By: Ravi Ashok - Sr. Product Manager & Zineb Takafi - Product Manager | Microsoft Intune
Microsoft Security Copilot in Intune advances the way IT admins can accelerate their day-to-day endpoint management tasks by embedding generative AI capabilities directly into your Intune workflows, transforming how IT teams plan, troubleshoot, and optimize device configurations. Now generally available, Copilot in Intune delivers insights by summarizing policies, analyzing update deployments, and assisting IT with uncovering root causes of endpoint issues based on organizations Intune data.
Today, we’re thrilled to introduce an AI-first experience in the Intune admin center to allow IT admins to explore and act on Intune data with the ease of natural language. As part of our ongoing commitment to help IT teams manage endpoints more effectively, this new experience provides a new way to find data they need about their digital estate and initiate endpoint management tasks based on the results. With a library of queries and using intelligent semantic search, admins can select natural language questions across key Intune domains including devices, apps, policies, users, compliance, app configuration, and app protection and refine the question with customizable parameters. Within the Intune admin center, IT admins can go from insights to taking direct action by adding devices or users to groups for streamlined endpoint management. This release marks a significant milestone towards simplifying endpoint management and accelerating day to day tasks by enabling iterative, natural language query refinement and actionable insights with generative AI assistance to enhance operational efficiency and decision-making.
Explore Intune data across your workloads
The new Explorer experience with Copilot in Intune enables admins to have a consistent experience viewing details about their Intune resources. Whether they’re navigating devices (including Windows 365 cloud PCs, physical PCs, or mobile devices), apps, users, or policies, IT admins can ask custom questions in natural language about their Intune resource data. They can see and iterate on the results of those questions, and then complete management tasks in one streamlined workflow. Admins can click into individual objects in the results view and navigate to Intune resources like a device details page as they complete their work. This journey in Intune applies to many workflows including:
- Troubleshooting and fixing issues: Identifying and acting on a specific set of devices, users, apps, or policies to resolve an issue.
- Creating custom reports: Building custom data views to answer questions that typically require exporting and joining reports today.
- Day-to-day management tasks: As part of regular admin tasks, navigate Intune data to find specific resources and inspect them to ensure things are configured correctly.
Demo
In today’s cyber threat landscape, maintaining device compliance is critical to minimizing security risks and ensuring operational continuity. In this demo scenario, the Explorer experience is used to identify and act on non-compliant devices in real time. To enforce compliance, an IT admin plans to mark Windows devices as noncompliant if they haven’t installed patches in the last three months. Given the variety of Windows versions, they want to understand the impact of excluding these devices. Using Copilot, they simply ask the natural language question and get a list of impacted devices without advanced filtering of the versions for each operating system release.
The functionality surfaces devices and apps that haven’t received critical patches and seamlessly add them to a remediation group. This streamlined workflow reduces time-to-action and supports proactive compliance enforcement at scale. By integrating directly with Intune policies and device groups, this capability empowers organizations to close vulnerability gaps swiftly.
Demo: aka.ms/Intune/CopilotJuly2025-Demo
What’s next
The addition of the new Explorer experience marks a significant step forward in how organizations can harness the power of Copilot to interact with their Intune data. By enabling IT admins to quickly surface insights, identify compliance gaps, and take action directly from query results, Copilot enables IT admins to streamline their endpoint management workflows to enhance operational agility. To learn more about setup and capabilities, be sure to read our documentation: Explore your Intune data with natural language.
We look forward to providing further updates as part of the Copilot in Intune blog series. Make sure to check out the previous blogs if you missed it: Microsoft Security Copilot in Intune deep dive – Part 1: Features available in public preview, and Microsoft Security Copilot in Intune - Pt. 2: Vulnerability Remediation Agent in limited preview. And to learn what a few of the Microsoft MVPs think about Copilot in Intune, feel free to get perspectives from Andrew Taylor here, Ugur Koc here, and Mattias Melkers here and here.
If you have any questions or want to share how you’re using Copilot in Intune, leave a comment below or reach out to us on X @IntuneSuppTeam or @MSIntune. You can also connect with us on LinkedIn.
