Discover Security Copilot in Microsoft Entra—AI-driven identity and access management, now in preview.
Today we’ve announced the public preview of Microsoft Security Copilot embedded in the Microsoft Entra admin center. This integration brings all identity skills previously made generally available for the Security Copilot standalone experience in April 2024, along with new identity capabilities for admins and security analysts to use directly within the Microsoft Entra admin center. We've also added brand new skills to help improve identity-related risk investigation. In December, we will broaden the scope even further to include a set of skills specifically for App Risk Management in both standalone and embedded experiences of Security Copilot and Microsoft Entra. These capabilities allow identity admins and security analysts better identify, understand, and remediate the risks impacting applications and workload identities registered in Microsoft Entra.
With Security Copilot now embedded in Microsoft Entra, identity admins get AI-driven, natural-language summaries of identity context and insights tailored for handling security incidents, equipping them to better protect against identity compromise. The embedded experience also accelerates troubleshooting tasks like resolving identity-related risks and sign-in issues, without ever leaving the admin center.
Extending Security Copilot value to Microsoft Entra – AI for identity and access management
For public preview, the first set of skills are focused on identity security and troubleshooting access, providing time-savings and improved accuracy for identity and access management tasks. This marks the start of our journey toward a more comprehensive generative AI solution that addresses identity and network access solutions, including network access, enhanced access controls, and beyond. Generative AI for use in identity and access scenarios is still new but evolving quickly, and we see this product’s success as a collaborative effort. In joining the public preview early, you can help shape its direction by influencing key scenarios and skills as the product grows. Together, we’re building a solution that meets today’s needs and anticipates tomorrow’s challenges.
The value we’re seeing from early usage is inspiring! We’re excited to share the results of our recent Security Copilot IT Admin Efficiency Study, which shows IT admins are faster and more accurate when using Security Copilot embedded within the Entra admin center for the completion of certain tasks related to troubleshooting access failures, and overwhelmingly want to continue using Copilot in their workflows in the future. The results speak for themselves:
- Copilot users showed a 46.11% reduction in completion time for sign-in troubleshooting tasks.
- They were 46.8% more accurate across sign-in troubleshooting related tasks when using Copilot.
- And, most notably, 95% agreed that Copilot helped improve the quality of their work, and 96.7% said they would want to use Copilot for these tasks in the future.
What to expect in the Microsoft Entra admin center
We understand how important it is to have Security Copilot available in your flow of work as an identity admin, which is why we’ve made Copilot available directly within the Microsoft Entra admin center. Security Copilot will be accessible by clicking a Copilot button located in the navigation bar, which will open a chat panel for you to interact with.
To help you understand the kinds of tasks Copilot can initially help with, we’ve included built-in, click-to-run starter prompts that will show up upon first opening the Copilot chat panel. You can choose from the list of starter prompts or choose to ask Copilot questions related to sign-in log troubleshooting, investigating identity-related risks, and more. For example, you can say, “Show me the high-risk users in my tenant”, “Why was [Username] prompted for MFA”, or “Which conditional access policies applied to [Username] most recent sign in?” And lastly, we’ve included suggested follow-up prompts (based on context of your chat), to help you further investigate the issue at hand. See this below in action.
Identity admins can leverage starter prompts upon opening Copilot to get started with ”click-to-run" options to summarize, analyze, troubleshoot, and learn.
Using Security Copilot embedded in Microsoft Entra to secure access for any identity to any resource
Identity admins, security analysts, and network security admins all share the goal of securing access and managing identities across the organization. We’re focused on developing Security Copilot skills that directly support the core responsibilities of each of these roles, including:
- Governing and securing access
- Troubleshooting identity related issues and operations
- Optimizing workflows for identity lifecycles
- Planning and deploying secure policies for identity and network access
By structuring the features and capabilities around these key areas, we’re aiming to empower Security Copilot and Microsoft Entra customers with AI-driven insights, automation, and recommendations that quickly and more accurately complete specific tasks related to these core pillars—streamlining workflows and enhancing ability to protect identities and resources more effectively.
