what's new
285 TopicsMonitor User Activities and System Events with Security Copilot and Microsoft Sentinel
We do recommend you read through the our Privacy and data security document to understand more about what data we are capturing Privacy and data security as well as how to enable Purview Audit logs: Access the Copilot for Security Audit Log About Our Solution Our solution enhances traditional audit logs through the Unified Audit Log (UAL) by providing a centralized and comprehensive view of all user and system activities across various Microsoft services. The UAL aggregates data from multiple sources, including Microsoft 365, Azure, and third-party applications, offering a holistic view of security events. This integration allows for more effective monitoring, quicker incident response, and improved compliance reporting. Additionally, Security Copilot uses AI to identify patterns and anomalies, providing actionable insights and recommendations to strengthen your security posture. For a more comprehensive guide on how to create a search job in Purview, please visit our documentation here. Security Copilot customers can now access audit events natively through Microsoft Purview by navigating to Audit unified logs and searching. On the Search Page, refine and filter the base record type and time range, then create a Search job. To create a search for Security Copilot you will need to select the workload: Security Copilot Enhance Audit solution improves audit logging for Copilot. This custom solution includes: Microsoft Sentinel connector that reads data from the Office Management API and writes it to Log Analytics Workspace. Azure workbook that provides insights on the ingested data. Detection rules deployed in Microsoft Sentinel to alert defenders of anomalous events. This solution provides streaming audit logging, facilitating advanced queries and detections. It also correlates logs with other data to enhance security insights. Prerequisites/Preparation Enable the audit log capability in Security Copilot During the first run experience, a Security Administrator is given the option of opting into allowing Microsoft Purview to access, process, copy and store admin actions, user actions, and Copilot responses. For more information, seeGet started with Security Copilot. Security Administrators can also access this option through the Owner settings page. Use the following steps to update the audit log settings: Sign in to Security Copilot (https://securitycopilot.microsoft.com). Select the home menu icon. Navigate to theOwner settings>Logging audit data in Microsoft Purview. For a step-by-step guide on each of these actions, please refer to this GitHub repository: https://github.com/Azure/Security-Copilot/tree/main/Monitoring/IngestSecurityCopilotAuditlogs Deploying the Security Copilot Audit Logs Connector via the CloudAppEvents Table You can seamlessly use the XDR connector within Microsoft Sentinel and Defender to ingest Security Copilot audit logs. This is achieved by enabling Defender raw event logs into your Sentinel workspace. In this case, our focus is on the CloudAppEvents table. To learn more about the CloudAppEvents table and its schema, refer to the advanced hunting schema documentation here. This will bring the events Security Copilot logs directly into Sentinel, thus allowing you to deploy the workbook. To verify that the connector is functioning and sending data to the configured workspace: Wait for 5-10 minutes. Open the workspace and go to the log section. In the logs canvas, enter the following KQL query: CloudAppEvents | where parse_json(RawEventData)["AppIdentity"] == 'Copilot.Security.SecurityCopilot' | where parse_json(RawEventData)["Workload"] == 'Copilot' If results appear, you can proceed with setting up the workbook and deploying the detection rules. Deploying Detection Rules For deploying the 3 analytics rules, press on the deploy button location here https://github.com/Azure/Copilot-For-Security/tree/main/Monitoring/IngestSecurityCopilotAuditlogs Once you've clicked the deploy button and authenticated with an Azure deployment user, complete the required parameters. Log Analytics Workspace Name – Use the same Sentinel Workspace name as the connector. Once deployment is complete, open Sentinel and go to analytics. Search for "Copilot" rules and enable them. The above detection rules will complement this audit solution. We have provided three sample detections as highlighted below: Security Copilot - TI map IP entity to Prompts This rule looks back one hour into the Copilot for Security Audit logs and identifies whether any prompting has been done from an IP that has been matched as an IOC that has been active for up to the last 14 days. Security Copilot - Anomalous sign-in activity by Security Copilot user This rule detects anomalous user log on and resource access associated with usage of Copilot for Security where any of these operations have been executed: DeleteCopilotPromptBook,DisableCopilotPlugin,DeleteFile or EnableCopilotPlugin. The rule checks whether these operations have been performed by a user that has performed them from a connection that is used for the first time in the tenant, whether its from a country their peers don’t normally connect from and whether its uncommon for them to access Copilot for Security. Security