Introduction
Microsoft Security Copilot is a cutting-edge AI-driven platform designed to enhance security workflows by automating tasks and providing actionable insights, making it an essential tool for security engineers.
Imagine you’re a security engineer at a mid-sized financial institution. Your team manages a complex environment spanning identity management with Microsoft Entra, endpoint protection with Microsoft Intune, threat detection with Microsoft Defender, and data protection with Microsoft Purview. Every day, your team is flooded with alerts from phishing attempts, identity risks, policy misconfigurations, and data loss incidents. Recently, a phishing attack slipped through the cracks, leading to a data breach that could have been prevented with better tools and processes. You’re tasked with finding a solution that not only streamlines your team’s workload but also improves the accuracy and speed of threat detection and response across all these platforms. This is where Microsoft Security Copilot agents come in. These AI-powered agents automate repetitive tasks, provide actionable insights, and integrate seamlessly across Microsoft security products—helping your team focus on high-priority issues, reduce false positives, and strengthen your organization’s overall security posture.
In this module, you get an introduction to Microsoft Security Copilot agents, including agent identities and permissions. You explore the Threat Intelligence Briefing Agent in the standalone experience and learn about Security Copilot agents across Microsoft Entra, Microsoft Defender, Microsoft Purview, and Microsoft Intune. You also learn how Security Copilot supports building your own agents.
Note
This module is intended to give you a flavor of just a few of the Microsoft agents available in Security Copilot, through both the standalone and embedded experiences. Agents that are available through the embedded Copilot experience are described in training that relates to the specific security solution in which they’re embedded. For example, agents that are embedded in Microsoft Purview solutions are described in the training that relates to that Microsoft Purview solution.
After completing this module, you’ll be able to:
- Describe the role and functionality of Microsoft Security Copilot agents in automating security workflows.
- Describe agent identities and permissions in Microsoft Security Copilot.
- Describe the Threat Intelligence Briefing Agent in the Security Copilot standalone experience.
- Describe Security Copilot agents in Microsoft Entra, Microsoft Defender, Microsoft Purview, and Microsoft Intune.
- Describe how Security Copilot supports building your own agents.