For public preview, we’re announcing skills that help identity admins and security analysts in two key scenarios:
- Managing access governance and policy enforcement with Security Copilot in Microsoft Entra, and
- Troubleshooting access failures during critical moments with Security Copilot in Microsoft Entra.
Managing access governance and policy enforcement with Security Copilot in Microsoft Entra
Our goal with this set of skills is to help customers overcome the challenges they may face as their organization grows and the complexity of identity-related risks continues to escalate. With the increase in volume and sophistication of attacks, managing access governance and policy enforcement is paramount.
In our April announcement, we discussed a scenario where an admin must quickly identify and resolve an issue of a user flagged for having a high-risk level. The admin uses the auto-generated Copilot summary to get an immediate analysis of the user’s risk level coupled with recommendations on how to mitigate an incident and resolve the situation.
We’re taking it a step further, introducing new capabilities that allow admins to further investigate risky users through open-prompt dialogue, providing insights into elevated risk levels, risky sign ins, and more. Investigations for any risky or unused applications, permissions granted to specific applications, and more will be added in both standalone and embedded experiences in December.
An identity admin must quickly look for crucial information, so they turn to Copilot for assistance on surfacing natural language summaries for at risk users and risky applications.
Troubleshooting access failures during critical moments with Security Copilot in Microsoft Entra
We also recognize that this rise in identity-related risks places overwhelming demands on identity admins, who must resolve critical access challenges while balancing security, efficiency, and user productivity. Admins can use Copilot to automate sign-in log troubleshooting tasks and gain actionable insights across user details, group details, sign-in logs, audit logs, and diagnostic logs within Microsoft Entra. These capabilities allow admins to quickly gather essential information, speeding up troubleshooting and improving operational efficiency.
When access issues occur—whether from sign-in failures, Conditional Access conflicts, or role and permission changes—admins can now use Security Copilot in the admin center to uncover the root cause. With Copilot, you can gather user details in seconds, from authentication methods to account status, helping you quickly verify whether user credentials or configuration are at fault. Similarly, with group details, you can easily confirm group membership or ownership issues that may affect access.
For sign-in log investigations, you can prompt Copilot to pinpoint and summarize recent activity or failed attempts for a specific user, making it easier to diagnose the source of access failures, such as blocked sign-ins or potential security concerns tied to specific IP addresses. For more complex scenarios, such as permissions changes or anomalies detected in audit logs, you can have Security Copilot do the hard work of isolating and understanding irregularities immediately. This includes identifying potential attacks—such as ownership changes or privilege escalation with added permissions—preventing misconfigurations from escalating into security risks.
And lastly, with diagnostic log capabilities, you can have Security Copilot assess policy health, ensuring configurations and log collections are set up correctly, helping you proactively avoid gaps in security that could leave your organization vulnerable.
An identity admin uses a Security Copilot, click-to-run starter prompt in Microsoft Entra to see all of the failed sign-in attempts for the past 24 hours.
How to get started with Microsoft Security Copilot
With its flexible, consumption-based pricing model, you can get started with Security Copilot quickly, then scale your usage and costs according to your needs and budget. Security Copilot is available for purchase now, and its use within the Microsoft Entra admin center is available in public preview. As most scenarios covered in this blog are currently available in public preview, we will continue enhancing the quality and range of skills supporting these embedded scenarios throughout the preview period. Again, we welcome you on this journey with us and encourage your engagement to help shape the success of Security Copilot in Microsoft Entra.
Security Copilot has proven to help security and IT teams transition into the age of AI and strengthen their skillsets. This is a huge milestone towards empowering organizations to safely leverage generative AI tools to achieve business goals, and we are so proud to work alongside our customers and partners on your journey to secure access for any identity, from anywhere, to any resource.
Learn more about how to get started with Security Copilot and connect with your account representative now so your organization can be among the first to realize the incredible benefits.
Sarah Scott
Principal Manager, Product Management
Learn more about Microsoft Entra
Prevent identity attacks, ensure least privilege access, unify access controls, and improve the experience for users with comprehensive identity and network access solutions across on-premises and clouds.
Microsoft