Copilot - Anomalous Operations by Copilot for Security User Detect Anomalous operations involving actions such as "DisableCopilotPlugin" , "DeleteFile" , "UpdatePluginSettings" , or "DeleteCopilotPromptBook". The detection uses the KQL basket() function to detect whether any these activities have been performed by a user that does not typically perform these operations based on a 14 day baseline. Deploying the Workbook To deploy the Workbook, press on the deploy button located here: https://github.com/Azure/Copilot-For-Security/tree/main/Monitoring/IngestSecurityCopilotAuditlogs After pressing the deploy button and authenticating with an Azure deployment user, fill in the above parameters. Log Analytics Workspace Name – Use the same Sentinel Workspace name as the connector. Once deployment is complete, open Sentinel and go to Workbook. Open My Workbooks and locate the workspace with the name “Security Copilot Audit”. Press on View Saved Workbook Note: Please note that filters apply to all the widgets simultaneously. You can filter by Time Range and Workspace. What can we find in the Workbook? We designed this workbook to satisfy the most important questions our customers have. With that in mind, we created 3 separate widgets that focus on: an all up view in the Dashboard, information about sign-ins, especially failed sign-ins, and lastly information about SCU changes. Now, let’s take a look at each of them individually: Security Copilot Audit Dashboard In the first view, we have some general information about how Security Copilot has been used. Here we can find: We will also provide a visual chart of prompt numbers over time, allowing you to identify busier periods and understand which Security Copilot Experience drives usage. In the next graphs, we are focusing on three different aspects of the logs: Security Copilot interactions: this will show you the different types of interactions users have performed (changing a promptbook, creation of a plugin, deletion of a plugin, etc.) Security Copilot interactions by Location: this shows you a visual map of where all the interactions occurred Top Users Prompts: this table will show you the user and the number of prompts they have performed Following this, we have a list of Promptbook interactions where we can see who created, deleted or updated promptbooks: In the next two graphs we will be able to find whoenabled and disabled different plugins In the final graph we will be able to find a list of the users who made changes either at a tenant level or user level: Security Copilot Sign in Data In the Second Widget that we created, you will be able to filter and see all of the sign-in data in Security Copilot. As such, to this widget we have four components: A visual representation of successful and Failed sign-ins by location Successful sign-ins: here you will be able to see all the data about every user’s successful sign-in such as IP Address, Location, Platform and OS Platform and more. Failed sign-ins: here you will be able to see the data about a user's unsuccessful sign ins such as the reason for the authentication fail, IP Address, as well as more granular information about the attempted sign-in Lastly, we have a graph depicting all the different reasons for the unsuccessful sign-ins. These can include: Flow token expired, User did not pass the MFA challenge, Invalid username or password or Invalid on-premises username or password, etc. of failed sign-ins Security Copilot SCU Events The last Widget that we implemented is Security Copilot SCU Events. Here you will be able to view the number of purchased SCU's as well as any changes that is done to them. For example, you will be able to see increases or decreases in the SCUs and who has performed the change. Lastly, we have SCU Capacity Activity where we will be able to find SCU alignment operation. The integration of Microsoft Security Copilot with Microsoft Sentinel provides a powerful, AI-driven solution for monitoring and analyzing audit logs across your organization’s security landscape. This setup offers deeper visibility into user activities and system events, enabling more proactive threat detection and compliance management. With features like anomaly detection, custom connectors, and interactive workbooks, Security Copilot simplifies and strengthens your security operations. Ready to take your security to the next level? Explore our GitHub repository to get started with the setup or contact our team to learn more about enhancing your organization's security posture.1.2KViews0likes0CommentsWhat’s new in Microsoft 365 Copilot | November 2024
Welcome to the November 2024 edition of What's new in Microsoft 365 Copilot! Every month, we highlight new features and enhancements to keep Microsoft 365 admins up to date with Copilot features that help your users be more productive and efficient in the apps they use every day.4.6KViews4likes0CommentsWhat's New in Microsoft EDU | November 2024
Welcome to our monthly update for Microsoft Education and thank you so much for being part of our growing community! We’ve been working on some great new updates that we’re excited to share with you, so here’s what’s new this month. Enjoy!3.8KViews5likes4CommentsHow to Become a Microsoft Security Copilot Ninja: The Complete Level 400 Training
