Unifying the Viva Insights app for Copilot Dashboard and advanced reporting
To create a more unified Copilot Analytics experience for business leaders and Viva Insights Analysts, we’re excited to announce some upcoming changes to the Viva Insights web app. Beginning in June for early access customers, the Microsoft Copilot Dashboard will move from the Teams app to the Viva Insights web app. You’ll be automatically brought to the new Copilot Dashboard location when you access it in Teams. You’ll still be able to access the dashboard, but it will feature new Copilot usage reports, to provide more comprehensive insights about employee usage of Copilot and its impact on your organization. All other dashboard features will remain the same, and your existing settings won’t change. Alongside the Copilot Dashboard, the Viva Insights web app will also include the existing suite of Analyst Workbench tools for Viva Insights Analysts, plus settings and organizational data tools for Viva Insights Administrators. These changes will be available to all customers by the end of June.Speaker Progress in Microsoft Teams for Education - now globally rolled out and generally available
We are so excited to announce that Speaker Progress, our newest Learning Accelerator, is now rolled out worldwide! Speaker Progress helps students develop confidence in their presentation skills and reduces anxiety by providing AI-powered real-time coaching and feedback on their public speaking skills like their pace, pitch, filler words, and more. Speaker Progress can also save educators t ime and create more opportunities for independent practice for in class presentations.Announcing File Attachments for Case Management
Effective information sharing is crucial for resolving cases efficiently. Today, we are excited to announce the launch of File Attachments for Case Management, a capability designed to enhance your case investigations with the sharing of reports, emails, screenshots, log files, and more, all in one centralized location within a case. Key Benefits of Attachments for Case Management Centralized Information: File attachments ensure that all relevant documents, images, and data are stored in one place. Reduce your reliance on external file storage and stop hunting through emails—everything you need is right at your fingertips within the case. Comprehensive Documentation: From contracts and evidence to client communications and reports, file attachments provide a complete and organized record of all case-related materials. This comprehensive documentation is invaluable for audits, reviews, and future reference. More Accurate Response: Minimize errors and increase confidence in case outcomes by leveraging all relevant information related to a case. Comb over vulnerability assessments, patch documentation, configuration changes, etc. and ensure you have all the context you need about a case. Attachments Experience: The experience is super simple. Go to the Case details page, click the “Attachments” tab, click “Upload”, select your file, and wait for the upload. The file is malware scanned in the background. Once scanning is complete anyone with access to the case can download the file. If you need to upload malware samples, you can wrap them in password protected zip files. Q&A: How much file storage do I get? 500 GB. Do file attachments stay in region? Yes, they are stored in the same region as their tenant. What if I need to attach malware samples for case investigation? Zip and password protect your malware samples. Malware samples that have not been zipped and password protect will be removed by malware scan. Coming Soon! Add file attachments and screenshots directly to comments to quickly review attachments in the Activity Log. Conclusion Attachments for Case Management ensures you have all the necessary information to make quick and informed decisions about a case. This leads to better case outcomes and improved communication for your organization. Learn more Case management overview Case management blog postWhat's new in Viva Insights
We’re excited to announce a variety of new features for Viva Insights, which include new collaboration insights for analysts running organizational network analysis (ONA) queries, new tools to search for manager licensing status and their access to insights, a newly launched functionality to share analyst reports, and another option to upload organizational data aimed at improved accuracy of insights. Let’s dive in. New Organizational Network Analysis insights As part of the Organizational Network Analysis (ONA) Change Management query template for analysts, a new third insights category is now available. This category of insights is focused on highlighting employee groups deemed to be “brokers of information flow.” Groups identified as top information brokers often serve as central hubs dictating the flow of information throughout the employee network. But these groups could also give rise to collaboration