Event banner
Event details
94 Comments
- Does Copilot for Security assist in setting up APIs or would we still need a developer, and could it do it without using Microsoft Sentinel or would that still be a requirement? A specific example being if we had to connect to a Phishing Disruption Service where the API is built using STIX 2.0 and TAXII 2.0 standards for threat intelligence feed delivery. https://learn.microsoft.com/en-us/azure/sentinel/connect-threat-intelligence-taxii.
- craigfreyman-msft
Microsoft
Your team or a partner would still need to create the API. Make sure to check with your vendor to see if this is already in process. Otherwise, you can write your own custom plugin: https://learn.microsoft.com/en-us/security-copilot/custom-plugins
- I am curious on how Copilot can be used in a multi-client MSSP environment. Will we need to have multiple instances of Copilot, or will we be able to use Lighthouse to connect to multiple customers' tenants.
- When will the Security Copilot support PUT commands? While the current API's GET requests offer valuable insights, they fall short in enabling breach remediation actions.
- craigfreyman-msftCopilot for Security will not take action on behalf of the user.
- Thank you for your reply, I understand the security implications of enabling direct action commands, and the rationale behind exercising caution. However, integrating PUT commands would allow for the triggering of processes such as logic apps, providing a more proactive stance in remediating situations.
- The pricing page (https://azure.microsoft.com/en-us/pricing/details/microsoft-copilot-for-security/) shows "Estimate of the monthly bill is for 1 SCU provisioned for 24 hours daily for the entire month." and shows that estimate is $2,920. It then says that, "Microsoft recommends provisioning 3 SCUs per hour to start your Copilot for Security exploration." Does that mean the monthly charge would be $8,760?
- Yes
Is there something planned like a edge browser plugin or smartscreen integration which can detect Fake Microsoft Login pages and block them by Image Detection and URL matching? I don't know if an LLM can be used for that?
- Can Copilot for security help us to create reporting dashboard for all Microsoft security products, is there a way we can leverage same then how?
Can promptbook create Incident response plan / workflow to triage and response to known threats
- craigfreyman-msftCopilot for Security will not take action on behalf of the user. Promptbooks can be used to help the user quickly assess a situation by running several prompts in a series. Think of it as "expertise at your fingertips."
- How do you enable the individual Copilot for Security in the other portals - for example how do I run prompts in Entra ID when I'm in the Entra.microsoft.com portal
- According to the Entra announcement 3/13/2024, "User Risk Investigation, a skill embedded in Microsoft Entra, will also be available in public preview." The key word there is "will" (in other words, not yet there now) Otherwise, the following new Microsoft Entra skills will be available in the standalone Copilot for Security experience: User Details, Group Details, Sign-in Logs, Audit Logs, and Diagnostic Logs. Reference: https://techcommunity.microsoft.com/t5/microsoft-entra-blog/microsoft-entra-adds-identity-skills-to-copilot-for-security/ba-p/4081857
- craigfreyman-msftThe "embedded experience" you're referring to is enabled by default in Microsoft first party products that have Copilot for Security functionality.
- Would it be possible to ask the experts to not only explain verbally but to also share screen showing how to answer in a test / live tenant? Some of us are highly visual and benefit from seeing how something is solved within the interface(s)/portal(s).
- I've spun up copilot for security. It says custom plugins are not currently supported. When will this support be added? Also, will we be able to trigger emails from copilot or is there a way to integrate promptbooks with Sentinel playbooks?
- There is no official information when custom plugins will be available. I would suggest to observe space with focusing on three main Microsaoft events: MS Build, MS Ignite and Partner Conference (Spring, Autumn and Summer). We can expect, new features and updates will be localized around those events. But as well you can check MSLearn here: https://learn.microsoft.com/en-us/security-copilot/custom-plugins
- Custom plugins are now available with general availability. If you are not seeing the ability to create one, please click on the help button in the bottom right of the standalone experience to request support. At this time, Copilot is not able to take action such as an email trigger on behalf of a user.