Learn how to become a Microsoft Security Copilot (Copilot) Ninja! This blog will walk you through the resources you'll need to master and make best use of Microsoft's Security Copilot product!149KViews24likes20CommentsIgnite 2024: Transforming Security with Microsoft Security Copilot
Today’s security and IT teams are working within increasingly complex and fragmented environments. They are constantly balancing a broad and varied tech landscape, a fast-changing regulatory environment, and increasingly sophisticated cyberthreats, while challenged with a global cybersecurity skills shortage, data overload, and the risk of missing critical vulnerabilities - slowing response times, and ultimately leading to security gaps. The evolving threat landscape has highlighted the critical role that AI can play in organizations’ security efforts. To address these growing challenges, Microsoft introduced Microsoft Security Copilot (formerly known as Microsoft Copilot for Security) last April,enabling customers to use generative AI-powered assistance for daily operations in security and IT. Security Copilot is built to enhance every facet of an organization’s security operations across identities, devices, data, clouds, and apps. It turns global threat intelligence, industry best practices, and organizations’ own data into actionable insights to help teams catch what others miss, respond faster, and strengthen team expertise. Since Security Copilot has been generally available, customers and partners have discovered powerful applications for the tool. We've seen customers like Eastman, a specialty materials manufacturer, have experienced significant benefits, including cost savings, improved threat detection, and junior staff upskilling, with Security Copilot enabling faster KQL learning and reducing technical workloads. “I’m finding that I can ask [Security Copilot] about attack factors that I’ve never seen before and get answers much faster. That helps me to make a better decision and respond faster to an attacker.” - David Yates, Senior Cybersecurity Analyst, Eastman Supporting this impact, new research from Microsoft -- conducted between March to August 2024 -- showed a 30% reduction in security incident mean time to resolution (MTTR) for security incidents three months post-adoption of Security Copilot. Given that recent estimates suggest analysts spend, on average, 2.7 hours per day resolving incidents costing $3.3 billion in the US alone, these results highlight the significant potential time and cost savings that Security Copilot can provide in security operations. Read the full research paper here. What’s New at Ignite 2024 Just seven months after its general availability, Security Copilot continues to introduce new feature enhancements that strengthen its position as the leading gen-AI tool for security. The latest exciting advancements extend Security Copilot's capabilities beyond SOC teams, empowering data, identity, and IT teams to leverage powerful AI-driven insights and automation. Security Copilot Beyond the SOC Data Security: Copilot in Purview Data security admins now have comprehensive, AI-powered visibility with new features, in public preview, for Copilot in Purview -- enabling faster, more accurate risk analysis across their data landscape. With Data Security Posture Management (DSPM), admins receive natural language insights on risks based on suggested or customizable prompts to prioritize and deepen their investigations. Copilot simplifies Data Loss Prevention (DLP) policy analysis by providing easy-to-read summaries and identifying DLP policy gaps, while eDiscovery case summaries streamline case management so users can quickly access natural language summaries of eDiscovery cases, and searches. New DLP investigative prompts and the Copilot-powered Knowledge Hub further enhance data security team capabilities, providing actionable insights and guidance that assist admins to manage risks and upskill teams of all experience levels effectively. Identity & Access: Copilot in Entra With Security Copilot embedded in Microsoft Entra available in preview, identity admins can simplify their workflows, reduce administrative overload, and improve decision-making efficiency, from directly within the Entra portal. Copilot in Entra offers identity protection with AI-driven risk detection, insights, and mitigation capabilities, allowing identity and security teams to stay ahead of potential threats. With automated data gathering and correlation, admins can easily identify and respond to suspicious activity involving high-risk users, applications, and workload identities. It also allows admins to quickly troubleshoot access failures, offering automation and actionable insights around sign-in logs, user details, group details, audit logs, and diagnostic logs. Copilot transforms this complex data into natural language summaries, offering recommendations on how to quickly reduce risk and resolve access issues, even in highly sensitive situations. Endpoint Management: Copilot in Intune IT admins can now leverage expanded capabilities for Copilot in Intune, available in preview, to further reduce attack surface, improve IT efficiency, and streamline complex admin workflows. These new capabilities include support for investigating app elevation details and identifying potential signs