Security Workloads - Security Copilot
Purpose
A Collection of resources for Microsoft practice building in the Security solution and Security Copilot area. For a view of other Workloadss, please see the Taxonomy.
To contribute to the PartnerCrucible, see Contributor’s Guide.
Industry Perspective
| Source | Description | Notes |
|---|---|---|
| Microsoft Security Copilot | March 13th Announcement: Microsoft Security Copilot is generally available on April 1, 2024, with new capabilities | Blog |
| Randomized Controlled Trial for Security Copilot | We conducted randomized controlled trials (RCTs) to measure the efficiency gains from using Security Copilot, including speed and quality improvements. External experimental subjects logged into a Microsoft Defender XDR (Defender XDR) environment created for this experiment and performed four tasks: Incident Summarization, Script Analysis, Incident Report, and Guided Response. | Whitepaper |
| Applied GAI in Security | @BrandonDixon - This newsletter serves as a place to document ideas, share opinions and inspire others to explore what this technology can bring to our field | Blog |
Community
| Source | Description | Notes |
|---|---|---|
| Microsoft Cloud Security Public Webinars | Public Webinar Schedule | Form |
| Security Copilot Customer Connection Program (CCP) | Community Connected Program for Security Copilot | Microsoft Community |
| Cybersecurity Copilot hub | By @Sameh Younis - As a seasoned Senior Security Solutions Architect with over 30 years in the field, including 16 years at Microsoft, this website offers a succinct way to access and search my LinkedIn articles and infographics. With a focus on cybersecurity and Azure cloud infrastructure, this platform is your guide to the latest developments and strategies in digital security. |
Partner Practice Building
| Source | Description | Notes |
|---|---|---|
| Security Copilot Partner Playbook | Includes a solution overview, partner strategic insights, and partner resources | Transform |
| Security Copilot Practice Building | Define your strategy, develop your skills, operationalize and go to market | Transform |
| Microsoft Security Copilot Customer Pitch Deck | Microsoft Security Copilot: Protect at the speed and scale of AI | Transform |
| Microsoft Security Copilot: An introductory deep dive for MSSPs | An introductory deep dive for MSSPs | Transform |
| Microsoft Security Copilot Frequently Asked Questions | FAQ | Microsoft Learn |
| Discover, protect, and govern AI usage with Microsoft Security | Microsoft Security helps you discover, protect, and govern the use of both Copilot for Microsoft 365 and other third-party AI applications | Tech Community |
Tech Resources
| Source | Description | Notes |
|---|---|---|
| Microsoft Security Copilot Repo | GitHub Repo including customer guides, promptbook samples, plugins, and logic apps | GitHub |
| Security Copilot Technical Resources | Topic page devoted to Microsfot Security Copilot | MS US Partner Resources |
| What is Microsoft Security Copilot | Microsoft Security Copilot (Security Copilot) is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, while remaining compliant to responsible AI principles. | Microsoft Learn |
| Operationalizing Microsoft Security Copilot to Reinvent SOC Productivity | While our core products detect and respond at machine speed, our ongoing mission is to upskill SOC analysts and empower them to be more efficient where they’re needed to engage. To bridge this gap, we are bringing Security Copilot into our industry-leading XDR platform, Microsoft 365 Defender, which is like adding the ultimate expert SOC analyst to your team, both raising the skill bar and increasing efficiency and autonomy | Tech Community |
| Prompting and promptbooks | Promptbooks are a collection of prompts that have been put together to accomplish specific security-related tasks. Each promptbook requires a specific input (for example, a code snippet or a threat actor name) and then runs a series of prompts in sequence, with one prompt building on the one before it. | Microsoft Learn |
| Triage alerts | riage incidents based on enrichment from threat intelligence | Microsoft Learn |
| Integration & Investigate in #M365D | Investigate an incident and associated suspicious entities | Microsoft Learn |
| Privacy and data security | Privacy and data security in Microsoft Security Copilot | Microsoft Learn |
| FAQ | Microsoft Security Copilot Early Access Program Frequently Asked Questions | Microsoft Learn |
| Microsoft Security Copilot Sample Prompts Library | a variety of examples to demonstrate how prompts can be used to achieve different security tasks. Our examples showcase how specific prompts can be utilized to perform a range of tasks. This is a collaborative page where people can learn from the examples and contribute their own. | GitHub |
| Microsoft Security Copilot Resources | Collection of reference by @iamjoeycruz | GitHub |
| Microsoft Security Copilot - PLaylist | Microsoft Security Copilot playlisft from Microsoft Security | YouTube |
Integration
| Source | Description | Notes |
|---|---|---|
| Microsoft Security Copilot Technical Announcement | General Availability details | Tech Community |
| Microsoft Defender External Attack Surface Management | Enhanced Defender EASM functionality in Microsoft Security Copilot | Tech Community |
| Microsoft Intune in Security Copilot | Copilot in Intune provides AI powered insights that are tailored for organizational needs, such as quickly resolving end user issues and ensuring policies and settings are configured to optimize business outcomes safely. | Microsoft Intune blog |
| Microsoft Purview in Security Copilot | Purview capabilities will be generally available as of April 1st, to help SOC teams identify risky user activities and sensitive data that could be at risk when investigating a security incident. | Tech Community |
| Microsoft Entra skills in Security Copilot | The following new Microsoft Entra skills will be available in the standalone Security Copilot experience: User Details, Group Details, Sign-in Logs, Audit Logs, and Diagnostic Logs. User Risk Investigation, a skill embedded in Microsoft Entra, will also be available in public preview. | Tech Community |
| Defender XDR in Security Copilot | Security Copilot with Microsoft Defender Threat Intelligence and Threat Analytics in the Defender portal to tap into high-fidelity threat intelligence on threat actors, tooling and infrastructure and easily discover and summarize recommendations specific to your environment’s risk profile, all using natural language | Tech Community |
| MDTI in Security Copilot | What’s New at Microsoft Secure 2024 | Microsoft Community Hub |
Security Copilot Agents
| Source | Description | Notes |
|---|---|---|
| Automate cybersecurity at scale with Microsoft Security Copilot agents | AI-powered agents represent the natural evolution of Security Copilot, going beyond AI assistant capabilities. They autonomously manage high-volume security and IT tasks, seamlessly integrated with Microsoft Security solutions and partner solutions | Tech Community |
| Agentic security your way: Build your own Security Copilot agents | : Building your own Security Copilot agents for tailored workflows, expanding the agent ecosystem with new Microsoft and partner solutions, and improving agent quality and performance. | Tech Community |
Plugins
| Source | Description | Notes |
|---|---|---|
| Extensibility Framework | The Security Copilot platform enables developers and users to write plugins that can be invoked to perform specialized tasks. | Microsoft Lean |
| Plugins | Manage plugins in Microsoft Security Copilot : Entra, #Intune, #M365Defender, #Sentinel, #DefenderThreatIntelligence, #ServiceNow, #NaturalLanguageToKQL | Microsoft Learn |
| plugins for Microsoft Security Copilot | Microsoft Security Copilot supports many plugins, including Microsoft and non-Microsoft plugins. This article describes several examples of non-Microsoft plugins you can use with Security Copilot. Each plugin has a specific function. Some, but not all, require additional authentication to configure integration with Security Copilot. | Microsoft Learn |