Microsoft Security Copilot wants to use the power of AI to keep your business protected

data privacy
(Image credit: Shutterstock / Zeeker2526)

 As threat actors evolve and develop new tools and techniques to penetrate organizations, security analysts need comprehensive solutions now more than ever.

According to Microsoft, data security admins are already stretched thin by the number of alerts received, with an average of more than 50 per day, of which only around a third are actioned. The story is very similar for compliance admins who are facing mammoth tasks reviewing evidence which, on average, takes up 60% of their time.

In order to address these issues, the company has today announced a series of upgrades to its online safety portfolio, including a major upgrade for Microsoft Security Copilot. 

Streamlining with Microsoft Security Copilot

Going forward, Microsoft says Security Copilot will cut down the curve for analysts looking to enhance their skills by simplifying processes. For example, with Security Copilot embedded in Microsoft Purview, analysts will be able to investigate and respond to the latest alerts at a much faster rate by generating a complete overview of existing information and alerts.

The process for finding existing logs has been simplified and accelerated. No longer will keywords be needed to navigate eDiscovery, as Security Copilot brings natural language to its search functions.

In private preview, Microsoft Security Copilot has also been integrated with the Microsoft Intune admin center, where it will cater to the specific needs of your organization by using the power of generative AI to analyze data provided by security and management tools to rapidly develop and deploy new policies.

The company says this will help fine tune your organization's overall security posture by enhancing endpoint management and joining forces with existing Security Copilot features available now.

Moreover, Security Copilot will unify your company's security platforms by delivering a comprehensive security infrastructure across identity management, device management, data protection and compliance, and cloud security.

 Microsoft Entra

For those looking to manage suspicious activity on user accounts, identify users with excessive access privileges, or weed out those individuals who bring unnecessary risk to your organization, Security Copilot will provide insight via Microsoft Entra into who poses the greatest risk.

Managing user credentials has also been streamlined with Security Copilot by generating efficient workflows for user credentials, making it easier to monitor access and generate new credentials.

Organizations have more devices online than ever before, and each individual device is a threat to identity, network and cloud security. Entra will now provide a centralized management system for access controls, allowing the implementation of robust multi-factor authentication.

By the end of 2023, Microsoft Entra Internet Access will include the ability to employ web filtering, conditional access, and network compliance checks to provide additional security.

Microsoft Intune

Microsoft Intune will also have new features available through Security Copilot allowing security teams to manage and gather data from individual devices within your organization, enabling the development of device policy and best practices for future deployments.

If you are worried about the use of generative AI within your organization, new Entra features can secure any data or information used with AI applications. Security Copilot will also recommend the best configurations for your organization specific needs.

External Attack Surface and Cloud Security

As the attack surface for many organizations grows, enhancements to Microsoft Defender EASM and Defender for Cloud will allow new ways of monitoring potential attack paths and receive guidance on security posture through natural language search queries, rather than battling complicated keyword searches in the midst of an intrusion.

Finally, Microsoft Defender for Cloud also provides attack path analysis, highlighting the most likely paths of attack and providing greater insight into your cloud security and assisting in the prediction and remediation of vulnerabilities.

More from TechRadar Pro

Benedict Collins
Staff Writer (Security)

Benedict Collins is a Staff Writer at TechRadar Pro covering privacy and security. Before settling into journalism he worked as a Livestream Production Manager, covering games in the National Ice Hockey League for 5 years and contributing heavily to the advancement of livestreaming within the league. Benedict is mainly focused on security issues such as phishing, malware, and cyber criminal activity, but he also likes to draw on his knowledge of geopolitics and international relations to understand the motives and consequences of state-sponsored cyber attacks.


He has a MA in Security, Intelligence and Diplomacy, alongside a BA in Politics with Journalism, both from the University of Buckingham. His masters dissertation, titled 'Arms sales as a foreign policy tool,' argues that the export of weapon systems has been an integral part of the diplomatic toolkit used by the US, Russia and China since 1945. Benedict has also written about NATO's role in the era of hybrid warfare, the influence of interest groups on US foreign policy, and how reputational insecurity can contribute to the misuse of intelligence.


Outside of work Ben follows many sports; most notably ice hockey and rugby. When not running or climbing, Ben can most often be found deep in the shrubbery of a pub garden.