of compromised apps before approving Endpoint Privilege Management requests. Copilot also assists with KQL query creation for single- and multi-device analysis, making it easier to retrieve device data—minimizing the need for admins to have deep KQL expertise. Additionally, Copilot in Intune expands to simplify update management with Windows Autopatch. This integration enables Copilot to support essential update tasks—from planning and troubleshooting to analyzing deployment outcomes—empowering IT teams to proactively address and resolve update issues. Empower Security Teams and Automate Security Tasks Innovations to enhance your SOC The latest Security Copilot innovations for SOC, now generally available, empower security analysts to investigate incidents with more actionable user insights and greater user control. The new Identity Summary provides a comprehensive overview of the user identity information for quicker identification and resolution of potential security threats. The improved Copilot side panel experience remembers its open or closed state across tab changes, allowing users to maintain their preferred setting in the embedded experience. Threat Intelligence A Unified Threat Intelligence (TI) Experience, now in public preview, offers a complete view of threats by integrating a wider range of threat intelligence sources, including CVE data and advanced internet data sets, to help security teams quickly understand the impact of threats on the organization. New out-of-the-box promptbooks, now generally available, leverage this expanded breadth of intelligence through guided experiences that simplify complex workflows and empower SOC and threat intel analysts to investigate and respond to threats faster and more effectively. Task Automation Customer feedback has indicated significant value in using Copilot for task automation via Logic Apps and promptbooks. Users are able to do this by sequencing and automating common tasks enriched by gen AI insights to streamline security operations -- for example, a security analyst could create a Logic App that leverages Copilot promptbooks to automate the examination of user-reported phishing emails and determine the likelihood of a phishing event. Now generally available, the Security Copilot Logic Apps connectorallows SOC teams to integrate promptbooks directly from Logic Apps to simplify the configuration of automation workflows. Building on Enterprise Readiness In addition to enhancing embedded capabilities for Security Copilot, we’re excited to announce several new platform features that help organizations to integrate, automate, monitor, and scale their security programs more efficiently. By connecting to existing tools via integrations, Security Copilot can extend and bring more value to users. We are also introducing features that help customers with monitoring, providing them with visibility and control over their audits, access, and usage. Partner Ecosystem As part of our effort to provide customers with truly end-to-end security protection, we have prioritized building out our Security Copilot partner ecosystem. We have worked with partners to develop plugins to enhance and extend the information and data brought into Security Copilot. At Ignite, we are announcing the general availability of over 15 plug-insacross different categories including threat intelligence and device, network, and endpoint management. Third-party Threat Intelligence plugins enable security teams to bring rich information about threat actors, indicators of compromise, tools, and vulnerabilities into Copilot, enabling them to gain a holistic view of threats, understand their impact, and receive recommendations and guidance on how to respond. New GA Threat Intelligence plugins include CrowdSec, Cybersixgill, Whoisfreaks, Reversing Labs Spectra Analyze, Reversing Labs Spectra Intelligence, CywareRespond, Intel 471, Forescout Vedere Labs, GreyNoise’s Enterprise plugin, GreyNoise’s Community plugin, and Darktrace. Third-party Device, Network, and Identity plugins provide additional insights into device health and compliance, network traffic patterns, and user authentication activities. These integrations allow for a holistic view of the security landscape, enabling more effective monitoring and management of potential threats. Additionally, these plugins can help organizations enforce security policies, detect anomalies, and respond to incidents in a timely manner. New GA Device, Network, and Identity plugins include Red Canary, Netskope, Tanium, Silverfort, CyberArk, and Jamf. Additionally, new administrator controls for plugin management provide administrators with the ability to control which plugins can be enabled within their organizations. This feature provides more control and predictability of SCU consumption through plugins, helping organizations manage costs. New Platform Features We are also excited to introduce new platform features that would help Security Copilot customers with visibility, guidance, and access control. An update to role-based access control (RBAC), now in preview, refines contributor role permissions by replacing the 'everyone' option with a 'recommended roles' bundle. This grants access to users with flagship roles in Entra, Intune, Purview, and the unified security operations platform, and