From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Copilot integration with Microsoft security solutions - Microsoft Security Copilot Tutorial

From the course: Microsoft Security Essentials: Concepts, Solutions, and AI-Powered Protection

Copilot integration with Microsoft security solutions

- [Instructor] Microsoft Security Copilot is integrated with the variants of Microsoft security solutions. For example, Microsoft Defender XDR for threat protection, Microsoft Defender Threat Intelligence, Microsoft Defender for Cloud, Microsoft Entra for identity and access management, Microsoft Intune for endpoint management and security, Microsoft Purview for data governance, security and compliance, Microsoft Sentinel for security information and event management, and Azure Security services such as Azure Firewall and Azure Web application firewall. Microsoft Security Copilot provides two ways for you to access the capabilities, provided by Microsoft Security Solutions. You can use the standalone Copilot portal, or you can use the embedded Copilot within many of Microsoft security products. This is convenient because you don't need to leave the product page to access Copilot. In addition, you can find your conversation history with the embedded Copilot in the standalone portal so you can manage your sessions in one central place. Now let's have a quick demo of Copilot integration with the variants of Microsoft security solutions. Here's the Microsoft Security Copilot portal. In the prong bar, click the sources icon. On the managed plugins page, I can find pre-installed Microsoft plugins. Expand the Microsoft plugins page. You can see the plugins for Microsoft products such as Azure Firewall, Azure Web Application Firewall, Microsoft Defender XDR, Microsoft Entra, Intune, Purview, Sentinel, and Threat Intelligence. To use a plugin, you need to enable it first. Click the prompts icon in the prompt bar. Then click to see all system capabilities. You can see the capabilities provided by Microsoft security products through their plugins. For example, on the Microsoft Defender XDR, there's a capability, list incidents. Let's use this capability. In the customer request field enter, list the incidents within the last 30 days. Show the results in a table format. Click submit. Copilot chose the Microsoft Defender XDR plugin to retrieve the information. Here, we use Microsoft Security Copilot's standalone experience. Next, let's look at Copilot's embedded experience in some Microsoft security solutions. Here's the incidents page on Microsoft Defender XDR. Select an incident. Copilot summarized this incident and generated a guided response. You can ask Copilot to analyze suspicious scripts. Here we see a suspicious power shelf script. We can let Copilot analyze it. Copilot explained the script so we can quickly understand its purpose. From here, we can also go back to the Copilot standalone portal. Then continue our work there. We can also access Copilot in Microsoft Defender Threat Intelligence. We can use Copilot to summarize the latest threats, prioritize threats, and ask about threat actors and tech techniques. For example, we can ask the Copilot to summarize the vulnerability with this CVE number. Copilot provided the description, impacted technologies, vulnerable components, recommendations, and the references. Now let's look at Copilot in Microsoft Entra. In the identity protection, we can ask Copilot to summarize risky users. Select a user. Copilot provided a summary. Now let's look at Copilot in Microsoft Intune. We can explore a device with Copilot. Copilot can summarize this device, analyze an error code, or compare this device with another device. Let's click compare this device with another device. Enter device to name select comparison type. Click submit. Copilot provided a comparison table to show the similarities and the differences between the two devices. Click show policies assigned to this device. Select the policy type. Click submit. Copilot listed the assigned policies. Now let's look at Copilot in Microsoft Purview. Let's choose the solution, communication compliance. Click policies. Let's select the policy. No insider trading policy. Select a detected message to reveal its content. You can ask the Copilot to summarize the content. Go back to solutions. Choose the solution e-discovery. That's choose a case. Open a review set. Select a file to review its content. You can ask Copilot to summarize the file and help with your reviews. Go back to solutions. Choose the solution, data loss prevention. Click alerts. Select an alert. Copilot summarized this alert for you. Go back to solutions. Choose the solution inside the risk management. Click users. You can see potential risky users. Select the user to review. Copilot summarized the user risk.

Contents