overload, because a significant proportion of information is flowing through the group(s). With these insights, therefore, business leaders can now identify which groups within their companies might be acting as information bottlenecks, and take the appropriate steps to adjust the flow of information or collaboration. In the screenshot below, for instance, the Finance-Corporate group is ranked as the #3 top information broker, and the up arrow indicates that it moved into the top five information brokers. The down arrow for the Human Resources group, meanwhile, means it moved out of the top five information brokers. And IT-East is the #4 information broker with no arrow, which means it was in the top five information brokers in both the “before” and “after” periods of the analysis timeframe. With the addition of this new insights category, ONA now encompasses three main types of insights: Cross-group collaboration: How are groups/departments/teams collaborating before and after a change event at the company? Insular collaboration: Which groups/departments/teams are showing an increased tendency towards “within-group” collaboration who could become siloed? Brokers of information flow: Which groups are acting as central hubs dictating or controlling the flow of information in the collaboration network? Learn more about ONA in the analyst workbench, and the new insights category. Search for managers/new manager hierarchy search feature To help customers troubleshoot issues related to managers’ access to insights, and to get a quick look at their licensing status, team size, and direct and indirect reports, the Viva Insights Admin portal now includes a manager hierarchy search function. This new feature allows customers to use the Viva Insights app to search for specific managers and see their related licensing and team information. Customers can then use this information to cross-reference against their own records, and troubleshoot any licensing issues that might arise. Learn how to use the search tool. Publish reports public preview launch To help streamline the communication process between Viva Insights analysts and leadership, we’re excited to announce the public preview launch of Publish reports. This new feature lets analysts share insights and reports directly with leaders, decision-makers, or even an entire organization in the recipient’s Viva Insights app. A “report” can refer to: Any Power BI report within Viva Insights A custom report stored outside of Viva Insights that includes Viva Insights metrics or other types of metrics like surveys or Microsoft 365 Copilot metrics When recipients receive a shared report, it will appear as a prominently displayed card on the recipient’s Viva Insights home page. Learn more about how to set up and publish a report. Use Entra plus .csv files for “parallel” data uploads For added flexibility, Viva Insights Administrators can now set up an organizational data upload using both Microsoft Entra ID and manual .csv files simultaneously, in parallel. Typically, Viva Insights ingests data from either Entra or manual .csv file uploads. Using this new parallel data ingestion method helps ensure that critical data such as the ManagerId and Organization attributes can be retrieved from Entra, while additional fields can be fetched from .csv files or automated connectors. This method, therefore, can help improve reporting accuracy by combining other attributes from Entra and .csv uploads. Moreover, this data ingestion method can improve the accuracy of insights in the Copilot Dashboard, leader reports, and the analyst workbench. This feature can be used by tenants whose current data source is uploaded data, either in the form of manual .csv files or through connectors. Learn how to set up this new parallel data ingestion method.ICYMI | Microsoft Dragon Copilot launching today, May 1, for US partners
Exciting news! Microsoft Dragon Copilot, our AI-powered assistant for clinical workflows, is available in the US as of today, May 1, and will be available on June 1, 2025 in Canada, with the exception of Quebec. Dragon Copilot will be generally available in Canadian province of Quebec, the U.K., Germany, France, and the Netherlands in the coming months. Dragon Copilot enhances clinical workflows with advanced AI for streamlining documentation, surfacing information, and automating tasks for improved efficiency, satisfaction, and patient care. Discover Dragon Copilot and start delivering more value to healthcare customers. Get started!What’s New in Microsoft Teams | April 2025