will be the default setting for new tenants, preventing unintended access by users outside enabled groups. Additionally, the general availability ofaudit logs provides a comprehensive record of all security analyst and admin activities -- available through Purview Audit and UAL -- allowing organizations to detect and analyze interactions for compliance with regulatory requirements. We are also announcing the preview of a new Prompt Library which provides prompts and promptbooks that may be used in Security Copilot. Customers who require more guidance in Copilot can leverage this library and filter by persona so they can easily find and use prompts and promptbooks that are most relevant to their role and tasks. Finally, the new Usage Dashboard, now generally available, offers detailed insights into your Security Compute Units (SCU) utilization with advanced filtering and a 90-day data timeframe, enabling data export into formatted Excel sheets for customizable analysis and better consumption management. Learn more about how your organization can benefit from Copilot Microsoft is dedicated to empowering customers with advanced security solutions that drive both robust protection and meaningful cost efficiencies across their security programs. This commitment is underscored by our adherence to industry leading standards like HITRUST, ISO 27001, ISO 27017, ISO 27018, and HIPAA, reflecting Microsoft's commitment to upholding the highest standards of security and data privacy for customers. Further demonstrating Microsoft’s commitment to deliver meaningful cost efficiencies and enhanced productivity across security programs, a recent Total Economic Impact study by Forrester Consulting highlights the significant ROI that organizations can achieve with Security Copilot. In a study of over 300 decision-makers, the implementation of Security Copilot resulted in an average 23-46.7% productivity gain for SecOps tasks, reduced risk of security breaches with a projected value between $546,000 and $1 million, and enabled cost efficiencies worth $86,000 to $257,000 per 3 years.Read the full study. To learn more about the exciting new features and explore how Security Copilot can enhance your organization’s security program, we invite you to connect with us atMicrosoft Ignite. This is a great opportunity to engage with our experts, gain deeper insights, and see firsthand how Security Copilot can streamline your security operations. Join us at the Security Copilot sessions listed above, visit our Meet the Experts booth, or reach out for more information. Connect with us today to discover how Security Copilot can transform your security program and meet your evolving security needs.What’s New in Microsoft Teams | October 2024
This month, we have even more updates to share that are bringing intelligence, convenience, and productivity together in Teams. A few that I’m most excited for you to try are: the highly anticipated ‘Queues App’ that makes handling and monitoring customer calls easier for call center agents and leads, ‘Voting, Filtering, Sorting and Archiving in Teams Q&A’ for Town Halls and Webinars, that allows attendees to upvote questions they find most compelling, and ‘Expanded cross-platform meetings via SIP join’ that give you the ability to use Microsoft Teams to join meetings from other services like Google Meet, Zoom, Cisco Webex, Amazon Chime, RingCentral, and others.14KViews2likes4CommentsMicrosoft Security Copilot Achieves SOC 2 Certification
We are pleased to announce that Microsoft Security Copilot has successfully achievedSOC 2 certification, a significant milestone that reinforces our commitment to delivering secure, compliant solutions for enterprise customers. This certification underscores our dedication to maintaining the highest standards of security, availability, processing integrity, confidentiality, and privacy in the world’s first generative AI-powered security solution.Know Before You Go: Security Copilot at Microsoft Ignite 2024
We are just a few days away from Microsoft Ignite, happening from November 19–22, 2024, and the excitement is palpable! This year, we are thrilled to share Security Copilot with everyone, both in-person and virtual attendees alike. In-Person Experience: For those joining us in person, you'll have the opportunity to interact directly with our experts, attend immersive sessions, and see live demos of Security Copilot. Our hands-on labs and breakout sessions will provide you with practical insights and experiences that you can take back to your organization. Virtual Engagement: We haven’t forgotten about our virtual audience! You’ll have access to live-streamed sessions, interactive Q&As, and virtual demos. We’ve designed a rich and engaging online experience to ensure that you gain the same valuable insights and knowledge as those attending in person. We are excited to announce a series of innovative technical breakout sessions, theater sessions, labs, community opportunities, and demos designed to showcase the cutting-edge capabilities of Security Copilot. These are tailored to provide in-depth insights and hands-on experiences, ensuring attendees gain a comprehensive understanding of how to leverage Security Copilot to its fullest potential. Microsoft Security Copilot is your generative AI-powered assistant that