The emergence of GenAI is changing the world as we know it. This ‘once in a generation’ technology leap is already helping defenders see more and move faster, complementing human ingenuity and expanding our capabilities to protect beyond what was possible yesterday.
To help you seize this opportunity, we are excited to announce the general availability of Microsoft Copilot for Security (Copilot) on April 1st. This industry-leading product is the only generative AI solution that helps security and IT professionals amplify their skillset, collaborate more, see more, and respond faster.
Move at the speed of AI
Copilot brings insights from across Microsoft Security products and those of other software vendors, delivering natural language guidance to increase team efficiency and manage daily workflows. Copilot isn’t a replacement for these tools; Instead, it enables security and IT professionals to access, summarize, and act on insights from their existing tools faster.
In a recent research study conducted by Microsoft’s Office of the Chief Economist, experienced security analysts using Copilot were 22% faster at the common security tasks we gave them, and they achieved these time savings while also increasing accuracy by 7%.
Most importantly, 97% of the experienced security analysts said they wanted to use Copilot again next time.
These gains in speed, accuracy, and sentiment mean that security and IT teams have the power to radically improve not only their work, but also their sense of job satisfaction as they find the time to work on the most critical tasks, vs. being bogged down in the more mundane part of their roles. View the full report or infographic for more results from the study.
“Recently we hired a few junior analysts and what we've seen is, to get those folks up to speed, with Copilot, the speed is tremendous," said Mario Ferket, Chief Information Security Officer at Dow. “If you want to create a complex KQL script, you can now use natural language. This levels the playing field because in the past, the junior analysts would have needed help from senior analysts to do that type of work.”
Product Capabilities
Based on our learning from hundreds of customers during our early access program, that we began back in October, we are highlighting four critical security operations tasks, where we expect Copilot to deliver the greatest value to your teams at time of release:
Incident Summarization
Gain context for incidents and improve communication across your organization by leveraging generative AI to swiftly distill complex security alerts into concise, actionable summaries, which then enables quicker response times and streamlined decision-making.
Impact Analysis
Utilize AI-driven analytics to assess the potential impact of security incidents, offering insights into affected systems and data to prioritize response efforts effectively.
Reverse Engineering of Scripts
Eliminate the need to manually reverse engineer malware and enable every analyst to understand the actions executed by attackers. Analyze complex command line scripts and translate them into natural language with clear explanations of actions. Efficiently extract and link indicators found in the script to their respective entities in your environment.
Guided Response
Receive actionable step-by-step guidance for incident response, including directions for triage, investigation, containment, and remediation. Relevant deep links to recommended actions allow for quicker response.
Copilot is available both via an immersive standalone portal that helps teams gain a broader context to troubleshoot and remediate incidents faster with cross-product guidance and through an intuitive experience natively embedded within our existing and familiar security products.
In addition to general availability, we are also announcing the following new Copilot product capabilities:
Custom promptbooks allow customers to create and save their own series of natural language prompts for common security workstreams, tasks, and scenarios.
Knowledge base integrations (in public preview) empowers Copilot for Security to integrate your business context, so you can search and query over your proprietary content.
Usage reporting provides dashboard insights on how your teams use Copilot so that you can identify even more opportunities for optimization.
Expanded language localization now includes prompting and responses in eight languages and the product interface is now available in 25 languages to deliver improved user experiences.
| Languages | Availability | 
| English (US, GB, AU, CA, IN) | Prompting and product interface | 
| Spanish (Spain, Mexico) | Prompting and product interface | 
| Japanese | Prompting and product interface | 
| French (France, Canada) | Prompting and product interface | 
| German | Prompting and product interface | 
| Portuguese (Brazil) | Prompting and product interface | 
| Italian | Prompting and product interface | 
| Chinese Simplified | Prompting and product interface | 
| Korean | Product interface | 
| Dutch | Product interface | 
| Swedish | Product interface | 
| Polish | Product interface | 
| Portuguese (Portugal) | Product interface | 
| Norwegian | Product interface | 
| Turkish | Product interface | 
| Danish | Product interface | 
| Finnish | Product interface | 
| Chinese Traditional | Product interface | 
| Arabic | Product interface | 
| Thai | Product interface | 
| Hebrew | Product interface | 
| Czech | Product interface | 
| Hungarian | Product interface | 
| Ukrainian | Product interface | 
| Russian | Product interface | 
Connect to your curated external attack surface from Microsoft Defender EASM to identify and analyze the most up-to-date information on your organization’s external attack surface risks.
Microsoft Entra audit logs and diagnostic logs give additional insight for a security investigation or IT issue and summarize audit logs related to a specific user or event.
Use Copilot across your entire security estate
From the beginning, in addition to hundreds of early access program customers, we have worked with a broad set of security partners to help shape Copilot for Security. This has included validating and refining our new capabilities and doing critical work on plugins to extend Copilot to an ever-growing set of security products and data.
“By integrating Copilot for Security with our MXDR service offering and Difenda AIRO, we continue to rapidly address routine triage and response activities. Through customer testing, we have proven at least a 60% reduction in alert volume from phishing incidents and we are excited to see the drastic acceleration of cyber security program maturity for companies of all levels.”
-Andrew Hodges, VP of Service Delivery & Product Development, Difenda
Discover the innovations MISA partner, Quorum Cyber, is making to help defend customers against cyber threats at scale with the generative AI capabilities of Copilot for Security. Watch the video.
Learn how MISA partner, Netskope, is advancing threat response and enhancing data protection for customers with the generative AI capabilities of Copilot for Security. Watch the video.
Today we have a rapidly growing library of plugins for Copilot for Security, and we continue to work with our partner ecosystem to deliver more. Most recently, we are highlighting:
- Netskope: Enrich investigations with alerts and incidents data from malware, malsite, User Behavior Analytics, app access, and connection events.
- Valence Security: Respond to SaaS threats with enriched context from posture, identity, threat detection alerts, data shares, and integration context.
- Tanium: Assess incidents with endpoint visibility and resolve with recommended remediation actions.
- Cyware: Gain context and enrichments to analyze, prioritize and remediate.
- SGNL: Maintain a posture of zero standing privilege with cross-ecosystem visibility and insights.
For partners who want to join us on the Copilot for Security journey to help our mutual customers please visit us at https://aka.ms/CopilotforSecurityPartners to learn more.
Get started
Microsoft plans to make Copilot for Security generally available for purchase as a consumption offering beginning April 1, 2024. We will have one simple pricing model that covers both the standalone Copilot experience, and embedded experiences across the Microsoft Security product portfolio.
A consumption model means it will be easy to get started quickly and on a small scale, to experiment and learn with no upfront per device or per user charges. Customers will use their existing Azure subscription or sign up for one if they are not already an Azure customer. They will then be able to provision Azure capacity to support all their Copilot for Security workloads, both standalone and embedded. Copilot for Security capacity is anticipated to be billed monthly via a new Security Compute Unit (SCU) at the rate of $4/hr.
Learn more about Copilot for Security
To learn more about Microsoft Copilot for Security, visit aka.ms/CopilotForSecurity or contact your Microsoft sales representative. If you missed us at Microsoft Secure, you may watch the replay video.
Microsoft Security Copilot is a generative AI-powered assistant for daily operations in security and IT that empowers teams to manage and protect at the speed and scale of AI.
 right now,, a pay per use model with no clear cost prediction, it is a commodity for a few group of customers/enterprises.
right now,, a pay per use model with no clear cost prediction, it is a commodity for a few group of customers/enterprises.