Welcome to the April edition of “What’s new in Teams.” Last month, we shared a TON of news about the Teams features leading the future of collaboration that were announced at Enterprise Connect. Some that we highlighted in March weren’t generally available yet, but are now, so we’re sharing them again here. Like the valuable Teams Phone feature “Queues app: barge/whisper/monitor/takeover”, which helps team leads and supervisors manage and coach agents effectively, and “DVR support for town halls” that enables event attendees to pause, rewind, or fast-forward a live streaming town hall just like a recorded piece of content. There are some brand new features to check out as well, like enhanced OneDrive navigation, and the ability edit your display name in meetings. Take a look at the full list below. And don’t miss our post next month, where we’ll announce a ton of new features in our Microsoft Build focused edition! Chat and Collaboration Meetings, Webinars, Town Halls, and Immersive Teams Phone Workplace: Places and Teams Rooms Fundamentals and Security Frontline Worker Solutions Chat and Collaboration Enhanced OneDrive navigation in Teams Users can now seamlessly return to the exact spot they left off within the OneDrive application when navigating across Teams. This feature enhances user experience by saving the last location for easy retrieval of content, ensuring continuity and reducing the time spent searching for files or information. By automatically displaying the last known state upon return, OneDrive provides more efficient navigation and access to content within the Teams desktop client, significantly improving productivity and collaboration. Custom file download location for Mac Mac users now have more control over their file management process and can customize the file download location when saving files shared in a Teams chat or channel. Personalize your file download process, reducing the need to move files post-download. To get started, navigate to Settings and select Files. From there you can choose a default file location for your downloads, and toggle on/off the option to always ask where to save downloaded file. Improved Microsoft Lists links in Teams messages Links to Lists, list items, and Lists forms in Teams will automatically unfurl for greater visibility, making it simpler to locate and access these links within both Teams messages and the 'Shared' tab of chats. Additionally, the links include details like title and path, helping users identify specific List link types and find pertinent information with ease. Forward messages with app cards You can now forward messages containing app cards in chats and channels. Previously, forwarding app cards was restricted, but now you can simply navigate to the “more actions menu of any message containing an app card, and select "Forward". Tag Mentions filter in Activity To view all your tag mentions, select the tag mentions filter in your activity feed. The ‘@Mentions’ filter allows you to catch up quickly on personal mentions, while the ‘Tag mentions’ filter helps you catch up on the Tag mentions you are part of. Increased drop zone for chats when uploading files The drop zone in chat is now larger, making it easier to share local files easily. This update will soon be added to channels as well. Meetings, Webinars, and Town Halls IT administrators can upload multiple themes for branded meetings [Premium] Visual branding is essential for creating a memorable experience. Whether it’s a professional client meeting, an internal meeting, or a festive seasonal event, the right theme sets the tone and strengthens your brand’s presence. Now, IT administrators can create and upload up to five brand themes to a customization policy in Teams admin center. Meeting organizers who have the policy assigned to them will be able to choose from different brand theme options when scheduling their meetings, offering flexibility to customize their brand theme for every occasion. This capability is available with a Teams Premium license. Admins can disable ability to send messages in meeting chat before and after the meeting We are expanding the existing ‘Meeting chat’ control in Teams admin center so admins can control who can send messages during and after meetings. Admins can select the “In-meeting only” value to disable participants’ ability to send messages in the meeting chat before or after the meeting, for meetings organized by specific users in their tenant. Learn more: Manage chat in Teams meetings - Microsoft Teams | Microsoft Learn Information barriers moderated meetings With this feature, organizations with information barrier policies are now able to hold meetings with participants who have conflicting policies, in the presence of an approved moderator. Meeting attendees will remain in the lobby until the moderator joins, unless the moderator has specified the ability to bypass the lobby. This feature is ideal for regulated industries, ensuring compliance while facilitating necessary communication. Edit display name in meetings Teams meeting participants will be able to edit their display name, enabling more flexibility in their meeting presence, regardless of their tenant set display name. Users can make this change during the meeting and it will persist only throughout the duration of the meeting. Notification that intelligent recap is ready for calls from chat and ‘Meet now’ meetings