helps teams improve security across organizations. Discover how Security Copilot enables you to protect at the speed and scale of AI by leveraging global threat intelligence, industry best practices, and organizational data from Microsoft and others to deliver tailored insights. Learn about the latest innovations, including AI-driven automation capabilities and new use cases that elevate security organization-wide. Join us for these exciting opportunities, whether in-person at McCormick Place in Chicago or virtually online. Explore how Security Copilot can transform your security operations, optimize efficiency, and enhance your organization's overall security posture. Whether you're a security professional, IT expert, or simply interested in the future of cybersecurity, these sessions offer valuable knowledge and practical tips to help you stay ahead in the ever-evolving world of cybersecurity. We look forward to your participation and can't wait to see you there! Breakout Sessions We are excited to announce our series of innovative technical breakout sessions, designed to showcase the cutting-edge capabilities of Security Copilot. These sessions are tailored to provide in-depth insights and hands-on experiences, ensuring attendees gain a comprehensive understanding of how to leverage Security Copilot to its fullest potential. BRK307: Transform your security with GenAI innovations in Security Copilot - Dorothy Li, Emily Longman, Dilip Radhakrishnan In Chicago + Online - Will be recorded Tuesday, November 19 - 11:30 AM - 12:15 PM Central Standard Time Microsoft Security Copilot is your generative AI-powered assistant that helps teams improve security across organizations. Discover how Security Copilot enables you to protect at the speed and scale of AI by leveraging global threat intelligence, industry best practices and organizational data from Microsoft and others to deliver tailored insights. Learn about the latest innovations, including AI-driven automation capabilities and new use cases that elevate security organization-wide. BRK308: Optimize with Security Copilot: Real-world insights and expert advice - Dennis Mercer, Heena Macwan In Chicago + Online - Will be recorded Thursday, November 21 - 3:45 PM - 4:30 PM Central Standard Time Discover how to unlock Microsoft Security Copilot's full potential. This session offers deep dives into valuable case studies, the latest efficiency data, and practical tips from product experts. Learn best practices and insider tricks to maximize Copilot’s benefits, ensuring quick value realization and enhanced security and IT operations. BRK316: One goal, many roles: Microsoft Security Copilot use cases for all - Nick Goodman, Ryan Munsch In Chicago + Online - Will be recorded Thursday, November 21 - 5:00 PM - 5:45 PM Central Standard Time Experience how Microsoft Security Copilot supports multiple cybersecurity roles through practical, real-world incidents. This session highlights Copilot's seamless integration with Microsoft’s security suite—Entra, Defender, Purview, and Intune - and its ability to provide tailored solutions that address a broad range of security functions beyond traditional SOC roles. BRK331: Security Partner Growth: Harness the Power of AI in Security Copilot - Vicki Beizer, Mona Ghadiri, James Key, Jose Lazaro In Chicago Only - Will be recorded Friday, November 22 - 10:15 AM - 11:00 PM Central Standard Time Discover new Security Copilot product capabilities built to enable partners to run their managed services business and expand their ISV solutions. Find out how Partners can maximize the capabilities of your technical resources to support customers more effectively. You will receive a preview of the new partner benefits and product developments coming next year and learn how you can get ahead of the curve. Don't miss this chance to stay ahead in the ever-evolving security landscape. Theater Sessions We are thrilled to announce our series of innovative Theater Sessions, designed to spotlight the pioneering capabilities of Security Copilot. These sessions provide a dynamic platform for learning, engaging, and exploring the future of cybersecurity. THR653: Mastering custom plugins in Microsoft Security Copilot - Rod Trent In Chicago Only - Will NOT be Recorded Tuesday, November 19 - 11:15 AM - 11:45 AM Central Standard Time Dive into the technical intricacies of Microsoft Security Copilot in this hands-on session. Gain practical knowledge on building plugins to customize Copilot for your organization's unique requirements. The session provides detailed instructions on creating custom integrations and automations, with a focus on plugin development. This is tailored for security and IT professionals looking to elevate Copilot's capabilities through advanced customization and seamless integration with existing security tools. THR555: Threat Intelligence at machine speed with Microsoft Security Copilot - Ryan Munsch In Chicago Only - Will NOT be Recorded Wednesday, November 20 - 9:00 AM - 9:15 AM Central Standard Time Threat intelligence is crucial for protecting against evolving threats, but extracting actionable insights from vast data can be overwhelming. Join Microsoft expert Ryan Munsch to discover how Security Copilot's generative AI streamlines threat intelligence. He'll show how Copilot