysis with human expertise, Copilot provides a comprehensive and adaptive approach to threat detection and remediation. With its ability to streamline processes, improve collaboration, and offer continuous learning and adaptation,  Copilot for Security is set to revolutionise the way businesses protect their digital assets. By adopting this innovative technology, organisations can stay one step ahead of cyber threats and ensure the safety and integrity of their data.