Azure Entra Security Copilot: How It’s Changing Identity Protection
Overview Azure Entra Security Copilot is revolutionizing how organizations approach identity protection. By combining the power of generative AI with Microsoft’s deep security insights, it enables faster threat detection, smarter policy recommendations, and simplified incident response. Hands-On Experience After integrating Security Copilot into our Azure Entra environment, here’s what stood out: Natural Language Queries: You can ask things like “Show me risky sign-ins from last week” and get instant, actionable insights. Automated Investigations: It correlates signals across Entra ID, Defender, and Sentinel to surface threats. Policy Recommendations: Based on your environment, it suggests Conditional Access policies to reduce risk. Use Cases 1. Breach Detection Detects anomalies like impossible travel, unfamiliar sign-in patterns, and token theft. Automatically flags high-risk users and suggests remediation steps. 2. Policy Optimization Recommends Conditional Access policies tailored to your org’s risk profile. Helps reduce over-permissive access and enforce least privilege. 3. Incident Response Generates incident summaries and timelines. Suggests next steps and integrates with Microsoft Sentinel for deeper investigation. Comparison with Traditional SIEM Workflows Discussion Starter Have you tried Security Copilot in your environment yet? What use cases have you explored? How does it compare with your existing SIEM or XDR tools? Let’s share insights and build a stronger identity protection strategy together!
Custom permission to enable diagnostic setting in Entra ID
Custom permissions doesnt works when tried to enable diagnostic settings, in Microsoft Entra ID portal. Error: "does not have authorisation to perform action 'microsoft.aadiam/diagnosticSettings/write' over scope '/providers/microsoft.aadiam/diagnostic Settings/resourcename" Selective permissions that I applied to user account. My approach is to use custom role specific permissions. Appreciate your help to knows the right permission required. Regards, Rajkumar
Get AzADGroupMembers from nested groups
Hi, I'm trying to get all members of a group (including nested groups members) to add to a teams private channel. We have a script to add members of a group to a private channel, but it will not add nested groups members. $members = Get-AzADGroupMember -ObjectId 'source_groupID_here' | select mail $tal = 0 foreach ($member in $members) { $User = $member.mail Add-TeamChannelUser -GroupId 'teams_groupID_here' -DisplayName 'Private_channel_name' -user $User $tal += 1 } $tal Is there a way to add those who are members of the nested groups without having to add each nested group individually?
Setting up Password Hash with Seamless Sign On to access Azure hosted apps
Hello, We have an Environment, where ADFS 3.0 and SSO is setup for a domain. This is used to access Office 365 as well as Azure hosted apps & Legacy Apps. Password Hash/Sync is already in place. Requirement is to use Seamless Sign On to access Azure Based Apps. Is it possible? How? If someone can outline the steps, it would be highly appreciated. Note: All workstations are joined to Azure AD already. We want to keep ADFS alive to access legacy Apps. However, we are ready to change Domain Authentication type to Managed from Feder