acts as a research assistant, analyst, and responder, using guided experiences and prompts to simplify threat management and reduce the time, resources, and stress involved in defending your organization. Labs We're excited to invite you to dive deep into the cutting-edge capabilities of Security Copilot through our hands-on labs. These instructor led sessions are designed to provide a comprehensive, interactive experience, enabling you to fully understand and leverage the power of Security Copilot in your organization. LAB462: Boost security and IT efficiency with Microsoft Security Copilot - Rod Trent In Chicago Only - Will NOT be Recorded Wednesday, November 20 - 3:00 PM - 4:15 PM Central Standard Time Join us for an interactive lab to experience Microsoft Security Copilot in action. Through expert-led simulations, explore how generative AI streamlines incident response, expedites troubleshooting, and enhances decision-making across security and IT. Test-drive Security Copilot and see firsthand how it helps teams identify, respond to, and mitigate threats efficiently. Ideal for security professionals eager to experience the real-world impact of generative AI in security & IT. LAB462-R1: Boost security and IT efficiency with Microsoft Security Copilot - Rod Trent In Chicago Only - Will NOT be Recorded Thursday, November 21 - 8:30 AM - 9:45 AM Central Standard Time Join us for an interactive lab to experience Microsoft Security Copilot in action. Through expert-led simulations, explore how generative AI streamlines incident response, expedites troubleshooting, and enhances decision-making across security and IT. Test-drive Security Copilot and see firsthand how it helps teams identify, respond to, and mitigate threats efficiently. Ideal for security professionals eager to experience the real-world impact of generative AI in security & IT. Community We are excited to invite you to our series of Community Tabletops, designed to foster collaboration and innovation around Security Copilot. These sessions provide an interactive environment where you can engage with peers, share experiences, and explore the latest advancements in cybersecurity. COM1028: Community Roundtable: Security Copilot for IT Pros – Bill Mccluskey In Chicago Only - Will NOT be Recorded Tuesday, November 19 - 1:00 PM - 2:00 PM Central Standard Time This session will bring together experts and peers to explore real-world applications, share best practices, and discuss the latest features of Security Copilot. Attendees will gain invaluable insights into optimizing security measures, enhancing threat detection, and streamlining incident response. Join us to collaborate, network, and learn from the collective experience of your fellow IT pros in a dynamic and interactive environment. COM1029: Community Roundtable: Security Copilot for the SOC - Michael Pinch In Chicago Only - Will NOT be Recorded Tuesday, November 19 - 4:00 PM - 5:00 PM Central Standard Time Join us for an engaging roundtable discussion tailored specifically for Security Operations Center (SOC) professionals focused on optimizing the use of Security Copilot. This session will facilitate an interactive exchange of ideas, challenges, and best practices related to the deployment and management of Security Copilot within the SOC. Participants will gain insights into leveraging Security Copilot to enhance threat detection, streamline incident response, and improve overall SOC efficiency. This is a unique opportunity to network with peers, learn from industry experts, and collaboratively explore innovative solutions to common SOC challenges. Come prepared to share your experiences and take away actionable strategies to elevate your SOC's security posture. COM1030: Community Roundtable: Developing Security Copilot Plugins - Rod Trent In Chicago Only - Will NOT be Recorded Wednesday, November 20 - 11:00 AM - 12:00 PM Central Standard Time Join us for an engaging community roundtable focused on the development of plugins for Microsoft Security Copilot. This session provides a platform for developers, IT professionals, and cybersecurity enthusiasts to collaborate and exchange ideas on creating innovative plugins that enhance Security Copilot's capabilities. Attendees will gain insights into the plugin development process, explore successful case studies, and discuss best practices for integrating custom plugins into their security workflows. Whether you're a seasoned developer or new to plugin creation, this roundtable offers valuable takeaways and networking opportunities to help you expand Security Copilot's functionality and improve your organization's security posture. Demos and Networking Don't miss the opportunity to visit the Copilot demo station at the Expert meet-up. Our team will be showcasing the latest demos of Security Copilot, highlighting its powerful features and capabilities. Our experts will be on-hand to answer your questions and provide insights into how Security Copilot can enhance your security posture. Whether you're interested in learning about our innovative tools or need guidance on specific features, we're here to help. Be sure to stop by and experience firsthand how Security Copilot can help you stay ahead in the ever-evolving world of cybersecurity. We look forward to meeting you!589Views3likes0Comments