Notifications for Intelligent recap for calls from chat and ‘Meet now’ meetings are now available. You will receive a notification in your Teams Activity feed and on the banner when an intelligent meeting recap is ready. Clicking on the notification in Activity feed will take you right to the recap. You can configure the notification settings to control where the notification is surfaced, as well as which meetings have notifications enabled. Set chat notification preference via meeting RSVP Teams now helps you manage your notifications more effectively by integrating chat notifications with meeting RSVP status. If you decline a meeting, you won't receive notifications or see the chat in your list, while accepting a meeting ensures you receive all relevant notifications. Bi-directional calendar syncing between Google Workspace and Teams Businesses using Google Workspace for email and calendaring can now enable bi-directional synchronization with Teams through the Teams Admin app. This update ensures that events created in either platform are seamlessly reflected in both improving scheduling efficiency and minimizing the risk of missed meetings. With this update, all calendar events - incoming, outgoing, existing, and new - are fully synchronized. This feature is currently available for Teams Essentials customers. It will be available to all Teams customers soon. Learn more here. DVR support in Town hall Digital Video Recording (DVR) functionality in town halls now enables event attendees to interact with an instance of a live streaming town hall instance in the same way they would a recorded piece of content, when viewing via desktop or web. This makes it easier to digest the content being presented, giving viewers the ability to pause and move forward or back within a town hall, navigate to any previously-streamed timestamp, and interact in other ways that make viewing a town hall more convenient. This feature is available for all town halls regardless of license assigned to the organizers. Post and reply to questions as an organizer Town hall and webinar organizers now have the ability to post and reply to questions using the title “organizer” in the Q&A experience, instead of their individual names. This feature allows instance organizers to present a unified and official voice when responding to attendee questions. Teams Phone Teams Phone extensibility for Microsoft Dynamics 365 Contact Center We introduced at Enterprise Connect Teams Phone extensibility for Dynamics 365 Contact Center and certified ISV solutions to help customers benefit from and extend their existing telephony investment with Teams Phone into the contact center. Beginning this month in public preview, customers with Teams Phone and Dynamics 365 Contact Center will be able to leverage Teams Phone as a single, integrated solution to power calling across their unified communications as a service (UCaaS) and contact center as a service (CCaaS) solutions—streamlining the deployment, management, and billing of their telephony infrastructure. Teams Phone extensibility will also be supported by ISV solutions in the future that leverage Azure Communication Services (ACS) for this integration, offering customers a wide range of options to bring Teams Phone to their preferred contact center app of choice. Learn more. Queues app: barge/whisper/monitor/takeover The "Queues app: barge/whisper/monitor/takeover" feature in Teams Phone helps team leads and supervisors manage and coach agents effectively. This feature allows supervisors to: Monitor: Listen to the conversations agents are having with callers without being heard Whisper: Provide assistance to agents during a call without the caller hearing Barge: Join a call in-progress to assist both the agent and the caller Takeover: Remove an agent from a call and take over the conversation, if necessary These capabilities are particularly useful for teams that have to manage a lot of inbound calls to serve internal or external customers - such as IT help desk center environments – and where supervisors need to provide oversight in helping agents follow the right procedures when handling customer calls. The feature is part of the Queues app, which is available with a Teams Premium license. More seamless migration from on-premises Direct Routing phone numbers to online phone numbers Teams now supports more seamless migration of on-premises synced Direct Routing (DR) phone numbers to online options - including Direct Routing, Operator Connect, and Teams Calling Plans - without the need to unassign numbers from users or resource accounts. This enhancement enables administrators to make changes to on-premises DR numbers directly via Teams admin center or PowerShell, ensuring all assignment data remains intact. Operator Connect partners leveraging the Transfer API can streamline migrations while preserving user assignments. Direct Routing Call Troubleshooting via SIP Ladder We are launching the SIP Ladder diagram tool