Microsoft Security Copilot in Intune deep dive – Part 1: Features available in public preview
By: Zineb Takafi - Product Manager & Lavanya Lakshman - Principal Product Manager | Microsoft Intune Microsoft Intune is a widely used cloud-based endpoint management solution that simplifies the management and security of devices, apps, and data across your organization. Intune is poised to set a new standard for IT productivity and protection with generative AI capabilities powered by Microsoft Security Copilot, an AI-driven security solution designed to empower security and IT professionals. Copilot integrates seamlessly into Intune, transforming critical workflows around policy management, troubleshooting, and security threat resolution. With key integrations in Intune Suite for Endpoint Privilege Management and Device Query, Copilot enhances endpoint security by offering AI-driven insights and potential app elevation risk. These capabilities are designed to reduce manual intervention and accelerate response times. In this blog, we’ll dive into our current capabilities in preview. This is the first blog of our new monthly Copilot in Intune blog series. Each post will spotlight different Copilot capabilities within Intune through demos, practical tips, and real-world scenarios. By following along, you’ll discover our latest innovations with AI in Intune and how to harness the power of Copilot to stay ahead of emerging threats and streamline your management processes. Let’s get started on this journey together and unlock the full potential of Security Copilot in Intune today! Simplify device policy management Security Copilot in Intune helps IT admins quickly review and manage device policies. By selecting the "Summarize with Copilot" button, admins get a clear summary of policies and settings. Copilot’s "Describe the impact" feature helps understand how policies affect users and security. Admins can also investigate specific settings, check for conflicts across policies, and ensure everything aligns with organizational needs—all without manual research. Copilot streamlines policy management, saving time and enhancing security. Effortlessly troubleshoot device issues Copilot in Intune helps IT admins quickly troubleshoot device issues. By navigating to Devices and selecting the faulty device, admins can select “Explore with Copilot” and use the “Summarize this device” prompt to view key details like hardware info, group memberships, compliance state, and reasons for non-compliance. Admins can then compare the faulty device with a healthy one by having Copilot highlight differences in configuration profiles, compliance policies, app configuration policies, discovered apps, managed apps, and hardware. This powerful integration streamlines issue identification, making troubleshooting faster and more efficient. AI-powered Copilot integrations with Intune Suite With Advanced analytics and Endpoint Privilege Management, part of the Intune Suite available as an add-on, customers can take advantage of Copilot integrations to further streamline endpoint management. These AI-powered integrations streamline app elevation requests and complex KQL query creation in device query to get insights on your devices. Identify app risks before approving app privileges Security Copilot in Intune enhances Endpoint Privilege Management by helping IT admins assess the risk of app elevation requests. When users request to elevate unfamiliar apps, admins typically have to research the app’s reputation and potential risks manually. Copilot simplifies this by automatically analyzing the app’s security status. When a user requests elevation for an app, admins can select “Analyze with Copilot” in the Intune admin center. Copilot sends the app’s hash to Microsoft Defender Threat Intelligence, providing critical insights. Copilot flags the app for suspicious indicators tied to a known malware campaign. Use natural language to get real-time device data The integration of Security Copilot with single device query in Intune offers IT admins an easier, more efficient way to monitor and manage devices. With this capability, admins can quickly translate natural language requests into Kusto Query Language (KQL) queries and get real time device data, eliminating the need for in-depth KQL knowledge. For instance, if an admin wants to identify the top 10 processes consuming the most memory on a device, Copilot can automatically convert this request into a precise KQL query. This integration streamlines the process of gathering real-time insights, enabling admins to troubleshoot, optimize, and secure devices more effectively and with greater ease. Use natural language to analyze and query multiple devices With Security Copilot in Intune, IT admins can easily create Kusto Query Language (KQL) queries for multi-device queries, gaining comprehensive insights into their entire device fleet. By navigating to Devices and selecting “Device query” in the Intune admin center, admins can quickly filter devices based on specific criteria. For example, an admin could request a list of devices with at least 8 GB of memory, over 50 GB of storage, and one encrypted volume. Security Copilot translates this natural language request into an accurate KQL query, eliminating the need for advanced KQL knowledge and streamlining the process of managing and securing devices across the organization. What’s next Our AI journey has only just begun, and with each step, we learn and evolve, driven by our commitment to simplifying IT workflows and reducing complexity for customers. We invite you to explore the robust integrations available within Intune where AI assistance transforms everyday tasks like policy management, troubleshooting, device queries, and elevation request evaluation into a more efficient, streamlined process with Copilot. Take advantage of these features today to optimize your security posture and stay ahead of emerging challenges. To get started or learn more about our enhancements visit Copilot in Intune. We look forward to providing further updates in the Copilot in Intune blog series. If you have any questions or want to share how you’re using Copilot in Intune, leave a comment below or reach out to us on X @IntuneSuppTeam or @MSIntune. You can also connect with us on LinkedIn.
