Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Security Copilot is a powerful tool that can help you manage and secure your Microsoft Entra identity environment. This article outlines the different capabilities in Microsoft Entra that you can investigate using natural language queries. These capabilities are available across different Microsoft Entra products to enhance your identity protection efforts. To use Security Copilot in Microsoft Entra, ensure that you have a tenant with Security Copilot enabled.
Microsoft Security Copilot integration with Microsoft Entra
Security Copilot is a part of the Microsoft Entra admin center, and you can use it to create your own prompts. Security Copilot is launched from a globally available button in the menu bar. Choose from a set of starter prompts that appear at the top of the Security Copilot window or enter your own in the prompt bar to get started. Suggested prompts can appear after a response, which are predefined prompts that Security Copilot selects based on the prior response.
Data exploration using Microsoft Security Copilot (preview)
Microsoft Security Copilot supports data exploration when prompts return datasets with more than 10 items. This feature is in preview and available for select Microsoft Entra scenarios. From the Copilot chat response, select Open list to access a comprehensive data grid. This allows you to explore large datasets with complete and accurate results, enabling more efficient decision-making. Each data grid displays the underlying Microsoft Graph URL, helping you verify query accuracy and build confidence in the results.
Note
This functionality is currently in preview and limited to simple, single-step prompts (for example "Provide a list of users in the Sales department"). Tasks that require multi-step prompting and cross scenario functionality (for example "Which risky apps have high privileged permissions?") are not currently supported by this feature. Copilot will still provide chat-based summaries for all prompts.
Security Copilot scenarios in Microsoft Entra
There's a large selection of Security Copilot scenarios available in Microsoft Entra. Use the following table to learn more about each scenario by product area, their use cases, license and role requirements.
| Microsoft Entra product | Security Copilot scenarios | Data Exploration Enabled |
|---|---|---|
| Microsoft Entra ID | Tenants Users Groups Domains Licenses Sign-in logs Audit logs Provisioning logs Recommendations Health monitoring alerts Service Level Agreement Roles and administrators Devices Conditional Access Authentication |
  |
| Microsoft Entra ID Protection | Risky users Application risk |
|
| Microsoft Entra ID Governance | Access reviews Entitlement management Privileged Identity Management (PIM) PIM write actions Lifecycle workflows |
|
| Microsoft Entra Internet Access Microsoft Entra Private Access |
Global Secure Access | |
Microsoft Entra ID scenarios
Microsoft Entra ID is the foundational production of Microsoft Entra, and provides the essential identity, authentication, policy, and protection to secure users, devices, apps, and resources. Security Copilot enhances these capabilities across multiple areas:
- Enterprise user management: Quickly retrieve user, group, domain and license information
- Authentication: Discover enabled authentication methods, registration status, and overall authentication strategy
- Role based access control (RBAC): Investigate role assignments within a directory
- Conditional Access: Understand and evaluate conditional access policies
- Device identity: Explore device details and compliance status
Microsoft Entra ID Protection scenarios
Microsoft Entra ID Protection focuses on identity risk detection and remediation. Security Copilot provides AI-powered insights for:
- Risky user investigation: Summarize user risk levels and provide remediation recommendations
- Application risk assessment: Analyze workload identities and application permissions
Microsoft Entra ID Governance scenarios
Microsoft Entra ID Governance helps you manage identity lifecycle and access governance at scale. Security Copilot enhances these capabilities for:
- Access reviews: Analyze access review data and decision patterns
- Entitlement management: Manage access packages and connected organizations
- Privileged Identity Management: Monitor privileged access and role assignments
- Lifecycle workflows: Configure and troubleshoot employee lifecycle automation