Microsoft Copilot for Security: General Availability details
Published Mar 13 2024 09:00 AM 54.8K Views

The emergence of GenAI is changing the world as we know it.  This ‘once in a generation’ technology leap is already helping defenders see more and move faster, complementing human ingenuity and expanding our capabilities to protect beyond what was possible yesterday.  


To help you seize this opportunity, we are excited to announce the general availability of Microsoft Copilot for Security (Copilot) on April 1st. This industry-leading product is the only generative AI solution that helps security and IT professionals amplify their skillset, collaborate more, see more, and respond faster. 



Move at the speed of AI

Copilot brings insights from across Microsoft Security products and those of other software vendors, delivering natural language guidance to increase team efficiency and manage daily workflows. Copilot isn’t a replacement for these tools; Instead, it enables security and IT professionals to access, summarize, and act on insights from their existing tools faster. 


In a recent research study conducted by Microsoft’s Office of the Chief Economist, experienced security analysts using Copilot were 22% faster at the common security tasks we gave them, and they achieved these time savings while also increasing accuracy by 7%. 


Most importantly, 97% of the experienced security analysts said they wanted to use Copilot again next time. 


image (1).png


These gains in speed, accuracy, and sentiment mean that security and IT teams have the power to radically improve not only their work, but also their sense of job satisfaction as they find the time to work on the most critical tasks, vs. being bogged down in the more mundane part of their roles. View the full report or infographic for more results from the study. 


“Recently we hired a few junior analysts and what we've seen is, to get those folks up to speed, with Copilot, the speed is tremendous," said Mario Ferket, Chief Information Security Officer at Dow. “If you want to create a complex KQL script, you can now use natural language. This levels the playing field because in the past, the junior analysts would have needed help from senior analysts to do that type of work.” 


Product Capabilities 

Based on our learning from hundreds of customers during our early access program, that we began back in October, we are highlighting four critical security operations tasks, where we expect Copilot to deliver the greatest value to your teams at time of release:  


Incident Summarization 

Gain context for incidents and improve communication across your organization by leveraging generative AI to swiftly distill complex security alerts into concise, actionable summaries, which then enables quicker response times and streamlined decision-making.


Impact Analysis 

Utilize AI-driven analytics to assess the potential impact of security incidents, offering insights into affected systems and data to prioritize response efforts effectively. 


Reverse Engineering of Scripts 

Eliminate the need to manually reverse engineer malware and enable every analyst to understand the actions executed by attackers. Analyze complex command line scripts and translate them into natural language with clear explanations of actions. Efficiently extract and link indicators found in the script to their respective entities in your environment. 


Guided Response 

Receive actionable step-by-step guidance for incident response, including directions for triage, investigation, containment, and remediation. Relevant deep links to recommended actions allow for quicker response. 


Copilot is available both via an immersive standalone portal that helps teams gain a broader context to troubleshoot and remediate incidents faster with cross-product guidance and through an intuitive experience natively embedded within our existing and familiar security products. 




In addition to general availability, we are also announcing the following new Copilot product capabilities: 


Custom promptbooks allow customers to create and save their own series of natural language prompts for common security workstreams, tasks, and scenarios.  


Custom Promptbook - Editing - No Tooltip.png


Knowledge base integrations (in public preview) empowers Copilot for Security to integrate your business context, so you can search and query over your proprietary content.  




Usage reporting provides dashboard insights on how your teams use Copilot so that you can identify even more opportunities for optimization.  


Usage Monitoring.png


Expanded language localization now includes prompting and responses in eight languages and the product interface is now available in 25 languages to deliver improved user experiences.


Settings - Language .png




English (US, GB, AU, CA, IN)

Prompting and product interface

Spanish (Spain, Mexico)

Prompting and product interface


Prompting and product interface

French (France, Canada)

Prompting and product interface


Prompting and product interface

Portuguese (Brazil)

Prompting and product interface


Prompting and product interface

Chinese Simplified

Prompting and product interface


Product interface


Product interface


Product interface


Product interface

Portuguese (Portugal)

Product interface


Product interface


Product interface


Product interface


Product interface

Chinese Traditional

Product interface


Product interface


Product interface


Product interface


Product interface


Product interface


Product interface


Product interface 


Connect to your curated external attack surface from Microsoft Defender EASM to identify and analyze the most up-to-date information on your organization’s external attack surface risks. 


Microsoft Entra audit logs and diagnostic logs give additional insight for a security investigation or IT issue and summarize audit logs related to a specific user or event. 


Use Copilot across your entire security estate

From the beginning, in addition to hundreds of early access program customers, we have worked with a broad set of security partners to help shape Copilot for Security. This has included validating and refining our new capabilities and doing critical work on plugins to extend Copilot to an ever-growing set of security products and data. 


By integrating Copilot for Security with our MXDR service offering and Difenda AIRO, we continue to rapidly address routine triage and response activities. Through customer testing, we have proven at least a 60% reduction in alert volume from phishing incidents and we are excited to see the drastic acceleration of cyber security program maturity for companies of all levels.” 

-Andrew Hodges, VP of Service Delivery & Product Development, Difenda 


Discover the innovations MISA partner, Quorum Cyber, is making to help defend customers against cyber threats at scale with the generative AI capabilities of Copilot for Security. Watch the video.


Learn how MISA partner, Netskope, is advancing threat response and enhancing data protection for customers with the generative AI capabilities of Copilot for Security. Watch the video.


Today we have a rapidly growing library of plugins for Copilot for Security, and we continue to work with our partner ecosystem to deliver more. Most recently, we are highlighting:

  • Netskope: Enrich investigations with alerts and incidents data from malware, malsite, User Behavior Analytics, app access, and connection events. 
  • Valence Security: Respond to SaaS threats with enriched context from posture, identity, threat detection alerts, data shares, and integration context. 
  • Tanium: Assess incidents with endpoint visibility and resolve with recommended remediation actions. 
  • Cyware: Gain context and enrichments to analyze, prioritize and remediate. 
  • SGNL: Maintain a posture of zero standing privilege with cross-ecosystem visibility and insights. 


For partners who want to join us on the Copilot for Security journey to help our mutual customers please visit us at to learn more. 


Get started 

Microsoft plans to make Copilot for Security generally available for purchase as a consumption offering beginning April 1, 2024. We will have one simple pricing model that covers both the standalone Copilot experience, and embedded experiences across the Microsoft Security product portfolio. 


A consumption model means it will be easy to get started quickly and on a small scale, to experiment and learn with no upfront per device or per user charges. Customers will use their existing Azure subscription or sign up for one if they are not already an Azure customer. They will then be able to provision Azure capacity to support all their Copilot for Security workloads, both standalone and embedded. Copilot for Security capacity is anticipated to be billed monthly via a new Security Compute Unit (SCU) at the rate of $4/hr. 


Learn more about Copilot for Security 

To learn more about Microsoft Copilot for Security, visit or contact your Microsoft sales representative. If you missed us at Microsoft Secure, you may watch the replay video.

Version history
Last update:
‎Mar 19 2024 04:29 PM
Updated by: