Thank you for your participation in this AMA! Below are the questions and comments the panelists covered during the live session, along with associated timestamps: 

Question – Are there any plans to make Copilot for Intune available independently of a Security Copilot subscription? Our organization relies heavily on Intune, but we don’t use the broader Security Copilot features, so the bundled cost isn’t justifiable for us. We'd love to benefit from Copilot capabilities within Intune without needing the full Security suite. – answered at 2:38.

• To join our customer connection program, go to aka.ms/JoinCCP

Question – When will we see Copilot start to take automated actions in Intune, like recommending or deploying policy changes? – answered at 4:53.

Question – In EPM, there is an option to Analyze with Copilot, which is intended to analyze the elevated binary and provide relevant insights about the file. such as whether the file is safe to approve or if it contains any potentially malicious content. However, this feature is not working as intended. Instead of delivering detailed information about the binary, it consistently returns the same generic output for every elevation request. Can you share why this might happen?  – answered at 9:43.

Question – As Copilot in Intune evolves, will we see the ability to customize the Copilot experience for the different admin roles, or will all admin roles have access to all aspects of the Copilot experience within Intune?  – answered at 14:47.

Follow up question – When we think about the IVRA agent that you’re building, is there a specific role that will be needed for that, once it becomes generally available? – answered at 16:34.

Question – Will Copilot be able to pull audit logs with certain search filters/criteria the admin requests? – answered at 18:17

• Please share more feedback with us about these scenarios by going to aka.ms/JoinCCP or aka.ms/IntuneFeedback and look for the Microsoft Copilot Intune category

Question – What’s the status of the IVRA agent? What kinds of things can it do for us? Is this agent now available broadly? What types of suggestions does it provide? Does it prioritize these suggestions? – answered at 23:24.

Question – As Security Copilot uses compute units, is there any suggestions/recommendations on how many units one could expect to need for Intune admin use only? – answered at 26:31.

If you are interested in participating in the Copilot in Intune trial program, please complete our nomination form.

We are in the same boat as AndrewHoffman, as we don't use Defender and therefor have no need for the Security Copilot subscription for that part. But as Security Copilot use compute units, is there any suggestions/recommendations on how many units one could expect to need for Intune admin use only?

lavanya see you at MEM Summit 2026

In EPM, there is an option to Analyze with Copilot, which is intended to analyze the elevated binary and provide relevant insights about the file. such as whether the file is safe to approve or if it contains any potentially malicious content. However, this feature is not working as intended. Instead of delivering detailed information about the binary, it consistently returns the same generic output for every elevation request.

For example, here I tried to elevate a very common App, when I check for Analyze with Copilot it initially prompts like,
Get reputation for indicators of compromise 4BD03202B6633F9611B3FC8757880A9B2B38C7C0C40ED6BCBEFEC71C0099D493

But getting the output mentioned below.
There was no reputation data available for the queried indicators: 4BD03202B6633F9611B3FC8757880A9B2B38C7C0C40ED6BCBEFEC71C0099D493

Welcome to the final AMA of Tech Community Live! If you have questions about Copilot in Intune, this is the place for you. Please post them here in the comments.

Going back to user and device information, what types of actions aside from adding devices to a group can the copilot explorer menu perform?

Thanks for the AMA! Are there any plans to make Copilot for Intune available independently of a Security Copilot subscription? Our organization relies heavily on Intune, but we don’t use the broader Security Copilot features, so the bundled cost isn’t justifiable for us. We'd love to benefit from Copilot capabilities within Intune without needing the full Security suite.

"Analyze with Copilot" option in Intune Endpoint Privilege Management (EPM) is not functioning as expected

When reviewing Support Approved elevation requests in EPM, there is an option to Analyze with Copilot, which is intended to analyze the elevated binary and provide relevant insights about the file. such as whether the file is safe to approve or if it contains any potentially malicious content. However, this feature is not working as intended. Instead of delivering detailed information about the binary, it consistently returns the same generic output for every elevation request.

For example, here I tried to elevate a very common App, when I check for Analyze with Copilot, it initially prompts like,

Get reputation for indicators of compromise 9742689A50E96DDC04D80CEFF046B28DA2BEEFD617BE18166F8C5E715EC60C59

But getting the output mentioned below.

There was no reputation data available for the queried indicators: 9742689A50E96DDC04D80CEFF046B28DA2BEEFD617BE18166F8C5E715EC60C59

Feedback submitted: https://feedbackportal.microsoft.com/feedback/idea/da951a10-c663-f011-95f2-7c1e52a55eeb