Today, IT teams are at the forefront of security and innovation, balancing the need to protect against evolving cyber threats with ensuring a seamless digital experience for end users. With growing responsibilities and complex environments, IT teams require effective tools to stay ahead and continue driving value across the organization.
Since the public preview of Microsoft Copilot in April 2024, Microsoft Intune has been pushing the boundaries of what's possible in endpoint management with a clear and focused goal: provide IT with a solution that is simple, intuitive, and secure at its core, which helps you focus on what truly matters.
By bringing AI assistance into everyday tasks like policy management and troubleshooting, Intune is on a journey to make these essential processes easier and more efficient with Microsoft Security Copilot.
As highlighted in a recent study, 75% of knowledge workers are already using AI tools at work—90% of them say it saves them time and 85% report it helps them focus on important tasks. Another study found that for every $1 organizations invest in generative AI, they’re realizing an average of $3.70 in return, and the study uncovered insights about the potential of AI to reshape business processes and drive change across industries. These insights reflect the growing demand for AI solutions that don’t just add value—they also simplify and streamline workflows, making time for work that matters.
Today we’re thrilled to share the next wave of Copilot innovations in Intune, continuing our commitment to help IT secure endpoints, boost productivity, and succeed in a fast-paced digital world. With new capabilities, Copilot now helps IT teams further reduce the attack surface by highlighting potential risks, streamlining critical workflows, and responding to issues with speed and precision.
Find device data you need, when you need it
Analyze device data and take actions
With Intune Advanced Analytics, which is part of the Microsoft Intune Suite and available as an add-on, IT teams gain powerful device query capabilities that enable accessing critical data faster and more efficiently than ever. We began by introducing the ability to query individual devices using Kusto Query Language (KQL), which gives admins near real-time insights into specific device details. This includes access to volatile data, such as active processes and memory usage, as well as unbounded data, like event logs—providing IT teams with a comprehensive view of each device’s status and activities.
IT teams have emphasized that access to data alone is not sufficient; it’s essential to have actionable options that enable meaningful responses based on that data. We are excited to share that you now can also take remote actions on those results—such as restarting a device, collecting diagnostics, or updating configurations—directly after querying a device.
Building on the ability to query individual devices, IT can now query device inventory data across the entire fleet to perform broader analyses. This functionality allows admins to quickly identify issues that may impact multiple devices across the tenant. We will soon be bringing the capability to take actions from a multi-device view as well. This progression marks a major step forward, providing IT with data precisely when it’s needed and enabling more proactive management across the organization.
However, writing queries in Kusto Query Language (KQL) may not be second nature for everyone, and that’s where Copilot steps in.
Create and run query with Copilot
With the goal of empowering every IT admin, we’re excited to announce the public preview of Copilot assistance for querying multiple devices. When this capability is released in early December, IT admins can compose KQL queries with AI assistance to analyze data across multiple devices at once. This simplifies complex query creation and makes it easier to get inventory data about devices —without the need for deep KQL expertise.
Screenshot of adding and running a query with Copilot.
With Device query and Copilot, troubleshooting—typically a time-consuming task for IT admins—is transformed into a more efficient process.
Whether it’s troubleshooting device issues, inspecting specific device data, or trying to identify a set of devices in your environment based on custom criteria for day-to-day management activities, Copilot makes it easier for admins to spend less time finding the data they’re looking for regarding single- or multi-device contexts and more time focusing on getting the job done.
For example, if a misconfiguration is affecting several devices, multi-device query allows admins to quickly assess the scope of the issue across their organization. And with Copilot assisting in KQL query creation, every IT admin is empowered to easily generate the queries they need, saving valuable time and accelerating issue resolution.
Strengthen security by reducing your attack surface
In today’s cyber threat landscape, evaluating and mitigating app-related risks is essential. Another new capability releasing in preview is Copilot with Microsoft Intune Endpoint Privilege Management (EPM), which will help identify potential app elevation risks during the support approved workflow. With EPM, admins can approve user requests for app installations that require elevation. However, IT and help desk admins sometimes get approval requests to elevate unfamiliar apps. Today, admins have to manually research the app’s purpose, its reputation, and risk level to prevent potential security risks associated with approving a malicious app.
