News
Microsoft Copilot for Security GA Expected April 1
- By Kurt Mackie
- March 13, 2024
The Microsoft Copilot for Security artificial intelligence-enhanced security tool will be commercially released on April 1, per a Wednesday announcement.
The announcement was part of the company's second annual Microsoft Secure online event, held today, featuring Microsoft security luminaries. For people wanting more, Microsoft is planning to hold a Microsoft Secure Tech Accelerator online event on April 3 with Q&A sessions.
Product Integrations
Microsoft today posted quite a lot about Copilot for Security integrations into other Microsoft security products. Copilot for Security was described as a "force multiplier for the entire Microsoft Security portfolio, which integrates more than 50 categories within six product families to form one end-to-end Microsoft Security solution."
There were lots of examples to buttress that description. Microsoft on Wednesday notably announced previews of:
- Copilot in Intune for simplifying and troubleshooting security and device management policies. Microsoft indicated that "the public preview of Copilot in Intune will be available to organizations who subscribe to Copilot for Security."
- New Microsoft Entra "skills" that can be used with Copilot for Security, surfacing security information about users, groups and logs.
- Microsoft Purview Data Loss Prevention and Insider Risk Management alert summarizations, and more, using Copilot for Security.
- Microsoft Defender Threat Intelligence use of Copilot for Security, with "new skills and workbooks to help customers understand the full scope of attacks," including a new "side card experience" to summarize details.
- Microsoft Defender Threat Analytics integration of Copilot for Security, providing discovery and natural language summaries.
- Microsoft Defender external attack surface management functionality in Copilot for Security.
Partner Support
Microsoft is collaborating with partners on Copilot for Security, and has published this partner information page. Those efforts consist of a Copilot for Security Early Access Program, along with engineer-led validations "on functionality, operations, and APIs to assist with extensibility."
Microsoft published testimonials from various partners. Avanade is using Copilot for Security with its global MXDR service. BlueVoyant is a member of the Design Advisory Council for Copilot for Security. Cloudflare is helping to enable it. PwC is working to deliver Copilot for Security to "joint customers."
Microsoft Security Exposure Management
Microsoft also announced a preview of Microsoft Security Exposure Management, a new solution that surfaces within the Microsoft Defender portal.
Microsoft Security Exposure Management provides a view across "data silos" and security tools regarding an organization's security risks and exposures. Its "pricing and licensing is still under evaluation," per the product's landing page FAQ.
Microsoft Copilot for Security
Microsoft Copilot for Security (formerly called "Microsoft Security Copilot") was unveiled in March of last year as an invitation-only early access release, but it'll be commercially released on April 1.
Microsoft is planning to offer Copilot for Security in two ways. It'll be available as a "standalone" portal product, although it will work with other Microsoft security products as well. It'll also be integrated into many of Microsoft's security tools. The only requirement to use Copilot for Security will be to have an Azure subscription.
Microsoft will sell Copilot for Security via monthly billed subscriptions based on its use, which Microsoft calls a "consumption model." The billing will $4 per hour, based on "a new Security Compute Unit," Microsoft explained in this general availability announcement.
On April 1, Copilot for Security will be available in eight languages across prompts and the product interface. The product interface, though, currently supports 25 languages.
Copilot for Security can help security personnel with incident summarization, including the ability to "swiftly distill complex security alerts into concise, actionable summaries," Microsoft indicated. Users of Copilot for Security will also be able to use this tool to prioritize security responses. Copilot for Security can reverse-engineer malware and scripts, providing "clear explanations" in natural language. Microsoft also suggested that Copilot for Security would provide "actionable step-by-step guidance for incident response."
When at general availability, Copilot for Security will have a few new capabilities. It'll add "custom promptbooks" that IT pros can use for "common security workstreams and tasks." Users also are getting ability to integrate Copilot for Security with their own business logic, based on knowledgebase "step-by-step guides." Users will be able to analyze risks using a "curated external attack surface from Microsoft Defender External Attack Surface Management."
Microsoft's Study
Microsoft claimed that IT pros who were enlisted into a randomized controlled trial had reported being able to respond faster and with greater accuracy when using Copilot for Security vs. not using it, per this January report (PDF download). Microsoft's study sampled the reactions of 147 security professions with varied years of experience in carrying out a security tasks using Microsoft Defender XDR.