Microsoft Security Copilot (Preview)
A generative AI-powered assistant for daily operations in security and IT. AI-generated content may be incorrect. Check it for accuracy.
This connector is available in the following products and regions:
Service | Class | Regions |
---|---|---|
Logic Apps | Standard | All Logic Apps regions except the following: - Azure Government regions - Azure China regions - US Department of Defense (DoD) |
Contact | |
---|---|
Name | Microsoft |
URL | Microsoft LogicApps Support |
Connector Metadata | |
---|---|
Publisher | Microsoft |
Microsoft Security Copilot
Pre-Requisites
To make the most of this new Logic App connector, there are a few prerequisites to be aware of
Tenant deployment requirements: Your Logic App must be deployed within a tenant that is actively participating in the Security Copilot Early Access Program
User authentication and role access: Users looking to authenticate with the Logic App connector must hold specific access roles. For a deeper understanding of these roles and how they function within the framework of Security Copilot, we recommend exploring Understand authentication in Microsoft Security Copilot | Microsoft Learn
Data access for enhanced security interaction: It's important that the authenticated user can access data from various remote security products. This encompasses tasks like reading Defender incident reports and gathering multi-factor authentication (MFA) details, among others.
For access to Microsoft Security Copilot Early Access Program, reference the following onboarding documentation
Authentication
The Microsoft Security Copilot connector can operate on behalf of a Entra (AAD) user identity that has the necessary permissions to call Security Copilot.
Available resources
Security Copilot Connector
Azure Logic Apps
Creating a connection
The connector supports the following authentication types:
Client Certificate Auth | Provide Microsoft Entra ID credentials using PFX certificate and password | All regions | Not shareable |
Oauth | Provide Microsoft Entra ID credentials | All regions | Not shareable |
Default [DEPRECATED] | This option is only for older connections without an explicit authentication type, and is only provided for backward compatibility. | All regions | Not shareable |
Client Certificate Auth
Auth ID: CertOauth
Applicable: All regions
Provide Microsoft Entra ID credentials using PFX certificate and password
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Name | Type | Description | Required |
---|---|---|---|
Client ID | string | The client ID of for the Microsoft Entra ID application | |
Client certificate secret | clientCertificate | The client certificate secret allowed by this application | True |
Oauth
Auth ID: Oauth
Applicable: All regions
Provide Microsoft Entra ID credentials
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Default [DEPRECATED]
Applicable: All regions
This option is only for older connections without an explicit authentication type, and is only provided for backward compatibility.
This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.
Throttling Limits
Name | Calls | Renewal Period |
---|---|---|
API calls per connection | 600 | 60 seconds |
Actions
Run a Security Copilot promptbook |
Promptbooks contain one or more prompts that run in sequence automatically. AI-generated content may be incorrect. Check it for accuracy. |
Submit a Security Copilot prompt |
Submit a security question or task to Security Copilot and get a response. AI-generated content may contain mistakes. Check responses for accuracy. |
Run a Security Copilot promptbook
Promptbooks contain one or more prompts that run in sequence automatically. AI-generated content may be incorrect. Check it for accuracy.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Specify prompt fields as json payload.
|
runPromptbookBody | True | dynamic |
Run Promptbook payload |
Returns
Promptbook run result object
- Body
- PromptbookRunResult
Submit a Security Copilot prompt
Submit a security question or task to Security Copilot and get a response. AI-generated content may contain mistakes. Check responses for accuracy.
Parameters
Name | Key | Required | Type | Description |
---|---|---|---|---|
Prompt Content
|
PromptContent | True | string |
Prompt to be evaluated by security copilot |
SessionId
|
SessionId | string |
The ID for an existing Copilot session |
|
Plugins
|
Skillsets | array of string |
Plugins to enable for this Copilot session |
|
Direct Skill Name
|
SkillName | string |
Skill to invoke |
|
Direct Skill Inputs
|
SkillInputs | object |
Skill required inputs |
Returns
Evaluation result object
- Body
- EvaluationResult
Definitions
EvaluationResult
Evaluation result object
Name | Path | Type | Description |
---|---|---|---|
sessionId
|
sessionId | string | |
skillName
|
skillName | string | |
promptContent
|
promptContent | string | |
evaluationResultType
|
evaluationResultType | string | |
EvaluationResultContent
|
EvaluationResultContent | string | |
nextPromptSuggestions
|
nextPromptSuggestions | array of string |
PromptbookPromptEvaluationResult
Promptbook prompt evaluation result object
Name | Path | Type | Description |
---|---|---|---|
skillName
|
skillName | string | |
promptContent
|
promptContent | string | |
evaluationResultType
|
evaluationResultType | string | |
EvaluationResultContent
|
EvaluationResultContent | string |
PromptbookRunResult
Promptbook run result object
Name | Path | Type | Description |
---|---|---|---|
sessionId
|
sessionId | string | |
evaluationResults
|
evaluationResults | array of PromptbookPromptEvaluationResult |