in Teams admin center to enable admins to troubleshoot their Direct Routing calls in a self-serve way. This feature will be available via the Usage reports page under Teams admin center. It will also enable admins to view the SIP requests, responses and associated SDP data between Microsoft teams proxy and the SBC through which the call was routed. This data will be available for all calls made more than 30 minutes and less than 30 days ago. Workplace: Places and Teams Rooms Find certified for Teams devices for all types of spaces and uses at aka.ms/teamsdevices. Book an individual desk by plugging into a peripheral Instantly reserve a desk and automatically update your workplace presence just by plugging into a peripheral on a shared desk, enabling a more streamlined workplace experience for employees. IT admins also benefit from access to desk utilization data in the Teams Rooms Pro Management portal. Learn more. Live transcription and controls on Teams Rooms on Windows You can control live transcription (start, stop, show) during a meeting from a Teams Rooms on Windows device. The real-time transcript includes each speaker's name, including those in a room that have enrolled their voice profile in Teams, and timestamp. You can also change settings including the spoken language, the translated language, and whether the original and translated transcript would show side by side. This feature is available in Teams Rooms Pro. Learn more. Live captions translation in Teams Rooms on Windows While live captions display in the spoken language by default, on a Teams Rooms on Windows device, meeting participants around the world can choose their preferred translation language for real-time translation without affecting what other meeting participants see, ensuring a more inclusive experience for everyone. Admins have controls for system default captions enablement and profanity filtering in captions and transcripts with settings from Teams Rooms Pro Management portal. This feature is available in Teams Rooms Pro. Learn more. Updates to gallery view in Teams Rooms on Windows You can experience a consistent meeting experience across the Teams desktop and Teams Rooms with the updated gallery view in Teams Rooms on Windows. The gallery view will automatically arrange all participants in consistent tile sizes, prioritize video on the meeting stage, offer additional layout options, and increase the number of participants shown on single and dual displays. Admins have controls to set default views, and in-room users can adjust views during the meeting. Learn more. Occupancy status on Teams panels Teams panels can now utilize signals from Teams Rooms devices or occupancy sensors that have been paired with the panels to indicate when a room is in use (e.g. LED glow). These signals mean you’re no longer surprised to find an available room is actually occupied. Requires a Teams Rooms Pro or Shared Devices license for the room. Learn more. Fundamentals and Security Admins can choose automatic or manual adjustment of meeting sensitivity based on the sensitivity level of shared files in Teams meetings [Premium] Microsoft 365 E5 and Teams Premium customers can now leverage sensitivity labels from Microsoft Purview Information Protection to help set the right data protection settings in meetings. Admins can choose either an automatic label inheritance policy for meetings, or a label recommendation notification. When an attendee shares a file in meeting chat or via Live share that has a higher sensitivity than the meeting: If the admin has enabled the automatic label option, the meeting's sensitivity will be updated automatically to match the sensitivity of the shared file. If the admin has enabled label recommendation, the organizer will receive a notification that recommends the organizer upgrade the meeting’s sensitivity to match the shared file. Both options help to keep a meeting’s sensitivity level aligned with the content shared. Brand impersonation phishing protection for GCC, GCC-H and DoD This feature first launched for commercial users in January, and now is available for the GCC, GCC-H, and DoD audiences. If an initial contact in a chat message with an external user is identified as potential spam or a phishing attempt, the user targeted will be notified. IT admins will also be notified that an external user is targeting their enterprise using brand-impersonation-based phishing attacks. Background blur, virtual and user uploaded backgrounds the new VDI solution With this new feature, users on the new VDI solution for Teams can blur their background, choose a Teams virtual background, or replace their background entirely with any image they want by uploading it through the "Video effects and Settings" option. AVD Screen Capture Protection and Microsoft Teams compatibility Users who have Screen Capture Protection (SCP) enabled to block screen capture on the remote desktop client (Block screen capture on client) can still share their screen and apps while using the new SlimCore-based optimization for Microsoft Teams. Cross cloud support for the new optimizations for VDI Users on the new optimizations for VDI can now access and interact with resources across different cloud environments. This includes enabling features like Cross Cloud Authentication, Management, and Guest Access, along with various improvements in user experience and functionality. VDI users can join optimized meetings with people in other Microsoft 365 cloud environments (e.g., a user in GCC-H joining a meeting in commercial, GCC, or DOD) through three options: authenticated access via cross-cloud meeting connection, authenticated access using a guest account, or anonymous access. These scenarios require Slimcore-based optimization. Manage location sharing in Teams Microsoft is updating its policies regarding the sharing of user location data to enhance privacy, improve data security, and ensure compliance with evolving regulatory standards. To enhance transparency and user control, Teams is introducing a new app location consent experience that gives users the choice of when and how Teams can use their location data (specifically SSID & BSSID). All new and existing Teams users on Windows, Mac, and Mobile will be prompted to specify if they want to keep location detection on for emergency calls only, or if they consent to allow location access used for IT Admin Insights or troubleshooting. Learn more here. Monitor Teams client updates in Teams admin center IT Administrators can now monitor Teams client version update adoption and access detailed adoption information. This feature enables administrators to proactively understand version adoption, assess version health, and access granular details about devices and users who are on the latest client versions. Additionally, it provides visibility on recency of client versions. Administrators can now proactively view insights and address issues preventing users from automatically updating to the latest and most secure version of the Teams client. Teams client health dashboards in Teams admin center IT Administrators can view and monitor the health of Teams desktop clients on both Windows and Mac platforms. This feature offers comprehensive admin-actionable insights into client health metrics, including client crashes and launch failures. With these dashboards, administrators are equipped with detailed information on issues, insights, and mitigation tools to promptly and effectively address any potential client health problems. Remote contact management for Teams Phone devices in Teams admin center IT admins can now remotely manage contacts to ensure crucial contacts are available for users on their Teams Phone devices. Admins can push a set of contacts from the Teams Admin Center (TAC) to Teams Android-based devices as speed dial contacts. Frontline Worker Solutions Wired headset support to Walkie Talkie on iOS Wired headsets are now supported in the Walkie Talkie app for iOS, providing greater flexibility and convenience for frontline workers. Users can connect generic wired headsets with a play/pause button to enable toggle-to-talk mode, allowing hands-free operation with a single tap. Specialized push-to-talk (PTT) headsets are also supported, enabling traditional push-to-talk functionality. This feature ensures workers can stay connected without needing to pull out their devices. Storyline in Teams Storyline provides a centralized place for corporate communications to foster better communication and alignment across the organization. It enables leaders to connect directly with their workforce through targeted posts, like sharing policy changes or celebrating company milestones. Learn more about Storyline capabilities. Engage in Teams mobile The Engage app is now available on the Teams mobile app, delivering a full communities experience directly into Teams. This feature empowers organizations to drive news delivery, strengthen leadership connections, foster relationships, all from a single platform. Learn more. Flexible membership for deploying Teams at scale This new feature empowers IT admins to create location-based teams quickly while giving frontline managers the ability to make manual adjustments, like adding or removing an employee, as needed. This additional capability provides greater control for frontline workforce management and is now generally available.RSA Conference 2025: Security Copilot Agents now in preview
In a time of escalating cyber threats, security teams face relentless pressure to do more with less – more threats, more data, more tools, fewer resources. Microsoft Security Copilot was built to bridge that gap, delivering an AI-driven assistant that enhances detection, investigation, and response across the entire Microsoft Security stack. Since it was launched in April 2024, Copilot has been integrated into customer environments to assist security professionals at every level – amplifying human expertise, streamlining complex workflows, and helping teams stay ahead of evolving threats. New research from Microsoft live operations highlights Security Copilot’s tangible impact, showing productivity gains across security and IT. Organizations using Security Copilot have seen: At this year’s RSA Conference, we are excited to share updates that make Security Copilot even more powerful, flexible, and accessible to customers and partners. Security Copilot agents are now in preview Last month at Microsoft Secure, we introduced Security Copilot agents - autonomous AI designed to tackle high-volume security tasks. Built on Security Copilot and seamlessly integrated with Microsoft Security solutions and partner ecosystem, these agents are tailored to security-specific use cases, adapt to your workflows, and learn from feedback, all while keeping your team fully in control. Every agent launched is built on the Security Copilot platform, ensuring a consistent, secure, and unified experience across capabilities. Starting today, we’re beginning a phased public preview rollout which will gradually expand to more customers to ensure a smooth and scalable experience. The following agents are now available in preview to select customers: Conditional Access Optimization Agent in Microsoft Entra monitors for new users or apps not covered by existing policies, identifies necessary updates to close security gaps, and recommends quick fixes for identity teams to apply with a single click. Vulnerability Remediation Agent in Microsoft Intune monitors and prioritizes vulnerabilities and remediation tasks to address app and policy configuration issues and expedites Windows OS patches with admin approval. Threat Intelligence Briefing Agent in Security Copilot automatically curates relevant and timely threat intelligence based on an organization’s unique attributes and cyberthreat exposure. And there’s more to come. Over the next few weeks, additional agents will become available to customers: Phishing Triage Agent in Microsoft Defender triages phishing alerts with accuracy to identify real cyberthreats and false alarms. It provides easy-to-understand explanations for its decisions and improves detection based on admin feedback. Alert Triage Agents in Microsoft Purview triage data loss prevention and insider risk alerts, prioritize critical incidents, and continuously improve accuracy based on admin feedback. Partner agents from OneTrust, Tanium, BlueVoyant, Fletch, and Aviatrix that automate tasks like privacy breach response, SOC assessment, alert triage, task optimization, and root cause analysis. We’re also thrilled to announce two new partner agents that have joined our growing ecosystem since our Secure event last month, now in private preview: Email Threat Analyst Agent by Performanta conducts investigations into email-based threats and compromised user activity and provides an impact and recommended mitigation assessment. IAM Supervisor Agent by Performanta uncovers and triages identity and access threats and provides an impact and recommended mitigation assessment. With these additions, our growing ecosystem of Security Copilot agents – now in preview – offers broader insights and powerful automation to help security teams respond faster and more effectively. We are excited to continue advancing agentic capabilities both at Microsoft and through collaboration with our third-party partners. Please visit the new Security Copilot video hub for demos or deep dives of Security Copilot agents. Partner ecosystem updates Azure Lighthouse support for Sentinel use cases Security Copilot support for Azure Lighthouse Sentinel use cases for managed security service provider (MSSP) tenants is now generally available. With this support, MSSPs can purchase SCUs and attach them to the managing tenant in Azure Lighthouse and use those SCUs to run Security Copilot skills related to Microsoft Sentinel on their customer tenants via Azure Lighthouse. All the Sentinel skills available in Security Copilot will be invokable from the Azure Lighthouse tenant without the customer needing to have Security Copilot, thereby making Security Copilot available to MSSPs who manage multiple customers. Supported scenarios include querying the customer Sentinel incident, incident entities/ details, querying Sentinel workspaces, and fetching Sentinel incident query. These skills can be invoked on per customer Sentinel workspace. Managing tenants using Azure Lighthouse now can do the following, without their customers needing to provision SCUs: Use the same natural language-based prompts using Sentinel skills on customer data Create custom promptbooks using Sentinel skills to automate their investigations Use Logic Apps to trigger these promptbooks Learn more about how to get started with Azure Lighthouse Support for Sentinel use cases here. New Security Copilot plugins As part of our effort to provide customers with truly end-to-end security protection, we continue to prioritize expanding our Security Copilot partner ecosystem. We have worked with partners to develop plugins to enhance and extend the information and data brought into Security Copilot. The following plugins are now in preview: Censys plugin enables users to enrich investigations using threat intelligence from the Censys platform to scan a URL or domain and scan an IP address. HP Workforce Experience Platform (WXP) plugin for Security Copilot allows users to gain insight into warranty of devices, application crashes, data about their fleet, and more. Splunk plugin allows Security Copilot users to make calls to Splunk to perform queries to create, retrieve, and dispatch saved Splunk searches, and retrieve and view information about fired alerts. Quest Security Guardian plugin reduces alert fatigue by prioritizing your most exploitable vulnerabilities and Active Directory configurations that demand attention. The following plugins are now in GA: CheckPhish plugin allows users to utilize the CheckPhish AI to analyze URLs for potential phishing threats, tech support scams, cryptojacking, and other security risks. Integration spotlight: ServiceNow SIR plugin The integration of ServiceNow AI and Microsoft Security Copilot capabilities brings joint capabilities to empower our customers and enhance their security posture. The integration optimizes incident insights within SIR and enhances Microsoft Security product’s security incident resolution status and threat prioritization capabilities, driving continuous security posture and awareness. As a result, security teams benefit from faster, more accurate incident resolution - reinforcing our commitment to delivering cutting- edge, AI-driven solutions that elevate the entire security ecosystem. Flexibility, scalability, and security for AI Microsoft Purview for Security Copilot As organizations adopt AI, implementing data controls and a Zero Trust approach is crucial to mitigate risks like data oversharing and leakage, and potential non-compliant usage in AI. We are excited to announce Microsoft Purview capabilities in preview for Security Copilot. By combining Microsoft Purview and Security Copilot, users can: Discover data risks such as sensitive data in user prompts and responses and receive recommended actions in their Microsoft Purview Data Security Posture Management (DSPM) for AI dashboard to reduce these risks. Identify risky AI usage with Microsoft Purview Insider Risk Management to investigate risky AI usage, such as an inadvertent user who has neglected security best practices and shared sensitive data in AI or a departing employee using AI to find sensitive data and exfiltrating the data through a USB device. Govern AI usage with Microsoft Purview Audit, Microsoft Purview eDiscovery, retention policies, and non-compliant usage detection. Learn more about Purview for Security Copilot here. Copilot in Microsoft Defender for Cloud Copilot in Defender for Cloud helps security teams accelerate risk remediation, making it faster and easier for security admins to remediate cloud risks by providing AI-generated summaries, remediation actions, and delegation emails, guiding users in each step of the risk reduction process. Security admins can use AI to quickly summarize a specific recommendation, generate remediation scripts, and delegate tasks via email to resource owners. The capabilities help reduce investigation time, enabling security teams to understand the risk in context and identify resources to quickly remediate. The capabilities are now generally available. Learn more about Copilot in Defender for Cloud here. Enriched Incident Summaries in the Microsoft Sentinel Azure portal We’re excited to announce Security Copilot Incident Summaries in the Microsoft Sentinel Azure portal are now in public preview. This capability provides enriched, easy-to-digest insights into security incidents - streamlining triage and helping analysts quickly understand scope, impact, and next steps. Read the blog post here. Enhanced Consumption Flexibility for Security Copilot This month we introduced enhancements to Security Copilot to enhance customer flexibility and scalability, by supplementing the existing provisioned pricing structure for Security Copilot with the addition of an overage Security Compute Unit (SCU). This capability ensures that users can scale their Copilot workloads beyond their provisioned capacity, for uninterrupted protection. Read the blog post here. Learn more about Security Copilot at RSA Conference 2025 To learn more about Security Copilot and explore how it can elevate your organization’s security strategy, we invite you to connect with us at booth #5744. This is a great opportunity to engage with Microsoft security experts, dive deeper into the latest innovations, and experience how Security Copilot can simplify and strengthen your security operations. Join us for our Security Copilot sessions below, stop by our booth for a live demo, or schedule a one-on-one meeting with our team.
