Microsoft Security Copilot (Security Copilot) is a generative AI-powered security solution that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale, while remaining compliant to responsible AI principles.

Security Copilot provides a natural language, assistive copilot experience that helps support security professionals in end-to-end scenarios such as incident response, threat hunting, intelligence gathering, and posture management.

Microsoft Security Copilot capabilities can be accessed through the standalone experience as well as embedded experiences available in other Microsoft security products. The foundation language model and proprietary Microsoft technologies work together in an underlying system that helps increase the efficiency and capabilities of defenders to improve security outcomes at machine speed and scale.

• Microsoft security solutions such as Microsoft 365 Defender, Microsoft Sentinel, Microsoft Intune integrate seamlessly with Security Copilot. There are some embedded experiences available in Microsoft security solutions that provide users with access to Security Copilot and prompting capabilities in the context of their work within those solutions.

• Plugins from Microsoft and third-party security products are a means to extend and integrate services with Security Copilot. Plugins bring more context from event logs, alerts, incidents, and policies from both Microsoft security products as well as supported third-party solutions such as ServiceNow.

• Security Copilot also has access to threat intelligence and authoritative content through plugins. These plugins can search across Microsoft Defender Threat Intelligence articles and intel profiles, Microsoft 365 Defender threat analytics reports, and vulnerability disclosure publications, among others.

Here's an explanation of how Microsoft Security Copilot works:

• User prompts from security products are sent to Security Copilot.

• Security Copilot then pre-processes the input prompt through an approach called grounding, which improves the specificity of the prompt, to help you get answers that are relevant and actionable to your prompt. Security Copilot accesses plugins for pre-processing, then sends the modified prompt to the language model.

• Security Copilot takes the response from the language model and post-processes it. This post-processing includes accessing plugins to gain contextualized information.

• Security Copilot returns the response, where the user can review and assess the response.

Security Copilot iteratively processes and orchestrates these sophisticated services to help produce results that are relevant to your organization because they're contextually based on your organizational data.