New Diagnostic: Microsoft Teams Shared Channels now available in MRCA
We're excited to release another new diagnostic to the MRCA for troubleshooting issues related to Teams Shared channels. Thanks to RuiTabaresMsft who has done it again this time bringing you a comprehensive Microsoft Remote Connectivity Analyzer diagnostic for Shared channels. To access the customer facing diagnostic, navigate to Microsoft Remote Connectivity Analyzer, select Microsoft Teams, then click on the “Teams Shared Channel Add Member”. Since the release of Shared channels on Teams, one of the common trends reported is the issue related to adding internal and external users to channels. This involves configurations on Teams policies, O365 groups, and Entra B2B Direct Connect, along with additional prerequisites. We discuss the configuration and troubleshooting options in the following article: Collaborate with external participants in a shared channel This new diagnostic will help you troubleshoot and test if you meet requirements for an internal or external user from outside tenant could be added to a shared channel including Share a channel with People and Collaborate with external participants in a channel. At a high level the test checks a few things: Checking the prerequisites for user to be add a member into a shared channel. Validates that the user can generate an authentication token in Microsoft Teams. Verifies that the specified mailbox is supported for the intended operation. Retrieves the user's backend settings which includes configuration settings and preferences associated with the user in Microsoft Teams. Validates the Teams and channel policies related to shared channels. Validates the shared channel URI, retrieves the channel thread, and checks connectivity to chat services. Validates that the group has the AllowToAddGuests setting enabled. Validates that the tenant group settings for the AllowToAddGuests setting is enabled. Retrieves the tenant ID associated with the external user. Validates the cross-tenant access policies (XTAP) to ensure that they permit B2B direct collaboration. Performs a cross-tenant access policy (XTAP) search. Please try the new diagnostic if you're having trouble adding members or sharing a shared channel and let us know if it helped. As always, we welcome your comments, feedback, and questions. Got an idea for a new diagnostic? Issues with this one? Let us know! Thanks! Microsoft Teams Support
Custom permission to enable diagnostic setting in Entra ID
Custom permissions doesnt works when tried to enable diagnostic settings, in Microsoft Entra ID portal. Error: "does not have authorisation to perform action 'microsoft.aadiam/diagnosticSettings/write' over scope '/providers/microsoft.aadiam/diagnostic Settings/resourcename" Selective permissions that I applied to user account. My approach is to use custom role specific permissions. Appreciate your help to knows the right permission required. Regards, Rajkumar
PerfView: ASP.NET Core Stats View
In PerfView v3.1.10, released 02-May-2024, if a trace containing the needed events is opened, there is a new ASP.NET Core Stats view available that shows individual request information along with overall statistics. The events needed to construct this view are available in the .NET Profiler traces that are captured in AppServices (both Windows and Linux) and can be captured manually with other tools like PerfView and dotnet-trace. The view was modeled after the IIS Stats view. It also features clickable ActivityIds for requests so if there's a specific one you want to dig further into, you can click the ActivityId and it will open the Events window and show all events in the trace with that ID within the timeframe of the request.Lesson Learned #446: Simplifying SQLPackage Log Debugging with PowerShell
Handling massive SQLPackage diagnostic logs, like those spanning over 4 million rows, can be an overwhelming task when troubleshooting support cases. This article introduces a PowerShell script designed to efficiently parse through SQLPackage diagnostic logs, extract error messages, and save them to a separate file, thus simplifying the review process and enhancing the debugging experience.
User action logging for in meeting functions such as Spotlight
Hi all, Covering part of an old Uservoice item; we have a curious issue of aberrant spotlighting occurring during a meeting. It is suspected that a user is "playing with the controls" during the meeting. However we are seeking verification that this is not an issue and one simply of human factors and training. From the Debug logs/support files that can be generated in a call and are not encoded we can see the SpotlightMixin entries identifying the users transitioning into spotlight and/or being removed from spotlight. What appears to be omitted in the clear-text log is that of the userID initiating the request. Is there a simple way of identifying the requestor userID this within the toolset and capabilities available? Indeed are these details captured and audited? Naturally appreciate that there are other elements to aid the unwanted activity such as restricting presenters list etc. but interested to see if there is a simple way of identifying the requesting user. Any thoughts and guidance on this would be greatly appreciated. Thanks SJ
