Microsoft Security Copilot (Preview)

A generative AI-powered assistant for daily operations in security and IT. AI-generated content may be incorrect. Check it for accuracy.

This connector is available in the following products and regions:

Service Class Regions
Logic Apps Standard All Logic Apps regions except the following:
     -   Azure Government regions
     -   Azure China regions
     -   US Department of Defense (DoD)
Contact
Name Microsoft
URL Microsoft LogicApps Support
Connector Metadata
Publisher Microsoft

Microsoft Security Copilot

Pre-Requisites

To make the most of this new Logic App connector, there are a few prerequisites to be aware of

  • Tenant deployment requirements: Your Logic App must be deployed within a tenant that is actively participating in the Security Copilot Early Access Program

  • User authentication and role access: Users looking to authenticate with the Logic App connector must hold specific access roles. For a deeper understanding of these roles and how they function within the framework of Security Copilot, we recommend exploring Understand authentication in Microsoft Security Copilot | Microsoft Learn

  • Data access for enhanced security interaction: It's important that the authenticated user can access data from various remote security products. This encompasses tasks like reading Defender incident reports and gathering multi-factor authentication (MFA) details, among others.

For access to Microsoft Security Copilot Early Access Program, reference the following onboarding documentation

Authentication

The Microsoft Security Copilot connector can operate on behalf of a Entra (AAD) user identity that has the necessary permissions to call Security Copilot.

Available resources

Security Copilot Connector

Azure Logic Apps

Creating a connection

The connector supports the following authentication types:

Client Certificate Auth Provide Microsoft Entra ID credentials using PFX certificate and password All regions Not shareable
Oauth Provide Microsoft Entra ID credentials All regions Not shareable
Default [DEPRECATED] This option is only for older connections without an explicit authentication type, and is only provided for backward compatibility. All regions Not shareable

Client Certificate Auth

Auth ID: CertOauth

Applicable: All regions

Provide Microsoft Entra ID credentials using PFX certificate and password

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Name Type Description Required
Client ID string The client ID of for the Microsoft Entra ID application
Client certificate secret clientCertificate The client certificate secret allowed by this application True

Oauth

Auth ID: Oauth

Applicable: All regions

Provide Microsoft Entra ID credentials

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Default [DEPRECATED]

Applicable: All regions

This option is only for older connections without an explicit authentication type, and is only provided for backward compatibility.

This is not shareable connection. If the power app is shared with another user, another user will be prompted to create new connection explicitly.

Throttling Limits

Name Calls Renewal Period
API calls per connection 600 60 seconds

Actions

Run a Security Copilot promptbook

Promptbooks contain one or more prompts that run in sequence automatically. AI-generated content may be incorrect. Check it for accuracy.

Submit a Security Copilot prompt

Submit a security question or task to Security Copilot and get a response. AI-generated content may contain mistakes. Check responses for accuracy.

Run a Security Copilot promptbook

Promptbooks contain one or more prompts that run in sequence automatically. AI-generated content may be incorrect. Check it for accuracy.

Parameters

Name Key Required Type Description
Specify prompt fields as json payload.
runPromptbookBody True dynamic

Run Promptbook payload

Returns

Promptbook run result object

Submit a Security Copilot prompt

Submit a security question or task to Security Copilot and get a response. AI-generated content may contain mistakes. Check responses for accuracy.

Parameters

Name Key Required Type Description
Prompt Content
PromptContent True string

Prompt to be evaluated by security copilot

SessionId
SessionId string

The ID for an existing Copilot session

Plugins
Skillsets array of string

Plugins to enable for this Copilot session

Direct Skill Name
SkillName string

Skill to invoke

Direct Skill Inputs
SkillInputs object

Skill required inputs

Returns

Evaluation result object

Definitions

EvaluationResult

Evaluation result object

Name Path Type Description
sessionId
sessionId string
skillName
skillName string
promptContent
promptContent string
evaluationResultType
evaluationResultType string
EvaluationResultContent
EvaluationResultContent string
nextPromptSuggestions
nextPromptSuggestions array of string

PromptbookPromptEvaluationResult

Promptbook prompt evaluation result object

Name Path Type Description
skillName
skillName string
promptContent
promptContent string
evaluationResultType
evaluationResultType string
EvaluationResultContent
EvaluationResultContent string

PromptbookRunResult

Promptbook run result object

Name Path Type Description
sessionId
sessionId string
evaluationResults
evaluationResults array of PromptbookPromptEvaluationResult