Now Copilot can streamline this process by analyzing data from EPM and Microsoft Defender Threat Intelligence, helping IT admins make informed decisions on app elevation requests. By providing detailed information such as device and user risk scores, app reputation, and indicators of compromise, Copilot consolidates critical information, enabling admins to approve or deny elevation requests with confidence. This approach reduces guesswork, saves time, and strengthens security, helping IT teams prevent inadvertently introducing risk of potentially malicious apps.
Enhancing policy management with Copilot
Today, you can use Copilot to learn more about individual settings and recommended values. You can also explore if a setting has been configured in other policies. This capability is powerful for IT, eliminating the need for manual investigation and significantly reducing the risk of conflicts when multiple policies with similar settings target the same devices.
Determine if a setting has been configured in other policies with Copilot.
Looking ahead, we are excited to introduce an open-prompting experience in Copilot that understands the settings and policies in your environment using a more natural language approach. This means you will be able to ask broad questions in natural language about your policies, their contents, assignments, and recommendations. For example:
- “Which of my policies has a setting that is blocking USB connections?”
- “Do I have an EPM rule that manages Regedit.exe?"
- “What is the Microsoft recommended value for my Defender cloud block level?"
Our plan with open prompting is to further simplify policy management by giving you the flexibility to tailor your questions based on scenarios that are important to you. This can give you and your IT teams ways to stay ahead of potential conflicts, ensure optimal configurations, and maintain a clear view of their policy landscape. We're eager to hear what other types of prompts you'd find valuable.
Streamline updates with Copilot-assisted insights
Today we are announcing that Copilot in Intune soon be available for Windows Autopatch scenarios, empowering IT admins to simplify yet another critical admin workflow: update management. Windows Autopatch is an automated cloud service offered by Microsoft that gradually deploys updates to your Windows devices. These updates include feature updates (new versions), quality updates (patches), and driver/firmware updates for specific devices. With this new integration Copilot will support key tasks in the update process—from planning and troubleshooting to analyzing deployment outcomes—empowering IT teams to proactively prepare for and resolve update issues, all through a natural language interface.
Summarize Windows Autopatch alerts with Copilot.
With Copilot and Windows Autopatch, admins can assess potential update impacts, drill down into devices with failed updates, and prioritize issues based on those that affect the most devices. By providing a complete, AI-driven view of the update workflow, Copilot streamlines time-consuming tasks and delivers actionable insights directly within the Intune portal. This integration significantly enhances efficiency, security, and control in managing updates, allowing IT teams to enhance user productivity and protect their environment with ease.
Envision the future of endpoint management with Copilot in Intune
Since the introduction of Microsoft Security Copilot and the April release of Copilot in Intune experience in preview, we’ve listened closely to your feedback, insights, and real-world needs. Those priorities shape every enhancement, ensuring that Security Copilot and the embedded Intune experience evolve in ways that truly support IT and security teams. Already, organizations like National Australia Bank are seeing the benefits of having Copilot in Intune at work.
“Having Microsoft Copilot for Security running over the top allows our engineers to ask really important questions and get answers, especially within Microsoft Intune and how we manage our endpoints.”
-- Andrew Zahradka, Head of Workplace Compute Technology at National Australia Bank
Our journey is far from over, and we’re learning and evolving every step of the way, driven by our commitment to making IT workflows more efficient by removing complexity.
Our vision is to empower IT with an intuitive Copilot experience that enables you to quickly find the answers you need, simply by using natural language—keeping you in your flow, with complete confidence that your data is secure. Our goal is to make endpoint management as seamless as possible, so IT teams can stay focused on securing and optimizing their environments as efficiently as possible. We’re excited to continue this journey with you, building a future where managing, protecting, and empowering your organization is easier and more impactful than ever.
Learn more about the enhancements in Security Copilot blog.
We look forward to sharing more at Microsoft Ignite 2024. Please join our sessions (virtually or in person) and continue to engage with us online at LinkedIn: aka.ms/IntuneLinked and X: x.com/MSIntune
Microsoft
